diff --git a/.codecov.yml b/.codecov.yml index 12d18bf18d059..105f39b3902da 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -710,6 +710,10 @@ coverage: target: 75 flags: - kyverno + nvidia_nim: + target: 75 + flags: + - nvidia_nim tibco_ems: target: 75 flags: @@ -1289,6 +1293,11 @@ flags: paths: - nginx_ingress_controller/datadog_checks/nginx_ingress_controller - nginx_ingress_controller/tests + nvidia_nim: + carryforward: true + paths: + - nvidia_nim/datadog_checks/nvidia_nim + - nvidia_nim/tests nvidia_triton: carryforward: true paths: diff --git a/.ddev/config.toml b/.ddev/config.toml index 96bea55354138..062f75c0c07ec 100644 --- a/.ddev/config.toml +++ b/.ddev/config.toml @@ -71,6 +71,8 @@ aerospike = ['Apache-2.0'] # https://github.com/pyca/cryptography/blob/main/LICENSE cryptography = ['Apache-2.0', 'BSD-3-Clause', 'PSF'] # https://github.com/confluentinc/confluent-kafka-python/blob/master/LICENSE +# TODO: Remove once confluent-kafka license metadata is fixed: +# https://github.com/confluentinc/confluent-kafka-python/issues/1857 confluent-kafka = ['Apache-2.0'] # https://github.com/rthalley/dnspython/blob/master/LICENSE dnspython = ['ISC'] diff --git a/.deps/image_digests.json b/.deps/image_digests.json index 456374bbf3c0d..95d9d3c980fa4 100644 --- a/.deps/image_digests.json +++ b/.deps/image_digests.json @@ -1,5 +1,5 @@ { - "linux-aarch64": "sha256:e7583b37a4304416d2d3e131861e0d5512298efebd726622de5ce52520881b3a", - "linux-x86_64": "sha256:35e5383e3e778d37ee0b23281bfab1eda205a1a2b7d657a701bc5f982187b47e", - "windows-x86_64": "sha256:deff9de8721c3815a3926a0726f16d15f2c2fba6f0d67fb0d9080ef6fa6887c3" + "linux-aarch64": "sha256:0c67a49a4d4ec217dd0f841ee139eaf061616f6e61c6bc758617d4c50c7a8aa2", + "linux-x86_64": "sha256:5e421218e377e4c1d0769b148e569f4ff4a8c60fbd2be8411db9158a644a0b0a", + "windows-x86_64": "sha256:feefe940fe3f382bf4833bc29a9d614d6f6bb3592258a905a261167184b20eab" } diff --git a/.deps/metadata.json b/.deps/metadata.json index 6b41606b6b2d5..e55b164ab2c41 100644 --- a/.deps/metadata.json +++ b/.deps/metadata.json @@ -1,3 +1,3 @@ { - "sha256": "69faeb7567d2ef2f7ebef4f91120ef0ff5231c16a91ec710cb5429364791ca71" + "sha256": "4d5260e77bea1467dc82ebe382d0cbc42d3f9b62c64c36898f975393c42da56d" } diff --git a/.deps/resolved/linux-aarch64_3.12.txt b/.deps/resolved/linux-aarch64_3.12.txt index ee95fdf70e0fd..0f6b6df2b96c2 100644 --- a/.deps/resolved/linux-aarch64_3.12.txt +++ b/.deps/resolved/linux-aarch64_3.12.txt @@ -5,9 +5,9 @@ attrs @ https://agent-int-packages.datadoghq.com/external/attrs/attrs-24.2.0-py3 aws-requests-auth @ https://agent-int-packages.datadoghq.com/external/aws-requests-auth/aws_requests_auth-0.4.3-py2.py3-none-any.whl#sha256=646bc37d62140ea1c709d20148f5d43197e6bd2d63909eb36fa4bb2345759977 azure-core @ https://agent-int-packages.datadoghq.com/external/azure-core/azure_core-1.32.0-py3-none-any.whl#sha256=eac191a0efb23bfa83fddf321b27b122b4ec847befa3091fa736a5c32c50d7b4 azure-identity @ https://agent-int-packages.datadoghq.com/external/azure-identity/azure_identity-1.17.1-py3-none-any.whl#sha256=db8d59c183b680e763722bfe8ebc45930e6c57df510620985939f7f3191e0382 -bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=3bbbfb2734f0e4f37c5136130405332640a1e46e6b23e000eeff2ba8d005da68 +bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=909faa1027900f2252a9ca5dfebd25fc0ef1417943824783d1c8418dd7d6df4a beautifulsoup4 @ https://agent-int-packages.datadoghq.com/external/beautifulsoup4/beautifulsoup4-4.12.3-py3-none-any.whl#sha256=b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed -binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.0-py2.py3-none-any.whl#sha256=e1b61f3a5c002717d1a28e4d9d2dc8acbc9d6b12baf7b1e4ab25d743da97e323 +binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.1-py3-none-any.whl#sha256=e92086be2a7204dbbdf86b55d86bd27bf4c24089db866113a90811b492241544 boto3 @ https://agent-int-packages.datadoghq.com/external/boto3/boto3-1.35.10-py3-none-any.whl#sha256=add26dd58e076dfd387013da4704716d5cff215cf14f6d4347c4b9b7fc1f0b8e botocore @ https://agent-int-packages.datadoghq.com/external/botocore/botocore-1.35.10-py3-none-any.whl#sha256=0d96d023b9b0cea99a0a428a431d011329d3a958730aee6ed6a6fec5d9bfbc03 bytecode @ https://agent-int-packages.datadoghq.com/external/bytecode/bytecode-0.16.0-py3-none-any.whl#sha256=76080b7c0eb9e7e17f961d61fd06e933aa47f3b753770a3249537439d8203a25 @@ -19,12 +19,12 @@ charset-normalizer @ https://agent-int-packages.datadoghq.com/external/charset-n clickhouse-cityhash @ https://agent-int-packages.datadoghq.com/external/clickhouse-cityhash/clickhouse_cityhash-1.0.2.4-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=bbfd83713e5a7a700c4a8200e921bc580fd7cba5f3b9d732172a5d82b12b3e20 clickhouse-driver @ https://agent-int-packages.datadoghq.com/external/clickhouse-driver/clickhouse_driver-0.2.9-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=4a8d8e2888a857d8db3d98765a5ad23ab561241feaef68bbffc5a0bd9c142342 cm-client @ https://agent-int-packages.datadoghq.com/built/cm-client/cm_client-45.0.4-20240402155018-py3-none-manylinux2014_aarch64.whl#sha256=aba3c1683ef1b2099933e030464d29b3ad1c206784ebd15d8a7147ecd6ba24e1 -confluent-kafka @ https://agent-int-packages.datadoghq.com/built/confluent-kafka/confluent_kafka-2.5.0-20241016152406-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=97f4da1270bb99a3e92f596877b7c4da3ef482aadf37d3c518829a099d808eec +confluent-kafka @ https://agent-int-packages.datadoghq.com/built/confluent-kafka/confluent_kafka-2.6.1-20241121135419-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=94e5f68705b3f0887b8780058defd64cce9cffaebd5cd3c7fb3d1b34b6fe63f3 cryptography @ https://agent-int-packages.datadoghq.com/external/cryptography/cryptography-43.0.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=1bbcce1a551e262dfbafb6e6252f1ae36a248e615ca44ba302df077a846a8806 ddsketch @ https://agent-int-packages.datadoghq.com/external/ddsketch/ddsketch-3.0.1-py3-none-any.whl#sha256=6d047b455fe2837c43d366ff1ae6ba0c3166e15499de8688437a75cea914224e ddtrace @ https://agent-int-packages.datadoghq.com/external/ddtrace/ddtrace-2.10.6-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=081bb12a54c46c9804e0645320d827deaff626b9035ba13ac97567149e07cdb5 decorator @ https://agent-int-packages.datadoghq.com/external/decorator/decorator-5.1.1-py3-none-any.whl#sha256=b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186 -deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.14-py2.py3-none-any.whl#sha256=6fac8b097794a90302bdbb17b9b815e732d3c4720583ff1b198499d78470466c +deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.15-py2.py3-none-any.whl#sha256=353bc4a8ac4bfc96800ddab349d89c25dec1079f65fd53acdcc1e0b975b21320 dnspython @ https://agent-int-packages.datadoghq.com/external/dnspython/dnspython-2.6.1-py3-none-any.whl#sha256=5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 dogpile-cache @ https://agent-int-packages.datadoghq.com/external/dogpile-cache/dogpile.cache-1.3.3-py3-none-any.whl#sha256=5e211c4902ebdf88c678d268e22454b41e68071632daa9402d8ee24e825ed8ca envier @ https://agent-int-packages.datadoghq.com/external/envier/envier-0.6.1-py3-none-any.whl#sha256=73609040a76be48bbcb97074d9969666484aa0de706183a6e9ef773156a8a6a9 @@ -41,7 +41,7 @@ jellyfish @ https://agent-int-packages.datadoghq.com/external/jellyfish/jellyfis jmespath @ https://agent-int-packages.datadoghq.com/external/jmespath/jmespath-1.0.1-py3-none-any.whl#sha256=02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 jsonpatch @ https://agent-int-packages.datadoghq.com/external/jsonpatch/jsonpatch-1.33-py2.py3-none-any.whl#sha256=0ae28c0cd062bbd8b8ecc26d7d164fbbea9652a1a3693f3b956c1eae5145dade jsonpointer @ https://agent-int-packages.datadoghq.com/external/jsonpointer/jsonpointer-3.0.0-py2.py3-none-any.whl#sha256=13e088adc14fca8b6aa8177c044e12701e6ad4b28ff10e65f2267a90109c9942 -keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.8.0-py3-none-any.whl#sha256=e69dff80c509ab64d4de4494658d914e81f26af720828dc584ceee74ecd666d9 +keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.9.1-py3-none-any.whl#sha256=71b98835aec72a01f71c5b919c3193dac95342555e89aa35c86d3d86c4ff5f73 krb5 @ https://agent-int-packages.datadoghq.com/built/krb5/krb5-0.7.0-20241016152407-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl#sha256=37ecc257e0e35459f2438a4a8511fffae0c8056ba5a648609d9b007902806ecc kubernetes @ https://agent-int-packages.datadoghq.com/external/kubernetes/kubernetes-30.1.0-py2.py3-none-any.whl#sha256=e212e8b7579031dd2e512168b617373bc1e03888d41ac4e04039240a292d478d ldap3 @ https://agent-int-packages.datadoghq.com/external/ldap3/ldap3-2.9.1-py2.py3-none-any.whl#sha256=5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70 @@ -49,12 +49,12 @@ looseversion @ https://agent-int-packages.datadoghq.com/external/looseversion/lo lxml @ https://agent-int-packages.datadoghq.com/external/lxml/lxml-5.1.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=1d380f183bd03ab827899753ea96dabe27d2025eb0bfd4f2ac0eee4afa0f351d lz4 @ https://agent-int-packages.datadoghq.com/external/lz4/lz4-4.3.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=33c9a6fd20767ccaf70649982f8f3eeb0884035c150c0b818ea660152cf3c809 mmh3 @ https://agent-int-packages.datadoghq.com/external/mmh3/mmh3-4.1.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=ba245e94b8d54765e14c2d7b6214e832557e7856d5183bc522e17884cab2f45d -msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.0-py3-none-any.whl#sha256=96bc37cff82ebe4b160d5fc0f1196f6ca8b50e274ecd0ec5bf69c438514086e7 +msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.1-py3-none-any.whl#sha256=29d9882de247e96db01386496d59f29035e5e841bcac892e6d7bf4390bf6bd17 msal-extensions @ https://agent-int-packages.datadoghq.com/external/msal-extensions/msal_extensions-1.2.0-py3-none-any.whl#sha256=cf5ba83a2113fa6dc011a254a72f1c223c88d7dfad74cc30617c4679a417704d netifaces @ https://agent-int-packages.datadoghq.com/built/netifaces/netifaces-0.11.0-20241015150447-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl#sha256=b6b2709da2652fae1f14910662237f61f72f37e3acae3dee1edbf8ffe77050c1 oauthlib @ https://agent-int-packages.datadoghq.com/external/oauthlib/oauthlib-3.2.2-py3-none-any.whl#sha256=8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca openstacksdk @ https://agent-int-packages.datadoghq.com/external/openstacksdk/openstacksdk-3.3.0-py3-none-any.whl#sha256=e6d4121b87354984caf0e3c032e2ebf4d4440374f86c81c27ec52ca5df359157 -opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.0-py3-none-any.whl#sha256=8457cd2c59ea1bd0988560f021656cecd254ad7ef6be4ba09dbefeca2409ce52 +opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.2-py3-none-any.whl#sha256=6fcec89e265beb258fe6b1acaaa3c8c705a934bd977b9f534a2b7c0d2d4275a6 orjson @ https://agent-int-packages.datadoghq.com/external/orjson/orjson-3.10.7-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=76ac14cd57df0572453543f8f2575e2d01ae9e790c21f57627803f5e79b0d3c3 os-service-types @ https://agent-int-packages.datadoghq.com/external/os-service-types/os_service_types-1.7.0-py2.py3-none-any.whl#sha256=0505c72205690910077fb72b88f2a1f07533c8d39f2fe75b29583481764965d6 packaging @ https://agent-int-packages.datadoghq.com/external/packaging/packaging-24.1-py3-none-any.whl#sha256=5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124 @@ -86,7 +86,7 @@ pysnmp @ https://agent-int-packages.datadoghq.com/external/pysnmp/pysnmp-5.1.0-p pysnmp-mibs @ https://agent-int-packages.datadoghq.com/external/pysnmp-mibs/pysnmp_mibs-0.1.6-py2.py3-none-any.whl#sha256=5e153ebe8e767c07940cea435f866c623ff6b2376155c7da75085b08d3774d48 pysnmpcrypto @ https://agent-int-packages.datadoghq.com/external/pysnmpcrypto/pysnmpcrypto-0.0.4-py2.py3-none-any.whl#sha256=5889733caa030f45d9e03ea9d6370fb06426a8cb7f839aabbcdde33c6f634679 pysocks @ https://agent-int-packages.datadoghq.com/external/pysocks/PySocks-1.7.1-py3-none-any.whl#sha256=2725bd0a9925919b9b51739eea5f9e2bae91e83288108a9ad338b2e3a4435ee5 -pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.1-py3-none-any.whl#sha256=129a4294f2c4d681d5875240ef87accc6f1d921e8983737fb0b59642b397951e +pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.2-py3-none-any.whl#sha256=74abc1fb51e59360eb5c5c9086e5962174f1072c7a50cf6da0bda9a4bcfdfbd4 python-binary-memcached @ https://agent-int-packages.datadoghq.com/external/python-binary-memcached/python_binary_memcached-0.31.2-py3-none-any.whl#sha256=e5b93d54429e835cab7d5b33988649f9748344aa49adaed8eed94b37e714d562 python-dateutil @ https://agent-int-packages.datadoghq.com/external/python-dateutil/python_dateutil-2.9.0.post0-py2.py3-none-any.whl#sha256=a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427 python3-gearman @ https://agent-int-packages.datadoghq.com/external/python3-gearman/python3_gearman-0.1.0-py3-none-any.whl#sha256=4a5808d3a0bfc6c243548ad57e7aab4bee62c9cba2b1c3a860fdd292d46a112d @@ -103,17 +103,17 @@ requests-unixsocket2 @ https://agent-int-packages.datadoghq.com/external/request requestsexceptions @ https://agent-int-packages.datadoghq.com/external/requestsexceptions/requestsexceptions-1.4.0-py2.py3-none-any.whl#sha256=3083d872b6e07dc5c323563ef37671d992214ad9a32b0ca4a3d7f5500bf38ce3 rethinkdb @ https://agent-int-packages.datadoghq.com/external/rethinkdb/rethinkdb-2.4.10.post1-py2.py3-none-any.whl#sha256=a8c3644a35beb7bc857887808d267e6124623b32dc1f54608e7729a14617a431 rsa @ https://agent-int-packages.datadoghq.com/external/rsa/rsa-4.9-py3-none-any.whl#sha256=90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 -s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.3-py3-none-any.whl#sha256=263ed587a5803c6c708d3ce44dc4dfedaab4c1a32e8329bab818933d79ddcf5d +s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.4-py3-none-any.whl#sha256=244a76a24355363a68164241438de1b72f8781664920260c48465896b712a41e securesystemslib @ https://agent-int-packages.datadoghq.com/external/securesystemslib/securesystemslib-0.28.0-py3-none-any.whl#sha256=9e6b9abe36a511d4f52c759069db8f6f650362ba82d6efc7bc7466a458b3f499 semver @ https://agent-int-packages.datadoghq.com/external/semver/semver-3.0.2-py3-none-any.whl#sha256=b1ea4686fe70b981f85359eda33199d60c53964284e0cfb4977d243e37cf4bf4 service-identity @ https://agent-int-packages.datadoghq.com/external/service-identity/service_identity-24.1.0-py3-none-any.whl#sha256=a28caf8130c8a5c1c7a6f5293faaf239bbfb7751e4862436920ee6f2616f568a -setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.3.0-py3-none-any.whl#sha256=f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd +setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.6.0-py3-none-any.whl#sha256=ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d simplejson @ https://agent-int-packages.datadoghq.com/external/simplejson/simplejson-3.19.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=d0b0efc7279d768db7c74d3d07f0b5c81280d16ae3fb14e9081dc903e8360771 -six @ https://agent-int-packages.datadoghq.com/external/six/six-1.16.0-py2.py3-none-any.whl#sha256=8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 +six @ https://agent-int-packages.datadoghq.com/external/six/six-1.17.0-py2.py3-none-any.whl#sha256=4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 snowflake-connector-python @ https://agent-int-packages.datadoghq.com/external/snowflake-connector-python/snowflake_connector_python-3.12.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=2215d8a4c5e25ea0d2183fe693c3fdf058cd6035e5c84710d532dc04ab4ffd31 sortedcontainers @ https://agent-int-packages.datadoghq.com/external/sortedcontainers/sortedcontainers-2.4.0-py2.py3-none-any.whl#sha256=a163dcaede0f1c021485e957a39245190e74249897e2ae4b2aa38595db237ee0 soupsieve @ https://agent-int-packages.datadoghq.com/external/soupsieve/soupsieve-2.6-py3-none-any.whl#sha256=e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 -stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.3.0-py3-none-any.whl#sha256=1efd34ca08f474dad08d9b19e934a22c68bb6fe416926479ba29e5013bcc8f78 +stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.4.0-py3-none-any.whl#sha256=b0be3c4748b3ea7b854b265dcb4caa891015e442416422be16f8b31756107857 supervisor @ https://agent-int-packages.datadoghq.com/external/supervisor/supervisor-4.2.5-py2.py3-none-any.whl#sha256=2ecaede32fc25af814696374b79e42644ecaba5c09494c51016ffda9602d0f08 tomlkit @ https://agent-int-packages.datadoghq.com/external/tomlkit/tomlkit-0.13.2-py3-none-any.whl#sha256=7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde tuf @ https://agent-int-packages.datadoghq.com/external/tuf/tuf-4.0.0-py3-none-any.whl#sha256=a22ab5fa6daf910b3052929fdce42ccad8a300e5e85715daaff9592aed980f7a @@ -126,4 +126,4 @@ vertica-python @ https://agent-int-packages.datadoghq.com/external/vertica-pytho websocket-client @ https://agent-int-packages.datadoghq.com/external/websocket-client/websocket_client-1.8.0-py3-none-any.whl#sha256=17b44cc997f5c498e809b22cdf2d9c7a9e71c02c8cc2b6c56e7c2d1239bfa526 wrapt @ https://agent-int-packages.datadoghq.com/external/wrapt/wrapt-1.16.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl#sha256=94265b00870aa407bd0cbcfd536f17ecde43b94fb8d228560a1e9d3041462d73 xmltodict @ https://agent-int-packages.datadoghq.com/external/xmltodict/xmltodict-0.14.2-py2.py3-none-any.whl#sha256=20cc7d723ed729276e808f26fb6b3599f786cbc37e06c65e192ba77c40f20aac -zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.20.2-py3-none-any.whl#sha256=a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.21.0-py3-none-any.whl#sha256=ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 diff --git a/.deps/resolved/linux-x86_64_3.12.txt b/.deps/resolved/linux-x86_64_3.12.txt index ded498684a990..823a373300dcc 100644 --- a/.deps/resolved/linux-x86_64_3.12.txt +++ b/.deps/resolved/linux-x86_64_3.12.txt @@ -5,9 +5,9 @@ attrs @ https://agent-int-packages.datadoghq.com/external/attrs/attrs-24.2.0-py3 aws-requests-auth @ https://agent-int-packages.datadoghq.com/external/aws-requests-auth/aws_requests_auth-0.4.3-py2.py3-none-any.whl#sha256=646bc37d62140ea1c709d20148f5d43197e6bd2d63909eb36fa4bb2345759977 azure-core @ https://agent-int-packages.datadoghq.com/external/azure-core/azure_core-1.32.0-py3-none-any.whl#sha256=eac191a0efb23bfa83fddf321b27b122b4ec847befa3091fa736a5c32c50d7b4 azure-identity @ https://agent-int-packages.datadoghq.com/external/azure-identity/azure_identity-1.17.1-py3-none-any.whl#sha256=db8d59c183b680e763722bfe8ebc45930e6c57df510620985939f7f3191e0382 -bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=3413bd60460f76097ee2e0a493ccebe4a7601918219c02f503984f0a7ee0aebe +bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=cde78d385d5e93ece5479a0a87f73cd6fa26b171c786a884f955e165032b262c beautifulsoup4 @ https://agent-int-packages.datadoghq.com/external/beautifulsoup4/beautifulsoup4-4.12.3-py3-none-any.whl#sha256=b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed -binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.0-py2.py3-none-any.whl#sha256=e1b61f3a5c002717d1a28e4d9d2dc8acbc9d6b12baf7b1e4ab25d743da97e323 +binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.1-py3-none-any.whl#sha256=e92086be2a7204dbbdf86b55d86bd27bf4c24089db866113a90811b492241544 boto3 @ https://agent-int-packages.datadoghq.com/external/boto3/boto3-1.35.10-py3-none-any.whl#sha256=add26dd58e076dfd387013da4704716d5cff215cf14f6d4347c4b9b7fc1f0b8e botocore @ https://agent-int-packages.datadoghq.com/external/botocore/botocore-1.35.10-py3-none-any.whl#sha256=0d96d023b9b0cea99a0a428a431d011329d3a958730aee6ed6a6fec5d9bfbc03 bytecode @ https://agent-int-packages.datadoghq.com/external/bytecode/bytecode-0.16.0-py3-none-any.whl#sha256=76080b7c0eb9e7e17f961d61fd06e933aa47f3b753770a3249537439d8203a25 @@ -19,12 +19,12 @@ charset-normalizer @ https://agent-int-packages.datadoghq.com/external/charset-n clickhouse-cityhash @ https://agent-int-packages.datadoghq.com/external/clickhouse-cityhash/clickhouse_cityhash-1.0.2.4-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=f1f8fec4027cd648f72009ef59c9b76c5a27a33ca166b4e79e46542009429813 clickhouse-driver @ https://agent-int-packages.datadoghq.com/external/clickhouse-driver/clickhouse_driver-0.2.9-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=6dbcee870c60d9835e5dce1456ab6b9d807e6669246357f4b321ef747b90fa43 cm-client @ https://agent-int-packages.datadoghq.com/built/cm-client/cm_client-45.0.4-20240402154838-py3-none-manylinux2014_x86_64.whl#sha256=aba3c1683ef1b2099933e030464d29b3ad1c206784ebd15d8a7147ecd6ba24e1 -confluent-kafka @ https://agent-int-packages.datadoghq.com/built/confluent-kafka/confluent_kafka-2.5.0-20241016152357-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=fcaa16ade0e74e58119ebada78ab1197130e9ac8b0f57d387c03f0e2beec9e22 +confluent-kafka @ https://agent-int-packages.datadoghq.com/built/confluent-kafka/confluent_kafka-2.6.1-20241121135410-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=bd3954ae8bd22d8d8b5e0c77ad6b51751f7da0a61e30018775c3acbf09edd9d3 cryptography @ https://agent-int-packages.datadoghq.com/external/cryptography/cryptography-43.0.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=58d4e9129985185a06d849aa6df265bdd5a74ca6e1b736a77959b498e0505b85 ddsketch @ https://agent-int-packages.datadoghq.com/external/ddsketch/ddsketch-3.0.1-py3-none-any.whl#sha256=6d047b455fe2837c43d366ff1ae6ba0c3166e15499de8688437a75cea914224e ddtrace @ https://agent-int-packages.datadoghq.com/external/ddtrace/ddtrace-2.10.6-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=5fc70ac472093093d9908965d95d977206372a3ddc8a2562acf9dfd57c6864d8 decorator @ https://agent-int-packages.datadoghq.com/external/decorator/decorator-5.1.1-py3-none-any.whl#sha256=b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186 -deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.14-py2.py3-none-any.whl#sha256=6fac8b097794a90302bdbb17b9b815e732d3c4720583ff1b198499d78470466c +deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.15-py2.py3-none-any.whl#sha256=353bc4a8ac4bfc96800ddab349d89c25dec1079f65fd53acdcc1e0b975b21320 dnspython @ https://agent-int-packages.datadoghq.com/external/dnspython/dnspython-2.6.1-py3-none-any.whl#sha256=5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 dogpile-cache @ https://agent-int-packages.datadoghq.com/external/dogpile-cache/dogpile.cache-1.3.3-py3-none-any.whl#sha256=5e211c4902ebdf88c678d268e22454b41e68071632daa9402d8ee24e825ed8ca envier @ https://agent-int-packages.datadoghq.com/external/envier/envier-0.6.1-py3-none-any.whl#sha256=73609040a76be48bbcb97074d9969666484aa0de706183a6e9ef773156a8a6a9 @@ -41,7 +41,7 @@ jellyfish @ https://agent-int-packages.datadoghq.com/external/jellyfish/jellyfis jmespath @ https://agent-int-packages.datadoghq.com/external/jmespath/jmespath-1.0.1-py3-none-any.whl#sha256=02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 jsonpatch @ https://agent-int-packages.datadoghq.com/external/jsonpatch/jsonpatch-1.33-py2.py3-none-any.whl#sha256=0ae28c0cd062bbd8b8ecc26d7d164fbbea9652a1a3693f3b956c1eae5145dade jsonpointer @ https://agent-int-packages.datadoghq.com/external/jsonpointer/jsonpointer-3.0.0-py2.py3-none-any.whl#sha256=13e088adc14fca8b6aa8177c044e12701e6ad4b28ff10e65f2267a90109c9942 -keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.8.0-py3-none-any.whl#sha256=e69dff80c509ab64d4de4494658d914e81f26af720828dc584ceee74ecd666d9 +keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.9.1-py3-none-any.whl#sha256=71b98835aec72a01f71c5b919c3193dac95342555e89aa35c86d3d86c4ff5f73 krb5 @ https://agent-int-packages.datadoghq.com/built/krb5/krb5-0.7.0-20241016152358-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl#sha256=eaf622a9e9e87645228c4b44a51d4096223862bfdde8f62d0b422651802843b2 kubernetes @ https://agent-int-packages.datadoghq.com/external/kubernetes/kubernetes-30.1.0-py2.py3-none-any.whl#sha256=e212e8b7579031dd2e512168b617373bc1e03888d41ac4e04039240a292d478d ldap3 @ https://agent-int-packages.datadoghq.com/external/ldap3/ldap3-2.9.1-py2.py3-none-any.whl#sha256=5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70 @@ -49,12 +49,12 @@ looseversion @ https://agent-int-packages.datadoghq.com/external/looseversion/lo lxml @ https://agent-int-packages.datadoghq.com/external/lxml/lxml-5.1.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=f8682af96b5ad5093aab9eee5e4ff24cb7a9796c78699d914dd456ebfe7484a6 lz4 @ https://agent-int-packages.datadoghq.com/external/lz4/lz4-4.3.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=bca8fccc15e3add173da91be8f34121578dc777711ffd98d399be35487c934bf mmh3 @ https://agent-int-packages.datadoghq.com/external/mmh3/mmh3-4.1.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=3b02268be6e0a8eeb8a924d7db85f28e47344f35c438c1e149878bb1c47b1cd3 -msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.0-py3-none-any.whl#sha256=96bc37cff82ebe4b160d5fc0f1196f6ca8b50e274ecd0ec5bf69c438514086e7 +msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.1-py3-none-any.whl#sha256=29d9882de247e96db01386496d59f29035e5e841bcac892e6d7bf4390bf6bd17 msal-extensions @ https://agent-int-packages.datadoghq.com/external/msal-extensions/msal_extensions-1.2.0-py3-none-any.whl#sha256=cf5ba83a2113fa6dc011a254a72f1c223c88d7dfad74cc30617c4679a417704d netifaces @ https://agent-int-packages.datadoghq.com/built/netifaces/netifaces-0.11.0-20241015150438-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl#sha256=5e132ccf627697ed6673150de8d2def752eaa7d2e0684226dd04a7d28108eaa1 oauthlib @ https://agent-int-packages.datadoghq.com/external/oauthlib/oauthlib-3.2.2-py3-none-any.whl#sha256=8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca openstacksdk @ https://agent-int-packages.datadoghq.com/external/openstacksdk/openstacksdk-3.3.0-py3-none-any.whl#sha256=e6d4121b87354984caf0e3c032e2ebf4d4440374f86c81c27ec52ca5df359157 -opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.0-py3-none-any.whl#sha256=8457cd2c59ea1bd0988560f021656cecd254ad7ef6be4ba09dbefeca2409ce52 +opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.2-py3-none-any.whl#sha256=6fcec89e265beb258fe6b1acaaa3c8c705a934bd977b9f534a2b7c0d2d4275a6 orjson @ https://agent-int-packages.datadoghq.com/external/orjson/orjson-3.10.7-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=a0c6a008e91d10a2564edbb6ee5069a9e66df3fbe11c9a005cb411f441fd2c09 os-service-types @ https://agent-int-packages.datadoghq.com/external/os-service-types/os_service_types-1.7.0-py2.py3-none-any.whl#sha256=0505c72205690910077fb72b88f2a1f07533c8d39f2fe75b29583481764965d6 packaging @ https://agent-int-packages.datadoghq.com/external/packaging/packaging-24.1-py3-none-any.whl#sha256=5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124 @@ -87,7 +87,7 @@ pysnmp @ https://agent-int-packages.datadoghq.com/external/pysnmp/pysnmp-5.1.0-p pysnmp-mibs @ https://agent-int-packages.datadoghq.com/external/pysnmp-mibs/pysnmp_mibs-0.1.6-py2.py3-none-any.whl#sha256=5e153ebe8e767c07940cea435f866c623ff6b2376155c7da75085b08d3774d48 pysnmpcrypto @ https://agent-int-packages.datadoghq.com/external/pysnmpcrypto/pysnmpcrypto-0.0.4-py2.py3-none-any.whl#sha256=5889733caa030f45d9e03ea9d6370fb06426a8cb7f839aabbcdde33c6f634679 pysocks @ https://agent-int-packages.datadoghq.com/external/pysocks/PySocks-1.7.1-py3-none-any.whl#sha256=2725bd0a9925919b9b51739eea5f9e2bae91e83288108a9ad338b2e3a4435ee5 -pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.1-py3-none-any.whl#sha256=129a4294f2c4d681d5875240ef87accc6f1d921e8983737fb0b59642b397951e +pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.2-py3-none-any.whl#sha256=74abc1fb51e59360eb5c5c9086e5962174f1072c7a50cf6da0bda9a4bcfdfbd4 python-binary-memcached @ https://agent-int-packages.datadoghq.com/external/python-binary-memcached/python_binary_memcached-0.31.2-py3-none-any.whl#sha256=e5b93d54429e835cab7d5b33988649f9748344aa49adaed8eed94b37e714d562 python-dateutil @ https://agent-int-packages.datadoghq.com/external/python-dateutil/python_dateutil-2.9.0.post0-py2.py3-none-any.whl#sha256=a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427 python3-gearman @ https://agent-int-packages.datadoghq.com/external/python3-gearman/python3_gearman-0.1.0-py3-none-any.whl#sha256=4a5808d3a0bfc6c243548ad57e7aab4bee62c9cba2b1c3a860fdd292d46a112d @@ -104,17 +104,17 @@ requests-unixsocket2 @ https://agent-int-packages.datadoghq.com/external/request requestsexceptions @ https://agent-int-packages.datadoghq.com/external/requestsexceptions/requestsexceptions-1.4.0-py2.py3-none-any.whl#sha256=3083d872b6e07dc5c323563ef37671d992214ad9a32b0ca4a3d7f5500bf38ce3 rethinkdb @ https://agent-int-packages.datadoghq.com/external/rethinkdb/rethinkdb-2.4.10.post1-py2.py3-none-any.whl#sha256=a8c3644a35beb7bc857887808d267e6124623b32dc1f54608e7729a14617a431 rsa @ https://agent-int-packages.datadoghq.com/external/rsa/rsa-4.9-py3-none-any.whl#sha256=90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 -s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.3-py3-none-any.whl#sha256=263ed587a5803c6c708d3ce44dc4dfedaab4c1a32e8329bab818933d79ddcf5d +s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.4-py3-none-any.whl#sha256=244a76a24355363a68164241438de1b72f8781664920260c48465896b712a41e securesystemslib @ https://agent-int-packages.datadoghq.com/external/securesystemslib/securesystemslib-0.28.0-py3-none-any.whl#sha256=9e6b9abe36a511d4f52c759069db8f6f650362ba82d6efc7bc7466a458b3f499 semver @ https://agent-int-packages.datadoghq.com/external/semver/semver-3.0.2-py3-none-any.whl#sha256=b1ea4686fe70b981f85359eda33199d60c53964284e0cfb4977d243e37cf4bf4 service-identity @ https://agent-int-packages.datadoghq.com/external/service-identity/service_identity-24.1.0-py3-none-any.whl#sha256=a28caf8130c8a5c1c7a6f5293faaf239bbfb7751e4862436920ee6f2616f568a -setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.3.0-py3-none-any.whl#sha256=f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd +setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.6.0-py3-none-any.whl#sha256=ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d simplejson @ https://agent-int-packages.datadoghq.com/external/simplejson/simplejson-3.19.3-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=7017329ca8d4dca94ad5e59f496e5fc77630aecfc39df381ffc1d37fb6b25832 -six @ https://agent-int-packages.datadoghq.com/external/six/six-1.16.0-py2.py3-none-any.whl#sha256=8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 +six @ https://agent-int-packages.datadoghq.com/external/six/six-1.17.0-py2.py3-none-any.whl#sha256=4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 snowflake-connector-python @ https://agent-int-packages.datadoghq.com/external/snowflake-connector-python/snowflake_connector_python-3.12.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=f8ba9c261904c1ba7cae6035c7881224cf979da39c8b7c7cb10236fdfc57e505 sortedcontainers @ https://agent-int-packages.datadoghq.com/external/sortedcontainers/sortedcontainers-2.4.0-py2.py3-none-any.whl#sha256=a163dcaede0f1c021485e957a39245190e74249897e2ae4b2aa38595db237ee0 soupsieve @ https://agent-int-packages.datadoghq.com/external/soupsieve/soupsieve-2.6-py3-none-any.whl#sha256=e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 -stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.3.0-py3-none-any.whl#sha256=1efd34ca08f474dad08d9b19e934a22c68bb6fe416926479ba29e5013bcc8f78 +stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.4.0-py3-none-any.whl#sha256=b0be3c4748b3ea7b854b265dcb4caa891015e442416422be16f8b31756107857 supervisor @ https://agent-int-packages.datadoghq.com/external/supervisor/supervisor-4.2.5-py2.py3-none-any.whl#sha256=2ecaede32fc25af814696374b79e42644ecaba5c09494c51016ffda9602d0f08 tomlkit @ https://agent-int-packages.datadoghq.com/external/tomlkit/tomlkit-0.13.2-py3-none-any.whl#sha256=7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde tuf @ https://agent-int-packages.datadoghq.com/external/tuf/tuf-4.0.0-py3-none-any.whl#sha256=a22ab5fa6daf910b3052929fdce42ccad8a300e5e85715daaff9592aed980f7a @@ -127,4 +127,4 @@ vertica-python @ https://agent-int-packages.datadoghq.com/external/vertica-pytho websocket-client @ https://agent-int-packages.datadoghq.com/external/websocket-client/websocket_client-1.8.0-py3-none-any.whl#sha256=17b44cc997f5c498e809b22cdf2d9c7a9e71c02c8cc2b6c56e7c2d1239bfa526 wrapt @ https://agent-int-packages.datadoghq.com/external/wrapt/wrapt-1.16.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl#sha256=98b5e1f498a8ca1858a1cdbffb023bfd954da4e3fa2c0cb5853d40014557248b xmltodict @ https://agent-int-packages.datadoghq.com/external/xmltodict/xmltodict-0.14.2-py2.py3-none-any.whl#sha256=20cc7d723ed729276e808f26fb6b3599f786cbc37e06c65e192ba77c40f20aac -zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.20.2-py3-none-any.whl#sha256=a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.21.0-py3-none-any.whl#sha256=ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 diff --git a/.deps/resolved/macos-x86_64_3.12.txt b/.deps/resolved/macos-x86_64_3.12.txt index 7a34e2a984cbe..734802d8f7240 100644 --- a/.deps/resolved/macos-x86_64_3.12.txt +++ b/.deps/resolved/macos-x86_64_3.12.txt @@ -4,9 +4,9 @@ attrs @ https://agent-int-packages.datadoghq.com/external/attrs/attrs-24.2.0-py3 aws-requests-auth @ https://agent-int-packages.datadoghq.com/external/aws-requests-auth/aws_requests_auth-0.4.3-py2.py3-none-any.whl#sha256=646bc37d62140ea1c709d20148f5d43197e6bd2d63909eb36fa4bb2345759977 azure-core @ https://agent-int-packages.datadoghq.com/external/azure-core/azure_core-1.32.0-py3-none-any.whl#sha256=eac191a0efb23bfa83fddf321b27b122b4ec847befa3091fa736a5c32c50d7b4 azure-identity @ https://agent-int-packages.datadoghq.com/external/azure-identity/azure_identity-1.17.1-py3-none-any.whl#sha256=db8d59c183b680e763722bfe8ebc45930e6c57df510620985939f7f3191e0382 -bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.0-cp39-abi3-macosx_10_12_universal2.whl#sha256=c52aac18ea1f4a4f65963ea4f9530c306b56ccd0c6f8c8da0c06976e34a6e841 +bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.1-cp39-abi3-macosx_10_12_universal2.whl#sha256=8ad2f4528cbf0febe80e5a3a57d7a74e6635e41af1ea5675282a33d769fba413 beautifulsoup4 @ https://agent-int-packages.datadoghq.com/external/beautifulsoup4/beautifulsoup4-4.12.3-py3-none-any.whl#sha256=b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed -binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.0-py2.py3-none-any.whl#sha256=e1b61f3a5c002717d1a28e4d9d2dc8acbc9d6b12baf7b1e4ab25d743da97e323 +binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.1-py3-none-any.whl#sha256=e92086be2a7204dbbdf86b55d86bd27bf4c24089db866113a90811b492241544 boto3 @ https://agent-int-packages.datadoghq.com/external/boto3/boto3-1.35.10-py3-none-any.whl#sha256=add26dd58e076dfd387013da4704716d5cff215cf14f6d4347c4b9b7fc1f0b8e botocore @ https://agent-int-packages.datadoghq.com/external/botocore/botocore-1.35.10-py3-none-any.whl#sha256=0d96d023b9b0cea99a0a428a431d011329d3a958730aee6ed6a6fec5d9bfbc03 bytecode @ https://agent-int-packages.datadoghq.com/external/bytecode/bytecode-0.16.0-py3-none-any.whl#sha256=76080b7c0eb9e7e17f961d61fd06e933aa47f3b753770a3249537439d8203a25 @@ -18,12 +18,12 @@ charset-normalizer @ https://agent-int-packages.datadoghq.com/external/charset-n clickhouse-cityhash @ https://agent-int-packages.datadoghq.com/external/clickhouse-cityhash/clickhouse_cityhash-1.0.2.4-cp312-cp312-macosx_10_9_x86_64.whl#sha256=261fc1b0bf349de66b2d9e3d367879a561b516ca8e54e85e0c27b7c1a4f639b4 clickhouse-driver @ https://agent-int-packages.datadoghq.com/external/clickhouse-driver/clickhouse_driver-0.2.9-cp312-cp312-macosx_10_9_x86_64.whl#sha256=fcb2fd00e58650ae206a6d5dbc83117240e622471aa5124733fbf2805eb8bda0 cm-client @ https://agent-int-packages.datadoghq.com/built/cm-client/cm_client-45.0.4-20240402154932-py3-none-macosx_10_12_universal2.whl#sha256=aba3c1683ef1b2099933e030464d29b3ad1c206784ebd15d8a7147ecd6ba24e1 -confluent-kafka @ https://agent-int-packages.datadoghq.com/built/confluent-kafka/confluent_kafka-2.5.0-20241107145656-cp312-cp312-macosx_10_13_universal2.whl#sha256=bbbd746739a7c543344bc782170d60f8f46f0249704a250a0866951e609895e0 +confluent-kafka @ https://agent-int-packages.datadoghq.com/built/confluent-kafka/confluent_kafka-2.6.1-20241205195042-cp312-cp312-macosx_10_13_universal2.whl#sha256=380f7e6798592b4ebbcb5697cd3b6c0aa15e2d5d48af70396461780a6b7e854e cryptography @ https://agent-int-packages.datadoghq.com/external/cryptography/cryptography-43.0.1-cp39-abi3-macosx_10_9_universal2.whl#sha256=ac119bb76b9faa00f48128b7f5679e1d8d437365c5d26f1c2c3f0da4ce1b553d ddsketch @ https://agent-int-packages.datadoghq.com/external/ddsketch/ddsketch-3.0.1-py3-none-any.whl#sha256=6d047b455fe2837c43d366ff1ae6ba0c3166e15499de8688437a75cea914224e ddtrace @ https://agent-int-packages.datadoghq.com/external/ddtrace/ddtrace-2.10.6-cp312-cp312-macosx_12_0_x86_64.whl#sha256=401f77b0564c3f990b58b9f21055331ca9efcdfa06dfa6ccff13cf21f8329ba5 decorator @ https://agent-int-packages.datadoghq.com/external/decorator/decorator-5.1.1-py3-none-any.whl#sha256=b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186 -deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.14-py2.py3-none-any.whl#sha256=6fac8b097794a90302bdbb17b9b815e732d3c4720583ff1b198499d78470466c +deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.15-py2.py3-none-any.whl#sha256=353bc4a8ac4bfc96800ddab349d89c25dec1079f65fd53acdcc1e0b975b21320 dnspython @ https://agent-int-packages.datadoghq.com/external/dnspython/dnspython-2.6.1-py3-none-any.whl#sha256=5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 dogpile-cache @ https://agent-int-packages.datadoghq.com/external/dogpile-cache/dogpile.cache-1.3.3-py3-none-any.whl#sha256=5e211c4902ebdf88c678d268e22454b41e68071632daa9402d8ee24e825ed8ca envier @ https://agent-int-packages.datadoghq.com/external/envier/envier-0.6.1-py3-none-any.whl#sha256=73609040a76be48bbcb97074d9969666484aa0de706183a6e9ef773156a8a6a9 @@ -40,7 +40,7 @@ jellyfish @ https://agent-int-packages.datadoghq.com/external/jellyfish/jellyfis jmespath @ https://agent-int-packages.datadoghq.com/external/jmespath/jmespath-1.0.1-py3-none-any.whl#sha256=02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 jsonpatch @ https://agent-int-packages.datadoghq.com/external/jsonpatch/jsonpatch-1.33-py2.py3-none-any.whl#sha256=0ae28c0cd062bbd8b8ecc26d7d164fbbea9652a1a3693f3b956c1eae5145dade jsonpointer @ https://agent-int-packages.datadoghq.com/external/jsonpointer/jsonpointer-3.0.0-py2.py3-none-any.whl#sha256=13e088adc14fca8b6aa8177c044e12701e6ad4b28ff10e65f2267a90109c9942 -keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.8.0-py3-none-any.whl#sha256=e69dff80c509ab64d4de4494658d914e81f26af720828dc584ceee74ecd666d9 +keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.9.1-py3-none-any.whl#sha256=71b98835aec72a01f71c5b919c3193dac95342555e89aa35c86d3d86c4ff5f73 krb5 @ https://agent-int-packages.datadoghq.com/external/krb5/krb5-0.7.0-cp312-cp312-macosx_10_13_x86_64.whl#sha256=fa4ea45629e585787c0bcc455c7fbed7e09176031a7f9e7c87b9deaad401da36 kubernetes @ https://agent-int-packages.datadoghq.com/external/kubernetes/kubernetes-30.1.0-py2.py3-none-any.whl#sha256=e212e8b7579031dd2e512168b617373bc1e03888d41ac4e04039240a292d478d ldap3 @ https://agent-int-packages.datadoghq.com/external/ldap3/ldap3-2.9.1-py2.py3-none-any.whl#sha256=5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70 @@ -48,12 +48,12 @@ looseversion @ https://agent-int-packages.datadoghq.com/external/looseversion/lo lxml @ https://agent-int-packages.datadoghq.com/external/lxml/lxml-5.1.1-cp312-cp312-macosx_10_9_x86_64.whl#sha256=adedfb61be862f48907218e3a24bf051fd2ecca53358f3958b0bdb17d7881c20 lz4 @ https://agent-int-packages.datadoghq.com/external/lz4/lz4-4.3.3-cp312-cp312-macosx_10_9_x86_64.whl#sha256=e36cd7b9d4d920d3bfc2369840da506fa68258f7bb176b8743189793c055e43d mmh3 @ https://agent-int-packages.datadoghq.com/external/mmh3/mmh3-4.1.0-cp312-cp312-macosx_10_9_x86_64.whl#sha256=d6af3e2287644b2b08b5924ed3a88c97b87b44ad08e79ca9f93d3470a54a41c5 -msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.0-py3-none-any.whl#sha256=96bc37cff82ebe4b160d5fc0f1196f6ca8b50e274ecd0ec5bf69c438514086e7 +msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.1-py3-none-any.whl#sha256=29d9882de247e96db01386496d59f29035e5e841bcac892e6d7bf4390bf6bd17 msal-extensions @ https://agent-int-packages.datadoghq.com/external/msal-extensions/msal_extensions-1.2.0-py3-none-any.whl#sha256=cf5ba83a2113fa6dc011a254a72f1c223c88d7dfad74cc30617c4679a417704d -netifaces @ https://agent-int-packages.datadoghq.com/built/netifaces/netifaces-0.11.0-20241107145657-cp312-cp312-macosx_10_13_universal2.whl#sha256=ea5ca8a33b02c10ee5068c85760bc2dcc50c2dea5bc8480838a8233feee040fd +netifaces @ https://agent-int-packages.datadoghq.com/built/netifaces/netifaces-0.11.0-20241205195042-cp312-cp312-macosx_10_13_universal2.whl#sha256=66a155ae114ae885a4a15604cd39e93e12c7dc024132de958e10ced6f375856a oauthlib @ https://agent-int-packages.datadoghq.com/external/oauthlib/oauthlib-3.2.2-py3-none-any.whl#sha256=8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca openstacksdk @ https://agent-int-packages.datadoghq.com/external/openstacksdk/openstacksdk-3.3.0-py3-none-any.whl#sha256=e6d4121b87354984caf0e3c032e2ebf4d4440374f86c81c27ec52ca5df359157 -opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.0-py3-none-any.whl#sha256=8457cd2c59ea1bd0988560f021656cecd254ad7ef6be4ba09dbefeca2409ce52 +opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.2-py3-none-any.whl#sha256=6fcec89e265beb258fe6b1acaaa3c8c705a934bd977b9f534a2b7c0d2d4275a6 orjson @ https://agent-int-packages.datadoghq.com/external/orjson/orjson-3.10.7-cp312-cp312-macosx_10_15_x86_64.macosx_11_0_arm64.macosx_10_15_universal2.whl#sha256=44a96f2d4c3af51bfac6bc4ef7b182aa33f2f054fd7f34cc0ee9a320d051d41f os-service-types @ https://agent-int-packages.datadoghq.com/external/os-service-types/os_service_types-1.7.0-py2.py3-none-any.whl#sha256=0505c72205690910077fb72b88f2a1f07533c8d39f2fe75b29583481764965d6 packaging @ https://agent-int-packages.datadoghq.com/external/packaging/packaging-24.1-py3-none-any.whl#sha256=5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124 @@ -76,7 +76,7 @@ pydantic @ https://agent-int-packages.datadoghq.com/external/pydantic/pydantic-2 pydantic-core @ https://agent-int-packages.datadoghq.com/external/pydantic-core/pydantic_core-2.20.1-cp312-cp312-macosx_10_12_x86_64.whl#sha256=595ba5be69b35777474fa07f80fc260ea71255656191adb22a8c53aba4479231 pyjwt @ https://agent-int-packages.datadoghq.com/external/pyjwt/PyJWT-2.9.0-py3-none-any.whl#sha256=3b02fb0f44517787776cf48f2ae25d8e14f300e6d7545a4315cee571a415e850 pymongo @ https://agent-int-packages.datadoghq.com/external/pymongo/pymongo-4.8.0-cp312-cp312-macosx_10_9_x86_64.whl#sha256=e6a720a3d22b54183352dc65f08cd1547204d263e0651b213a0a2e577e838526 -pymqi @ https://agent-int-packages.datadoghq.com/built/pymqi/pymqi-1.12.10-20241107145658-cp312-cp312-macosx_10_13_universal2.whl#sha256=18da6c17fe5e49d921a75da8e05f89ede2ab37a5b8fb497ad320bbb5f8c6232d +pymqi @ https://agent-int-packages.datadoghq.com/built/pymqi/pymqi-1.12.10-20241205195043-cp312-cp312-macosx_10_13_universal2.whl#sha256=b436d180ff1d3ffa5094a610721038aa678155038597351179b19ddeb28f507d pymysql @ https://agent-int-packages.datadoghq.com/external/pymysql/PyMySQL-1.1.1-py3-none-any.whl#sha256=4de15da4c61dc132f4fb9ab763063e693d521a80fd0e87943b9a453dd4c19d6c pynacl @ https://agent-int-packages.datadoghq.com/external/pynacl/PyNaCl-1.5.0-cp36-abi3-macosx_10_10_universal2.whl#sha256=401002a4aaa07c9414132aaed7f6836ff98f59277a234704ff66878c2ee4a0d1 pyodbc @ https://agent-int-packages.datadoghq.com/external/pyodbc/pyodbc-5.1.0-cp312-cp312-macosx_10_9_x86_64.whl#sha256=d3d9cc4af703c4817b6e604315910b0cf5dcb68056d52b25ca072dd59c52dcbc @@ -86,7 +86,7 @@ pysnmp @ https://agent-int-packages.datadoghq.com/external/pysnmp/pysnmp-5.1.0-p pysnmp-mibs @ https://agent-int-packages.datadoghq.com/external/pysnmp-mibs/pysnmp_mibs-0.1.6-py2.py3-none-any.whl#sha256=5e153ebe8e767c07940cea435f866c623ff6b2376155c7da75085b08d3774d48 pysnmpcrypto @ https://agent-int-packages.datadoghq.com/external/pysnmpcrypto/pysnmpcrypto-0.0.4-py2.py3-none-any.whl#sha256=5889733caa030f45d9e03ea9d6370fb06426a8cb7f839aabbcdde33c6f634679 pysocks @ https://agent-int-packages.datadoghq.com/external/pysocks/PySocks-1.7.1-py3-none-any.whl#sha256=2725bd0a9925919b9b51739eea5f9e2bae91e83288108a9ad338b2e3a4435ee5 -pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.1-py3-none-any.whl#sha256=129a4294f2c4d681d5875240ef87accc6f1d921e8983737fb0b59642b397951e +pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.2-py3-none-any.whl#sha256=74abc1fb51e59360eb5c5c9086e5962174f1072c7a50cf6da0bda9a4bcfdfbd4 python-binary-memcached @ https://agent-int-packages.datadoghq.com/external/python-binary-memcached/python_binary_memcached-0.31.2-py3-none-any.whl#sha256=e5b93d54429e835cab7d5b33988649f9748344aa49adaed8eed94b37e714d562 python-dateutil @ https://agent-int-packages.datadoghq.com/external/python-dateutil/python_dateutil-2.9.0.post0-py2.py3-none-any.whl#sha256=a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427 python3-gearman @ https://agent-int-packages.datadoghq.com/external/python3-gearman/python3_gearman-0.1.0-py3-none-any.whl#sha256=4a5808d3a0bfc6c243548ad57e7aab4bee62c9cba2b1c3a860fdd292d46a112d @@ -103,27 +103,27 @@ requests-unixsocket2 @ https://agent-int-packages.datadoghq.com/external/request requestsexceptions @ https://agent-int-packages.datadoghq.com/external/requestsexceptions/requestsexceptions-1.4.0-py2.py3-none-any.whl#sha256=3083d872b6e07dc5c323563ef37671d992214ad9a32b0ca4a3d7f5500bf38ce3 rethinkdb @ https://agent-int-packages.datadoghq.com/external/rethinkdb/rethinkdb-2.4.10.post1-py2.py3-none-any.whl#sha256=a8c3644a35beb7bc857887808d267e6124623b32dc1f54608e7729a14617a431 rsa @ https://agent-int-packages.datadoghq.com/external/rsa/rsa-4.9-py3-none-any.whl#sha256=90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 -s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.3-py3-none-any.whl#sha256=263ed587a5803c6c708d3ce44dc4dfedaab4c1a32e8329bab818933d79ddcf5d +s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.4-py3-none-any.whl#sha256=244a76a24355363a68164241438de1b72f8781664920260c48465896b712a41e securesystemslib @ https://agent-int-packages.datadoghq.com/external/securesystemslib/securesystemslib-0.28.0-py3-none-any.whl#sha256=9e6b9abe36a511d4f52c759069db8f6f650362ba82d6efc7bc7466a458b3f499 semver @ https://agent-int-packages.datadoghq.com/external/semver/semver-3.0.2-py3-none-any.whl#sha256=b1ea4686fe70b981f85359eda33199d60c53964284e0cfb4977d243e37cf4bf4 service-identity @ https://agent-int-packages.datadoghq.com/external/service-identity/service_identity-24.1.0-py3-none-any.whl#sha256=a28caf8130c8a5c1c7a6f5293faaf239bbfb7751e4862436920ee6f2616f568a -setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.3.0-py3-none-any.whl#sha256=f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd +setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.6.0-py3-none-any.whl#sha256=ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d simplejson @ https://agent-int-packages.datadoghq.com/external/simplejson/simplejson-3.19.3-cp312-cp312-macosx_10_9_x86_64.whl#sha256=6ef9383c5e05f445be60f1735c1816163c874c0b1ede8bb4390aff2ced34f333 -six @ https://agent-int-packages.datadoghq.com/external/six/six-1.16.0-py2.py3-none-any.whl#sha256=8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 +six @ https://agent-int-packages.datadoghq.com/external/six/six-1.17.0-py2.py3-none-any.whl#sha256=4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 snowflake-connector-python @ https://agent-int-packages.datadoghq.com/external/snowflake-connector-python/snowflake_connector_python-3.12.3-cp312-cp312-macosx_11_0_x86_64.whl#sha256=597b0c74ec57ba693191ae2de8db9536e349ee32cab152df657473e498b6fd87 sortedcontainers @ https://agent-int-packages.datadoghq.com/external/sortedcontainers/sortedcontainers-2.4.0-py2.py3-none-any.whl#sha256=a163dcaede0f1c021485e957a39245190e74249897e2ae4b2aa38595db237ee0 soupsieve @ https://agent-int-packages.datadoghq.com/external/soupsieve/soupsieve-2.6-py3-none-any.whl#sha256=e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 -stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.3.0-py3-none-any.whl#sha256=1efd34ca08f474dad08d9b19e934a22c68bb6fe416926479ba29e5013bcc8f78 +stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.4.0-py3-none-any.whl#sha256=b0be3c4748b3ea7b854b265dcb4caa891015e442416422be16f8b31756107857 supervisor @ https://agent-int-packages.datadoghq.com/external/supervisor/supervisor-4.2.5-py2.py3-none-any.whl#sha256=2ecaede32fc25af814696374b79e42644ecaba5c09494c51016ffda9602d0f08 tomlkit @ https://agent-int-packages.datadoghq.com/external/tomlkit/tomlkit-0.13.2-py3-none-any.whl#sha256=7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde tuf @ https://agent-int-packages.datadoghq.com/external/tuf/tuf-4.0.0-py3-none-any.whl#sha256=a22ab5fa6daf910b3052929fdce42ccad8a300e5e85715daaff9592aed980f7a typing-extensions @ https://agent-int-packages.datadoghq.com/external/typing-extensions/typing_extensions-4.12.2-py3-none-any.whl#sha256=04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d tzlocal @ https://agent-int-packages.datadoghq.com/external/tzlocal/tzlocal-5.2-py3-none-any.whl#sha256=49816ef2fe65ea8ac19d19aa7a1ae0551c834303d5014c6d5a62e4cbda8047b8 uhashring @ https://agent-int-packages.datadoghq.com/external/uhashring/uhashring-2.3-py3-none-any.whl#sha256=7ee8a25ca495a97effad10bd563c83b4054a6d7606d9530757049a04edab9297 -uptime @ https://agent-int-packages.datadoghq.com/built/uptime/uptime-3.0.1-20241107145658-cp312-cp312-macosx_10_13_universal2.whl#sha256=f7bf650bd66b51168f808be48675a2c205ad272f1c9485b614a6129a7eaab079 +uptime @ https://agent-int-packages.datadoghq.com/built/uptime/uptime-3.0.1-20241205195044-cp312-cp312-macosx_10_13_universal2.whl#sha256=63083f38ee611a28940cfa670df6a45df4d2d8b1960640c5480febac2f326134 urllib3 @ https://agent-int-packages.datadoghq.com/external/urllib3/urllib3-2.2.3-py3-none-any.whl#sha256=ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac vertica-python @ https://agent-int-packages.datadoghq.com/external/vertica-python/vertica_python-1.4.0-py3-none-any.whl#sha256=50fecd7687f4b0b9f6dee6e2b35c195af2a4f702ece01bd12e080b51756e000b websocket-client @ https://agent-int-packages.datadoghq.com/external/websocket-client/websocket_client-1.8.0-py3-none-any.whl#sha256=17b44cc997f5c498e809b22cdf2d9c7a9e71c02c8cc2b6c56e7c2d1239bfa526 wrapt @ https://agent-int-packages.datadoghq.com/external/wrapt/wrapt-1.16.0-cp312-cp312-macosx_10_9_x86_64.whl#sha256=5eb404d89131ec9b4f748fa5cfb5346802e5ee8836f57d516576e61f304f3b7b xmltodict @ https://agent-int-packages.datadoghq.com/external/xmltodict/xmltodict-0.14.2-py2.py3-none-any.whl#sha256=20cc7d723ed729276e808f26fb6b3599f786cbc37e06c65e192ba77c40f20aac -zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.20.2-py3-none-any.whl#sha256=a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.21.0-py3-none-any.whl#sha256=ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 diff --git a/.deps/resolved/windows-x86_64_3.12.txt b/.deps/resolved/windows-x86_64_3.12.txt index 4159884005ebd..67094404c3e2f 100644 --- a/.deps/resolved/windows-x86_64_3.12.txt +++ b/.deps/resolved/windows-x86_64_3.12.txt @@ -4,9 +4,9 @@ attrs @ https://agent-int-packages.datadoghq.com/external/attrs/attrs-24.2.0-py3 aws-requests-auth @ https://agent-int-packages.datadoghq.com/external/aws-requests-auth/aws_requests_auth-0.4.3-py2.py3-none-any.whl#sha256=646bc37d62140ea1c709d20148f5d43197e6bd2d63909eb36fa4bb2345759977 azure-core @ https://agent-int-packages.datadoghq.com/external/azure-core/azure_core-1.32.0-py3-none-any.whl#sha256=eac191a0efb23bfa83fddf321b27b122b4ec847befa3091fa736a5c32c50d7b4 azure-identity @ https://agent-int-packages.datadoghq.com/external/azure-identity/azure_identity-1.17.1-py3-none-any.whl#sha256=db8d59c183b680e763722bfe8ebc45930e6c57df510620985939f7f3191e0382 -bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.0-cp39-abi3-win_amd64.whl#sha256=61ed14326ee023917ecd093ee6ef422a72f3aec6f07e21ea5f10622b735538a9 +bcrypt @ https://agent-int-packages.datadoghq.com/external/bcrypt/bcrypt-4.2.1-cp39-abi3-win_amd64.whl#sha256=e84e0e6f8e40a242b11bce56c313edc2be121cec3e0ec2d76fce01f6af33c07c beautifulsoup4 @ https://agent-int-packages.datadoghq.com/external/beautifulsoup4/beautifulsoup4-4.12.3-py3-none-any.whl#sha256=b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed -binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.0-py2.py3-none-any.whl#sha256=e1b61f3a5c002717d1a28e4d9d2dc8acbc9d6b12baf7b1e4ab25d743da97e323 +binary @ https://agent-int-packages.datadoghq.com/external/binary/binary-1.0.1-py3-none-any.whl#sha256=e92086be2a7204dbbdf86b55d86bd27bf4c24089db866113a90811b492241544 boto3 @ https://agent-int-packages.datadoghq.com/external/boto3/boto3-1.35.10-py3-none-any.whl#sha256=add26dd58e076dfd387013da4704716d5cff215cf14f6d4347c4b9b7fc1f0b8e botocore @ https://agent-int-packages.datadoghq.com/external/botocore/botocore-1.35.10-py3-none-any.whl#sha256=0d96d023b9b0cea99a0a428a431d011329d3a958730aee6ed6a6fec5d9bfbc03 bytecode @ https://agent-int-packages.datadoghq.com/external/bytecode/bytecode-0.16.0-py3-none-any.whl#sha256=76080b7c0eb9e7e17f961d61fd06e933aa47f3b753770a3249537439d8203a25 @@ -18,12 +18,12 @@ charset-normalizer @ https://agent-int-packages.datadoghq.com/external/charset-n clickhouse-cityhash @ https://agent-int-packages.datadoghq.com/external/clickhouse-cityhash/clickhouse_cityhash-1.0.2.4-cp312-cp312-win_amd64.whl#sha256=0409917be29f5ad80a6772712fce954b5e81450555636e8523290ee9740a2dbb clickhouse-driver @ https://agent-int-packages.datadoghq.com/external/clickhouse-driver/clickhouse_driver-0.2.9-cp312-cp312-win_amd64.whl#sha256=de6624e28eeffd01668803d28ae89e3d4e359b1bff8b60e4933e1cb3c6f86f18 cm-client @ https://agent-int-packages.datadoghq.com/built/cm-client/cm_client-45.0.4-20240402154627-py3-none-win_amd64.whl#sha256=1743b32a221d2a0804b4e425ffd53468e8f1754da217fe1e7bd9ff7800fd90f8 -confluent-kafka @ https://agent-int-packages.datadoghq.com/external/confluent-kafka/confluent_kafka-2.5.0-cp312-cp312-win_amd64.whl#sha256=d668b5c426af595271bf6fce2917a6c3a15453656077a59db85f440958b5ccc2 +confluent-kafka @ https://agent-int-packages.datadoghq.com/external/confluent-kafka/confluent_kafka-2.6.1-cp312-cp312-win_amd64.whl#sha256=b17da915fc35b1bef49d599f685656f65f379094dbbc7aafc5ede1843cc72699 cryptography @ https://agent-int-packages.datadoghq.com/external/cryptography/cryptography-43.0.1-cp39-abi3-win_amd64.whl#sha256=d75601ad10b059ec832e78823b348bfa1a59f6b8d545db3a24fd44362a1564cb ddsketch @ https://agent-int-packages.datadoghq.com/external/ddsketch/ddsketch-3.0.1-py3-none-any.whl#sha256=6d047b455fe2837c43d366ff1ae6ba0c3166e15499de8688437a75cea914224e ddtrace @ https://agent-int-packages.datadoghq.com/external/ddtrace/ddtrace-2.10.6-cp312-cp312-win_amd64.whl#sha256=bb183a535e5b24828a45901babd9fd15a1350c9d5096de5ba463287d0c8c64d1 decorator @ https://agent-int-packages.datadoghq.com/external/decorator/decorator-5.1.1-py3-none-any.whl#sha256=b8c3f85900b9dc423225913c5aace94729fe1fa9763b38939a95226f02d37186 -deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.14-py2.py3-none-any.whl#sha256=6fac8b097794a90302bdbb17b9b815e732d3c4720583ff1b198499d78470466c +deprecated @ https://agent-int-packages.datadoghq.com/external/deprecated/Deprecated-1.2.15-py2.py3-none-any.whl#sha256=353bc4a8ac4bfc96800ddab349d89c25dec1079f65fd53acdcc1e0b975b21320 dnspython @ https://agent-int-packages.datadoghq.com/external/dnspython/dnspython-2.6.1-py3-none-any.whl#sha256=5ef3b9680161f6fa89daf8ad451b5f1a33b18ae8a1c6778cdf4b43f08c0a6e50 dogpile-cache @ https://agent-int-packages.datadoghq.com/external/dogpile-cache/dogpile.cache-1.3.3-py3-none-any.whl#sha256=5e211c4902ebdf88c678d268e22454b41e68071632daa9402d8ee24e825ed8ca envier @ https://agent-int-packages.datadoghq.com/external/envier/envier-0.6.1-py3-none-any.whl#sha256=73609040a76be48bbcb97074d9969666484aa0de706183a6e9ef773156a8a6a9 @@ -39,19 +39,19 @@ jellyfish @ https://agent-int-packages.datadoghq.com/external/jellyfish/jellyfis jmespath @ https://agent-int-packages.datadoghq.com/external/jmespath/jmespath-1.0.1-py3-none-any.whl#sha256=02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 jsonpatch @ https://agent-int-packages.datadoghq.com/external/jsonpatch/jsonpatch-1.33-py2.py3-none-any.whl#sha256=0ae28c0cd062bbd8b8ecc26d7d164fbbea9652a1a3693f3b956c1eae5145dade jsonpointer @ https://agent-int-packages.datadoghq.com/external/jsonpointer/jsonpointer-3.0.0-py2.py3-none-any.whl#sha256=13e088adc14fca8b6aa8177c044e12701e6ad4b28ff10e65f2267a90109c9942 -keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.8.0-py3-none-any.whl#sha256=e69dff80c509ab64d4de4494658d914e81f26af720828dc584ceee74ecd666d9 +keystoneauth1 @ https://agent-int-packages.datadoghq.com/external/keystoneauth1/keystoneauth1-5.9.1-py3-none-any.whl#sha256=71b98835aec72a01f71c5b919c3193dac95342555e89aa35c86d3d86c4ff5f73 kubernetes @ https://agent-int-packages.datadoghq.com/external/kubernetes/kubernetes-30.1.0-py2.py3-none-any.whl#sha256=e212e8b7579031dd2e512168b617373bc1e03888d41ac4e04039240a292d478d ldap3 @ https://agent-int-packages.datadoghq.com/external/ldap3/ldap3-2.9.1-py2.py3-none-any.whl#sha256=5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70 looseversion @ https://agent-int-packages.datadoghq.com/external/looseversion/looseversion-1.3.0-py2.py3-none-any.whl#sha256=781ef477b45946fc03dd4c84ea87734b21137ecda0e1e122bcb3c8d16d2a56e0 lxml @ https://agent-int-packages.datadoghq.com/external/lxml/lxml-5.1.1-cp312-cp312-win_amd64.whl#sha256=0e46181d15fae102c53621bed9356b7a599a1e837b978c934a350dd00842b1d9 lz4 @ https://agent-int-packages.datadoghq.com/external/lz4/lz4-4.3.3-cp312-cp312-win_amd64.whl#sha256=5d35533bf2cee56f38ced91f766cd0038b6abf46f438a80d50c52750088be93f mmh3 @ https://agent-int-packages.datadoghq.com/external/mmh3/mmh3-4.1.0-cp312-cp312-win_amd64.whl#sha256=bebc3ecb6ba18292e3d40c8712482b4477abd6981c2ebf0e60869bd90f8ac3a9 -msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.0-py3-none-any.whl#sha256=96bc37cff82ebe4b160d5fc0f1196f6ca8b50e274ecd0ec5bf69c438514086e7 +msal @ https://agent-int-packages.datadoghq.com/external/msal/msal-1.31.1-py3-none-any.whl#sha256=29d9882de247e96db01386496d59f29035e5e841bcac892e6d7bf4390bf6bd17 msal-extensions @ https://agent-int-packages.datadoghq.com/external/msal-extensions/msal_extensions-1.2.0-py3-none-any.whl#sha256=cf5ba83a2113fa6dc011a254a72f1c223c88d7dfad74cc30617c4679a417704d netifaces @ https://agent-int-packages.datadoghq.com/built/netifaces/netifaces-0.11.0-20240830145553-cp312-cp312-win_amd64.whl#sha256=a1ba522e63fb6b220e7fe668767f334662afa9c56eca18b361bd1f88863ab59a oauthlib @ https://agent-int-packages.datadoghq.com/external/oauthlib/oauthlib-3.2.2-py3-none-any.whl#sha256=8139f29aac13e25d502680e9e19963e83f16838d48a0d71c287fe40e7067fbca openstacksdk @ https://agent-int-packages.datadoghq.com/external/openstacksdk/openstacksdk-3.3.0-py3-none-any.whl#sha256=e6d4121b87354984caf0e3c032e2ebf4d4440374f86c81c27ec52ca5df359157 -opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.0-py3-none-any.whl#sha256=8457cd2c59ea1bd0988560f021656cecd254ad7ef6be4ba09dbefeca2409ce52 +opentelemetry-api @ https://agent-int-packages.datadoghq.com/external/opentelemetry-api/opentelemetry_api-1.28.2-py3-none-any.whl#sha256=6fcec89e265beb258fe6b1acaaa3c8c705a934bd977b9f534a2b7c0d2d4275a6 orjson @ https://agent-int-packages.datadoghq.com/external/orjson/orjson-3.10.7-cp312-none-win_amd64.whl#sha256=1d9c0e733e02ada3ed6098a10a8ee0052dd55774de3d9110d29868d24b17faa1 os-service-types @ https://agent-int-packages.datadoghq.com/external/os-service-types/os_service_types-1.7.0-py2.py3-none-any.whl#sha256=0505c72205690910077fb72b88f2a1f07533c8d39f2fe75b29583481764965d6 packaging @ https://agent-int-packages.datadoghq.com/external/packaging/packaging-24.1-py3-none-any.whl#sha256=5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124 @@ -84,7 +84,7 @@ pysnmp @ https://agent-int-packages.datadoghq.com/external/pysnmp/pysnmp-5.1.0-p pysnmp-mibs @ https://agent-int-packages.datadoghq.com/external/pysnmp-mibs/pysnmp_mibs-0.1.6-py2.py3-none-any.whl#sha256=5e153ebe8e767c07940cea435f866c623ff6b2376155c7da75085b08d3774d48 pysnmpcrypto @ https://agent-int-packages.datadoghq.com/external/pysnmpcrypto/pysnmpcrypto-0.0.4-py2.py3-none-any.whl#sha256=5889733caa030f45d9e03ea9d6370fb06426a8cb7f839aabbcdde33c6f634679 pysocks @ https://agent-int-packages.datadoghq.com/external/pysocks/PySocks-1.7.1-py3-none-any.whl#sha256=2725bd0a9925919b9b51739eea5f9e2bae91e83288108a9ad338b2e3a4435ee5 -pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.1-py3-none-any.whl#sha256=129a4294f2c4d681d5875240ef87accc6f1d921e8983737fb0b59642b397951e +pyspnego @ https://agent-int-packages.datadoghq.com/external/pyspnego/pyspnego-0.11.2-py3-none-any.whl#sha256=74abc1fb51e59360eb5c5c9086e5962174f1072c7a50cf6da0bda9a4bcfdfbd4 python-dateutil @ https://agent-int-packages.datadoghq.com/external/python-dateutil/python_dateutil-2.9.0.post0-py2.py3-none-any.whl#sha256=a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427 pytz @ https://agent-int-packages.datadoghq.com/external/pytz/pytz-2024.2-py2.py3-none-any.whl#sha256=31c7c1817eb7fae7ca4b8c7ee50c72f93aa2dd863de768e1ef4245d426aa0725 pyvmomi @ https://agent-int-packages.datadoghq.com/built/pyvmomi/pyvmomi-8.0.3.0.1-20240702172100-py2.py3-none-win_amd64.whl#sha256=19446fe48dbdd8b64097eff5648cc4b5a19165ede40826507f5e1398e1032e12 @@ -100,18 +100,18 @@ requests-unixsocket2 @ https://agent-int-packages.datadoghq.com/external/request requestsexceptions @ https://agent-int-packages.datadoghq.com/external/requestsexceptions/requestsexceptions-1.4.0-py2.py3-none-any.whl#sha256=3083d872b6e07dc5c323563ef37671d992214ad9a32b0ca4a3d7f5500bf38ce3 rethinkdb @ https://agent-int-packages.datadoghq.com/external/rethinkdb/rethinkdb-2.4.10.post1-py2.py3-none-any.whl#sha256=a8c3644a35beb7bc857887808d267e6124623b32dc1f54608e7729a14617a431 rsa @ https://agent-int-packages.datadoghq.com/external/rsa/rsa-4.9-py3-none-any.whl#sha256=90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 -s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.3-py3-none-any.whl#sha256=263ed587a5803c6c708d3ce44dc4dfedaab4c1a32e8329bab818933d79ddcf5d +s3transfer @ https://agent-int-packages.datadoghq.com/external/s3transfer/s3transfer-0.10.4-py3-none-any.whl#sha256=244a76a24355363a68164241438de1b72f8781664920260c48465896b712a41e securesystemslib @ https://agent-int-packages.datadoghq.com/external/securesystemslib/securesystemslib-0.28.0-py3-none-any.whl#sha256=9e6b9abe36a511d4f52c759069db8f6f650362ba82d6efc7bc7466a458b3f499 semver @ https://agent-int-packages.datadoghq.com/external/semver/semver-3.0.2-py3-none-any.whl#sha256=b1ea4686fe70b981f85359eda33199d60c53964284e0cfb4977d243e37cf4bf4 service-identity @ https://agent-int-packages.datadoghq.com/external/service-identity/service_identity-24.1.0-py3-none-any.whl#sha256=a28caf8130c8a5c1c7a6f5293faaf239bbfb7751e4862436920ee6f2616f568a -setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.3.0-py3-none-any.whl#sha256=f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd +setuptools @ https://agent-int-packages.datadoghq.com/external/setuptools/setuptools-75.6.0-py3-none-any.whl#sha256=ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d simplejson @ https://agent-int-packages.datadoghq.com/external/simplejson/simplejson-3.19.3-cp312-cp312-win_amd64.whl#sha256=1e662336db50ad665777e6548b5076329a94a0c3d4a0472971c588b3ef27de3a -six @ https://agent-int-packages.datadoghq.com/external/six/six-1.16.0-py2.py3-none-any.whl#sha256=8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 +six @ https://agent-int-packages.datadoghq.com/external/six/six-1.17.0-py2.py3-none-any.whl#sha256=4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 snowflake-connector-python @ https://agent-int-packages.datadoghq.com/external/snowflake-connector-python/snowflake_connector_python-3.12.3-cp312-cp312-win_amd64.whl#sha256=f0d0fcb948ef0812ab162ec9767622f345554043a07439c0c1a9474c86772320 sortedcontainers @ https://agent-int-packages.datadoghq.com/external/sortedcontainers/sortedcontainers-2.4.0-py2.py3-none-any.whl#sha256=a163dcaede0f1c021485e957a39245190e74249897e2ae4b2aa38595db237ee0 soupsieve @ https://agent-int-packages.datadoghq.com/external/soupsieve/soupsieve-2.6-py3-none-any.whl#sha256=e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 sspilib @ https://agent-int-packages.datadoghq.com/external/sspilib/sspilib-0.2.0-cp312-cp312-win_amd64.whl#sha256=40a97ca83e503a175d1dc9461836994e47e8b9bcf56cab81a2c22e27f1993079 -stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.3.0-py3-none-any.whl#sha256=1efd34ca08f474dad08d9b19e934a22c68bb6fe416926479ba29e5013bcc8f78 +stevedore @ https://agent-int-packages.datadoghq.com/external/stevedore/stevedore-5.4.0-py3-none-any.whl#sha256=b0be3c4748b3ea7b854b265dcb4caa891015e442416422be16f8b31756107857 supervisor @ https://agent-int-packages.datadoghq.com/external/supervisor/supervisor-4.2.5-py2.py3-none-any.whl#sha256=2ecaede32fc25af814696374b79e42644ecaba5c09494c51016ffda9602d0f08 tomlkit @ https://agent-int-packages.datadoghq.com/external/tomlkit/tomlkit-0.13.2-py3-none-any.whl#sha256=7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde tuf @ https://agent-int-packages.datadoghq.com/external/tuf/tuf-4.0.0-py3-none-any.whl#sha256=a22ab5fa6daf910b3052929fdce42ccad8a300e5e85715daaff9592aed980f7a @@ -124,4 +124,4 @@ vertica-python @ https://agent-int-packages.datadoghq.com/external/vertica-pytho websocket-client @ https://agent-int-packages.datadoghq.com/external/websocket-client/websocket_client-1.8.0-py3-none-any.whl#sha256=17b44cc997f5c498e809b22cdf2d9c7a9e71c02c8cc2b6c56e7c2d1239bfa526 wrapt @ https://agent-int-packages.datadoghq.com/external/wrapt/wrapt-1.16.0-cp312-cp312-win_amd64.whl#sha256=dcdba5c86e368442528f7060039eda390cc4091bfd1dca41e8046af7c910dda8 xmltodict @ https://agent-int-packages.datadoghq.com/external/xmltodict/xmltodict-0.14.2-py2.py3-none-any.whl#sha256=20cc7d723ed729276e808f26fb6b3599f786cbc37e06c65e192ba77c40f20aac -zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.20.2-py3-none-any.whl#sha256=a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +zipp @ https://agent-int-packages.datadoghq.com/external/zipp/zipp-3.21.0-py3-none-any.whl#sha256=ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 34033267ab8c1..0c1a51bcee6be 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -84,7 +84,7 @@ manifest.json @DataDog/documentation @DataDog/agent-integrations /kubernetes/*.md @DataDog/container-integrations @DataDog/agent-integrations @DataDog/documentation /kubernetes/manifest.json @DataDog/container-integrations @DataDog/agent-integrations @DataDog/documentation /kubernetes_admission/ @DataDog/container-platform @DataDog/agent-integrations -/kubernetes_cluster_autoscaler/ @DataDog/container-integrations @DataDog/agent-integrations +/kubernetes_cluster_autoscaler/ @DataDog/container-integrations @DataDog/agent-integrations /kubernetes_cluster_autoscaler/*.md @DataDog/container-integrations @DataDog/agent-integrations @DataDog/documentation /kubernetes_cluster_autoscaler/manifest.json @DataDog/container-integrations @DataDog/agent-integrations @DataDog/documentation /kubernetes_state/ @DataDog/container-integrations @DataDog/agent-integrations @@ -138,7 +138,7 @@ manifest.json @DataDog/documentation @DataDog/agent-integrations /fly_io/ @DataDog/platform-integrations @DataDog/agent-integrations /fly_io/manifest.json @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation /fly_io/*.md @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation -/fly_io/assets/logs/ @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation @DataDog/logs-backend +/fly_io/assets/logs/ @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /openstack/ @DataDog/platform-integrations @DataDog/agent-integrations /openstack/*.md @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation /openstack/manifest.json @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation @@ -148,7 +148,7 @@ manifest.json @DataDog/documentation @DataDog/agent-integrations /teleport/ @DataDog/platform-integrations @DataDog/agent-integrations /teleport/manifest.json @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation /teleport/*.md @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation -/teleport/assets/logs/ @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation @DataDog/logs-backend +/teleport/assets/logs/ @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /vsphere/ @DataDog/platform-integrations @DataDog/agent-integrations /vsphere/manifest.json @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation /vsphere/*.md @DataDog/platform-integrations @DataDog/agent-integrations @DataDog/documentation @@ -200,7 +200,7 @@ datadog_checks_base/tests/**/test_db_statements.py @DataDog/database-monitoring # APM Integrations /langchain/ @DataDog/ml-observability @DataDog/agent-integrations @DataDog/documentation /openai/ @DataDog/ml-observability @DataDog/agent-integrations @DataDog/documentation - +/anthropic/ @DataDog/ml-observability @DataDog/agent-integrations @DataDog/documentation # Windows agent datadog_checks_base/datadog_checks/base/checks/win/ @DataDog/windows-agent @DataDog/agent-integrations @@ -259,17 +259,23 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi /cisco_secure_endpoint/ @DataDog/saas-integrations /cisco_secure_endpoint/*.md @DataDog/saas-integrations @DataDog/documentation /cisco_secure_endpoint/manifest.json @DataDog/saas-integrations @DataDog/documentation -/cisco_secure_endpoint/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/cisco_secure_endpoint/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /contentful/ @DataDog/saas-integrations /contentful/*.md @DataDog/saas-integrations @DataDog/documentation /contentful/manifest.json @DataDog/saas-integrations @DataDog/documentation -/contentful/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/contentful/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /freshservice/ @DataDog/saas-integrations /freshservice/*.md @DataDog/saas-integrations @DataDog/documentation /freshservice/manifest.json @DataDog/saas-integrations @DataDog/documentation -/freshservice/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/freshservice/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + +/genesys/ @DataDog/saas-integrations +/genesys/*.md @DataDog/saas-integrations @DataDog/documentation +/genesys/manifest.json @DataDog/saas-integrations @DataDog/documentation +/genesys/metadata.csv @DataDog/saas-integrations @DataDog/documentation +/genesys/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend /godaddy/ @DataDog/saas-integrations /godaddy/*.md @DataDog/saas-integrations @DataDog/documentation @@ -279,17 +285,17 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi /greenhouse/ @DataDog/saas-integrations /greenhouse/*.md @DataDog/saas-integrations @DataDog/documentation /greenhouse/manifest.json @DataDog/saas-integrations @DataDog/documentation -/greenhouse/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/greenhouse/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /incident_io/ @DataDog/saas-integrations /incident_io/*.md @DataDog/saas-integrations @DataDog/documentation /incident_io/manifest.json @DataDog/saas-integrations @DataDog/documentation -/incident_io/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/incident_io/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /lastpass/ @DataDog/saas-integrations /lastpass/*.md @DataDog/saas-integrations @DataDog/documentation /lastpass/manifest.json @DataDog/saas-integrations @DataDog/documentation -/lastpass/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/lastpass/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /mailchimp/ @DataDog/saas-integrations /mailchimp/*.md @DataDog/saas-integrations @DataDog/documentation @@ -298,78 +304,117 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi /mimecast/ @DataDog/saas-integrations /mimecast/*.md @DataDog/saas-integrations @DataDog/documentation /mimecast/manifest.json @DataDog/saas-integrations @DataDog/documentation -/mimecast/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/mimecast/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + +/mux/ @DataDog/saas-integrations +/mux/*.md @DataDog/saas-integrations @DataDog/documentation +/mux/manifest.json @DataDog/saas-integrations @DataDog/documentation +/mux/metadata.csv @DataDog/saas-integrations @DataDog/documentation /palo_alto_cortex_xdr/ @DataDog/saas-integrations /palo_alto_cortex_xdr/*.md @DataDog/saas-integrations @DataDog/documentation /palo_alto_cortex_xdr/manifest.json @DataDog/saas-integrations @DataDog/documentation -/palo_alto_cortex_xdr/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/palo_alto_cortex_xdr/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /snowflake/ @DataDog/saas-integrations -/snowflake/*.md @DataDog/saas-integrations @DataDog/documentation +/snowflake/*.md @DataDog/saas-integrations @DataDog/documentation @DataDog/agent-integrations /snowflake/manifest.json @DataDog/saas-integrations @DataDog/documentation +/sonicwall_firewall/ @DataDog/saas-integrations +/sonicwall_firewall/*.md @DataDog/saas-integrations @DataDog/documentation +/sonicwall_firewall/manifest.json @DataDog/saas-integrations @DataDog/documentation +/sonicwall_firewall/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend + /sophos_central_cloud/ @DataDog/saas-integrations /sophos_central_cloud/*.md @DataDog/saas-integrations @DataDog/documentation /sophos_central_cloud/manifest.json @DataDog/saas-integrations @DataDog/documentation -/sophos_central_cloud/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/sophos_central_cloud/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + +/squid/ @DataDog/saas-integrations +/squid/*.md @DataDog/saas-integrations @DataDog/documentation +/squid/manifest.json @DataDog/saas-integrations @DataDog/documentation +/squid/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend /ping_one/ @DataDog/saas-integrations /ping_one/*.md @DataDog/saas-integrations @DataDog/documentation /ping_one/manifest.json @DataDog/saas-integrations @DataDog/documentation -/ping_one/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/ping_one/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /trend_micro_vision_one_xdr/ @DataDog/saas-integrations /trend_micro_vision_one_xdr/*.md @DataDog/saas-integrations @DataDog/documentation /trend_micro_vision_one_xdr/manifest.json @DataDog/saas-integrations @DataDog/documentation -/trend_micro_vision_one_xdr/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/trend_micro_vision_one_xdr/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /ping_federate/ @DataDog/saas-integrations /ping_federate/*.md @DataDog/saas-integrations @DataDog/documentation /ping_federate/manifest.json @DataDog/saas-integrations @DataDog/documentation -/ping_federate/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/ping_federate/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /cisco_secure_email_threat_defense/ @DataDog/saas-integrations /cisco_secure_email_threat_defense/*.md @DataDog/saas-integrations @DataDog/documentation /cisco_secure_email_threat_defense/manifest.json @DataDog/saas-integrations @DataDog/documentation -/cisco_secure_email_threat_defense/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/cisco_secure_email_threat_defense/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /ringcentral/ @DataDog/saas-integrations /ringcentral/*.md @DataDog/saas-integrations @DataDog/documentation /ringcentral/manifest.json @DataDog/saas-integrations @DataDog/documentation /ringcentral/metadata.csv @DataDog/saas-integrations @DataDog/documentation -/ringcentral/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/ringcentral/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + +/temporal_cloud/ @DataDog/saas-integrations +/temporal_cloud/*.md @DataDog/saas-integrations @DataDog/documentation +/temporal_cloud/manifest.json @DataDog/saas-integrations @DataDog/documentation +/temporal_cloud/metadata.csv @DataDog/saas-integrations @DataDog/documentation /trend_micro_email_security/ @DataDog/saas-integrations /trend_micro_email_security/*.md @DataDog/saas-integrations @DataDog/documentation /trend_micro_email_security/manifest.json @DataDog/saas-integrations @DataDog/documentation -/trend_micro_email_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/trend_micro_email_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /trellix_endpoint_security/ @DataDog/saas-integrations /trellix_endpoint_security/*.md @DataDog/saas-integrations @DataDog/documentation /trellix_endpoint_security/manifest.json @DataDog/saas-integrations @DataDog/documentation -/trellix_endpoint_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/trellix_endpoint_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /docusign/ @DataDog/saas-integrations /docusign/*.md @DataDog/saas-integrations @DataDog/documentation /docusign/manifest.json @DataDog/saas-integrations @DataDog/documentation -/docusign/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/docusign/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core /trend_micro_vision_one_endpoint_security/ @DataDog/saas-integrations /trend_micro_vision_one_endpoint_security/*.md @DataDog/saas-integrations @DataDog/documentation /trend_micro_vision_one_endpoint_security/manifest.json @DataDog/saas-integrations @DataDog/documentation -/trend_micro_vision_one_endpoint_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/trend_micro_vision_one_endpoint_security/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + +/shopify/ @DataDog/saas-integrations +/shopify/*.md @DataDog/saas-integrations @DataDog/documentation +/shopify/manifest.json @DataDog/saas-integrations @DataDog/documentation +/shopify/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend + +/shopify/ @DataDog/saas-integrations +/shopify/*.md @DataDog/saas-integrations @DataDog/documentation +/shopify/manifest.json @DataDog/saas-integrations @DataDog/documentation +/shopify/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend /hubspot_content_hub/ @DataDog/saas-integrations /hubspot_content_hub/*.md @DataDog/saas-integrations @DataDog/documentation /hubspot_content_hub/manifest.json @DataDog/saas-integrations @DataDog/documentation -/hubspot_content_hub/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend - +/hubspot_content_hub/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core vonage/ @DataDog/saas-integrations vonage/*.md @DataDog/saas-integrations @DataDog/documentation vonage/manifest.json @DataDog/saas-integrations @DataDog/documentation -vonage/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +vonage/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + +plaid/ @DataDog/saas-integrations +plaid/*.md @DataDog/saas-integrations @DataDog/documentation +plaid/manifest.json @DataDog/saas-integrations @DataDog/documentation +plaid/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend + +/streamnative/ @DataDog/saas-integrations +/streamnative/*.md @DataDog/saas-integrations @DataDog/documentation +/streamnative/manifest.json @DataDog/saas-integrations @DataDog/documentation +/streamnative/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend # To keep Security up-to-date with changes to the signing tool. /datadog_checks_dev/datadog_checks/dev/tooling/signing.py @DataDog/agent-integrations @@ -386,4 +431,4 @@ docs/developer/process/integration-release.md @DataDog/a # LEAVE THE FOLLOWING LOG OWNERSHIP LAST IN THE FILE # Make sure logs team is the full owner for all logs related files -**/assets/logs/ @DataDog/logs-backend @DataDog/siem-logs-reviewers +**/assets/logs/ @DataDog/logs-backend @DataDog/logs-core @DataDog/siem-logs-reviewers diff --git a/.github/workflows/build-ddev.yml b/.github/workflows/build-ddev.yml index 8f0e541b64b28..7c60d83ca619b 100644 --- a/.github/workflows/build-ddev.yml +++ b/.github/workflows/build-ddev.yml @@ -80,9 +80,9 @@ jobs: os: windows-2022 # macOS - target: aarch64-apple-darwin - os: macos-12 + os: macos-13 - target: x86_64-apple-darwin - os: macos-12 + os: macos-13 outputs: version: ${{ steps.version.outputs.version }} @@ -361,7 +361,7 @@ jobs: name: Build macOS installer and sign/notarize artifacts if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository needs: binaries - runs-on: macos-12 + runs-on: macos-13 env: VERSION: ${{ needs.binaries.outputs.version }} diff --git a/.github/workflows/build-deps.yml b/.github/workflows/build-deps.yml index 4d15e622e2d46..caa202a4090ad 100644 --- a/.github/workflows/build-deps.yml +++ b/.github/workflows/build-deps.yml @@ -196,7 +196,7 @@ jobs: build-macos: name: Target macOS - runs-on: macos-12 + runs-on: macos-13 env: TARGET_NAME: macos-x86_64 diff --git a/.github/workflows/config/labeler.yml b/.github/workflows/config/labeler.yml index b7eee2a659a59..76ea52550db2d 100644 --- a/.github/workflows/config/labeler.yml +++ b/.github/workflows/config/labeler.yml @@ -203,6 +203,8 @@ integration/freshservice: - freshservice/**/* integration/gearmand: - gearmand/**/* +integration/genesys: +- genesys/**/* integration/gitlab: - gitlab/**/* integration/gitlab_runner: @@ -319,6 +321,8 @@ integration/kyverno: - kyverno/**/* integration/langchain: - langchain/**/* +integration/anthropic: +- anthropic/**/* integration/lastpass: - lastpass/**/* integration/lighttpd: @@ -349,6 +353,8 @@ integration/mimecast: - mimecast/**/* integration/mongo: - mongo/**/* +integration/mux: +- mux/**/* integration/mysql: - mysql/**/* integration/nagios: @@ -367,6 +373,8 @@ integration/ntp: - ntp/**/* integration/nvidia_jetson: - nvidia_jetson/**/* +integration/nvidia_nim: +- nvidia_nim/**/* integration/nvidia_triton: - nvidia_triton/**/* integration/oke: @@ -409,6 +417,8 @@ integration/ping_one: - ping_one/**/* integration/pivotal_pks: - pivotal_pks/**/* +integration/plaid: +- plaid/**/* integration/podman: - podman/**/* integration/postfix: @@ -445,6 +455,8 @@ integration/sap_hana: - sap_hana/**/* integration/scylla: - scylla/**/* +integration/shopify: +- shopify/**/* integration/sidekiq: - sidekiq/**/* integration/silk: @@ -485,6 +497,8 @@ integration/solr: - solr/**/* integration/sonarqube: - sonarqube/**/* +integration/sonicwall_firewall: +- sonicwall_firewall/**/* integration/sophos_central_cloud: - sophos_central_cloud/**/* integration/spark: @@ -497,12 +511,16 @@ integration/ssh_check: - ssh_check/**/* integration/statsd: - statsd/**/* +integration/streamnative: +- streamnative/**/* integration/strimzi: - strimzi/**/* integration/supervisord: - supervisord/**/* integration/suricata: - suricata/**/* +integration/symantec_endpoint_protection: +- symantec_endpoint_protection/**/* integration/system_core: - system_core/**/* integration/system_swap: @@ -521,6 +539,8 @@ integration/teleport: - teleport/**/* integration/temporal: - temporal/**/* +integration/temporal_cloud: +- temporal_cloud/**/* integration/tenable: - tenable/**/* integration/teradata: @@ -567,6 +587,8 @@ integration/vonage: - vonage/**/* integration/vsphere: - vsphere/**/* +integration/wazuh: +- wazuh/**/* integration/weaviate: - weaviate/**/* integration/weblogic: diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 5b9a125495f2d..44e43b8592239 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -29,12 +29,19 @@ jobs: secrets: inherit publish-test-results: + needs: - test + if: success() || failure() concurrency: group: test-results + permissions: + checks: write + pull-requests: write + contents: write + uses: ./.github/workflows/test-results-master.yml secrets: inherit diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index a07e6c96fa7a1..c4f54320c246d 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -12,6 +12,10 @@ jobs: run: uses: ./.github/workflows/pr-quick-check.yml if: ${{ github.base_ref == 'master' }} + permissions: # These permissions need to match the ones in the included workflow, see pr-quick-check.yml for details + pull-requests: write + contents: read with: repo: core secrets: inherit + diff --git a/.github/workflows/pr-quick-check.yml b/.github/workflows/pr-quick-check.yml index 02c06b753dc11..9a1c5c2e2d792 100644 --- a/.github/workflows/pr-quick-check.yml +++ b/.github/workflows/pr-quick-check.yml @@ -21,8 +21,9 @@ jobs: runs-on: ubuntu-22.04 permissions: - pull-requests: write - + pull-requests: write # For the "Comment" step, read for the "Fetch script" and "Check changelog" steps + contents: read # For the "Fetch diff" and "Check changelog" steps + steps: # Uncomment for testing purposes # - uses: actions/checkout@v4 diff --git a/.github/workflows/publish-test-results-pr.yml b/.github/workflows/publish-test-results-pr.yml index 704ccf52941f7..fc1bf27887b55 100644 --- a/.github/workflows/publish-test-results-pr.yml +++ b/.github/workflows/publish-test-results-pr.yml @@ -12,7 +12,9 @@ jobs: publish: uses: ./.github/workflows/test-results-pr.yml if: github.event.workflow_run.conclusion != 'skipped' - permissions: + permissions: # These permissions need to match the ones in the included workflow, see test-results-pr.yml for details checks: write pull-requests: write + contents: read + actions: read secrets: inherit diff --git a/.github/workflows/test-all.yml b/.github/workflows/test-all.yml index 53fc9b5f077c9..606f6125af01e 100644 --- a/.github/workflows/test-all.yml +++ b/.github/workflows/test-all.yml @@ -2654,6 +2654,26 @@ jobs: minimum-base-package: ${{ inputs.minimum-base-package }} pytest-args: ${{ inputs.pytest-args }} secrets: inherit + jb705691: + uses: ./.github/workflows/test-target.yml + with: + job-name: nvidia_nim + target: nvidia_nim + platform: linux + runner: '["ubuntu-22.04"]' + repo: "${{ inputs.repo }}" + python-version: "${{ inputs.python-version }}" + standard: ${{ inputs.standard }} + latest: ${{ inputs.latest }} + agent-image: "${{ inputs.agent-image }}" + agent-image-py2: "${{ inputs.agent-image-py2 }}" + agent-image-windows: "${{ inputs.agent-image-windows }}" + agent-image-windows-py2: "${{ inputs.agent-image-windows-py2 }}" + test-py2: ${{ inputs.test-py2 }} + test-py3: ${{ inputs.test-py3 }} + minimum-base-package: ${{ inputs.minimum-base-package }} + pytest-args: ${{ inputs.pytest-args }} + secrets: inherit j74dc677: uses: ./.github/workflows/test-target.yml with: diff --git a/.github/workflows/test-results-pr.yml b/.github/workflows/test-results-pr.yml index a40f3dcfe41e7..5212bccb8d77a 100644 --- a/.github/workflows/test-results-pr.yml +++ b/.github/workflows/test-results-pr.yml @@ -12,10 +12,11 @@ jobs: name: Publish test results runs-on: ubuntu-22.04 - permissions: - checks: write - pull-requests: write - contents: write + permissions: + checks: write # For EnricoMi/publish-unit-test-result-action@v2 + pull-requests: write # For EnricoMi/publish-unit-test-result-action@v2 + contents: read # For EnricoMi/publish-unit-test-result-action@v2 + actions: read # For "Download and extract artifacts" steps: - name: Download and extract artifacts diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 98956f28222c9..fc96df3402bae 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -61,16 +61,10 @@ jobs: ### What does this PR do? Update the dependencies - ### Motivation - - Some of the dependencies are outdated - - ### Additional Notes - - This PR was automatically generated by the following workflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + **THE CHANGELOG FILES OFTEN HAVE THE WRONG PR NUMBER. MAKE SURE TO CHECK THEM!** ### Review checklist (to be filled by reviewers) diff --git a/.gitignore b/.gitignore index e32d5645cd9a5..655c01a1cef54 100644 --- a/.gitignore +++ b/.gitignore @@ -28,7 +28,6 @@ var/ *.egg-info/ .installed.cfg *.egg -*.zip # PyInstaller # Usually these files are written by a python script from a template # before PyInstaller builds the exe, so as to inject date/other infos into it. diff --git a/active_directory/CHANGELOG.md b/active_directory/CHANGELOG.md index 13c254d31edcf..cb0e301a84ccf 100644 --- a/active_directory/CHANGELOG.md +++ b/active_directory/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/activemq/CHANGELOG.md b/activemq/CHANGELOG.md index 24555f9c7146b..ff16f98e3a7da 100644 --- a/activemq/CHANGELOG.md +++ b/activemq/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.1.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/activemq_xml/CHANGELOG.md b/activemq_xml/CHANGELOG.md index 1dfc95909e296..58b5f04a59778 100644 --- a/activemq_xml/CHANGELOG.md +++ b/activemq_xml/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/aerospike/CHANGELOG.md b/aerospike/CHANGELOG.md index 46df5dd094c6c..ceb3be456ee3c 100644 --- a/aerospike/CHANGELOG.md +++ b/aerospike/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/aerospike/changelog.d/18996.fixed b/aerospike/changelog.d/18996.fixed new file mode 100644 index 0000000000000..f46ba036b3612 --- /dev/null +++ b/aerospike/changelog.d/18996.fixed @@ -0,0 +1 @@ +Don't skip last index in each namespace diff --git a/aerospike/datadog_checks/aerospike/aerospike.py b/aerospike/datadog_checks/aerospike/aerospike.py index f52814865f090..cec0c918ffdd8 100644 --- a/aerospike/datadog_checks/aerospike/aerospike.py +++ b/aerospike/datadog_checks/aerospike/aerospike.py @@ -152,7 +152,7 @@ def check(self, _): # https://www.aerospike.com/docs/reference/info/#sindex sindex = self.get_info('sindex/{}'.format(ns)) - for idx in parse_namespace(sindex[:-1], ns, 'indexname'): + for idx in parse_namespace(sindex, ns, 'indexname'): sindex_tags = ['sindex:{}'.format(idx)] sindex_tags.extend(namespace_tags) self.collect_info('sindex/{}/{}'.format(ns, idx), SINDEX_METRIC_TYPE, tags=sindex_tags) diff --git a/aerospike/tests/common.py b/aerospike/tests/common.py index c0dd957dbabda..a42f9db0b18cd 100644 --- a/aerospike/tests/common.py +++ b/aerospike/tests/common.py @@ -104,6 +104,32 @@ ALL_METRICS = NAMESPACE_METRICS + LEGACY_SET_METRICS +INDEXES_METRICS = [ + "aerospike.sindex.delete_error", + "aerospike.sindex.delete_success", + "aerospike.sindex.entries", + "aerospike.sindex.histogram", + "aerospike.sindex.ibtr_memory_used", + "aerospike.sindex.keys", + "aerospike.sindex.load_pct", + "aerospike.sindex.loadtime", + "aerospike.sindex.nbtr_memory_used", + "aerospike.sindex.query_agg", + "aerospike.sindex.query_agg_avg_rec_count", + "aerospike.sindex.query_agg_avg_record_size", + "aerospike.sindex.query_avg_rec_count", + "aerospike.sindex.query_avg_record_size", + "aerospike.sindex.query_lookup_avg_rec_count", + "aerospike.sindex.query_lookup_avg_record_size", + "aerospike.sindex.query_lookups", + "aerospike.sindex.query_reqs", + "aerospike.sindex.si_accounted_memory", + "aerospike.sindex.stat_gc_recs", + "aerospike.sindex.stat_gc_time", + "aerospike.sindex.write_error", + "aerospike.sindex.write_success", +] + STATS_METRICS = [ 'cluster_size', 'batch_index_initiate', @@ -155,6 +181,32 @@ 'tags': ['tag:value'], } +MOCK_INDEXES_METRICS = [ + "keys=1", + "entries=1", + "ibtr_memory_used=18688", + "nbtr_memory_used=31", + "si_accounted_memory=18719", + "load_pct=100", + "loadtime=7", + "write_success=1", + "write_error=0", + "delete_success=0", + "delete_error=0", + "stat_gc_recs=0", + "stat_gc_time=0", + "query_reqs=0", + "query_avg_rec_count=0", + "query_avg_record_size=0", + "query_agg=0", + "query_agg_avg_rec_count=0", + "query_agg_avg_record_size=0", + "query_lookups=0", + "query_lookup_avg_rec_count=0", + "query_lookup_avg_record_size=0", + "histogram=false", +] + MOCK_DATACENTER_METRICS = [ 'dc_state=CLUSTER_UP', 'dc_timelag=0', diff --git a/aerospike/tests/conftest.py b/aerospike/tests/conftest.py index 01e5448a97da3..0f3b9c170191a 100644 --- a/aerospike/tests/conftest.py +++ b/aerospike/tests/conftest.py @@ -39,6 +39,8 @@ def init_db(): 'quote_cnt': 47, } client.put(key, bins) + # Create at an index + client.index_string_create('test', 'characters', 'name', 'idx_characters_name') batch_keys = [] for i in range(10): diff --git a/aerospike/tests/docker/docker-compose.yaml b/aerospike/tests/docker/docker-compose.yaml index e255b1c63110a..e7bbbef761193 100644 --- a/aerospike/tests/docker/docker-compose.yaml +++ b/aerospike/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: aerospike: container_name: aerospike diff --git a/aerospike/tests/test_aerospike.py b/aerospike/tests/test_aerospike.py index ecd3a0a688e4a..66646789ad770 100644 --- a/aerospike/tests/test_aerospike.py +++ b/aerospike/tests/test_aerospike.py @@ -13,6 +13,7 @@ from .common import ( EXPECTED_PROMETHEUS_METRICS, EXPECTED_PROMETHEUS_METRICS_5_6, + INDEXES_METRICS, LATENCIES_METRICS, LAZY_METRICS, LEGACY_SET_METRICS, @@ -36,8 +37,8 @@ def test_check(aggregator, instance, dd_run_check): _test_check(aggregator) +@pytest.mark.integration def test_version_metadata(aggregator, instance, datadog_agent, dd_run_check): - check = AerospikeCheck('aerospike', {}, [instance]) check.check_id = 'test:123' @@ -128,6 +129,9 @@ def _test_check(aggregator): for metric in LEGACY_SET_METRICS: aggregator.assert_metric("aerospike.set.{}".format(metric)) + for metric in INDEXES_METRICS: + aggregator.assert_metric(metric) + aggregator.assert_all_metrics_covered() aggregator.assert_service_check('aerospike.can_connect', AerospikeCheck.OK) diff --git a/aerospike/tests/test_unit.py b/aerospike/tests/test_unit.py index e7339566dc03f..681e9b8e0b0a1 100644 --- a/aerospike/tests/test_unit.py +++ b/aerospike/tests/test_unit.py @@ -52,6 +52,36 @@ def test_xdr_metrics(aggregator): aggregator.assert_metric(metric, tags=['datacenter:test']) +def test_sindex_metrics(aggregator, dd_run_check): + check = AerospikeCheck('aerospike', {}, [common.INSTANCE]) + original_get_info = check.get_info + + def mock_get_info(command, separator=";"): + if command == "sindex/test": + return [ + "ns=test:indexname=idx_characters_name:set=characters:bin=name:type=string:indextype=default:context=null:state=RW" + ] + elif command == "sindex/test/idx_characters_name": + return common.MOCK_INDEXES_METRICS + elif command.startswith("sets/"): + return [] + return original_get_info(command, separator) + + check.get_info = mock_get_info + check._tags = [] + check._client = mock.MagicMock() + check._client.get_node_names = mock.MagicMock( + return_value={'address': common.HOST, 'port': common.PORT, 'node_name': 'test'} + ) + check.get_namespaces = mock.MagicMock(return_value=['test']) + check.collect_throughput = mock.MagicMock() + check.collect_latency = mock.MagicMock() + dd_run_check(check) + + for metric in common.INDEXES_METRICS: + aggregator.assert_metric(metric, tags=['namespace:test', 'sindex:idx_characters_name']) + + def test_multiple_xdr_metrics(aggregator): check = AerospikeCheck('aerospike', {}, [common.INSTANCE]) check.get_info = mock.MagicMock( diff --git a/agent_requirements.in b/agent_requirements.in index 17b6d28051615..b96253e8f081f 100644 --- a/agent_requirements.in +++ b/agent_requirements.in @@ -2,7 +2,7 @@ aerospike==7.1.1; sys_platform != 'win32' and sys_platform != 'darwin' aws-requests-auth==0.4.3 azure-identity==1.17.1 beautifulsoup4==4.12.3 -binary==1.0.0 +binary==1.0.1 boto3==1.35.10 botocore==1.35.10 cachetools==5.5.0 diff --git a/airflow/CHANGELOG.md b/airflow/CHANGELOG.md index a7b72659850db..9dc1367093190 100644 --- a/airflow/CHANGELOG.md +++ b/airflow/CHANGELOG.md @@ -4,10 +4,6 @@ ## 6.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.0.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/airflow/README.md b/airflow/README.md index 2407dfc7be1c0..94faf19dab2cc 100644 --- a/airflow/README.md +++ b/airflow/README.md @@ -429,7 +429,7 @@ Need help? Contact [Datadog support][11]. [10]: https://docs.datadoghq.com/agent/guide/agent-commands/?tab=agentv6#start-stop-and-restart-the-agent [11]: https://docs.datadoghq.com/help/ [12]: https://docs.datadoghq.com/developers/dogstatsd/?tab=kubernetes#setup -[13]: /integrations/airflow/?tab=host#connect-airflow-to-dogstatsd +[13]: https://docs.datadoghq.com/integrations/airflow/?tab=host#connect-airflow-to-dogstatsd [14]: https://docs.datadoghq.com/agent/kubernetes/integrations/?tab=kubernetes#configuration [15]: https://docs.datadoghq.com/agent/guide/agent-commands/?tab=agentv6#agent-status-and-information [16]: https://airflow.apache.org/docs/apache-airflow-providers-datadog/stable/_modules/airflow/providers/datadog/hooks/datadog.html diff --git a/amazon_msk/CHANGELOG.md b/amazon_msk/CHANGELOG.md index acf11d9f7d4db..4973f3d68464a 100644 --- a/amazon_msk/CHANGELOG.md +++ b/amazon_msk/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.11.0 / 2024-09-05 ***Added***: @@ -32,7 +32,7 @@ ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 4.9.0 / 2024-07-05 / Agent 7.56.0 diff --git a/ambari/CHANGELOG.md b/ambari/CHANGELOG.md index 93aae52ccbfbb..8a44654aeb176 100644 --- a/ambari/CHANGELOG.md +++ b/ambari/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/anthropic/CHANGELOG.md b/anthropic/CHANGELOG.md new file mode 100644 index 0000000000000..3de181c7e0654 --- /dev/null +++ b/anthropic/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Anthropic + +## 1.0.0 / 2024-11-08 + +***Added***: + +* Initial Release diff --git a/anthropic/README.md b/anthropic/README.md new file mode 100644 index 0000000000000..c15b4d9be6d33 --- /dev/null +++ b/anthropic/README.md @@ -0,0 +1,127 @@ +# Anthropic + +## Overview +Use the Anthropic integration to monitor, troubleshoot, and evaluate your LLM-powered applications, such as chatbots or data extraction tools, using Anthropic's models. + +If you are building LLM applications, use LLM Observability to investigate the root cause of issues, +monitor operational performance, and evaluate the quality, privacy, and safety of your LLM applications. + +See the [LLM Observability tracing view video](https://imgix.datadoghq.com/video/products/llm-observability/expedite-troubleshooting.mp4?fm=webm&fit=max) for an example of how you can investigate a trace. + +## Setup + +### LLM Observability: Get end-to-end visibility into your LLM application using Anthropic +You can enable LLM Observability in different environments. Follow the appropriate setup based on your scenario: + +#### Installation for Python + +##### If you do not have the Datadog Agent: +1. Install the `ddtrace` package: + + ```shell + pip install ddtrace + ``` + +2. Start your application using the following command to enable Agentless mode: + + ```shell + DD_SITE= DD_API_KEY= DD_LLMOBS_ENABLED=1 DD_LLMOBS_AGENTLESS_ENABLED=1 DD_LLMOBS_ML_APP= ddtrace-run python .py + ``` + +##### If you already have the Datadog Agent installed: +1. Make sure the Agent is running and that APM and StatsD are enabled. For example, use the following command with Docker: + + ```shell + docker run -d \ + --cgroupns host \ + --pid host \ + -v /var/run/docker.sock:/var/run/docker.sock:ro \ + -v /proc/:/host/proc/:ro \ + -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \ + -e DD_API_KEY= \ + -p 127.0.0.1:8126:8126/tcp \ + -p 127.0.0.1:8125:8125/udp \ + -e DD_DOGSTATSD_NON_LOCAL_TRAFFIC=true \ + -e DD_APM_ENABLED=true \ + gcr.io/datadoghq/agent:latest + ``` + +2. If you haven't already, install the `ddtrace` package: + + ```shell + pip install ddtrace + ``` + +3. To automatically enable tracing, start your application using the `ddtrace-run` command: + + ```shell + DD_SITE= DD_API_KEY= DD_LLMOBS_ENABLED=1 DD_LLMOBS_ML_APP= ddtrace-run python .py + ``` + +**Note**: If the Agent is running on a custom host or port, set `DD_AGENT_HOST` and `DD_TRACE_AGENT_PORT` accordingly. + +##### If you are running LLM Observability in a serverless environment (AWS Lambda): +1. Install the **Datadog-Python** and **Datadog-Extension** Lambda layers as part of your AWS Lambda setup. +2. Enable LLM Observability by setting the following environment variables: + + ```shell + DD_SITE= DD_API_KEY= DD_LLMOBS_ENABLED=1 DD_LLMOBS_ML_APP= + ``` + +**Note**: In serverless environments, Datadog automatically flushes spans at the end of the Lambda function. + +##### Automatic Anthropic tracing + +The Anthropic integration allows for automatic tracing of chat message calls made by the Anthropic Python SDK, capturing latency, errors, input/output messages, and token usage during Anthropic operations. + +The following methods are traced for both synchronous and asynchronous Anthropic operations: +- Chat messages (including streamed calls): `Anthropic().messages.create()`, `AsyncAnthropic().messages.create()` +- Streamed chat messages: `Anthropic().messages.stream()`, `AsyncAnthropic().messages.stream()` + +No additional setup is required for these methods. + +##### Validation + +Validate that LLM Observability is properly capturing spans by checking your application logs for successful span creation. You can also run the following command to check the status of the `dd-trace` integration: + + ```shell + ddtrace-run --info + ``` + +Look for the following message to confirm the setup: + + ```shell + Agent error: None + ``` + +##### Debugging + +If you encounter issues during setup, enable debug logging by passing the `--debug` flag: + + ```shell + ddtrace-run --debug + ``` + +This displays any errors related to data transmission or instrumentation, including issues with Anthropic traces. + +## Data Collected + +### Metrics + +The Anthropic integration does not include any custom metrics. + +### Service Checks + +The Anthropic integration does not include any service checks. + +### Events + +The Anthropic integration does not include any events. + +## Troubleshooting + +Need help? Contact [Datadog support][2]. + +[1]: https://docs.datadoghq.com/integrations/anthropic/ +[2]: https://docs.datadoghq.com/help/ + diff --git a/anthropic/assets/service_checks.json b/anthropic/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/anthropic/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/anthropic/manifest.json b/anthropic/manifest.json new file mode 100644 index 0000000000000..082d9d8c046be --- /dev/null +++ b/anthropic/manifest.json @@ -0,0 +1,43 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "53fe7c3e-57eb-42ca-8e43-ec92c04b6160", + "app_id": "anthropic", + "display_on_public_website": true, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Monitor Anthropic usage and health at the application level", + "title": "Anthropic", + "media": [], + "classifier_tags": [ + "Category::AI/ML", + "Category::Metrics", + "Submitted Data Type::Traces", + "Supported OS::Linux", + "Supported OS::Windows", + "Supported OS::macOS", + "Offering::Integration" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 31102434, + "source_type_name": "Anthropic", + "events": { + "creates_events": false + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/apache/CHANGELOG.md b/apache/CHANGELOG.md index 2b0a2e89bd9ea..6cdc38bdd57dd 100644 --- a/apache/CHANGELOG.md +++ b/apache/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/arangodb/CHANGELOG.md b/arangodb/CHANGELOG.md index 77cb1eb5b6cdc..42d0305de98ff 100644 --- a/arangodb/CHANGELOG.md +++ b/arangodb/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/arangodb/tests/docker/docker-compose.yaml b/arangodb/tests/docker/docker-compose.yaml index 539aaa1b14c47..ddac16dd6cd2a 100644 --- a/arangodb/tests/docker/docker-compose.yaml +++ b/arangodb/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: arangodb: container_name: arangodb diff --git a/argo_rollouts/CHANGELOG.md b/argo_rollouts/CHANGELOG.md index 97667d845c968..be61fd665c804 100644 --- a/argo_rollouts/CHANGELOG.md +++ b/argo_rollouts/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/argo_workflows/CHANGELOG.md b/argo_workflows/CHANGELOG.md index 3bf6d1556da79..87367097f6daf 100644 --- a/argo_workflows/CHANGELOG.md +++ b/argo_workflows/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/argocd/CHANGELOG.md b/argocd/CHANGELOG.md index 1581158313cf8..ca2676e2a08e6 100644 --- a/argocd/CHANGELOG.md +++ b/argocd/CHANGELOG.md @@ -2,11 +2,13 @@ -## 3.1.0 / 2024-10-04 / Agent 7.59.0 +## 3.2.0 / 2024-11-28 ***Added***: -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) +* Add new Application Set metrics ([#18961](https://github.com/DataDog/integrations-core/pull/18961)) + +## 3.1.0 / 2024-10-04 / Agent 7.59.0 ***Fixed***: @@ -18,6 +20,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.4.3 / 2024-08-09 / Agent 7.57.0 ***Fixed***: diff --git a/argocd/changelog.d/18961.added b/argocd/changelog.d/18961.added deleted file mode 100644 index 2709860814937..0000000000000 --- a/argocd/changelog.d/18961.added +++ /dev/null @@ -1 +0,0 @@ -Add new Application Set metrics diff --git a/argocd/datadog_checks/argocd/__about__.py b/argocd/datadog_checks/argocd/__about__.py index 00d8d3e916500..df3e4342a4a3e 100644 --- a/argocd/datadog_checks/argocd/__about__.py +++ b/argocd/datadog_checks/argocd/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2022-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '3.1.0' +__version__ = '3.2.0' diff --git a/aspdotnet/CHANGELOG.md b/aspdotnet/CHANGELOG.md index 788923364964c..01e32c3905aa4 100644 --- a/aspdotnet/CHANGELOG.md +++ b/aspdotnet/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/avi_vantage/CHANGELOG.md b/avi_vantage/CHANGELOG.md index 2a45ce165fd38..2d07d6515c6a8 100644 --- a/avi_vantage/CHANGELOG.md +++ b/avi_vantage/CHANGELOG.md @@ -4,10 +4,6 @@ ## 5.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/avi_vantage/tests/test_avi_vantage.py b/avi_vantage/tests/test_avi_vantage.py index 1e9fb55aadece..04d93309c07fd 100644 --- a/avi_vantage/tests/test_avi_vantage.py +++ b/avi_vantage/tests/test_avi_vantage.py @@ -7,6 +7,7 @@ from datadog_checks.dev.utils import get_metadata_metrics +@pytest.mark.unit def test_check(mock_client, get_expected_metrics, aggregator, unit_instance, dd_run_check): check = AviVantageCheck('avi_vantage', {}, [unit_instance]) dd_run_check(check) @@ -17,6 +18,7 @@ def test_check(mock_client, get_expected_metrics, aggregator, unit_instance, dd_ aggregator.assert_metrics_using_metadata(get_metadata_metrics()) +@pytest.mark.integration def test_integration( dd_environment, get_expected_metrics, aggregator, integration_instance, dd_run_check, datadog_agent ): diff --git a/aws_neuron/CHANGELOG.md b/aws_neuron/CHANGELOG.md index a0da8741ab583..756a46568676d 100644 --- a/aws_neuron/CHANGELOG.md +++ b/aws_neuron/CHANGELOG.md @@ -14,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/azure_active_directory/README.md b/azure_active_directory/README.md index 0a12c2d8254ae..068af8d178c59 100644 --- a/azure_active_directory/README.md +++ b/azure_active_directory/README.md @@ -2,40 +2,38 @@ ## Overview -Azure Active Directory is a cloud hosted Active Directory offering by Microsoft Azure. -This integration allows you to ingest your [Azure AD activity logs][1] (audit and sign-in logs) to Datadog. +Microsoft Entra ID is a cloud-hosted identity and access management service that enables users to access external resources. +This integration allows you to forward your [Microsoft Entra ID][1] audit and sign-in logs to Datadog. ## Setup ### Installation -This integration forwards logs to Datadog using Azure with Event Hubs. Configure Azure AD to forward activity logs to the event hub. +This integration forwards logs to Datadog using Azure with Event Hubs. Configure Entra ID to forward activity logs to the event hub. ### Configuration 1. Set up the log forwarding pipeline from Azure to Datadog using Event Hubs by following the [Send Azure Logs to Datadog][2] guide. -2. In Azure portal, select _Azure Active Directory > Monitoring > Audit logs_. +2. In Azure portal, select _Microsoft Entra ID > Monitoring > Audit logs_. -3. Select **Export Settings**. +3. Select **Export Data Settings**. 4. In the Diagnostics settings pane, do one of the following: - To change existing settings, select **Edit setting**. - To add new settings, select **Add diagnostics setting**. You can have up to three settings. -5. Select the **Stream to an event hub** check box, and then select **Event Hub/Configure**. +5. Select the **Stream to an event hub** check box. 6. Select the Azure subscription and Event Hubs namespace that you created earlier to route the logs to. - -7. Select OK to exit the event hub configuration. -8. Do one or both of the following. Datadog recommends selecting both. +7. Do one or both of the following. Datadog recommends selecting both. - To send audit logs, select the **AuditLogs** check box. - To send sign-in logs, select the **SignInLogs** check box. -9. Select **Save**. +8. Select **Save**. Logs should start coming into Datadog within 15 minutes. For more details on the setup, see the [Azure tutorial][3]. @@ -44,7 +42,7 @@ For more details on the setup, see the [Azure tutorial][3]. #### Log collection -This integration allows you to setup log ingestion for Azure Active Directory activity logs. +This integration allows you to setup log ingestion for Microsoft Entra ID activity logs. This includes the following: @@ -54,11 +52,11 @@ This includes the following: ### Metrics -Azure Active Directory does not include any metrics. +Microsoft Entra ID does not include any metrics. ### Events -Datadog sends credential expiry events, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The Azure Active Directory integration must be installed to receive events for Azure app registrations. Receiving events from Azure also requires installation of the [Azure integration][7]. +Datadog sends credential expiry events, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The Microsoft Entra ID integration must be installed to receive events for Azure app registrations. Receiving events from Azure also requires installation of the [Azure integration][7]. - **Expiration events** are sent 60, 30, 15, and 1 day(s) before credential expiration, and once after expiration. @@ -75,9 +73,9 @@ You can view these events in [Event Explorer][5]. Need help? Contact [Datadog support][4]. -[1]: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-reports#activity-reports +[1]: https://learn.microsoft.com/entra/identity/monitoring-health/overview-monitoring-health [2]: https://docs.datadoghq.com/logs/guide/azure-logging-guide/ -[3]: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub +[3]: https://learn.microsoft.com/entra/identity/monitoring-health/howto-stream-logs-to-event-hub [4]: https://docs.datadoghq.com/help [5]: https://app.datadoghq.com/event/explorer [6]: https://docs.datadoghq.com/integrations/guide/azure-graph-api-permissions/ diff --git a/azure_active_directory/manifest.json b/azure_active_directory/manifest.json index 100d4c2649898..31f1863f87a38 100644 --- a/azure_active_directory/manifest.json +++ b/azure_active_directory/manifest.json @@ -8,8 +8,8 @@ "configuration": "README.md#Setup", "support": "README.md#Support", "changelog": "CHANGELOG.md", - "description": "Analyze your Azure Active Directory activity logs", - "title": "Azure Active Directory", + "description": "Analyze your Microsoft Entra ID activity logs", + "title": "Microsoft Entra ID", "media": [], "classifier_tags": [ "Category::Azure", diff --git a/azure_iot_edge/CHANGELOG.md b/azure_iot_edge/CHANGELOG.md index 8ecdf432f8e8b..5433e26f426f7 100644 --- a/azure_iot_edge/CHANGELOG.md +++ b/azure_iot_edge/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/boundary/CHANGELOG.md b/boundary/CHANGELOG.md index 4a804adad66d7..deb00eea36b6c 100644 --- a/boundary/CHANGELOG.md +++ b/boundary/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.3 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/boundary/tests/docker/docker-compose.yaml b/boundary/tests/docker/docker-compose.yaml index ec2c79ff9886b..21d330af9a446 100644 --- a/boundary/tests/docker/docker-compose.yaml +++ b/boundary/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.8' - # https://github.com/hashicorp/boundary-reference-architecture/tree/main/deployment/docker/compose services: boundary: diff --git a/boundary/tests/test_integration.py b/boundary/tests/test_integration.py index 789bb8adf26c3..9a4c7aaae2418 100644 --- a/boundary/tests/test_integration.py +++ b/boundary/tests/test_integration.py @@ -33,3 +33,20 @@ def test(aggregator, dd_run_check, get_check, instance): aggregator.assert_metrics_using_metadata(metadata_metrics, check_submission_type=True) aggregator.assert_all_metrics_covered() + + +def test_health_wrong_endpoint(aggregator, dd_run_check, get_check, instance): + instance = instance.copy() + health_endpoint = 'http://localhost:1234' + instance['health_endpoint'] = health_endpoint + instance['timeout'] = 1 + + check = get_check(instance) + dd_run_check(check) + + aggregator.assert_service_check( + 'boundary.controller.health', ServiceCheck.CRITICAL, tags=[f'endpoint:{health_endpoint}', *instance['tags']] + ) + aggregator.assert_service_check( + 'boundary.openmetrics.health', ServiceCheck.OK, tags=[f'endpoint:{METRIC_ENDPOINT}', *instance['tags']] + ) diff --git a/boundary/tests/test_unit.py b/boundary/tests/test_unit.py index 2d422a6729c54..58a5ed31c4352 100644 --- a/boundary/tests/test_unit.py +++ b/boundary/tests/test_unit.py @@ -24,23 +24,6 @@ def test_without_extra_tags(aggregator, dd_run_check, get_check, instance, mock_ ) -def test_health_wrong_endpoint(aggregator, dd_run_check, get_check, instance): - instance = instance.copy() - health_endpoint = 'http://localhost:1234' - instance['health_endpoint'] = health_endpoint - instance['timeout'] = 1 - - check = get_check(instance) - dd_run_check(check) - - aggregator.assert_service_check( - 'boundary.controller.health', ServiceCheck.CRITICAL, tags=[f'endpoint:{health_endpoint}', *instance['tags']] - ) - aggregator.assert_service_check( - 'boundary.openmetrics.health', ServiceCheck.OK, tags=[f'endpoint:{METRIC_ENDPOINT}', *instance['tags']] - ) - - def test_health_error(aggregator, dd_run_check, get_check, instance, mock_http_response): mock_http_response(status_code=404) diff --git a/btrfs/CHANGELOG.md b/btrfs/CHANGELOG.md index 93dc7758feb1d..280a378d615db 100644 --- a/btrfs/CHANGELOG.md +++ b/btrfs/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 2.4.0 / 2024-09-05 diff --git a/cacti/CHANGELOG.md b/cacti/CHANGELOG.md index 43d6a0a9ffb4e..b60517eaf2d23 100644 --- a/cacti/CHANGELOG.md +++ b/cacti/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-06-11 / Agent 7.54.1 ***Fixed***: diff --git a/calico/CHANGELOG.md b/calico/CHANGELOG.md index e3470955b9d44..6c07cdc75e47d 100644 --- a/calico/CHANGELOG.md +++ b/calico/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/cassandra/CHANGELOG.md b/cassandra/CHANGELOG.md index 294ae6280917d..8d1683fab8097 100644 --- a/cassandra/CHANGELOG.md +++ b/cassandra/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.18.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/cassandra_nodetool/CHANGELOG.md b/cassandra_nodetool/CHANGELOG.md index 92d2ee82546c9..7028c3e51edfa 100644 --- a/cassandra_nodetool/CHANGELOG.md +++ b/cassandra_nodetool/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.13.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/ceph/CHANGELOG.md b/ceph/CHANGELOG.md index ba99397bf55e0..231155b3cdf22 100644 --- a/ceph/CHANGELOG.md +++ b/ceph/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.10.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/cert_manager/CHANGELOG.md b/cert_manager/CHANGELOG.md index 92e959ebde765..ba99029aa92c5 100644 --- a/cert_manager/CHANGELOG.md +++ b/cert_manager/CHANGELOG.md @@ -4,10 +4,6 @@ ## 5.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.1.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/cilium/CHANGELOG.md b/cilium/CHANGELOG.md index b35ca231fd005..72bbe96abef97 100644 --- a/cilium/CHANGELOG.md +++ b/cilium/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.6.0 / 2024-09-05 ***Added***: diff --git a/cisco_aci/CHANGELOG.md b/cisco_aci/CHANGELOG.md index 609c0c8931b1f..25c1008c338ae 100644 --- a/cisco_aci/CHANGELOG.md +++ b/cisco_aci/CHANGELOG.md @@ -17,10 +17,6 @@ ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * [NDM] [Cisco ACI] Add check metrics ([#18748](https://github.com/DataDog/integrations-core/pull/18748)) ***Fixed***: @@ -37,6 +33,10 @@ * Bump version of cryptography to 43.0.1 to address vulnerability ([#18656](https://github.com/DataDog/integrations-core/pull/18656)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.12.0 / 2024-09-06 ***Added***: @@ -72,7 +72,7 @@ * [NDM] Add NDM metadata support for Cisco ACI ([#17735](https://github.com/DataDog/integrations-core/pull/17735)) * [NDM] [Cisco ACI] Add common NDM tags to metrics ([#18017](https://github.com/DataDog/integrations-core/pull/18017)) * [NDM] [Cisco ACI] Add config flag for enabling sending metadata to NDM ([#18099](https://github.com/DataDog/integrations-core/pull/18099)) -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 2.9.0 / 2024-07-05 / Agent 7.56.0 diff --git a/cisco_aci/assets/configuration/spec.yaml b/cisco_aci/assets/configuration/spec.yaml index 98b3c3d4d8502..f466b50fbe0b5 100644 --- a/cisco_aci/assets/configuration/spec.yaml +++ b/cisco_aci/assets/configuration/spec.yaml @@ -101,7 +101,7 @@ files: example: default - name: send_ndm_metadata description: | - Set to `true` to enable Network Device Monitoring metadata (for devices and interfaces) to be sent. + Set to `true` to enable Network Device Monitoring metadata (for devices, interfaces, topology) to be sent. value: type: boolean example: False diff --git a/cisco_aci/assets/dashboards/cisco_aci_dashboard.json b/cisco_aci/assets/dashboards/cisco_aci_dashboard.json index 8b145f1953a94..aac3ffdfe1bc7 100644 --- a/cisco_aci/assets/dashboards/cisco_aci_dashboard.json +++ b/cisco_aci/assets/dashboards/cisco_aci_dashboard.json @@ -26,8 +26,8 @@ "layout": { "x": 0, "y": 0, - "width": 2, - "height": 2 + "width": 6, + "height": 4 } }, { @@ -45,19 +45,136 @@ "has_padding": true }, "layout": { - "x": 2, + "x": 0, + "y": 4, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 8073559146636168, + "definition": { + "title": "Health Overview", + "background_color": "vivid_purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5679074543367742, + "definition": { + "title": "Leafs", + "title_size": "16", + "title_align": "left", + "time": {}, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:cisco_aci.fabric.node.cpu.avg{apic_role:leaf} by {device_id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "count_nonzero(query1)" + } + ] + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 0, "y": 0, - "width": 4, + "width": 3, "height": 2 } + }, + { + "id": 6149327972947806, + "definition": { + "title": "Spines", + "title_size": "16", + "title_align": "left", + "time": {}, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:cisco_aci.fabric.node.cpu.avg{apic_role:spine} by {device_id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "count_nonzero(query1)" + } + ] + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 2542134220658730, + "definition": { + "title": "Monitors overview", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "text", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "cisco-aci", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 3 + } } ] }, "layout": { - "x": 0, + "x": 6, "y": 0, "width": 6, - "height": 3 + "height": 6 } }, { @@ -217,7 +334,7 @@ }, "layout": { "x": 6, - "y": 0, + "y": 6, "width": 6, "height": 3 } @@ -433,7 +550,7 @@ }, "layout": { "x": 0, - "y": 3, + "y": 9, "width": 12, "height": 6 } @@ -480,7 +597,7 @@ "x": 0, "y": 0, "width": 2, - "height": 1 + "height": 2 } }, { @@ -533,34 +650,40 @@ "layout": { "x": 2, "y": 0, - "width": 3, + "width": 5, "height": 2 } }, { - "id": 20, + "id": 19, "definition": { - "title": "Top 10 EPGs by IP", + "title": "Top 10 EPG Ports by traffic", "title_size": "16", "title_align": "left", "type": "toplist", "requests": [ { "style": { - "palette": "dog_classic" + "palette": "orange" }, "response_format": "scalar", "queries": [ { "data_source": "metrics", "name": "query1", - "query": "avg:cisco_aci.tenant.egress_bytes.unicast.rate{$tenant} by {ip,application,endpoint_group}", + "query": "avg:cisco_aci.fabric.port.egr_bytes.unicast{$tenant} by {node_id,port,endpoint_group}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:cisco_aci.fabric.port.ingr_bytes.unicast{$tenant} by {node_id,port,endpoint_group}", "aggregator": "avg" } ], "formulas": [ { - "formula": "query1" + "formula": "exclude_null(query1) + exclude_null(query2)" } ], "sort": { @@ -579,109 +702,103 @@ "style": {} }, "layout": { - "x": 5, + "x": 7, "y": 0, - "width": 4, - "height": 2 + "width": 5, + "height": 4 } }, { - "id": 19, + "id": 18, "definition": { - "title": "Top 10 EPG Ports by traffic", + "title": "Applications", "title_size": "16", "title_align": "left", - "type": "toplist", + "type": "query_value", "requests": [ { - "style": { - "palette": "orange" - }, "response_format": "scalar", "queries": [ { "data_source": "metrics", "name": "query1", - "query": "avg:cisco_aci.fabric.port.egr_bytes.unicast{$tenant} by {node_id,port,endpoint_group}", - "aggregator": "avg" - }, - { - "data_source": "metrics", - "name": "query2", - "query": "avg:cisco_aci.fabric.port.ingr_bytes.unicast{$tenant} by {node_id,port,endpoint_group}", - "aggregator": "avg" + "query": "avg:cisco_aci.tenant.ingress_pkts.flood.cum{$tenant} by {application}", + "aggregator": "last" } ], "formulas": [ { - "formula": "exclude_null(query1) + exclude_null(query2)" + "formula": "count_not_null(query1)" } - ], - "sort": { - "count": 10, - "order_by": [ - { - "type": "formula", - "index": 0, - "order": "desc" - } - ] - } + ] } ], + "autoscale": true, "custom_links": [], - "style": {} + "precision": 2 }, "layout": { - "x": 9, - "y": 0, - "width": 3, + "x": 0, + "y": 2, + "width": 2, "height": 2 } }, { - "id": 18, + "id": 20, "definition": { - "title": "Applications", + "title": "Top 10 EPGs by IP", "title_size": "16", "title_align": "left", - "type": "query_value", + "type": "toplist", "requests": [ { + "style": { + "palette": "dog_classic" + }, "response_format": "scalar", "queries": [ { "data_source": "metrics", "name": "query1", - "query": "avg:cisco_aci.tenant.ingress_pkts.flood.cum{$tenant} by {application}", - "aggregator": "last" + "query": "avg:cisco_aci.tenant.egress_bytes.unicast.rate{$tenant} by {ip,application,endpoint_group}", + "aggregator": "avg" } ], "formulas": [ { - "formula": "count_not_null(query1)" + "formula": "query1" } - ] + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } } ], - "autoscale": true, "custom_links": [], - "precision": 2 + "style": {} }, "layout": { - "x": 0, - "y": 1, - "width": 2, - "height": 1 + "x": 2, + "y": 2, + "width": 5, + "height": 2 } } ] }, "layout": { "x": 0, - "y": 9, + "y": 15, "width": 12, - "height": 3 + "height": 5 } }, { @@ -894,6 +1011,104 @@ "type": "group", "layout_type": "ordered", "widgets": [ + { + "id": 1547034477646386, + "definition": { + "title": "Avg CPU %", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:cisco_aci.fabric.node.cpu.avg{apic_role:leaf} by {device_id,fabric_pod_id,node_id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 1671869305900852, + "definition": { + "title": "Avg Memory %", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:cisco_aci.fabric.node.mem.avg{apic_role:leaf} by {device_id,fabric_pod_id,node_id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 4 + } + }, { "id": 2991165436190176, "definition": { @@ -979,8 +1194,8 @@ }, "layout": { "x": 0, - "y": 0, - "width": 6, + "y": 4, + "width": 12, "height": 3 } } @@ -988,9 +1203,9 @@ }, "layout": { "x": 0, - "y": 0, - "width": 6, - "height": 4 + "y": 6, + "width": 12, + "height": 8 } }, { @@ -1002,6 +1217,104 @@ "type": "group", "layout_type": "ordered", "widgets": [ + { + "id": 3145200399718776, + "definition": { + "title": "Avg CPU %", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:cisco_aci.fabric.node.cpu.avg{apic_role:spine} by {device_id,fabric_pod_id,node_id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 3332653863183974, + "definition": { + "title": "Avg Memory %", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:cisco_aci.fabric.node.mem.avg{apic_role:spine} by {device_id,fabric_pod_id,node_id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 4 + } + }, { "id": 1813163214351510, "definition": { @@ -1087,18 +1400,18 @@ }, "layout": { "x": 0, - "y": 0, - "width": 6, + "y": 4, + "width": 12, "height": 3 } } ] }, "layout": { - "x": 6, - "y": 0, - "width": 6, - "height": 4 + "x": 0, + "y": 14, + "width": 12, + "height": 8 } } ], diff --git a/cisco_aci/changelog.d/18675.added b/cisco_aci/changelog.d/18675.added new file mode 100644 index 0000000000000..72ee9491e1b34 --- /dev/null +++ b/cisco_aci/changelog.d/18675.added @@ -0,0 +1 @@ +[NDM] [Cisco ACI] Support submitting topology metadata (utilizing LLDP neighbor information) diff --git a/cisco_aci/changelog.d/19204.fixed b/cisco_aci/changelog.d/19204.fixed new file mode 100644 index 0000000000000..2ffc1d5bac760 --- /dev/null +++ b/cisco_aci/changelog.d/19204.fixed @@ -0,0 +1 @@ +[NDM] [Cisco ACI] Fix APIC device status diff --git a/cisco_aci/datadog_checks/cisco_aci/api.py b/cisco_aci/datadog_checks/cisco_aci/api.py index 4c76f3360feb7..aa6cb1c8b3977 100644 --- a/cisco_aci/datadog_checks/cisco_aci/api.py +++ b/cisco_aci/datadog_checks/cisco_aci/api.py @@ -298,6 +298,16 @@ def get_eth_list_and_stats(self, pod, node): response = self.make_request(path) return self._parse_response(response) + def get_lldp_adj_eps(self): + path = '/api/node/class/lldpAdjEp.json' + response = self.make_request(path) + return self._parse_response(response) + + def get_cdp_adj_eps(self): + path = '/api/node/class/cdpAdjEp.json' + response = self.make_request(path) + return self._parse_response(response) + def get_eqpt_capacity(self, eqpt): base_path = '/api/class/eqptcapacityEntity.json' base_query = 'query-target=self&rsp-subtree-include=stats&rsp-subtree-class=' diff --git a/cisco_aci/datadog_checks/cisco_aci/data/conf.yaml.example b/cisco_aci/datadog_checks/cisco_aci/data/conf.yaml.example index fabcec25daf24..fb2715c64aefa 100644 --- a/cisco_aci/datadog_checks/cisco_aci/data/conf.yaml.example +++ b/cisco_aci/datadog_checks/cisco_aci/data/conf.yaml.example @@ -131,7 +131,7 @@ instances: # namespace: default ## @param send_ndm_metadata - boolean - optional - default: false - ## Set to `true` to enable Network Device Monitoring metadata (for devices and interfaces) to be sent. + ## Set to `true` to enable Network Device Monitoring metadata (for devices, interfaces, topology) to be sent. # # send_ndm_metadata: false diff --git a/cisco_aci/datadog_checks/cisco_aci/fabric.py b/cisco_aci/datadog_checks/cisco_aci/fabric.py index 0d9d9fc6b40a4..8698ef5a7e09c 100644 --- a/cisco_aci/datadog_checks/cisco_aci/fabric.py +++ b/cisco_aci/datadog_checks/cisco_aci/fabric.py @@ -47,8 +47,14 @@ def collect(self): pods = self.submit_pod_health(fabric_pods) devices, interfaces = self.submit_nodes_health_and_metadata(fabric_nodes, pods) if self.ndm_enabled(): + # get topology link metadata + lldp_adj_eps = self.api.get_lldp_adj_eps() + cdp_adj_eps = self.api.get_cdp_adj_eps() + device_map = ndm.get_device_ip_mapping(devices) + links = ndm.create_topology_link_metadata(lldp_adj_eps, cdp_adj_eps, device_map, self.namespace) + collect_timestamp = int(time.time()) - batches = ndm.batch_payloads(self.namespace, devices, interfaces, collect_timestamp) + batches = ndm.batch_payloads(self.namespace, devices, interfaces, links, collect_timestamp) for batch in batches: self.event_platform_event(json.dumps(batch.model_dump(exclude_none=True)), "network-devices-metadata") diff --git a/cisco_aci/datadog_checks/cisco_aci/helpers.py b/cisco_aci/datadog_checks/cisco_aci/helpers.py index ac2cd56f40a7e..7ebe981f7fbb1 100644 --- a/cisco_aci/datadog_checks/cisco_aci/helpers.py +++ b/cisco_aci/datadog_checks/cisco_aci/helpers.py @@ -11,6 +11,7 @@ EPG_REGEX = re.compile('/epg-([^/]+)/') IP_REGEX = re.compile('/ip-([^/]+)/') NODE_REGEX = re.compile('node-([0-9]+)') +ETH_REGEX = re.compile(r'\[([^]]*)\]') def parse_capacity_tags(dn): @@ -85,6 +86,23 @@ def get_node_from_dn(dn): return _get_value_from_dn(NODE_REGEX, dn) +def get_eth_id_from_dn(dn): + """ + This parses the interface ID (eth) from a dn designator. They look like this: + topology/pod-1/node-101/sys/lldp/inst/if-[eth1/49]/adj-1 + """ + return _get_value_from_dn(ETH_REGEX, dn) + + +def get_index_from_eth_id(eth_id): + """ + This parses the interface index (eth) from an interface's ID. They look like this: + eth1/49 + """ + split = re.split('eth|/', eth_id) + return int(split[-1]) + + def _get_value_from_dn(regex, dn): if not dn: return None diff --git a/cisco_aci/datadog_checks/cisco_aci/models.py b/cisco_aci/datadog_checks/cisco_aci/models.py index 8031978213f3f..18bd6a0632b8e 100644 --- a/cisco_aci/datadog_checks/cisco_aci/models.py +++ b/cisco_aci/datadog_checks/cisco_aci/models.py @@ -8,6 +8,8 @@ from pydantic import BaseModel, ConfigDict, Field, computed_field, field_validator, model_validator +from . import helpers + """ Cisco ACI Response Models """ @@ -15,6 +17,7 @@ class NodeAttributes(BaseModel): address: Optional[str] = None + ad_st: Optional[str] = Field(default=None, alias="adSt") fabric_st: Optional[str] = Field(default=None, alias="fabricSt") role: Optional[str] = None dn: Optional[str] = None @@ -32,6 +35,22 @@ def device_type(self) -> str: return 'switch' return 'other' + @computed_field + @property + def status(self) -> int: + if self.role == 'controller': + return 1 if self.ad_st == 'on' else 2 + mapping = { + 'active': 1, + 'inactive': 2, + 'disabled': 2, + 'discovering': 2, + 'undiscovered': 2, + 'unsupported': 2, + 'unknown': 2, + } + return mapping.get(self.fabric_st, 2) + class Node(BaseModel): attributes: NodeAttributes @@ -77,6 +96,77 @@ def ethpm_phys_if(self) -> Optional[EthpmPhysIf]: return None +class LldpAdjAttributes(BaseModel): + chassis_id_t: Optional[str] = Field(default=None, alias="chassisIdT") + chassis_id_v: Optional[str] = Field(default=None, alias="chassisIdV") + dn: Optional[str] = None + mgmt_ip: Optional[str] = Field(default=None, alias="mgmtIp") + mgmt_port_mac: Optional[str] = Field(default=None, alias="mgmtPortMac") + port_desc: Optional[str] = Field(default=None, alias="portDesc") + port_id_t: Optional[str] = Field(default=None, alias="portIdT") + port_id_v: Optional[str] = Field(default=None, alias="portIdV") + sys_desc: Optional[str] = Field(default=None, alias="sysDesc") + sys_name: Optional[str] = Field(default=None, alias="sysName") + + @computed_field + @property + def ndm_remote_interface_type(self) -> str: + # map the Cisco ACI port subtype to match what NDM (writer) expects + port_subtype_mapping = { + "if-alias": "interface_alias", + "port-name": "interface_name", + "mac": "mac_address", + "nw-addr": "network_address", + "if-name": "interface_name", + "agent-ckt-id": "agent_circuit_id", + "local": "local", + } + if self.port_id_t: + return port_subtype_mapping.get(self.port_id_t, "unknown") + return "unknown" + + @computed_field + @property + def local_device_dn(self) -> str: + # example: topology/pod-1/node-101/sys/lldp/inst/if-[eth1/49]/adj-1 + return helpers.get_hostname_from_dn(self.dn) + + @computed_field + @property + def local_port_id(self) -> str: + # example: topology/pod-1/paths-201/path-ep-[eth1/1] + # use regex to extract port alias from square brackets - ex: eth1/1 + return helpers.get_eth_id_from_dn(self.dn) + + @computed_field + @property + def local_port_index(self) -> int: + return helpers.get_index_from_eth_id(self.local_port_id) + + @computed_field + @property + def remote_device_dn(self) -> str: + # example: topology/pod-1/paths-201/path-ep-[eth1/1] + # use regex to extract the pod/node - ex: pod-1-node-201 + return helpers.get_hostname_from_dn(self.sys_desc) + + @computed_field + @property + def remote_port_id(self) -> str: + # example: topology/pod-1/paths-201/path-ep-[eth1/1] + # use regex to extract port alias from square brackets - ex: eth1/1 + return helpers.get_eth_id_from_dn(self.port_desc) + + @computed_field + @property + def remote_port_index(self) -> int: + return helpers.get_index_from_eth_id(self.remote_port_id) + + +class LldpAdjEp(BaseModel): + attributes: LldpAdjAttributes + + """ NDM Models """ @@ -88,27 +178,16 @@ class DeviceMetadata(BaseModel): tags: list = Field(default_factory=list) name: Optional[str] = Field(default=None) ip_address: Optional[str] = Field(default=None) + status: Optional[int] = Field(default=None) model: Optional[str] = Field(default=None) - fabric_st: Optional[str] = Field(default=None, exclude=True) vendor: Optional[str] = Field(default=None) version: Optional[str] = Field(default=None) serial_number: Optional[str] = Field(default=None) device_type: Optional[str] = Field(default=None) integration: Optional[str] = Field(default='cisco-aci') - @computed_field - @property - def status(self) -> int: - mapping = { - 'active': 1, - 'inactive': 2, - 'disabled': 2, - 'discovering': 2, - 'undiscovered': 2, - 'unsupported': 2, - 'unknown': 2, - } - return mapping.get(self.fabric_st, 2) + # non-exported fields + pod_node_id: Optional[str] = Field(default=None, exclude=True) class DeviceMetadataList(BaseModel): @@ -136,7 +215,7 @@ class InterfaceMetadata(BaseModel): device_id: Optional[str] = Field(default=None) id_tags: list = Field(default_factory=list) raw_id: Optional[str] = Field(default=None) - raw_id_type: Optional[str] = Field(default='cisco_aci') + raw_id_type: Optional[str] = Field(default='cisco-aci') index: Optional[int] = Field(default=None) name: Optional[str] = Field(default=None) alias: Optional[str] = Field(default=None) @@ -198,10 +277,46 @@ class InterfaceMetadataList(BaseModel): interface_metadata: list = Field(default_factory=list) +class TopologyLinkDevice(BaseModel): + dd_id: Optional[str] = None + id: Optional[str] = None + id_type: Optional[str] = None + name: Optional[str] = None + description: Optional[str] = None + ip_address: Optional[str] = None + + +class TopologyLinkInterface(BaseModel): + dd_id: Optional[str] = None + id: Optional[str] = None + id_type: Optional[str] = None + description: Optional[str] = None + + +class TopologyLinkSide(BaseModel): + device: Optional[TopologyLinkDevice] = None + interface: Optional[TopologyLinkInterface] = None + + +class SourceType(StrEnum): + LLDP = "lldp" + CDP = "cdp" + OTHER = "OTHER" + + +class TopologyLinkMetadata(BaseModel): + id: Optional[str] = None + source_type: Optional[SourceType] = Field(default=None) + local: Optional[TopologyLinkSide] = Field(default=None) + remote: Optional[TopologyLinkSide] = Field(default=None) + integration: Optional[str] = Field(default='cisco-aci') + + class NetworkDevicesMetadata(BaseModel): namespace: str = None devices: Optional[list[DeviceMetadata]] = Field(default_factory=list) interfaces: Optional[list[InterfaceMetadata]] = Field(default_factory=list) + links: Optional[list[TopologyLinkMetadata]] = Field(default_factory=list) collect_timestamp: Optional[int] = None size: Optional[int] = Field(default=0, exclude=True) @@ -212,4 +327,6 @@ def append_metadata(self, metadata: DeviceMetadata | InterfaceMetadata): self.devices.append(metadata) if isinstance(metadata, InterfaceMetadata): self.interfaces.append(metadata) + if isinstance(metadata, TopologyLinkMetadata): + self.links.append(metadata) self.size += 1 diff --git a/cisco_aci/datadog_checks/cisco_aci/ndm.py b/cisco_aci/datadog_checks/cisco_aci/ndm.py index 7e9c066a72708..2336e30a0e227 100644 --- a/cisco_aci/datadog_checks/cisco_aci/ndm.py +++ b/cisco_aci/datadog_checks/cisco_aci/ndm.py @@ -5,11 +5,19 @@ from datadog_checks.cisco_aci.models import ( DeviceMetadata, InterfaceMetadata, + LldpAdjEp, NetworkDevicesMetadata, Node, PhysIf, + SourceType, + TopologyLinkDevice, + TopologyLinkInterface, + TopologyLinkMetadata, + TopologyLinkSide, ) +from . import helpers + VENDOR_CISCO = 'cisco' PAYLOAD_METADATA_BATCH_SIZE = 100 @@ -31,12 +39,13 @@ def create_node_metadata(node_attrs, tags, namespace): tags=device_tags + tags, name=hostname, ip_address=node.attributes.address, + status=node.attributes.status, model=node.attributes.model, - fabric_st=node.attributes.fabric_st, vendor=VENDOR_CISCO, version=node.attributes.version, serial_number=node.attributes.serial, device_type=node.attributes.device_type, + pod_node_id=helpers.get_hostname_from_dn(node.attributes.dn), ) return device @@ -63,6 +72,105 @@ def create_interface_metadata(phys_if, address, namespace): return interface +def create_topology_link_metadata(lldp_adj_eps, cdp_adj_eps, device_map, namespace): + """ + Create a TopologyLinkMetadata object from LLDP or CDP (only LLDP is supported as of right now) + """ + for lldp_adj_ep in lldp_adj_eps: + lldp_adj_ep = LldpAdjEp(**lldp_adj_ep.get("lldpAdjEp", {})) + lldp_attrs = lldp_adj_ep.attributes + + local_device_id = device_map.get(lldp_attrs.local_device_dn) + local_interface_id = get_interface_dd_id(local_device_id, lldp_attrs.local_port_id) + + local = TopologyLinkSide( + device=TopologyLinkDevice(dd_id=local_device_id), + interface=TopologyLinkInterface( + dd_id=local_interface_id, + id=lldp_attrs.local_port_id, + id_type='interface_name', + ), + ) + + remote_device_dd_id = get_remote_device_dd_id(device_map, lldp_attrs.remote_device_dn, lldp_attrs.mgmt_ip) + remote_device = TopologyLinkDevice( + name=lldp_attrs.sys_name, + description=lldp_attrs.sys_desc, + id=lldp_attrs.chassis_id_v, + id_type=lldp_attrs.chassis_id_t, + ip_address=lldp_attrs.mgmt_ip, + ) + if remote_device_dd_id: + remote_device.dd_id = remote_device_dd_id + remote_interface = TopologyLinkInterface( + id=lldp_attrs.port_id_v, + id_type=lldp_attrs.ndm_remote_interface_type, + description=lldp_attrs.port_desc, + ) + if remote_device_dd_id: + remote_interface.dd_id = get_interface_dd_id(remote_device_dd_id, lldp_attrs.remote_port_id) + + remote = TopologyLinkSide( + device=remote_device, + interface=remote_interface, + ) + + if remote_device_dd_id: + link_id = ( + f"{local_device_id}:{get_raw_id(lldp_attrs.local_port_id)}.{get_raw_id(lldp_attrs.remote_port_id)}" + ) + else: + link_id = f"{local_device_id}:{get_raw_id(lldp_attrs.local_port_id)}.{lldp_attrs.remote_port_index}" + + yield TopologyLinkMetadata( + id=link_id, + source_type=SourceType.LLDP, + local=local, + remote=remote, + ) + + +def get_remote_device_dd_id(device_map, remote_device_dn, mgmt_ip) -> str | None: + """ + Get the Cisco DN for a remote device, if the device is in the device map then + check that it matches the management IP of the LLDP neighbor, then return it + """ + device_id = device_map.get(remote_device_dn, "") + if device_id: + if device_id.endswith(mgmt_ip): + return device_id + return None + + +def get_interface_dd_id(device_id: str, port_id: str) -> str: + """ + Create the interface DD ID based off of the device DD ID and port ID + ex: default:10.0.200.1:cisco_aci-eth1/1 + """ + raw_id = get_raw_id(port_id) + return f"{device_id}:{raw_id}" + + +def get_raw_id(raw_id, raw_id_type="cisco-aci") -> str: + """ + Create the interface raw ID, based on the type (cisco-aci) and the interface's identifier + separated by a hyphen - ex: cisco-aci-eth1/1 + """ + return f"{raw_id_type}-{raw_id}" + + +def get_device_ip_mapping(devices): + """ + Create a mapping of node ID to device ID + ex: pod-1-node-1 -> default:10.100.0.1 + """ + devices_map = {} + for device in devices: + key = device.pod_node_id + devices_map[key] = device.id + return devices_map + + def get_device_info(device): """ Get device ID and node ID from a device object @@ -74,7 +182,7 @@ def get_device_info(device): return device.id, node_id -def batch_payloads(namespace, devices, interfaces, collect_ts): +def batch_payloads(namespace, devices, interfaces, links, collect_ts): """ Batch payloads into NetworkDevicesMetadata objects """ @@ -91,6 +199,12 @@ def batch_payloads(namespace, devices, interfaces, collect_ts): yield current_payload network_devices_metadata = new_payload + for link in links: + current_payload, new_payload = append_to_payload(link, network_devices_metadata, namespace, collect_ts) + if new_payload: + yield current_payload + network_devices_metadata = new_payload + yield network_devices_metadata diff --git a/cisco_aci/tests/common.py b/cisco_aci/tests/common.py index 79022adbb0c0e..40f1fdb2761f9 100644 --- a/cisco_aci/tests/common.py +++ b/cisco_aci/tests/common.py @@ -173,6 +173,10 @@ # 4efe80304d50330f5ed0f79252ef0a84 - Api.get_apps '_api_mo_uni_tn_DataDog_json_rsp_subtree_include_stats_no_scoped', # c8e9a0dbceac67fb1149684f7fc7772c - Api.get_tenant_stats + '_api_node_class_lldpAdjEp_json', + # f3713df3a586908a3a11f4c356153519 - Api.get_lldp_adj_eps + '_api_node_class_cdpAdjEp_json', + # 588ea77fffc6df4b37dfdfa4290cdc89 - Api.get_cdp_adj_eps '_api_node_class_topology_pod_1_node_102_l1PhysIf_json_rsp_subtree_children_rsp_subtree_include_stats_rsp_subtree_class_ethpmPhysIf_eqptEgrTotal5min_eqptIngrTotal5min_eqptEgrDropPkts5min_eqptEgrBytes5min_eqptIngrBytes5min', # fde05c4b654d2d8129c772cd5a20cbce - Api.get_eth_list_and_stats '_api_node_class_topology_pod_1_node_201_l1PhysIf_json_rsp_subtree_children_rsp_subtree_include_stats_rsp_subtree_class_ethpmPhysIf_eqptEgrTotal5min_eqptIngrTotal5min_eqptEgrDropPkts5min_eqptEgrBytes5min_eqptIngrBytes5min', diff --git a/cisco_aci/tests/fixtures/fabric/588ea77fffc6df4b37dfdfa4290cdc89.txt b/cisco_aci/tests/fixtures/fabric/588ea77fffc6df4b37dfdfa4290cdc89.txt new file mode 100644 index 0000000000000..6cc0e51dea023 --- /dev/null +++ b/cisco_aci/tests/fixtures/fabric/588ea77fffc6df4b37dfdfa4290cdc89.txt @@ -0,0 +1,4 @@ +{ + "totalCount": "0", + "imdata": [] +} \ No newline at end of file diff --git a/cisco_aci/tests/fixtures/fabric/f3713df3a586908a3a11f4c356153519.txt b/cisco_aci/tests/fixtures/fabric/f3713df3a586908a3a11f4c356153519.txt new file mode 100644 index 0000000000000..6a11461f5096e --- /dev/null +++ b/cisco_aci/tests/fixtures/fabric/f3713df3a586908a3a11f4c356153519.txt @@ -0,0 +1,61 @@ +{ + "totalCount": "1", + "imdata": [ + { + "lldpAdjEp": { + "attributes": { + "capability": "router", + "chassisIdT": "mac", + "chassisIdV": "6a:00:21:1f:55:2a", + "childAction": "", + "dn": "topology/pod-1/node-101/sys/lldp/inst/if-[eth1/49]/adj-1", + "enCap": "", + "id": "1", + "mgmtId": "0", + "mgmtIp": "10.0.200.5", + "mgmtPortMac": "unspecified", + "modTs": "2024-09-12T06:51:52.580+00:00", + "monPolDn": "uni/fabric/monfab-default", + "name": "", + "portDesc": "topology/pod-1/paths-201/pathep-[eth5/1]", + "portIdT": "mac", + "portIdV": "6a:00:21:1f:55:2a", + "portVlan": "unspecified", + "stQual": "", + "status": "", + "sysDesc": "topology/pod-1/node-201", + "sysName": "SP201", + "ttl": "120" + } + } + }, + { + "lldpAdjEp": { + "attributes": { + "capability": "router", + "chassisIdT": "mac", + "chassisIdV": "6a:00:21:1f:55:2b", + "childAction": "", + "dn": "topology/pod-1/node-102/sys/lldp/inst/if-[eth1/49]/adj-1", + "enCap": "", + "id": "1", + "mgmtId": "0", + "mgmtIp": "10.0.200.5", + "mgmtPortMac": "unspecified", + "modTs": "2024-09-12T06:51:52.580+00:00", + "monPolDn": "uni/fabric/monfab-default", + "name": "", + "portDesc": "topology/pod-1/paths-201/pathep-[eth5/2]", + "portIdT": "mac", + "portIdV": "6a:00:21:1f:55:2b", + "portVlan": "unspecified", + "stQual": "", + "status": "", + "sysDesc": "topology/pod-1/node-201", + "sysName": "SP201", + "ttl": "120" + } + } + } + ] +} \ No newline at end of file diff --git a/cisco_aci/tests/fixtures/metadata.py b/cisco_aci/tests/fixtures/metadata.py index e3b1236b34d8a..fa93687a52fec 100644 --- a/cisco_aci/tests/fixtures/metadata.py +++ b/cisco_aci/tests/fixtures/metadata.py @@ -30,7 +30,6 @@ ], 'ip_address': '10.0.200.0', 'model': 'N9K-C93180YC-FX', - 'fabric_st': 'active', 'name': 'leaf101', 'serial_number': 'FDO20440TS1', 'status': 1, @@ -62,7 +61,6 @@ ], 'ip_address': '10.0.200.1', 'model': 'N9K-C93180YC-FX', - 'fabric_st': 'active', 'name': 'leaf102', 'serial_number': 'FDO20510HCA', 'status': 1, @@ -93,10 +91,9 @@ ], 'ip_address': '10.0.200.4', 'model': 'APIC-SERVER-M1', - 'fabric_st': 'unknown', 'name': 'apic1', 'serial_number': 'FCH1928V0SL', - 'status': 2, + 'status': 1, 'vendor': 'cisco', 'version': 'A', }, @@ -125,7 +122,6 @@ ], 'ip_address': '10.0.200.5', 'model': 'N9K-C9336PQ', - 'fabric_st': 'active', 'name': 'spine201', 'serial_number': 'SAL2014N5U4', 'status': 1, @@ -272,6 +268,69 @@ }, ] +TOPOLOGY_LINK_METADATA = [ + { + 'id': 'default:10.0.200.0:cisco-aci-eth1/49.cisco-aci-eth5/1', + 'local': { + 'device': { + 'dd_id': 'default:10.0.200.0', + }, + 'interface': { + 'dd_id': 'default:10.0.200.0:cisco-aci-eth1/49', + 'id': 'eth1/49', + 'id_type': 'interface_name', + }, + }, + 'remote': { + 'device': { + 'dd_id': 'default:10.0.200.5', + 'description': 'topology/pod-1/node-201', + 'id': '6a:00:21:1f:55:2a', + 'id_type': 'mac', + 'ip_address': '10.0.200.5', + 'name': 'SP201', + }, + 'interface': { + 'dd_id': 'default:10.0.200.5:cisco-aci-eth5/1', + 'description': 'topology/pod-1/paths-201/pathep-[eth5/1]', + 'id': '6a:00:21:1f:55:2a', + 'id_type': 'mac_address', + }, + }, + 'source_type': 'lldp', + }, + { + 'id': 'default:10.0.200.1:cisco-aci-eth1/49.cisco-aci-eth5/2', + 'local': { + 'device': { + 'dd_id': 'default:10.0.200.1', + }, + 'interface': { + 'dd_id': 'default:10.0.200.1:cisco-aci-eth1/49', + 'id': 'eth1/49', + 'id_type': 'interface_name', + }, + }, + 'remote': { + 'device': { + 'dd_id': 'default:10.0.200.5', + 'description': 'topology/pod-1/node-201', + 'id': '6a:00:21:1f:55:2b', + 'id_type': 'mac', + 'ip_address': '10.0.200.5', + 'name': 'SP201', + }, + 'interface': { + 'dd_id': 'default:10.0.200.5:cisco-aci-eth5/2', + 'description': 'topology/pod-1/paths-201/pathep-[eth5/2]', + 'id': '6a:00:21:1f:55:2b', + 'id_type': 'mac_address', + }, + }, + 'source_type': 'lldp', + }, +] + EXPECTED_DEVICE_METADATA_RESULT = DeviceMetadataList(device_metadata=DEVICE_METADATA) # "2012-01-14 03:21:34" in seconds @@ -284,6 +343,7 @@ namespace='default', devices=DEVICE_METADATA, interfaces=INTERFACE_METADATA, + links=TOPOLOGY_LINK_METADATA, collect_timestamp=MOCK_TIME_EPOCH, ) ] diff --git a/cisco_sdwan/README.md b/cisco_sdwan/README.md index fa6194285587b..e383bfb9c47e1 100644 --- a/cisco_sdwan/README.md +++ b/cisco_sdwan/README.md @@ -1,4 +1,3 @@ -
The Cisco SD-WAN NDM integration is in Preview.
# Agent Check: Cisco SD-WAN diff --git a/citrix_hypervisor/CHANGELOG.md b/citrix_hypervisor/CHANGELOG.md index 875d0b36642e3..5a68710d5cd6b 100644 --- a/citrix_hypervisor/CHANGELOG.md +++ b/citrix_hypervisor/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/clickhouse/CHANGELOG.md b/clickhouse/CHANGELOG.md index c187df280fc98..0a61ccbb4bd93 100644 --- a/clickhouse/CHANGELOG.md +++ b/clickhouse/CHANGELOG.md @@ -2,15 +2,17 @@ +## 5.1.0 / 2024-11-28 + +***Added***: + +* Add verify option when connecting to ClickHouse server. ([#19018](https://github.com/DataDog/integrations-core/pull/19018)) + ## 5.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Add ability to pass a CA cert to Clickhouse ([#18677](https://github.com/DataDog/integrations-core/pull/18677)) ***Fixed***: @@ -23,6 +25,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.7.0 / 2024-09-05 ***Added***: diff --git a/clickhouse/assets/configuration/spec.yaml b/clickhouse/assets/configuration/spec.yaml index d5d042cebf06f..aab99aceb72c2 100644 --- a/clickhouse/assets/configuration/spec.yaml +++ b/clickhouse/assets/configuration/spec.yaml @@ -66,6 +66,11 @@ files: value: type: boolean example: False + - name: verify + description: Indicates if a certificate is required and if it will be validated after a connection is established. + value: + type: boolean + example: True - template: instances/db overrides: custom_queries.value.example: diff --git a/clickhouse/datadog_checks/clickhouse/__about__.py b/clickhouse/datadog_checks/clickhouse/__about__.py index 59ccab2a77ff8..2b46b8418a5d7 100644 --- a/clickhouse/datadog_checks/clickhouse/__about__.py +++ b/clickhouse/datadog_checks/clickhouse/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2019-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '5.0.0' +__version__ = '5.1.0' diff --git a/clickhouse/datadog_checks/clickhouse/clickhouse.py b/clickhouse/datadog_checks/clickhouse/clickhouse.py index fe362e96f47ae..bcc20a63af849 100644 --- a/clickhouse/datadog_checks/clickhouse/clickhouse.py +++ b/clickhouse/datadog_checks/clickhouse/clickhouse.py @@ -27,6 +27,7 @@ def __init__(self, name, init_config, instances): self._compression = self.instance.get('compression', False) self._tls_verify = is_affirmative(self.instance.get('tls_verify', False)) self._tls_ca_cert = self.instance.get('tls_ca_cert', None) + self._verify = self.instance.get('verify', True) self._tags = self.instance.get('tags', []) # Add global tags @@ -110,6 +111,7 @@ def connect(self): compression=self._compression, secure=self._tls_verify, ca_certs=self._tls_ca_cert, + verify=self._verify, settings={}, # Make every client unique for server logs client_name='datadog-{}'.format(self.check_id), diff --git a/clickhouse/datadog_checks/clickhouse/config_models/defaults.py b/clickhouse/datadog_checks/clickhouse/config_models/defaults.py index a5d5bee5638dd..cda1a5793bb1c 100644 --- a/clickhouse/datadog_checks/clickhouse/config_models/defaults.py +++ b/clickhouse/datadog_checks/clickhouse/config_models/defaults.py @@ -50,3 +50,7 @@ def instance_use_global_custom_queries(): def instance_username(): return 'default' + + +def instance_verify(): + return True diff --git a/clickhouse/datadog_checks/clickhouse/config_models/instance.py b/clickhouse/datadog_checks/clickhouse/config_models/instance.py index 438b23dc2919a..6a6f674ab672e 100644 --- a/clickhouse/datadog_checks/clickhouse/config_models/instance.py +++ b/clickhouse/datadog_checks/clickhouse/config_models/instance.py @@ -66,6 +66,7 @@ class InstanceConfig(BaseModel): tls_verify: Optional[bool] = None use_global_custom_queries: Optional[str] = None username: Optional[str] = None + verify: Optional[bool] = None @model_validator(mode='before') def _initial_validation(cls, values): diff --git a/clickhouse/datadog_checks/clickhouse/data/conf.yaml.example b/clickhouse/datadog_checks/clickhouse/data/conf.yaml.example index 9dbea83674bd1..1ec572d1839bf 100644 --- a/clickhouse/datadog_checks/clickhouse/data/conf.yaml.example +++ b/clickhouse/datadog_checks/clickhouse/data/conf.yaml.example @@ -79,6 +79,11 @@ instances: # # tls_verify: false + ## @param verify - boolean - optional - default: true + ## Indicates if a certificate is required and if it will be validated after a connection is established. + # + # verify: true + ## @param only_custom_queries - boolean - optional - default: false ## Set this parameter to `true` if you want to skip the integration's default metrics collection. ## Only metrics specified in `custom_queries` will be collected. diff --git a/clickhouse/tests/docker/docker-compose.yaml b/clickhouse/tests/docker/docker-compose.yaml index 1765a2529f217..23e52199237df 100644 --- a/clickhouse/tests/docker/docker-compose.yaml +++ b/clickhouse/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.9' - # https://clickhouse.yandex/docs/en/operations/table_engines/distributed/ # https://clickhouse.yandex/docs/en/operations/table_engines/replication/#creating-replicated-tables services: diff --git a/clickhouse/tests/test_unit.py b/clickhouse/tests/test_unit.py index b49ae2060b9fc..b70723d34d3cf 100644 --- a/clickhouse/tests/test_unit.py +++ b/clickhouse/tests/test_unit.py @@ -30,6 +30,7 @@ def test_config(instance): compression=False, secure=False, ca_certs=None, + verify=True, settings={}, client_name='datadog-test-clickhouse', ) diff --git a/cloud_foundry_api/CHANGELOG.md b/cloud_foundry_api/CHANGELOG.md index 7748191513e53..1ba110ec2b142 100644 --- a/cloud_foundry_api/CHANGELOG.md +++ b/cloud_foundry_api/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/cloudera/CHANGELOG.md b/cloudera/CHANGELOG.md index bc86862e17b3b..bff7948ba4942 100644 --- a/cloudera/CHANGELOG.md +++ b/cloudera/CHANGELOG.md @@ -10,10 +10,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.0 / 2024-06-12 / Agent 7.56.0 ***Added***: diff --git a/cockroachdb/CHANGELOG.md b/cockroachdb/CHANGELOG.md index e94baaa727500..e8f9b4738bb1c 100644 --- a/cockroachdb/CHANGELOG.md +++ b/cockroachdb/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/cockroachdb/hatch.toml b/cockroachdb/hatch.toml index e7ee92c1ab643..d4ecf60cc2af4 100644 --- a/cockroachdb/hatch.toml +++ b/cockroachdb/hatch.toml @@ -2,11 +2,10 @@ [[envs.default.matrix]] python = ["3.12"] -version = ["2.0", "22.1", "23.2"] +version = ["22.1", "23.2"] [envs.default.overrides] matrix.version.env-vars = [ - { key = "COCKROACHDB_VERSION", value = "v2.0.5", if = ["2.0"] }, { key = "COCKROACHDB_VERSION", value = "v22.1.11", if = ["22.1"] }, { key = "COCKROACHDB_VERSION", value = "v23.2.2", if = ["23.2"] }, ] diff --git a/cockroachdb/tests/docker/docker-compose.yaml b/cockroachdb/tests/docker/docker-compose.yaml index 5b111a152fd20..a1621defb7db6 100644 --- a/cockroachdb/tests/docker/docker-compose.yaml +++ b/cockroachdb/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.9' - services: cockroachdb: container_name: cockroachdb diff --git a/confluent_platform/CHANGELOG.md b/confluent_platform/CHANGELOG.md index 91a1ad55526ab..8a7e8b8537043 100644 --- a/confluent_platform/CHANGELOG.md +++ b/confluent_platform/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.10.2 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/consul/CHANGELOG.md b/consul/CHANGELOG.md index 7a82f96a15b76..54d58068a9ff5 100644 --- a/consul/CHANGELOG.md +++ b/consul/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.6.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/consul/README.md b/consul/README.md index 0f839779c5e9d..85bbc91083625 100644 --- a/consul/README.md +++ b/consul/README.md @@ -242,7 +242,7 @@ Additional helpful documentation, links, and articles: - [Key metrics for monitoring Consul][20] - [Consul monitoring tools][21] - [How to monitor Consul with Datadog][22] -- [Datadog NPM now supports Consul networking][23] +- [Datadog CNM now supports Consul networking][23] [1]: https://raw.githubusercontent.com/DataDog/integrations-core/master/consul/images/consul-dash.png [2]: https://app.datadoghq.com/account/settings/agent/latest diff --git a/coredns/CHANGELOG.md b/coredns/CHANGELOG.md index 29bc362b3e00d..d48a80cf7fadb 100644 --- a/coredns/CHANGELOG.md +++ b/coredns/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.3 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/coredns/tests/docker/docker-compose.yml b/coredns/tests/docker/docker-compose.yml index dc139fe854039..165552d7c622d 100644 --- a/coredns/tests/docker/docker-compose.yml +++ b/coredns/tests/docker/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.2" - services: coredns: image: coredns/coredns:${COREDNS_VERSION} diff --git a/couch/CHANGELOG.md b/couch/CHANGELOG.md index 7dc1bf06c07e6..7f116a589f626 100644 --- a/couch/CHANGELOG.md +++ b/couch/CHANGELOG.md @@ -2,16 +2,18 @@ +## 8.1.0 / 2024-11-28 + +***Added***: + +* Add support for Couch version 3.4.0 ([#19052](https://github.com/DataDog/integrations-core/pull/19052)) + ## 8.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/couch/datadog_checks/couch/__about__.py b/couch/datadog_checks/couch/__about__.py index 90c94f7125939..1b6d66341f5d3 100644 --- a/couch/datadog_checks/couch/__about__.py +++ b/couch/datadog_checks/couch/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = "8.0.0" +__version__ = "8.1.0" diff --git a/couch/datadog_checks/couch/couch.py b/couch/datadog_checks/couch/couch.py index 37235cd84b2aa..b5f8267a77800 100644 --- a/couch/datadog_checks/couch/couch.py +++ b/couch/datadog_checks/couch/couch.py @@ -260,6 +260,9 @@ def _build_system_metrics(self, data, tags, prefix='couchdb.erlang'): dist_tags = list(tags) dist_tags.append("node:{0}".format(node)) self._build_system_metrics(metrics, dist_tags, "{0}.{1}".format(prefix, key)) + elif key == "distribution_events": + self.agent_check.log.debug("Skipping distribution events") + continue elif isinstance(value, dict): self._build_system_metrics(value, tags, "{0}.{1}".format(prefix, key)) else: diff --git a/couch/tests/conftest.py b/couch/tests/conftest.py index 1299b439d6d86..8e407331a251c 100644 --- a/couch/tests/conftest.py +++ b/couch/tests/conftest.py @@ -40,6 +40,15 @@ def active_tasks(): return json.loads(f.read()) +@pytest.fixture +def load_test_data(): + """ + Returns a raw response from `/_3.4_system.json` + """ + with open(os.path.join(common.HERE, 'fixtures', '_3.4_system.json')) as f: + return json.load(f) + + @pytest.fixture(scope="session") def dd_environment(): """ diff --git a/couch/tests/fixtures/_3.4_system.json b/couch/tests/fixtures/_3.4_system.json new file mode 100644 index 0000000000000..a26d70f9c4169 --- /dev/null +++ b/couch/tests/fixtures/_3.4_system.json @@ -0,0 +1,223 @@ +{ + "uptime": 87, + "memory": { + "other": 19225722, + "atom": 553593, + "atom_used": 526962, + "processes": 12616384, + "processes_used": 12607040, + "binary": 558120, + "code": 12149997, + "ets": 1847536 + }, + "run_queue": 0, + "ets_table_count": 124, + "context_switches": 83763, + "reductions": 29838712, + "garbage_collection_count": 25531, + "words_reclaimed": 27456219, + "io_input": 11354834, + "io_output": 2849837, + "os_proc_count": 0, + "stale_proc_count": 0, + "process_count": 470, + "process_limit": 262144, + "message_queues": { + "couch_file": { + "count": 34, + "min": 0, + "max": 0, + "50": 0, + "90": 0, + "99": 0 + }, + "couch_db_updater": { + "count": 22, + "min": 0, + "max": 0, + "50": 0, + "90": 0, + "99": 0 + }, + "httpc_manager": 0, + "httpc_handler_sup": 0, + "ken_sup": 0, + "ken_server": 0, + "couch_replication": 0, + "chttpd_auth_cache_lru": 0, + "couch_index_sup": 0, + "ioq_sup": 0, + "couch_index_server": 0, + "mem3_events": 0, + "jwtf_sup": 0, + "rexi_buffer_couchdb@couchdb-2.example.com": 0, + "jwtf_keystore": 0, + "rexi_buffer_couchdb@couchdb-3.example.com": 0, + "ioq": 0, + "couch_uuids": 0, + "ftp_sup": 0, + "rexi_buffer_mon": 0, + "ibrowse_sup": 0, + "couch_secondary_services": 0, + "rexi_buffer_sup": 0, + "couch_primary_services": 0, + "couch_task_status": 0, + "couch_sup": 0, + "global_changes_sup": 0, + "global_changes_server": 0, + "couch_server": 0, + "ibrowse": 0, + "config_event": 0, + "chttpd_sup": 0, + "couch_proc_manager": 0, + "release_handler": 0, + "sasl_sup": 0, + "dreyfus_sup": 0, + "standard_error_sup": 0, + "couch_event_sup2": 0, + "alarm_handler": 0, + "couch_event_server": 0, + "couch_epi_functions_gen_couch_index": 0, + "dreyfus_index_manager": 0, + "couch_epi_functions_gen_chttpd_auth": 0, + "timer_server": 0, + "couch_epi_functions_gen_couch_db": 0, + "runtime_tools_sup": 0, + "couch_epi_data_gen_flags_config": 0, + "couch_httpd_vhost": 0, + "couch_epi_functions_gen_global_changes": 0, + "couch_epi_functions_gen_chttpd_handlers": 0, + "chttpd_auth_cache": 0, + "couch_epi_functions_gen_feature_flags": 0, + "couch_stats_sup": 0, + "couch_epi_functions_gen_chttpd": 0, + "couch_plugin": 0, + "couch_stats_process_tracker": 0, + "chttpd": 0, + "kernel_safe_sup": 0, + "tftp_sup": 0, + "couch_stats_aggregator": 0, + "rexi_server_couchdb@couchdb-3.example.com": 0, + "rex": 0, + "rexi_server_couchdb@couchdb-2.example.com": 0, + "net_sup": 0, + "folsom_sup": 0, + "inet_gethost_native_sup": 0, + "kernel_sup": 0, + "ddoc_cache_sup": 0, + "global_name_server": 0, + "ddoc_cache_opener": 0, + "folsom_sample_slide_sup": 0, + "ddoc_cache_lru": 0, + "file_server_2": 0, + "standard_error": 0, + "couch_drv": 0, + "couch_peruser_sup": 0, + "tls_connection_sup": 0, + "couch_peruser": 0, + "folsom_metrics_histogram_ets": 0, + "couch_replicator_sup": 0, + "ssl_sup": 0, + "couch_replicator_scheduler_sup": 0, + "smoosh_sup": 0, + "folsom_meter_timer_server": 0, + "smoosh_server": 0, + "couch_replicator_scheduler": 0, + "rexi_buffer_couchdb@couchdb-1.example.com": 0, + "rexi_server_couchdb@couchdb-1.example.com": 0, + "mem3_sync_nodes": 0, + "couch_replicator_rate_limiter": 0, + "inet_gethost_native": 0, + "inets_sup": 0, + "setup_sup": 0, + "inet_db": 0, + "ssl_pem_cache": 0, + "mem3_sync": 0, + "ssl_manager": 0, + "mem3_sup": 0, + "ssl_listen_tracker_sup": 0, + "mem3_shards": 0, + "mem3_seeds": 0, + "httpd_sup": 0, + "couch_log_sup": 0, + "mem3_reshard_sup": 0, + "mango_sup": 0, + "couch_log_server": 0, + "couch_epi_data_gen_dreyfus_black_list": 0, + "mem3_reshard_job_sup": 0, + "erts_code_purger": 0, + "global_group": 0, + "error_logger": 0, + "couch_replicator_doc_processor": 0, + "ssl_connection_sup": 0, + "init": 0, + "mem3_reshard_dbdoc": 0, + "couch_replicator_connection": 0, + "erl_signal_server": 0, + "net_kernel": 0, + "couch_replicator_clustering": 0, + "sasl_safe_sup": 0, + "config": 0, + "mem3_reshard": 0, + "user": 0, + "couch_epi_sup": 0, + "erl_epmd": 0, + "mem3_nodes": 0, + "ssl_admin_sup": 0, + "mochiweb_clock": 0, + "dtls_udp_sup": 0, + "erl_prim_loader": 0, + "code_server": 0, + "httpc_sup": 0, + "rexi_sup": 0, + "dtls_connection_sup": 0, + "rexi_server_sup": 0, + "rexi_server_mon": 0, + "auth": 0, + "application_controller": 0, + "httpc_profile_sup": 0, + "config_sup": 0, + "rexi_server": 0 + }, + "internal_replication_jobs": 0, + "distribution": { + "couchdb@couchdb-2.example.com": { + "recv_oct": 546816, + "recv_cnt": 1865, + "recv_max": 20295, + "recv_avg": 293, + "recv_dvi": 11, + "send_oct": 326373, + "send_cnt": 2989, + "send_max": 1257, + "send_avg": 109, + "send_pend": 0 + }, + "couchdb@couchdb-3.example.com": { + "recv_oct": 495964, + "recv_cnt": 1663, + "recv_max": 20295, + "recv_avg": 298, + "recv_dvi": 20, + "send_oct": 322019, + "send_cnt": 2934, + "send_max": 2514, + "send_avg": 109, + "send_pend": 0 + } + }, + "distribution_events": { + "couchdb@couchdb-3.example.com": [ + [ + "2024-11-13T19:57:04Z", + "nodeup" + ] + ], + "couchdb@couchdb-2.example.com": [ + [ + "2024-11-13T19:57:04Z", + "nodeup" + ] + ] + } +} \ No newline at end of file diff --git a/couch/tests/test_unit.py b/couch/tests/test_unit.py index 15d86f5e71957..bfa3ba06dadae 100644 --- a/couch/tests/test_unit.py +++ b/couch/tests/test_unit.py @@ -2,11 +2,13 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) from copy import deepcopy +from unittest.mock import MagicMock import mock import pytest from datadog_checks.couch import CouchDb +from datadog_checks.couch.couch import CouchDB2 from . import common @@ -45,3 +47,24 @@ def test_config(test_case, extra_config, expected_http_kwargs): http_wargs.update(expected_http_kwargs) r.get.assert_called_with('http://{}:5984/_all_dbs/'.format(common.HOST), **http_wargs) + + +def test_new_version_system_metrics(load_test_data): + # Testing the _build_system_metrics method I'm feeding it a json that has a the updated + # keys that was added in version 3.4 that was causing the check to break. The idea here + # is that I'm going to give the method the json then assert that it's able to go through + # it thhorougly by the number of function calls and debug log calls. + + # Mock everything needed for the function to run + mock_agent_check = MagicMock() + mock_agent_check.gauge = MagicMock() + mock_agent_check.log = MagicMock() + + couchdb_check = CouchDB2(mock_agent_check) + tags = ["test:tag"] + + # The fixture file json is loaded as a fixture in the confest.py file + couchdb_check._build_system_metrics(load_test_data, tags) + + assert mock_agent_check.gauge.call_count >= 183 + mock_agent_check.log.debug.assert_any_call("Skipping distribution events") diff --git a/couchbase/CHANGELOG.md b/couchbase/CHANGELOG.md index fa25c5c48aa4d..ac685227c8925 100644 --- a/couchbase/CHANGELOG.md +++ b/couchbase/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/crio/CHANGELOG.md b/crio/CHANGELOG.md index 341bc9a7bc3b6..5953f2b4a56fc 100644 --- a/crio/CHANGELOG.md +++ b/crio/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.6.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/databricks/README.md b/databricks/README.md index cf6795f1e5731..57ad4cc4fa37a 100644 --- a/databricks/README.md +++ b/databricks/README.md @@ -19,6 +19,7 @@ Datadog offers several Databricks monitoring capabilities. [Infrastructure Monitoring][28] gives you a limited subset of the Data Jobs Monitoring functionality - visibility into the resource utilization of your Databricks clusters and Apache Spark performance metrics. +Model serving metrics provide insights into how your Databricks model serving infrastructure is performing. With these metrics, you can detect endpoints that have high error rate, high latency, are over/under provisioned, and more. ## Setup ### Installation diff --git a/databricks/assets/dashboards/databricks_cost_overview.json b/databricks/assets/dashboards/databricks_cost_overview.json index e2885a90aa6ce..6924c86a1d56c 100644 --- a/databricks/assets/dashboards/databricks_cost_overview.json +++ b/databricks/assets/dashboards/databricks_cost_overview.json @@ -879,4 +879,4 @@ "layout_type": "ordered", "notify_list": [], "reflow_type": "fixed" - } \ No newline at end of file +} diff --git a/databricks/assets/dashboards/model_serving_overview.json b/databricks/assets/dashboards/model_serving_overview.json new file mode 100644 index 0000000000000..30e11637593ea --- /dev/null +++ b/databricks/assets/dashboards/model_serving_overview.json @@ -0,0 +1,1110 @@ +{ + "title": "Databricks Model Serving", + "description": "This Dashboard provides a high level overview of your Pinecone service. Use it to monitor the health and performance of your vector database. \n\nFor further information, see the [Pinecone Integration Documentation](https://docs.datadoghq.com/integrations/pinecone/)\n\nClone this template dashboard to make changes and add your own graph widgets.", + "widgets": [ + { + "id": 4831622862262762, + "definition": { + "title": "New group", + "banner_img": "/static/images/integration_dashboard/databricks_hero_1.png", + "show_title": false, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 696611051845420, + "definition": { + "type": "note", + "content": "This dashboard provides a high level overview of the health of your Databricks model serving endpoints. These include metrics such as latency, request rate, error rate, CPU usage, etc. This can be used to visualize how your serving infrastructure is behaving.\n\nFor more information about Databricks model serving, see [Databricks Model Serving](https://docs.databricks.com/en/machine-learning/model-serving/index.html) and [Serving Endpoints](https://docs.databricks.com/api/workspace/servingendpoints) .\n\nFor further information on Datadog's integration with Databricks, see the [Databricks Integration Documentation](##TODO##).", + "background_color": "transparent", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": false + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 5 + } + }, + { + "id": 3764041205563078, + "definition": { + "title": "Overview", + "background_color": "white", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2364160159281040, + "definition": { + "title": "Resource Utilization Overview", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:databricks.model_serving.cpu_usage_percentage{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:databricks.model_serving.mem_usage_percentage{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:databricks.model_serving.gpu_usage_percentage.avg{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "avg:databricks.model_serving.gpu_mem_usage_percentage.avg{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "avg cpu usage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1" + }, + { + "cell_display_mode": "bar", + "alias": "avg cpu mem usage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query2" + }, + { + "cell_display_mode": "bar", + "alias": "avg gpu usage", + "formula": "query3" + }, + { + "cell_display_mode": "bar", + "alias": "avg gpu mem usage", + "formula": "query4" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 282877050046086, + "definition": { + "title": "Top endpoints by request latency", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:databricks.model_serving.request_latency_ms.99percentile{$workspace_id, $endpoint_name, $workspace_name, $served_entity_name} by {endpoint_name}", + "aggregator": "avg" + }, + { + "name": "query2", + "data_source": "metrics", + "query": "avg:databricks.model_serving.request_latency_ms.95percentile{$workspace_id, $endpoint_name, $workspace_name, $served_entity_name} by {endpoint_name}", + "aggregator": "avg" + }, + { + "name": "query3", + "data_source": "metrics", + "query": "avg:databricks.model_serving.request_latency_ms.90percentile{$workspace_id, $endpoint_name, $workspace_name, $served_entity_name} by {endpoint_name}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "99 percentile", + "formula": "query1" + }, + { + "cell_display_mode": "bar", + "alias": "95 percentile", + "formula": "query2" + }, + { + "cell_display_mode": "bar", + "alias": "90 percentile", + "formula": "query3" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 2 + } + }, + { + "id": 6819245007400226, + "definition": { + "title": "Top endpoints by cumulative request count", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:databricks.model_serving.request_count_total{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}", + "aggregator": "sum" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:databricks.model_serving.request_4xx_count_total{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}.weighted()", + "aggregator": "sum" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:databricks.model_serving.request_5xx_count_total{$workspace_id, $workspace_name, $served_entity_name, $endpoint_name} by {endpoint_name}.weighted()", + "aggregator": "sum" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Request Count", + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "request" + } + } + }, + { + "cell_display_mode": "bar", + "alias": "4xx Error count", + "formula": "query2" + }, + { + "cell_display_mode": "bar", + "alias": "5xx Error count", + "formula": "query3" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 2 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 7 + } + }, + { + "id": 7064634868158922, + "definition": { + "title": "Resource Utilization", + "background_color": "vivid_pink", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7266618368102262, + "definition": { + "type": "note", + "content": "Processing and memory usage metrics describe how effectively computational and storage resources are being utilized during model serving, indicating whether the current setup meets the demand for processing data and running models efficiently.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "75%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 5547479570648212, + "definition": { + "type": "note", + "content": "CPU Usage", + "background_color": "blue", + "font_size": "24", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 1, + "width": 6, + "height": 1 + } + }, + { + "id": 6181794824329746, + "definition": { + "type": "note", + "content": "GPU Usage\n\n", + "background_color": "vivid_blue", + "font_size": "24", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 1, + "width": 6, + "height": 1 + } + }, + { + "id": 865170122425732, + "definition": { + "type": "note", + "content": "High CPU usage or CPU memory usage can indicate a need for optimization or scaling to prevent performance bottlenecks, while low usage may suggest potential for cost savings or resource reallocation.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "75%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 1 + } + }, + { + "id": 7409546524688414, + "definition": { + "type": "note", + "content": "GPU metrics are an experimental Databricks feature and are subject to change.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 2, + "width": 6, + "height": 1 + } + }, + { + "id": 968488512949198, + "definition": { + "title": "Average CPU Usage", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:databricks.model_serving.cpu_usage_percentage{$workspace_name,$endpoint_name,$served_entity_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 3 + } + }, + { + "id": 8401637794826174, + "definition": { + "type": "note", + "content": "High GPU usage or GPU memory usage highlights heavy computational demands typical of complex models, necessitating careful management to avoid resource exhaustion. Conversely, low usage in these areas indicates potential underutilization, offering opportunities for optimizing workloads or reducing costs. ", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "75%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 3, + "width": 6, + "height": 1 + } + }, + { + "id": 2039643544055706, + "definition": { + "title": "Average GPU Usage", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "max:databricks.model_serving.gpu_usage_percentage.avg{$endpoint_name, $workspace_name, $served_entity_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 3 + } + }, + { + "id": 8341999391822062, + "definition": { + "title": "Average CPU Memory Usage", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:databricks.model_serving.mem_usage_percentage{$workspace_name,$endpoint_name,$served_entity_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 6, + "width": 6, + "height": 3 + } + }, + { + "id": 6769326008109800, + "definition": { + "title": "Average GPU Memory Usage", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "hide_incomplete_cost_data": true + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:databricks.model_serving.gpu_mem_usage_percentage.avg{$workspace_name,$endpoint_name,$served_entity_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 11 + } + }, + { + "id": 1871554135387136, + "definition": { + "title": "Requests", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8369113540588714, + "definition": { + "type": "note", + "content": "The request count measures the volume of requests handled by the endpoint, with high values indicative of increased user traffic or activity, which could strain server resources if not managed properly. \n\nConversely, a low request count might indicate lower user engagement, which could either be typical during off-peak hours or signal potential access issues if unexpected.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "75%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 1333178577565114, + "definition": { + "type": "note", + "content": "The request error count tracks the number of failed HTTP requests, with high values indicating potential server, code, or client-related issues that could degrade user experience. \n\nLow error count suggests that the majority of requests are being processed successfully, reflecting a stable application.\n\nA 5xx status code indicates a server error, where the server failed to fulfill a valid request, implying a problem on the server side. A 4xx status code signifies a client error, where the request cannot be processed due to issues such as a malformed request or unauthorized access, suggesting fault lies with the client's request.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "75%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 8753457556283120, + "definition": { + "title": "Requests in the last minute", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "request" + } + }, + "formula": "query3" + } + ], + "queries": [ + { + "name": "query3", + "data_source": "metrics", + "query": "max:databricks.model_serving.request_count_total{$endpoint_name, $served_entity_name, $workspace_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 2 + } + }, + { + "id": 7772095570773674, + "definition": { + "title": "5xx Error Count", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:databricks.model_serving.request_5xx_count_total{$workspace_name,$endpoint_name,$served_entity_name} by {endpoint_name}.weighted()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 6, + "y": 2, + "width": 6, + "height": 2 + } + }, + { + "id": 5365339434275840, + "definition": { + "title": "Total Provisioned Concurrent Requests", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query3" + } + ], + "queries": [ + { + "name": "query3", + "data_source": "metrics", + "query": "avg:databricks.model_serving.provisioned_concurrent_requests_total{$endpoint_name,$served_entity_name,$workspace_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 2 + } + }, + { + "id": 7486385226747274, + "definition": { + "title": "4xx Error Count", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:databricks.model_serving.request_4xx_count_total{$endpoint_name, $workspace_name, $served_entity_name} by {endpoint_name}.weighted()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 2 + } + } + ] + }, + "layout": { + "x": 0, + "y": 18, + "width": 12, + "height": 7, + "is_column_break": true + } + }, + { + "id": 1497094030519600, + "definition": { + "title": "Latency", + "background_color": "blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 69403009180860, + "definition": { + "type": "note", + "content": "Request latency measures the time it takes for a server to process and respond to a user request. \n\nHigh latency values indicate slow response times, which can lead to a poor user experience and suggest potential issues like network congestion, inefficient code, or server overload. \n\nOn the other hand, low latency values signify quick responses, reflecting a well-optimized system and contributing to a positive user experience.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 6262930933038372, + "definition": { + "title": "Request Latency (p99)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query3" + } + ], + "queries": [ + { + "name": "query3", + "data_source": "metrics", + "query": "max:databricks.model_serving.request_latency_ms.99percentile{$endpoint_name, $served_entity_name, $workspace_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 2 + } + }, + { + "id": 1597060530161390, + "definition": { + "title": "Request Latency (p95)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query3" + } + ], + "queries": [ + { + "name": "query3", + "data_source": "metrics", + "query": "max:databricks.model_serving.request_latency_ms.95percentile{$endpoint_name, $served_entity_name, $workspace_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 5, + "y": 2, + "width": 7, + "height": 2 + } + }, + { + "id": 8891554743052240, + "definition": { + "title": "Request Latency (p90)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "formula": "query3" + } + ], + "queries": [ + { + "name": "query3", + "data_source": "metrics", + "query": "max:databricks.model_serving.request_latency_ms.90percentile{$endpoint_name, $served_entity_name, $workspace_name} by {endpoint_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 5, + "y": 4, + "width": 7, + "height": 2 + } + } + ] + }, + "layout": { + "x": 0, + "y": 25, + "width": 12, + "height": 7 + } + } + ], + "template_variables": [ + { + "name": "workspace_id", + "prefix": "workspace_id", + "available_values": [], + "default": "*" + }, + { + "name": "workspace_name", + "prefix": "workspace_name", + "available_values": [], + "default": "*" + }, + { + "name": "endpoint_name", + "prefix": "endpoint_name", + "available_values": [], + "default": "*" + }, + { + "name": "served_entity_name", + "prefix": "served_entity_name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/databricks/assets/monitors/4xx_errors.json b/databricks/assets/monitors/4xx_errors.json new file mode 100644 index 0000000000000..6ec9f32973591 --- /dev/null +++ b/databricks/assets/monitors/4xx_errors.json @@ -0,0 +1,41 @@ +{ + "version": 2, + "created_at": "2024-10-25", + "last_updated_at": "2024-10-25", + "title": "Databricks Model Serving - 4xx error count is higher than usual", + "description": "Databricks Model Serving - 4xx error count is higher than usual", + "definition": { + "id": 4722049, + "name": "[Databricks Model Serving] 4xx error count is higher than usual for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_4h):anomalies(max:databricks.model_serving.request_4xx_count_total{*} by {endpoint_name}, 'basic', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true') >= 1", + "message": "The number of 4xx errors for Databricks Model Serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10 + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/assets/monitors/5xx_errors.json b/databricks/assets/monitors/5xx_errors.json new file mode 100644 index 0000000000000..f66a0f4829a0b --- /dev/null +++ b/databricks/assets/monitors/5xx_errors.json @@ -0,0 +1,42 @@ +{ + "version": 2, + "created_at": "2024-10-25", + "last_updated_at": "2024-10-25", + "title": "Databricks Model Serving - 5xx error count is higher than usual", + "description": "Databricks Model Serving - 5xx error count is higher than usual", + "definition": { + "id": 4722195, + "name": "[Databricks Model Serving] 5xx error count is higher than usual for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_4h):anomalies(max:databricks.model_serving.request_5xx_count_total{*} by {endpoint_name}, 'basic', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true') >= 1", + "message": "The number of 5xx errors for Databricks Model Serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/assets/monitors/cpu_memory_usage_high.json b/databricks/assets/monitors/cpu_memory_usage_high.json new file mode 100644 index 0000000000000..4cb6b0cff806c --- /dev/null +++ b/databricks/assets/monitors/cpu_memory_usage_high.json @@ -0,0 +1,41 @@ +{ + "version": 2, + "created_at": "2024-10-25", + "last_updated_at": "2024-10-25", + "title": "Databricks Model Serving - CPU memory usage is higher than usual", + "description": "Databricks Model Serving - CPU memory usage is higher than usual", + "definition": { + "id": 4735343, + "name": "[Databricks Model Serving] CPU memory usage across server replicas higher than usual for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_15m):anomalies(avg:databricks.model_serving.mem_usage_percentage{*} by {endpoint_name}, 'basic', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true') >= 1", + "message": "The memory usage across server replicas for Databricks model serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10 + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/assets/monitors/cpu_usage_high.json b/databricks/assets/monitors/cpu_usage_high.json new file mode 100644 index 0000000000000..af965a4224374 --- /dev/null +++ b/databricks/assets/monitors/cpu_usage_high.json @@ -0,0 +1,41 @@ +{ + "version": 2, + "created_at": "2024-10-25", + "last_updated_at": "2024-10-25", + "title": "Databricks Model Serving - CPU usage across server replicas higher than usual", + "description": "Databricks Model Serving - CPU usage across server replicas higher than usual", + "definition": { + "id": 4735415, + "name": "[Databricks Model Serving] CPU usage across server replicas higher than usual for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_4h):anomalies(avg:databricks.model_serving.cpu_usage_percentage{*} by {endpoint_name}, 'agile', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true', seasonality='hourly') >= 1", + "message": "The CPU usage across server replicas for Databricks model serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10 + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/assets/monitors/gpu_memory_usage_high.json b/databricks/assets/monitors/gpu_memory_usage_high.json new file mode 100644 index 0000000000000..4072316dd87cf --- /dev/null +++ b/databricks/assets/monitors/gpu_memory_usage_high.json @@ -0,0 +1,42 @@ +{ + "version": 2, + "created_at": "2024-11-11", + "last_updated_at": "2024-11-11", + "title": "Databricks Model Serving - GPU memory usage is higher than usual", + "description": "Databricks Model Serving - GPU memory usage is higher than usual", + "definition": { + "id": 12853292, + "name": "[Databricks Model Serving] GPU memory usage across server replicas higher than usual for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_15m):anomalies(avg:databricks.model_serving.gpu_mem_usage_percentage.avg{*} by {endpoint_name}, 'basic', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true') >= 1", + "message": "The GPU memory usage across server replicas for Databricks model serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/assets/monitors/gpu_usage_high.json b/databricks/assets/monitors/gpu_usage_high.json new file mode 100644 index 0000000000000..2fa59611ba1ac --- /dev/null +++ b/databricks/assets/monitors/gpu_usage_high.json @@ -0,0 +1,42 @@ +{ + "version": 2, + "created_at": "2024-11-11", + "last_updated_at": "2024-11-11", + "title": "Databricks Model Serving - GPU usage across server replicas higher than usual", + "description": "Databricks Model Serving - GPU usage across server replicas higher than usual", + "definition": { + "id": 12853483, + "name": "[Databricks Model Serving] GPU usage across server replicas higher than usual for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_15m):anomalies(avg:databricks.model_serving.gpu_usage_percentage.avg{*} by {endpoint_name}, 'basic', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true') >= 1", + "message": "The GPU usage across server replicas for Databricks model serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/assets/monitors/request_latency_high.json b/databricks/assets/monitors/request_latency_high.json new file mode 100644 index 0000000000000..0d738ab6cca4a --- /dev/null +++ b/databricks/assets/monitors/request_latency_high.json @@ -0,0 +1,40 @@ +{ + "version": 2, + "created_at": "2024-11-11", + "last_updated_at": "2024-11-11", + "title": "Databricks Model Serving - request latency is higher than usual", + "description": "Databricks Model Serving - request latency is higher than usual", + "definition": { + "id": 12853191, + "name": "[Databricks Model Serving] Request latency is higher than normal for endpoint: {{endpoint_name.name}}", + "type": "query alert", + "query": "avg(last_4h):anomalies(avg:databricks.model_serving.request_latency_ms.99percentile{*} by {endpoint_name}, 'basic', 2, direction='both', interval=60, alert_window='last_15m', count_default_zero='true') >= 1", + "message": "The request latency for Databricks model serving endpoint: {{endpoint_name.name}} is at {{value}}, which is higher than usual.", + "tags": [ + "integration:databricks" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_15m", + "recovery_window": "last_15m" + }, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "avalanche_window": 10, + "silenced": {} + }, + "priority": null, + "restricted_roles": null + }, + "tags": [ + "integration:databricks" + ] +} \ No newline at end of file diff --git a/databricks/manifest.json b/databricks/manifest.json index 56e2e4ab1e046..b2d34c6242331 100644 --- a/databricks/manifest.json +++ b/databricks/manifest.json @@ -48,6 +48,11 @@ "events": { "creates_events": false }, + "metrics": { + "prefix": "databricks.model_serving.", + "check": "databricks.model_serving.provisioned_concurrent_requests_total", + "metadata_path": "metadata.csv" + }, "service_checks": { "metadata_path": "assets/service_checks.json" }, @@ -57,7 +62,17 @@ "dashboards": { "Databricks Overview Dashboard": "assets/dashboards/overview_dashboard.json", "Databricks Clusters Dashboard": "assets/dashboards/clusters_dashboard.json", - "databricks_cost_overview": "assets/dashboards/databricks_cost_overview.json" + "databricks_cost_overview": "assets/dashboards/databricks_cost_overview.json", + "Databricks Model Serving Overview": "assets/dashboards/model_serving_overview.json" + }, + "monitors": { + "Databricks Model Serving: High count 4xx errors": "assets/monitors/4xx_errors.json", + "Databricks Model Serving: High count 5xx errors": "assets/monitors/5xx_errors.json", + "Databricks Model Serving: High CPU usage": "assets/monitors/cpu_usage_high.json", + "Databricks Model Serving: High CPU memory usage": "assets/monitors/cpu_memory_usage_high.json", + "Databricks Model Serving: High GPU usage": "assets/monitors/gpu_usage_high.json", + "Databricks Model Serving: High GPU memory usage": "assets/monitors/gpu_memory_usage_high.json", + "Databricks Model Serving: High request latency": "assets/monitors/request_latency_high.json" }, "logs": { "source": "spark" diff --git a/databricks/metadata.csv b/databricks/metadata.csv new file mode 100644 index 0000000000000..7a41be3390215 --- /dev/null +++ b/databricks/metadata.csv @@ -0,0 +1,17 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric +databricks.model_serving.cpu_usage_percentage,gauge,60,percent,,Average CPU utilization used across all replicas during the last minute,0,databricks,CPU usage percentage min, +databricks.model_serving.gpu_mem_usage_percentage.avg,gauge,60,percent,,Average GPU memory usage used across all GPUs during the minute,0,databricks,GPU memory usage percentage avg, +databricks.model_serving.gpu_mem_usage_percentage.max,gauge,60,percent,,Maximum GPU memory usage used across all GPUs during the minute,0,databricks,GPU memory usage percentage max, +databricks.model_serving.gpu_mem_usage_percentage.min,gauge,60,percent,,Minimum GPU memory usage used across all GPUs during the minute,0,databricks,GPU memory usage percentage min, +databricks.model_serving.gpu_usage_percentage.avg,gauge,60,percent,,Average GPU utilization used across all GPUs during the minute,0,databricks,GPU usage percentage avg, +databricks.model_serving.gpu_usage_percentage.max,gauge,60,percent,,Maximum GPU utilization used across all GPUs during the minute,0,databricks,GPU usage percentage max, +databricks.model_serving.gpu_usage_percentage.min,gauge,60,percent,,Minimum GPU utilization used across all GPUs during the minute,0,databricks,GPU usage percentage min, +databricks.model_serving.mem_usage_percentage,gauge,60,percent,,Average memory utilization used across all replicas during the last minute,0,databricks,Memory usage percentage avg, +databricks.model_serving.provisioned_concurrent_requests_total,gauge,60,request,,Number of provisioned concurrency during the last minute,0,databricks,Provisioned concurrent requests, +databricks.model_serving.request_4xx_count_total,gauge,60,request,,Number of 4xx errors during the last minute,0,databricks,4xx errors, +databricks.model_serving.request_5xx_count_total,gauge,60,request,,Number of 5xx errors during the last minute,0,databricks,5xx errors total, +databricks.model_serving.request_count_total,gauge,60,request,,Number of requests during the last minute,0,databricks,Request count, +databricks.model_serving.request_latency_ms.75percentile,gauge,60,millisecond,,75th percentile request latency in milliseconds during the minute,0,databricks,Request latency ms 75th percentile, +databricks.model_serving.request_latency_ms.90percentile,gauge,60,millisecond,,90th percentile request latency in milliseconds during the minute,0,databricks,Request latency ms 90th percentile, +databricks.model_serving.request_latency_ms.95percentile,gauge,60,millisecond,,95th percentile request latency in milliseconds during the minute,0,databricks,Request latency ms 95th percentile, +databricks.model_serving.request_latency_ms.99percentile,gauge,60,millisecond,,99th percentile request latency in milliseconds during the minute,0,databricks,Request latency ms 99th percentile, diff --git a/datadog_checks_base/CHANGELOG.md b/datadog_checks_base/CHANGELOG.md index cede60bff2a11..31b58665f0adf 100644 --- a/datadog_checks_base/CHANGELOG.md +++ b/datadog_checks_base/CHANGELOG.md @@ -2,28 +2,40 @@ +## 37.2.0 / 2024-12-05 + +***Added***: + +* Bump binary package version for py3.12 ([#19190](https://github.com/DataDog/integrations-core/pull/19190)) + +## 37.1.1 / 2024-11-28 + +***Fixed***: + +* When resolving database hosts, always resolve a .local database host to itself ([#19039](https://github.com/DataDog/integrations-core/pull/19039)) + ## 37.1.0 / 2024-10-04 / Agent 7.59.0 ***Added***: * Added Postgres cross-org telemetry metrics. ([#18758](https://github.com/DataDog/integrations-core/pull/18758)) -## 37.0.0 / 2024-09-19 / Agent 7.58.0 +## 37.0.0 / 2024-09-19 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 36.16.0 / 2024-09-30 / Agent 7.58.0 ***Security***: * Bump version of cryptography to 43.0.1 to address vulnerability ([#18656](https://github.com/DataDog/integrations-core/pull/18656)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) + ## 36.15.0 / 2024-09-05 ***Added***: @@ -67,7 +79,7 @@ * Log invalid line when failing to parse OpenMetrics response ([#17514](https://github.com/DataDog/integrations-core/pull/17514)) * Support log submission from checks ([#18019](https://github.com/DataDog/integrations-core/pull/18019)) * Allow untyped metrics that we coerce to `counter` to be collected regardless if they have `_total` or not. ([#18054](https://github.com/DataDog/integrations-core/pull/18054)) -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 36.10.0 / 2024-07-11 diff --git a/datadog_checks_base/changelog.d/18975.added b/datadog_checks_base/changelog.d/18975.added new file mode 100644 index 0000000000000..d95d103203c3e --- /dev/null +++ b/datadog_checks_base/changelog.d/18975.added @@ -0,0 +1 @@ +Show diff to closest metric match when metric test fails diff --git a/datadog_checks_base/changelog.d/19039.fixed b/datadog_checks_base/changelog.d/19039.fixed deleted file mode 100644 index 93ceec32666de..0000000000000 --- a/datadog_checks_base/changelog.d/19039.fixed +++ /dev/null @@ -1 +0,0 @@ -When resolving database hosts, always resolve a .local database host to itself diff --git a/datadog_checks_base/changelog.d/19197.fixed b/datadog_checks_base/changelog.d/19197.fixed new file mode 100644 index 0000000000000..31cd6530b5639 --- /dev/null +++ b/datadog_checks_base/changelog.d/19197.fixed @@ -0,0 +1 @@ +Fix "no snapshot data found" error when `agent check --profile-memory` diff --git a/datadog_checks_base/datadog_checks/base/__about__.py b/datadog_checks_base/datadog_checks/base/__about__.py index a1deb4b728270..d2262989bc126 100644 --- a/datadog_checks_base/datadog_checks/base/__about__.py +++ b/datadog_checks_base/datadog_checks/base/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2018-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = "37.1.0" +__version__ = "37.2.0" diff --git a/datadog_checks_base/datadog_checks/base/checks/base.py b/datadog_checks_base/datadog_checks/base/checks/base.py index c87b2cdb70479..9508dcc518dd4 100644 --- a/datadog_checks_base/datadog_checks/base/checks/base.py +++ b/datadog_checks_base/datadog_checks/base/checks/base.py @@ -1285,7 +1285,13 @@ def run(self): enter_pdb(self.check, line=self.init_config['set_breakpoint'], args=(instance,)) elif self.should_profile_memory(): - self.profile_memory(self.check, self.init_config, args=(instance,)) + # self.init_config['profile_memory'] could be `/tmp/datadog-agent-memory-profiler*` + # that is generated by Datadog Agent. + # If we use `--m-dir` for `agent check` command, a hidden flag, it should be same as a given value. + namespaces = [self.init_config['profile_memory']] + for id in self.check_id.split(":"): + namespaces.append(id) + self.profile_memory(func=self.check, namespaces=namespaces, args=(instance,)) else: self.check(instance) diff --git a/datadog_checks_base/datadog_checks/base/stubs/similar.py b/datadog_checks_base/datadog_checks/base/stubs/similar.py index 8b2e712ac3754..9d56ff3b1a89a 100644 --- a/datadog_checks_base/datadog_checks/base/stubs/similar.py +++ b/datadog_checks_base/datadog_checks/base/stubs/similar.py @@ -9,6 +9,62 @@ MAX_SIMILAR_TO_DISPLAY = 15 +def dict_diff(expected, closest): + """ + Returns an array of key/value pairs that are different between the two dicts. + """ + diff = [] + for key in closest.keys() | expected.keys(): + expected_value = expected.get(key) + closest_value = closest.get(key) + + if expected_value is not None and expected_value != closest_value: + diff.append((key, expected_value, closest_value)) + + return diff + + +def tags_list_to_dict(tags): + return {tag.split(':', 1)[0]: (tag.split(':', 1)[1] if ":" in tag else '') for tag in tags} + + +def tags_diff(expected, closest): + """ + Returns an array of key/value pairs that are different between the two lists of tags. + """ + diff = [] + expected_tags_dict = tags_list_to_dict(expected) + closest_tags_dict = tags_list_to_dict(closest) + for tag in expected_tags_dict: + if expected_tags_dict[tag] != closest_tags_dict.get(tag): + diff.append((tag, expected_tags_dict[tag], closest_tags_dict.get(tag))) + for tag in closest_tags_dict: + if tag not in expected_tags_dict: + diff.append((tag, None, closest_tags_dict[tag])) + return diff + + +def format_metric_stub_diff(expected, closest): + """ + Return formatted difference between expected and closest metric stubs + """ + diff = [] + + closest_dict = closest._asdict() + expected_dict = expected._asdict() + dict_diffs = dict_diff(expected_dict, closest_dict) + for key, expected_value, closest_value in dict_diffs: + if key == "tags": + tag_diffs = tags_diff(expected_value, closest_value) + for tag, expected_tag_value, closest_tag_value in tag_diffs: + diff.append( + f" Expected tag {tag}:{expected_tag_value}\n" + f" Found {tag}:{closest_tag_value}" + ) + else: + diff.append(f" Expected {key}: {expected_value}\n Found {closest_value}") + return diff + + def build_similar_elements_msg(expected, submitted_elements): """ Return formatted similar elements (metrics, service checks) received compared to submitted elements @@ -22,9 +78,17 @@ def build_similar_elements_msg(expected, submitted_elements): metric_stub.tags.sort() similar_metrics_to_print.append("{:.2f} {}".format(score, metric_stub)) + closest_diff = [] + if similar_metrics: + [_, closest] = similar_metrics[0] + closest_diff = format_metric_stub_diff(expected, closest) + return ( "Expected:\n" + " {}\n".format(expected) + + "Difference to closest:\n" + + "\n".join(closest_diff) + + "\n\n" + "Similar submitted:\n" + "Score Most similar\n" + "\n".join(similar_metrics_to_print) diff --git a/datadog_checks_base/pyproject.toml b/datadog_checks_base/pyproject.toml index 5aa522c223b49..8ff7f6bd6ce2c 100644 --- a/datadog_checks_base/pyproject.toml +++ b/datadog_checks_base/pyproject.toml @@ -34,7 +34,7 @@ db = [ "mmh3==4.1.0", ] deps = [ - "binary==1.0.0", + "binary==1.0.1", "cachetools==5.5.0", "cryptography==43.0.1", "ddtrace==2.10.6", diff --git a/datadog_checks_base/tests/base/test_ddyaml.py b/datadog_checks_base/tests/base/test_ddyaml.py index 14e7ede8db84d..08039557da563 100644 --- a/datadog_checks_base/tests/base/test_ddyaml.py +++ b/datadog_checks_base/tests/base/test_ddyaml.py @@ -59,8 +59,8 @@ def test_load(): yaml_config_safe = list(safe_yaml_load_all(stream)) yaml_config_native = list(yaml.load_all(stream)) - assert yaml_config_safe is not [] - assert yaml_config_native is not [] + assert yaml_config_safe != [] + assert yaml_config_native != [] assert len(yaml_config_safe) == len(yaml_config_native) for safe, native in zip(yaml_config_safe, yaml_config_native): assert safe == native diff --git a/datadog_checks_base/tests/stubs/test_aggregator_similar.py b/datadog_checks_base/tests/stubs/test_aggregator_similar.py index 390b8c60a5c84..dede6f841c5b8 100644 --- a/datadog_checks_base/tests/stubs/test_aggregator_similar.py +++ b/datadog_checks_base/tests/stubs/test_aggregator_similar.py @@ -3,6 +3,8 @@ # Licensed under a 3-clause BSD style license (see LICENSE) import difflib +import pytest + from datadog_checks.base import AgentCheck from datadog_checks.base.stubs import similar from datadog_checks.base.stubs.aggregator import AggregatorStub @@ -24,6 +26,10 @@ def test_build_similar_elements_msg(self, aggregator): expected_msg = ''' Expected: MetricStub(name='test.similar_metric', type=None, value=None, tags=None, hostname=None, device=None, flush_first_value=None) +Difference to closest: + Expected name: test.similar_metric + Found test.most_similar_metric + Similar submitted: Score Most similar 0.88 MetricStub(name='test.most_similar_metric', type=0, value=0.0, tags=[], hostname='', device=None, flush_first_value=False) @@ -214,3 +220,33 @@ def test__build_similar_elements__histogram_buckets(self, aggregator): assert similar_histogram_bucket[3][1].name == 'histogram.bucket4' # value/monotonic/tag match assert similar_histogram_bucket[4][1].name == 'histogram.bucket5' # value/monotonic match assert similar_histogram_bucket[5][1].name == 'histogram.bucket0' # no match + + @pytest.mark.parametrize( + "expected, closest, diff", + [ + pytest.param({'a': 1, 'b': 2}, {'a': 1, 'b': 3}, [('b', 2, 3)], id="different value in closest"), + pytest.param({'a': 1}, {'b': 3}, [('a', 1, None)], id="missing key in closest"), + pytest.param({'a': 1}, {'a': 1}, [], id="no difference"), + pytest.param({'a': 1}, {}, [('a', 1, None)], id="missing key in empty closest"), + pytest.param({}, {'a': 1}, [], id="empty expected and extra key in closest"), + pytest.param({}, {}, [], id="empty"), + ], + ) + def test_dict_diff(self, expected, closest, diff): + assert similar.dict_diff(expected, closest) == diff + + @pytest.mark.parametrize( + "expected, closest, diff", + [ + pytest.param( + ['a:1', 'b:2'], ['a:1', 'c:2'], [('b', '2', None), ('c', None, '2')], id="missing tag and extra tag" + ), + pytest.param(['a:1', 'b:2'], ['a:2', 'b:2'], [('a', '1', '2')], id="different value in closest"), + pytest.param(['a:1'], ['a:1'], [], id="no difference"), + pytest.param([], [], [], id="empty lists"), + pytest.param(['a:1'], [], [("a", "1", None)], id="missing tag in empty closest"), + pytest.param([], ['a:1'], [("a", None, "1")], id="empty expected extra tag in closest"), + ], + ) + def test_tags_diff(self, expected, closest, diff): + assert similar.tags_diff(expected, closest) == diff diff --git a/datadog_checks_dependency_provider/CHANGELOG.md b/datadog_checks_dependency_provider/CHANGELOG.md index e516e0af3578a..aa80aab7abafa 100644 --- a/datadog_checks_dependency_provider/CHANGELOG.md +++ b/datadog_checks_dependency_provider/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.4.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/datadog_checks_dev/datadog_checks/dev/tooling/commands/meta/snmp/validators/utils.py b/datadog_checks_dev/datadog_checks/dev/tooling/commands/meta/snmp/validators/utils.py index 12e4d2a997221..d4db8cab0b5c7 100644 --- a/datadog_checks_dev/datadog_checks/dev/tooling/commands/meta/snmp/validators/utils.py +++ b/datadog_checks_dev/datadog_checks/dev/tooling/commands/meta/snmp/validators/utils.py @@ -1,8 +1,8 @@ import glob +from genericpath import isfile from os.path import join import yaml -from genericpath import isfile from yaml.error import YAMLError from yaml.loader import SafeLoader diff --git a/datadog_checks_downloader/CHANGELOG.md b/datadog_checks_downloader/CHANGELOG.md index 8f794c5cca15c..2516d2e2a3669 100644 --- a/datadog_checks_downloader/CHANGELOG.md +++ b/datadog_checks_downloader/CHANGELOG.md @@ -2,6 +2,12 @@ +## 7.0.0 / 2024-11-28 + +***Changed***: + +* v16 ceremony: bump root layout to v6. ([#19146](https://github.com/DataDog/integrations-core/pull/19146)) + ## 6.1.0 / 2024-10-31 ***Added***: @@ -14,16 +20,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 5.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.7.0 / 2024-07-05 / Agent 7.55.0 ***Security***: diff --git a/datadog_checks_downloader/datadog_checks/downloader/__about__.py b/datadog_checks_downloader/datadog_checks/downloader/__about__.py index 6bbcdb3fb6126..7f5e436a966ba 100644 --- a/datadog_checks_downloader/datadog_checks/downloader/__about__.py +++ b/datadog_checks_downloader/datadog_checks/downloader/__about__.py @@ -4,4 +4,4 @@ # NOTE: tie datadog-checks-downloader to v2 of our software supply chain: # https://github.com/DataDog/integrations-core/blob/6388602b6deb3b65b62cf7cda69dc20d99dede29/datadog_checks_downloader/datadog_checks/downloader/download.py#L51 -__version__ = "6.1.0" +__version__ = "7.0.0" diff --git a/datadog_checks_downloader/datadog_checks/downloader/data/repo/metadata/root.json b/datadog_checks_downloader/datadog_checks/downloader/data/repo/metadata/root.json index f33c997ea75cb..42c6ba1a86a9a 100644 --- a/datadog_checks_downloader/datadog_checks/downloader/data/repo/metadata/root.json +++ b/datadog_checks_downloader/datadog_checks/downloader/data/repo/metadata/root.json @@ -1,81 +1,81 @@ { "signatures": [ { - "keyid": "fdb6977183ef336361bdd34bb288771ddd6e8f2bddcd2cbce242ebcfd9e4c4da", - "sig": "5fb99a2fb32820dadf6305fae97c287a5f9937b92cd1bfeaa40f1d8254ee228ad65d61223bf7ab65c256f5f023e0ae3f1c11e2293c181f71add94a6881587ed56637a597429de875031a31766cbf7092c9679e2c45de0e5df7e62e1a85d06b03fa35e1502a6a97d5ede7de746424050ce752192432877c284c9a17b8af826a3c9e47c40634e2e68bbd34e44254aa8535c3d19406f9e1748df59a84323d4ca2cd817be821ad040633f1d414e007689a019a9019e2cc22dd58da2b74a50bf7e0ebd4acac8331d04f9f653651ab5e0eb939f8be2f1113a6e4b52f1a9b75230377472a6b6d7cba3418bf5750b4c78ce98ca316a9eb845197397eb7192955de59dbcab4971e654fbd1d19a0bdbbbbeb3a394e52c839968f0ce5b3f43a23d83fb0e0f462fe59fe19c1635321c3423ee9a036b0201d9535642aea1f0d58d9532fed8a08c934088b9c9a924a492e9a3bbee87f0384c5a1bc42772941b12f7e59be01a94acb75c636e6f62d81b3710a74e5fa18ad83585bfdcc999cd595d4e9a9d4da12dbf3d981485162a38567c6d319b38be4a0e7df8ae60125bb73dd7a7df981109cc2bf2e33d917bec7a25c5ba058d370c5d266acbb40e3e20b8220340cfa0568e8e8bb089c372e3422d57f270b89bbaf0852e696068b454604495d000e92e216794433a61fde6a1172c538ec3e21097c762e4f1f97f8bdc428ea79bcfffe14e75df4" + "keyid": "b1a5593f4a6a7ab8f7128e05994c4ebed790659f42a27064960d117a35924fb6", + "sig": "88ed91a149e69f01b004b48f1eec87df635d043aa6f52db30112660eb1f1977a2d191ec2a6feb0956a4e1ca717ae5b707d3cda42eef045e9ef57bbd9d3d568687c221c03d63f8a42ce9604342f32cbcfe7c108c4f6033485ba1c4dca35b1da7425b85e9987a6ea3eab9fb4a3d9671c418bb7f8a3afc5eeace251c14a1562c728d3b7d5f3a25805898617e184bac7cf07d6cd839d09e85f15b8349de41c59909f761dde9c52e7ac30842735a5480a877e74a023298bdb456754d55733867908791970f79ceed9927ccf43e830f2c1f813e11d4f97518474f2309c649751c386676c174056387706c6fc113f0e1077d545de1ef0b701b3584ad148617c2c13253de7e715295a07ce683adc01ac29f8761b54ca90469160ef256d5c0721d9f76a1ec89e97f4f65790b76af14398e86026acf60618f08f42eae0a2df639fab167081ac692f99992189f7598a650ade8d8eb95bf5cab969bcdd56a7347d87c628f56f1333aae42eef0dd7479242d832025f99943cd9b7315cb45952a52e1c0d3909e8383f74fcfea0d558238aa5ba7d9fd902a77cd55a19b919936eb710a5a99928b4411ee90bea5d3441421f7c80224ad9af777b263e4ddd1165f1e60aa707e8b61e99903a262f4df8deaaef85687654df3bbcc4b2640d30222541c1d1138586baec376ea4913f42fa61526d4548860009fdf2b446d6e0f57e5b54cb285512670c3d" }, { - "keyid": "ddf10d57799570c2bd2ac811ffe8666205135096041b8951f1dfc40fbba64ea5", - "sig": "bd9df8b1deb633014df232d7422e253496bb03b221c6b4d71dbbe17142e430e3e1a92a5f51d0d5da653e62e556181d8bb2164c3fe866c761c994bff810e4cce64d60edcadcb591502a2b20a921f90df393b070de1c63daad6c152f1caece870e633b49d3927cb16be8cf327749c6f406be2ae247f6c38a5cd219d2ffcf008bfed0a10dd0661581d764c5f13bced55ea1df2cb88ae82a919d063db8bff70d1f7c97c48635945688060758314330e3099fa68f36e4265f9282eaf353b0756d832b691f67a9cc1398f0fc4f4a58cdfbe1e4e7dea403ac584d7a6847efdf4da97033848bb86c47f9a270040da30d81d5320310aa03cc476e5a0c4d7f340ed66e48919f99a8f3ea2d76260cb864b8f655fd01026074748845a68fdcfd8ef79e11d2846ed1b191316e094c5abe7e01c8bd38038afce97072426d47d4fb7b6983f93191388daf17f6add834a16a977c6320733c2cf13a7fe49b05430d15653db064943596d1fd377b1799cdc91aa43c0d28a76989106be50e8dd2e9d0d144db06b8194f08a87e28ae29b146f3b579cff7c968717321a5f857811b67aea464a260e600d2014584207faacca0cabb494cef400542d224e90b9757df5850c96abab2ff62aec87a3a6ea24553053bb85f1306ba0fce23ab996944477bb6aedfa5516a091b991ab86f2e0594ca6d35f38912f6d21169fd8bfbd303a5c3bd08a5fa0dec8e06fb" + "keyid": "6a3cf0470851a88704d6873efe743c52d1a8af9e78c03a9fccfd208c0b45586a", + "sig": "306a4fbf63351010e5d52435588d7311d4f7e83e1409edbc88e76a456af4b81c08473575bd652b3773041e04086155fb0c0649cbaae1b0d5316ec968dcb1487d1bc6b66b97405abefdff625176c60ed8d95a113b07e01aa277f6d3abb64cefea577a5d130a910ac82f69167ae47408635ac6c688e38b4d4496c9008fe44ae8054f80c86cee49679d923a18b0da1348b6954846a7ce588eff15b9c44c318fa777d505a405498e55aa9c7934596ca16c0294396c7343a4de4a711091c870450ad526f1e10449166ec753e454c7d1e116d40cd695b106dc319281b1ead028fb51bf4495b16b70b3fd56074f1ccd41579bce355bfc0276b681b3e68353df7c5fdb32b6d8c55745fd3538b132c6db72599e58405dac973c20ec5d5e2aeb8efa2f65564dc051bd46e80adad1778e5e121cc68fcbd1eded44dfed8386f0d83a11cb63b3799b072036175c55dcbb143477cb6cb05f784801003fd4c2ccb8034582529a6823fef34792aaf96e4eede2035084fbbdeb11a16e18b54a32979eface25725c027d1cdd44056879e908b9ee17fdf912259a072744277cdb2486d2f5fc0408effbed6e64ecab27c624cfef5872d25f77667297a81fc81e3d4775aa51aae371fa2641a67744c9530a6dc0a70324e15660afd452c0e240effde680d6849d9ba5d6b2eb8603ec56dd44ffefeb56f3440b1d020e897bda21b758dbb705f42041fd30cb" }, { - "keyid": "a30a80d904e6ba3b54e628042ae7145a1750e9ce46161b76d697df9e2989baba", - "sig": "726b3b178246f2c71f89ac448f77413d83e60b248a400916fa43aab799635d5c79392a34b0a213567de45a1b9fc77ae051650e31d9723d6f2c7aff26d74a26bba2f3c5ab4be3a5c580f524e8e99c7005f0ced9d11592fdd4a23d58c38f2dd9f3b5f404bdd2689a08e8e9885e040f5bd3056602cd6309613714cd326dbc4bb92d02f2ce6e914bc8d506744f74a44572f23280b250f92d2e089c36b7d067b1f293a1c4f3273106578ed8cb052877c5108e6e26a0fa96ab3b1ce33e8c1e358c3ea00c3200545ef6d04f6856d95a8bb82beebcf8e0a2cf478433a5d5eaec5a1648ba080d34987814c7905bb878ab84d6972505ebd2c6ee86880e2cb268dbe0c96988f84ddaae5fce07d2b5be1be66794b47995b748a5cd54069c78da31d96e3f163ef40b4915dff97d2a4c892f8fc7186ea4a04365f87ef7582c3ef0d0a456c3987adeb9dd5f3f0c1c92deb2a26f511cc8dddbcd12dc789621376439a0c58e352dd1f8aec9f0c6698f907b31a91bed77614f8edfc1f2364033c2168ef1e8d97b3cf7a40c93ea9a81fb0cb7b4aa39e55c99b862f883bad1f136e1d8334e80696dcd6eb6b43e39bd14cdfeb0b74e31f365c36519c437b4eb3af5cff94805b1ba7bb8f6067c8e25f15664126b5e835ac084c280e3769d48d21faea94e8c9e50cc4eb211a4aa7fcc1202247d166122e7498263570cf3d74c634330db811a6b9a884ea31e" + "keyid": "07032e4713198d5b1a613a0b569c4232f690dc329333fee5850821e540378498", + "sig": "94201292a1053fc750b8d230c639b9c19cc3dab83aaaa04463913c27ba8378f642092be114f7be2a2bba10de3bf343f42cfd12af6e93db8d3f98a1c557fa0f17e9e3200fda8801f5ba64e5013fc69ba3b2136fa4f85671c26377c07f54f4777c1d840719244e834da03488b8c46ec0dc5dbfe5168761af29b6dd56375cf1645c7fd72d351e0b5d66f6f555f5b9b27c962e50f0eebf8ee50626a3a1b9a9553798bdc38876ae1454fdce322c8e633afadf405693634e6728e3974ad7094eb0375c225d31134e996ef797de910720dd28ffb2de0f9cffdd0eb0070a3a5b82ab1bfaf3bdff0ffa9a8a3ba78fed1f0b28145844287661e505c31253fc90b37a39cc35f68a04a2a1268511f2ad04846a5cd86fd201d6f0c3a1c1d4dd161e0ca7b2616b5cca4a2dc8be130a9794313c8fb345dbb9732f207e9b7c5fef83b1dd7b5766077737e9e7a47a85c6297e9d70dee941c43e2180a99acbeb637fccf30df28740942ea900e15f2c64701ad3cee0d4de53647b2ca9be88cd7881bcc22eee1093b5b308a2058be63c6cde1eaefa7e89b57cd8925d3c19ebf81abbebf56d03ee146c9d1c2bad0cb6570c005c2dddb78e4769b5aed195dd053f8e8d49769a956d38e411e809a52586eb93702e82d4b3719e908c06dd97f5d4fe83da0c56a6e379d20b010bff0e226903cb2758d4bc3aee5964f924dfc1f59ab7f98dce2c9a3e18897626" }, { - "keyid": "77576feebefd5443921216a0f9bfde6f5e9d22a42133f78ffac4c2573b2f0d6b", - "sig": "464205fd17a34aeaa5b643c509b08bee48f28f7952d3fa53276d755cedb426d626f515e953851c516330188acbd70a29bedc56315fdcaed623d1a2d442e8939f4bd136b80bc0c5f2b1c2007a1542a8ec40a8af0757889e5dc994ef0a6e7d2aab7e1804ed18b94184aa46254f365f02e2f5fb4b8a53dba90feb1080621b6b18b4d987b3a0ea20683a89a8e1a9e8bd21f983dfed556df12f9a450e56ae8fc63e3a10f969788191de5619843bc15e25290a4cdb287727f6d2c6553ecfab2f5f37979702405b4935433ef94e4ed48f7ef2b0b0e235d03d1dbf6a933bb6224355c9f3165949da8411e675ac854f126dcce73703de255da8c53fd56230a3038bb47585d336232d8221537dabda99c034b391ac65364f32ebfc21b6e36eb39ed96a040329a553b9a8c20db6f009125d74139242176f6cce7c08b6aaadd40e0baf1a6eb71775abb92d4872193c12a9bbf7bf70945ec332080301852e3d8197ba0cd9fa139aa63b0e29aa1802ca505f97b2e5dac7b48bbfba7cab7a086de473864db1de859bfbd1faa0ae29d701ca686849216f0b45d38e7a47b390ebb30d2407346dd5dfe0d35124014838ab5a65d3750c545e06bd7849fb839694e21aef92466374116e6b5a6e5c3f5b9bd048a8b0181429a39b6bb02227f980d61b95078374f38e1625551436f60532dcc2a5f4ffcc29cca5144a24ff77cb70cf705ffc2f36462e9610" + "keyid": "fdb6977183ef336361bdd34bb288771ddd6e8f2bddcd2cbce242ebcfd9e4c4da", + "sig": "232d0dfe5a7bca5a6edfb77af06cb4db2e719eb24704ead2d08ebbde820085733e357e05b967b416f4985544025a1ad8ba58f9f7b237eb221aabfd3afc75a37b9086b3847968e43324baabc4f096efdbbb45998b017ab73190fbb3664a89fa9a0597c0d6ec257674f36bb03e43fdc041bdf5db3b14bdbc1a3697b839e6f8fc39606fd816d01f225a7fabe1268e54746a377969e5d2321f0235166a9043990c163886b4445cc7c333c2103361f28c99f2aa432b34131c92bfd7355245b96041c72ad9498402a3beed525e99040491bef8aaf9db0e48e0bbeb218608eb587dfcbea6e6dac9c5e331112854d07e57ba65bcfe391ab5c13c2cb7b129ecfc9a2881e7ec49a18c1abe2f7c1403b9157ab3de45fd68ff5f266e97f1c3a6c6ab1176361c40b9e277c590592df88a22499eaa4db92fa5659e2609561891ac9fa8bd91db05e61331c262980771540e0b7781e51434e9edea034d672d552db267a2014622bbc96c79e8d4413bae9eb404329141e8c0d0d624925fa0eb0e305ef00842a997c9f2645b83be7b039eaf33ea6748559fd2ca28740841bf947ec3a6063015a163fd439910963fb1f4f49fc1ef6e87c9617afa25a4f326a8e6ce509e18a8d4a6f8194406dd16ef913431eb7d7b20e68fa2a64f9f3cc89ed93b6f5a9327b904276cd89f18784a60312d021cc3ea9b34e84ef3f4db27e12e16c9d7ebe5af1fb24aa76b" }, { - "keyid": "a0c86a328a6cd52d1abbcf6e6271b5f51bbda607258678074204c387687d85fc", - "sig": "2a1d04eec53f33fad3489b6ce91cb57b34a8af799431d2d5a6e541aed1476f2f152f231431bc40068d111e06d5a78ad3288d1273cf98180bd7aa74bb76d7b41d04954f0844415fc6c0270d8d24eaab3903d2ee56e311b20ef8bf7c08b8ebaee134bcde315318c1b0c8511e0d1f6b2f514fffb528ddc2860cc09b2fea80b31626f9c2d98cebb72268f299fc8a20b04ff222407150739b781af8e87a024116dcf17a47b2ff710c713c2bae579a16d9ca3fe1cd8d45023661e25f69fc08adb97a63f8ad2428ee47a90f4974858b5f7e8c35087bdfe9d37ffafdb2667aee0f0f739dcdb563298da3181afe930fe128505f523b4fd9b8bbfd1952c5dea5ac3bd8800bc156c07a4393bf0fc6a5ebe6a125bc6805ebae45c3bec44b10ce9580b6c162d5f59fab9b44906863a6906e39d552587c3aea3786ac607d14227cb5bc3635dd109d213ad9f2d7e763740dc00358566a1fa5ebe0e33de06e617ed97af345a9001b96d7dc2a30f3f3f2938baff47eb09305a8930e8817c93c113800ac2ebd79caa0b15bea06278dbbebd25151fbb1521bb4bdbea766e1f642e486761ccf29948e65f481b5ddf5552f010226b1237d7ebfa414c96d701038914f66fb8883480283a1ece25777234964d3b4754dee334afb5c677896e76d3c81659d158ff15cfbe66eb4d1ec9b5a648508c99999a619c2c831217a715415316525d676a368e9cc7c3b" + "keyid": "ddf10d57799570c2bd2ac811ffe8666205135096041b8951f1dfc40fbba64ea5", + "sig": "02166b1644d6172fa6a8d99a46a0c49383d10b79dd644700cdd3fcc20ab5eb10d9598b353831f4e06af30b73276c867619554a57318b52d32fe172bc4c2cab8edb14f3e55d410f8b56bc5a4ce93566e26215b530fe825dbd3b4281641e4c5885c955d23b89385338e647c8d3d3787834ff3d1d6eea069f3f9ec4576b24619ed5f559213e468031c94746f1a1358fc647a06f1e0d782f45f67765f0d714ccaa142143a8a18d0efa952aa7794a1368c3e8ddffe730bf3ec1b5f5b556b75d9db33a9bce9f309cdc1cf8217bada30eeea69644a4754592c7fddcce451d50e3b57f5dd542769d6b798af5a2b44c65977164397c3c372e7753d1f4b4ccd9812591bf862839fa2fc4a09a554efb830046ba5d1eb4cc3bd9dff895dc381972b852c7a582287a069a37da9a8012778de7f0c0659deb24fec8578cc0f9864a4efff170160d9e20336e09bafd3df75360b9f9c86065fc417386a718962fd7999555ac78374e80952800a91aeb4337617862aa8f41ccb8b41e5c5576f261a96bf38809ecea36f352210a410f499dfbc06bee0ae185d00d979fe2b2532abb1a64895f08d04c56aed832916b7f42141fb54b8e617b0c0d68030f5a519d70e7a4eb00881d670eeaf3ecb85d20676a48f0bd30497bbaa206b00e578ff58c82f89942cf14d6f3cc9c16252e7cac65a5a528632babe14a136269c63c8e0e99bbe8885a4b63d131bcbd" }, { - "keyid": "1da2ea90dbb712861dab0a31767859f529a76af0f401f19ffde038d6dab12115", - "sig": "bc288d0ec78ec5612c8ceeb8c733cbf8d9f23f1285d4d4988749187e040858062316f3fd7dab4086a1005782de33f42f099f80b0c11e1b6e4a91aee86c0ee3f188f69d48364d6f634d876354d0920ef6a82e170551dcc8fdf69c557dfa5a1540b96ce724531675e33c3d92e177fee630bcac6cb1782064f6a204d6f246605db7c51350d768d79d14925c9166d183f8316d0ed338772809d9fb877f2edfe78f0f8e688c4663858d7c990c1a5482251b83587c38d298985e4cd4c61da724d6372b2f710fafdc032a5c40a02b9100fff3f7af601be0f3cea8d5ab401876fbf20a85c1deabc763404a5fac3278d1a0336f5ee30bf0fe44172086ad499fff309fb8fdeddb110a6f18fef5a84c0fb87861ae965f4915d69fd8b29022dec79388388711c363857b4782cfbbeb26b9c925694304d7c70e79693e773cca1cf5b32fe5e111a769e5a370f6cf604d77907800ea2ab61b620241f87867ad1bcb437d6ee7b43e54506cdeab914f48b1c11c5ef1c15663c641380684b60d69da07bff25007a7d09ec3eff78d4fdd3be5d01e57acf74559edabd11bd3a915ab2f75c351552a4f64ca467be80ceccd9372e931308aab2aef1087e50fec1016de464fd10e60441ebfc34c764d6b0c4df9cd9554a1b7cbc4dcfdcde333eea903f79d7815b74bd1743de47be6e209c5255d8ee32612f7229ac19622173558bc8b978610d6aa8c46baaf" + "keyid": "a30a80d904e6ba3b54e628042ae7145a1750e9ce46161b76d697df9e2989baba", + "sig": "92b528e72238812a53ea36e95deb5d3b98cba917de245471113c88585d28c6f75c810213087bec1f17b6dbd025058f3c1fcd26148375a53643775ff731fbda81703c71965c1eab537ab11dfc959ac10eeb857d5008b5b6c2a87ee1b0af5d3c676932056b9a2836a87163f088f6c2dccd05ccf8acc940f24f6da4f261b4da4adc11a231f53619d189824df1f7ad78c27873835168ae4d7254a64955cf7de111429f855877266cc9af1aac542de5f448e99359f80f21a116eb9883fbcae9c43dfbf25dffe6f0f5dd163b6b1d300f63e24014a769023dc32c4560ffb36b0ad97cde7f2feb110131c52cbcfbf3c2317e3632e03a687817d2e57f9666c92598d7dadca0e6ebabc2a884f3ac1b5dcd4ec546065c9e1c1777d0c942d1beba826f0c3d41268a29f2625a20af507afb49e412372da4ccc983210d4910b97d8d5f6d98573494104c98c3cbd818f228783ffd942ae48285243f45409baa04ac72a77e47a2d7ec6be9419fd092f79b091fb414836e7a955ac9416cc184d1b799e64a7041673e30f3e35717d05689f96e97771c3f019125d44311ae82e409343162f81ab6a3da15cf22cee9179d1626aba3ca8acf47bfbf7376fb049db677aa0e8ea6313209143d1db7f2e6c862c8a0c06380b220a7020d1c8b5fce13a990a989587ce33dce15ab555f4d3b3820fef1f0fa77f1c39f8df1455be0c85609478b83484b72f6cbe6" } ], "signed": { "_type": "root", "consistent_snapshot": true, - "expires": "2025-10-28T08:36:21Z", + "expires": "2025-11-23T11:59:32Z", "keys": { - "55b37c4cbada22b8e07f507e6e4a97dbea64896db0f24936969e4fbbd57d7699": { + "07032e4713198d5b1a613a0b569c4232f690dc329333fee5850821e540378498": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4V+tKzb42m7mbwhhOs+h\nM9QKErr3H2iXewG4wiXdeTw1f1zYSiqiQVuMhw0b4WTDtcDavSDAj87oGU9VKCTy\n6/2N0irxq9lWYc1tFOo/JW0gaW4XSLRoPZXq6ZNK5pxHMBY40VeSgsVXYkmb0LWN\njnv9ZS48esqZBhUQOPrWhm4j9gU4+F3kzh1syahN2kUTtoYPa1Z2KKILkoXReVii\nh0qT1GBq5qaKGGbx6FPPF2wGV6bQmU/PhGf5pDnjit1MZpxO7p0MAGaje1tJTGYu\nllnFXYdf7nGiyC2INPFsMFASmNn7eA68HopggxunxM1dJk93CNdyEfWJ9XKPcaCs\nsnyanocYWTKbXs8tRTihWVU4nMt64INHz4tPJroA+uBrTiA7eA7D4IJPnb682ddZ\nsC/eBxmXB1z6ivCtKEJu8XvH0cpkXZjiIyX9S2UevjSmYMHD85GAMHlspFy49B0X\ne5SSOO9Gd448icwbYgOuIrbOomGxvI5UGXTmPv7e8AFJF0eN7nyPd3OSIwQZlTqx\nI83RNH3UfEAAviz98J4DTg+UIPn55MxC0awKs0EUdgvn300UIpqN39nDeKMtU6vM\n4RxgFTg/vEZhWVwmp+B4Yw5AtKY/SKz4AxWh1x3k9SPLbGGEUb+mMrSCkiEgKXOs\nYR149GBC8pCwHy5Vkqd2easCAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqLtgPa8k6bbN7klEm2+D\nuUXfBya1VbZbNIsXQjd5SextbOgHxQa5Z+/cxKHjnsC7PbGPC99aAKY95rFNjkDn\n/OwZ57h4Gvtr8UJlWo39TMvj6J8z46Q2aFkoLPkSefMbVAiUWKQ92ZyYBEoacVWB\neJjgidD4sG0LXa/yZGfy/+ha3fqDQ+3T9liOfXD+g5TtNt7cmnggXUPkziw7IBg7\nXwuAwFL/fjQoKG8/3q8TCldUVmY1lmS90ZDWWd3OPAsJLbSXeC7JhpUANAd7zS7x\nOTDXnABPVkbhpKeM/NWX3tONTam3mJnm1bR2sAV3KhAdneTFYW07Irt5tZhh5/Qt\n6DdYwqbRMGDt2jewOIzX2IzmMcuzK+hFZg+C7ElyKz3K1HZLZmYyd3q05NWXX7p1\nVWJIObB58Ct8LCChdx+qNtjlYAOSR229WqyYOQh8BmRPR3Ukvmv4v3AJ5Avv7QYo\nmKDjyF1yHbIZark87kJFMk1IOa5QCl/9xlEuWKO2Eu5W7AUWhXRQPRkuFVdPESNz\n29jaYuce/vLviA/MJ++cg3QxzznrqRnmaIpqhhCfJrlFzU3OLbhPmT6XAUzE96rg\nHwkk9uOVJasSQjd09ihGeqha0S1AySYo+6D0W2WX8wN3ozMDxCHYPd8y3GgPAW08\nO7DEJvUEWA5xjRtyXew8pfUCAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" }, - "9d0d6e3ef38ee19612c2b1ca659988e08d794f7f6b8cfdcc4b1781851a2e37d1": { + "3a691524e33fd1680893be335f211ccd0cc710fc43030ae6e8e5080c4e45d018": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6xGVrLLXYG40CQZ2jSTo\nC2yI1zqZwkWdocsQzGDlugoLJUohpvdnnkcLnCbXK87psKbE/+xa+eVvZyHqA0lI\nBjouICmgg+ne5RGonWCoOOtgyhSMKidczm2R9r1gJIKJJ8sWwnyFEm9RRR4p0guQ\nWihFleaGHwCSdV5liDBgM1BnhpPJV8pa+l1aMQjZaxK6fXAivq5Dxv8RffzGw5tz\ng2nNWewPuzroAl7A98D4oQJ/GtKUxaycNgaRcPq8liau/CRCZDe9qgrjLbJhbWhH\nvAoAAwOUOjVlk+2+9kUoW9Besezwv/kSwmIh8e1PLsD2y7jXA7pHTYbOoNajEC7h\noHff7q1aR2smSg5vkL0lV9Tp7l5mUsbVZqyExvq8UbWPniUikUZAvlIErVhyyOx5\nBjq50yeEWA+tA97x/9MFKee3mZBQpFLpIstdSl7PDOeHh1+8LfLm5bS7y+0MSZqy\n5+p4KcPmP488785Ml1iOKMptFJE6f2g83XLF7LA4VNm6dcSj3WQff6eY0qMuPqEs\nAJmhXfxYYxemYUqeprx6AWINe+Owy4EPEm/B9rWLC6/IehwDctusjNW41sDBBa6t\n/sCG4VEfNY6CA1eNTNQa/oVUVnEOkNyd+VRyH4nZPQQ2893+wEWpcdtZsb9iQpPG\nTepcALgxZwTrMlH9IYhH4vMCAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtiU5wrLjuOanz0wDbLrj\ngEi0j+JELWF+nEUFTz+sYBCkxo8Vei8Iv5LPCF7m6xT18kebbD0DHtmxaV+2+j2J\nSdLalyBqJ30CHwJHytblWS7XUuWu/IcPI/veOSR5RJcZSUypb7pW/ivKy0U901Uc\nUJ9HbG4V7qkZlNM6Lskc4P8NR0cuUrstQFZQi2Kc+xWFgDrsf+xKwOQgdqu1u260\n4L9Dbai+HFPX9/VPpoJy63hp2OrsgjKOJhk3NfnXrDY2oxts6NbmIxJhNAxpFDPs\n3bbpPwhA8atiDTNzNmyxF2IoyXdCg0JXuo6NyNe7WbZGNf8Ap2nYEyEUhrKsRkKY\n0U+bsYigWFx/o/RZ7ZUuOqtKVhOvtXV08DXeLsGIxfhf5pSbyhwHhFNwnaRDqVma\niIBtH+5DIisZf5EplrmDjC3fBBWbwmvXewO8zAV+1NH+3kudjXcCM015qEtn4rch\nS5K1JY2iyrS3gDF6zojXxaSceq70z3jF5PAF3BrNgY/iyJwVaNwCMfO2jsyp/SRw\n8Jes/Z3r6EqZmoqEAWnLYFK9ONLwzKeu2NXvWDzbVcm7lwWQTQWfBL86LEy6kfba\njt/oJ6sXytS52ehvwrUvyI+Vv3WQKvhgbWmgPy+YkuZCgfRhY67x5zkG1GntCvzr\n7afuSVUPQzN2Cac5PvKWyasCAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" }, - "a30a80d904e6ba3b54e628042ae7145a1750e9ce46161b76d697df9e2989baba": { + "6a3cf0470851a88704d6873efe743c52d1a8af9e78c03a9fccfd208c0b45586a": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy5YFEkWL1Rc5wlpz9sG9\nOMMguQf055FtZsIExT5xeu/hiZLixkZGr7qZugk50JJYfljEI3vGFlrhm8+FdwAq\nnnNtl/e8ig+RXbUs7kS/rIlUTMLBynRyqaYp9vFtQ1cuqoVomDIufJzFflHl/C7W\nc81l5CHitkkWn0TnPP0Usabx+5GY3J+9sN/Hz+fC5NqnM0/0HpG8tA2XUxM8U0RP\nj4FIYNOYO4Cl34jsSoFYG94tkqXeekxiDek3qxB47egeMCx3vTk1LNe7vFZ2fTtL\nbU3niPoUS7esCOONHSQmDyRmOo1Ix3rmpz4RSzp8KAFC1y3MevY/ue7FezAsyBPn\nq9nTqhMMw2eFhBmikHQX8PiOyxWfVnCr1nP6hba9mVusWkscQcz6JIz1ay3n8vzz\nS1lVPA5wF/0I6nlYXQNAVrowEnSh7sqsQvsFLtNqGWmigOBHc+VF647MhlFRc/+r\nb0gkbbUyTH+RLKu06F+BiDXiH20Chdy1bPEu/ky5t1I6LPeRGgoebQ/ziQ4lqVtJ\nkoUfY5W3FaD0rYBsKnVHf+hcSJpGB1iG1Qx6RxbEEwCILiPwbtaWHvO0gnvX49ZW\nchdqH0Qc/qpygguMDwWemtwqDaeaT964fjWCjcdTidOF6DhoI3zF/Zcukmbenqvi\nR/9fCaWhFts8Atl1EE4mX1sCAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy663U+SZWH37Fvm8XrHi\n1c2RcqN3Z7m6xI6v4KdfTGp94SpOWdB8PnbOl6T3j3WitUdLf98jhc2VHZ3vJvEI\nS7p6jFNLIaiTs5U/+nC3j5msl70zQnWk9c0/u0IoSEF260CU+Fm+VSr+7YNpESPM\nG1MpJhKl7WcQqQhVjncQuw8lDC6wYUgh4BpamkOJTLi0f0HrHyS1T6Beofp6kNNW\nWmm4K5XItdL7A3Iqn+I7V/WlKvufsIqlOPA/72NYOqub3vgSApU7dD27bz1PdsxW\nf6t7Zzz52Km4N2iKNdKKAt9J2ve04/Nq/1dJ88YWaQOf55moqXKtTRLTBk1FiBjL\n+LxLTXOGi7f7MjVcOy5nCzO2aXeQWypqD91ajkryUYt98KcghDzTpq8DQRAXcMng\nEcG++nl+WB9yrX+XAtnIUXHAwEO5+NnFuBV2VJ5dgxsga9PRBq3kd+H9vg3EXR3g\nZXQGkxvgnNs1wLgdZ4kWR3PuSOg2XESWghoECIay7t2LMk5OCCxqh43pJdSlffTY\nSGxD+mWVZFmq/RKFZNIgq7dBXrRiMaHkPobeECBVA2WxdeWvZjQa0I5a8gEhsUgK\nLZmi8My8YvEqrU+dL6PE5ggQpQyOG1A0AfKit9O0cszW6nl7uskHhtUG/g0C3M/o\nrXzYXLY+98a70uqwREY8g1UCAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" }, - "c46f9ddd7a8c2754ed81924d6bb0ee1db9ebd2671fdfe1ceb66dcff5d90b1a6a": { + "b1a5593f4a6a7ab8f7128e05994c4ebed790659f42a27064960d117a35924fb6": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAry3Zx3DgwpNH1jqFXjdq\nYvC95AiysbY5daWXNLAC6PE7rYhyEP/Et2Bkl6MTuyiY8+Ji4nykeRQaKIgNOs5C\nhMBNr05ulWGNmMn1pP4oX2+Tj/iuRGLxzCB4fM0us+LeSu+V5ts1fPefQV/SkJ7M\n/vmBM+U3oe1h0plA7tkaskZEpT09V5ZdioehCRCfm+YR2tzReAujRfrh8TCrQqBP\nGhkDRnupErRxcxnYfAJ6hBOVg4D/BdX1SOv93y21+yCiZXx0CbeySW4/ealQdsGH\ny1PuA0ONpEFtPKJFlJSg+SFHmZQS7EjxsgL9TgP+qijUdPVS+GsGdELNQQMcaw65\na/WjSxAkGORIYbGTzfZX5+Z7ehCJ/ZQgf6pn6MQrh4fB5eNCj4of1SpuBIymLU17\nsbdzNJSiBVV8hvGkae9R/+vmlwiYkKIqicLuw/coakH1PZh3cjMaOhdIbxDtFFLO\n4CsjCaUpPqobVt6GgD1eCAg3QGkMizLXnuT1gjJjyUyOgbZmpEwreJ45GZgWviEY\nNCO8TxE9m8wj0rwfrOa2GehkIbwyZMPtKnbzvylZxHL/LDP2gYASUTFyemNn5M9s\nfzgMSC8hw/5/RpcM8MwzKoGyvtH4l2BSGpw/KuhXikZ8PWinO24LbGs4LnrKK6oi\nS29q6WXae+DNucIcMWSJnxECAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuwVZBVbdaapHHdTwFAsH\ni7dQy1wRBGB/ZK0JWVgY1+1upb1tLImngsBoUwjPAwdCM/kNYfHDHnQ2IYi4VZzC\npOWUdL3ueuI/oyZgQNfcTU2+1Q/98cTMhyyT1LIgCUO8Cl/MeB2vso1C+dGd+Kkb\nHe+QscX/3/2h9zoIwWXvXrjfNbVuu2cOVREPqhTxnhkFUtUMEfqJG7aXh23fLA4O\n8S10xuadtQEj+XPE0Yh/+xW9d5Xq90etkjMtECtmG3lcrhglTKkckzA3PTKIWLIP\nQznFU+uXnbM2aFt6ph6gK6Gof1XMDjOJ7I+A0oi2p1PeE9WZlO0gayz+BQz0ux6v\ns9xkwNMOu1mGJvcqGH8sLoyrEmWapWmz4eZRu+MA5EYS1nej8k3XY/85TLdnzjUS\neEkdXX0VDx3YFIJazgZ0DXZhMEDF8IQIdZ3rioQTE9R/Tc3MTaB43r7eHqAhXcyL\nn9efFwAnL5JWqHXt6EqWxQtyPPjlCTBwrL9zNDinMu2A3HHFmp/4uupFrx0iq8CQ\nJcnxiTY9AO/EY8rgZnH2ATqAJGXDmOhTjPCjDmMut11eSRMYfdy6vVxXdMq86P7j\n2JFpUWiKBhdFqkZ63ALp493AYuL1R1BS3o80ZEfiIx0dNw7uq+0nI2rmX6bm0LvG\nAwR0FlrElY15La3rYNBB0JcCAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" }, - "ddf10d57799570c2bd2ac811ffe8666205135096041b8951f1dfc40fbba64ea5": { + "bd7c60e0fdf721afcc7237b8269967ba6bd6d93fd110189db3bd4c722cf503fb": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAywkGXJe/nkEoGbRLPq/Q\nZBvkZyE+369mOzJ0rEVzfX642hOzuwBVTVUlhGV7rFylj9umJtz+SODQW+1DqwRa\nJxv1MYjzGfFc62uGUX8Z55o/xxPxdIwQKjI8jCk271ePtylRRGldla3aclVV7y6h\nEc8axj9DgiYk+ktTKCXmnz6Jfd218/pfYGPw8fxLjrDQd3DjDvBym1/tSdWd86J3\nhO5RLTwEtNglMsFdVYEEXaXxxT+ns00Y7Uejb99XHmYwq4E49sciKvyDP2jS1WtC\nP7gu2HbsTi2EpehDe84IZnSf4PEQncNnELREzeso/viMZ8nPHiAfJZoNaGr8mO6q\nBPzDmKV0Ufz/Pr/inkHaPOHfbf2G1z9UtlxyXdxZ6nRwFl4FAZgmO7hZXuUKnI5L\no1SjjOOzKNQxYNcNcABUrPo6yr0QMS1saa59Me7aeuEETwNAOIpNHysznXNXa0xf\nJuhCFl7yfgqHcJzfXuv4PwkOh1JyD5/22cflTaVoxv3o3OLDYLq5jmZbf+JcrU83\nDnNQ4pakRYpy9i2OI4w0wilGijrErpQ/pHprLCFlCH5AXtlJBwsw+hMLq6URSAFM\nXH7P9xKxNCv1zJaa4lwB/iHbTydoid49O/zmZqw+P/EY/tDy0nS0M47zZEu7sVLG\nu4TToPlCuV50hjzMLiH0obUCAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo+SN1dOIDrlHfqlMiSgb\nUa7ylaLcIPqATSD8+8S1q5mF5oJeW3ZM1u8tuvQ9QTtU7O5X5b14YWY1BQxX8oPR\nE4hVqUX27ogLBtjwMdtutQzfD4hd4DFstd0gJbheLwfccy4JrCMJcDYRhPlpSBAI\n5BD3RQG7FoXvZggOO2xK97JfN0AB0rIw+/jhB+HrODHXuFoQ4veT0hO7jlFfMsRc\nZ68txM4BxcYTGL9m9bRduzqUiaN4CRv/8W7bryYXPS1etDGc9H2+07hG5iv/EPTM\nSsG/oBQjqW4yFpQUuTiaw2e3dB0/lXOVRuN6fkLBOXlz4K5ndmSUk6BOkryx06iC\n232yhfyIOjlBjBKm9tI0LlNvagKd3700aMIb+9fESytLiJvR/xRZhlupMv/tnp/M\nK2bGanzVEP8+Hvp1agNddD6Z8nUNEAsnibdd9eZllGeIarS2npVBRFMpbE7Zxd85\nc9c6xxJbN5DMIUYYbu2/g+vIS9SltlkQjJBa5FTuOIol4OhfleFK0ec2s/K6pKNx\nlwEjiygVIzd6f4iCHMDFSi3O16HxCJoAomKft2edqze2Bch0xylmjjT83kh8HrEe\n2RKRgxRVD9F+PUaTWRU1U8VIyAKpdJRdMkMnobmYdg4nvdW02kmMMxJ8xyYH5bWZ\n7Y78avkhRNp1u9KMgq+x99ECAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" }, - "ee4c02f9b05da43ed4da0177b6aebd58055138b15ab16a8e45b89adc1d6e6423": { + "c065c3c218e1178d47a3347a2df2882a15ebe516b1a69f18ddbdd1a1a950da43": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyxoTKeouXyjUGlK0XPvQ\nwE+XKMCgjgI4eGBLiQPvwHGpgSaruZvJXjOY5znNwz9xS1hGbHfXNp6FogOkDlB8\nTaXwsFrzxf+dsoM0OFFkX7pE8fWvkYinDcKbD2aVCBQqpEIEHMO0kksAn48x3D7N\nbKDLg3ncH5PEx+onaOdwDkL0wtHbC+aVHeyU2eA46unLINAOo2dWqL8+s8hQQ1vx\nslznPYXcGsXtTPWpdpXSvJN9Z3SyXCTZXH+bwi32F2D6DmARiAYE2JoR09HpbaF1\nJhPX+fDMVCiHkZJKcYRlbv6J5dz4GsDJ2BcgctkGV/dGZ2xZb9R+ao/r4KUhF+8v\nfB1Jjke6DZ5RVRsmxl6+jy6noVlfG0QxMu3NFIO0zH/tUmZjRF4Cgu5pg2cAUOP3\nFAQmi5zUbhD1GFWom5riGSB7mXLKvh/PKIHYWqdwEcy3j1CaO3vPzYDF2Oibfdbg\n+YNotCDM3oQUEWLl0NXJJEckfFdjQbp9pLiu/FzWjRgNdgFDaVFAx7yo1QWeIdZi\n2LDhAdu2P6gm3ow3a6N6MBMzm+XRGp+fM+EafYMGiNDeiIqF1o80PY7npHaPQ1xM\naoYUSLv03lGBQNlf5wUfUIShIusuj3p1SLb3z3dpAuVVLmgYYlxX/FLN6PmM4VuJ\n4gWjbxyVW8byc1tIegzpzvcCAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAolJhgYwd7GfP+VVlxwO1\nQ4DVDUq2f7tow4c5B4RwEEM06OlHF2FS2buoh12rNEWZhM73iWQjVb1bkp877QW7\nTGsePpf1ij2y5zAOnXlUWA4fLM7C/UKDhCEejgJbkq7avwYOogOYQL09P0VnSUo2\nbus6tASxYVarDjOAIQqBLqa7ANxzuTIkSs0Vc+zsrtwc6LdL+J4pXhErgO60nyw0\n9iG0N/dolAcfqCkExRtFv2fDsu1nPnjoaCXTK0eUjhq5hVWP0KGVyJtlDkE37UDz\nHMlr8D4jkVUBvK7gNRXyhkLqO/DaZr+nrt471m8GTvOKWaT4BpTktVSRftxWMTY8\nRV9SlE+bAyqkhqFfjPxAXSY4JJ7OJgVWFygDp0dUVD6GY+lKHIrQGXcrWVvyaCpz\nQp8dFWgbyxRatwWqdb5azoXvobaU9D3WS9FZZNCpw+VjIxC77xV7k83OayHiccvV\nV036IfXg2lfxgWxEOL6T+6CApw4JIzUnqtG6amEna/BuEBhdSHxp44wr3/rNGggx\nW8CqatoY90epQKCQuHR47TI1GWFlfFKfUfkQ4tXhFPMI3HqpuBzn28FhTXs9Gm9L\neR1iJFDgCALLgQzuZaNrd4MxlvsmkK5+RAiYH4vnU476Pbo5n/UT7YWIWzVIQACw\n1otuZ3rPl3e0BWdgGif/PjUCAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" }, - "fdb6977183ef336361bdd34bb288771ddd6e8f2bddcd2cbce242ebcfd9e4c4da": { + "ca8b6d22a4838957641bc6bc6f1eb3ad8ebb0fcee3ad4820ae5f7c30fb25213e": { "keytype": "rsa", "keyval": { - "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo0OCHDmz1PSI2Aj0jQP0\ntWXU4Fe+qSma5QEWFcln9fcw0AO2cvfcxrXwm8Mg0H18UB+x4bXu2V6Qd1ktIpr/\n676TVU1h/XFvDHMdiUKmYlLyeOE4qx5Hbrz15ObhB1mapV3LC0Dd+4ePNLwm89sB\nz9jKQ0m09gdBt9488eV97ePVb+mhasGQU9KXFTKxglA79nB0yZJ/TMcupi+gZEOD\nQOihI4u1YRGfiGhclVMtwzCZjZizzQEQf44OQKRrdOuxOm71wc/lSxLMJQeAn/tj\nwrxU5n54URkorrR9J62RxsvRJr+qmsnpLv2wYHEopirVcwVhVa7xhJ/jxfjd/hqF\n99vGdVVZzDndFydpzs9zm4cjCWaPpX04/YF3u9WDeDdhJ7jXWrAuiI/UMnZH/5sm\nibAIhsS5AyfckNbBa49b02JLGANRcj/8+w8T8NAIkrqIX2asaGnmSJGJZPo13gbj\nVzpmid9MXdKDdLyCPG8kxsKh9bHLJ0+cRcralU/shqUnMGBOigqn+LmouV9MY+uv\nE5DBq+VlV2vx1bDCIR1AnWoV3Rwag8iipcHBhj/4R5o05eDc657ywiK7HzLmJJYv\n1vBuWmG99nh/tYGzGDdHsjRLi+4wtKORcIYVobwMnVhKzaMAyldo86eZXxUrMJae\nuPGisbO+KZWz6v9GqVIR4RkCAwEAAQ==\n-----END PUBLIC KEY-----" + "public": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuL5T4JNolyS8mHsGLA98\nPOCfI0MAtHtzKFpcqG64sxyMI7c1kBRzpWOZD6V6PeOoHnTPGkP+aEiOyesjVQFe\nRt7dXEGaWuyLvdyiXsSZZK6OUgIRLwKKhgmlzJYx3Tc+4AhH5drncJ2s2d4KS2PR\n0fr4zWOYK6lSTQeDloJol7WGZRtsAFcUmH931aW8mGrOVNi1cci6f3CgdPRMhNrW\nkqc618vqZ6XYDZdLcYnhG59pkrGmM9F5m+XA/emyQFc1fXIWCuFh0al/0X3DYxRe\nddtqeRRU6pw8ZdWqzADRknfBGG7TabsH9qlGmf8dR/0CS9KE9JJsFt84c+VoI0cJ\nNH5Cewg6vhVSnzCQmoAlAWhMqv2MEZCjoxIvT4Fb1fHyDdXtKSI9TcQU6MYsfB0n\n0AbES1zjcM5cWTG4L8KkXhrRgDm/6T2qNJEi6aDSFh3HQlwjfv5vpPgbg1WQJPqk\nn+XWGgAuk/oVIOo+dW6c2rmsfrqg4/RhrGDUOAeY8S8Jz0FvitcB/jA4g6NJSUp0\n3959HC+wh9dRxk1UG7/36HuQDo1y+Q3b0W/cnNrCYSmdVGR8WkdpFR3lmOIEXOif\nxXrAbZbQI7uqMQySRWFphtEMPSku0DjLGbgs6nf7FGCzHiT3zN10U6qmXfgToukX\nOBvs5taxega0ItLXTNahozMCAwEAAQ==\n-----END PUBLIC KEY-----" }, "scheme": "rsassa-pss-sha256" } @@ -83,34 +83,34 @@ "roles": { "root": { "keyids": [ - "fdb6977183ef336361bdd34bb288771ddd6e8f2bddcd2cbce242ebcfd9e4c4da", - "ddf10d57799570c2bd2ac811ffe8666205135096041b8951f1dfc40fbba64ea5", - "a30a80d904e6ba3b54e628042ae7145a1750e9ce46161b76d697df9e2989baba" + "b1a5593f4a6a7ab8f7128e05994c4ebed790659f42a27064960d117a35924fb6", + "6a3cf0470851a88704d6873efe743c52d1a8af9e78c03a9fccfd208c0b45586a", + "07032e4713198d5b1a613a0b569c4232f690dc329333fee5850821e540378498" ], "threshold": 2 }, "snapshot": { "keyids": [ - "9d0d6e3ef38ee19612c2b1ca659988e08d794f7f6b8cfdcc4b1781851a2e37d1" + "3a691524e33fd1680893be335f211ccd0cc710fc43030ae6e8e5080c4e45d018" ], "threshold": 1 }, "targets": { "keyids": [ - "c46f9ddd7a8c2754ed81924d6bb0ee1db9ebd2671fdfe1ceb66dcff5d90b1a6a", - "ee4c02f9b05da43ed4da0177b6aebd58055138b15ab16a8e45b89adc1d6e6423", - "55b37c4cbada22b8e07f507e6e4a97dbea64896db0f24936969e4fbbd57d7699" + "ca8b6d22a4838957641bc6bc6f1eb3ad8ebb0fcee3ad4820ae5f7c30fb25213e", + "c065c3c218e1178d47a3347a2df2882a15ebe516b1a69f18ddbdd1a1a950da43", + "bd7c60e0fdf721afcc7237b8269967ba6bd6d93fd110189db3bd4c722cf503fb" ], "threshold": 2 }, "timestamp": { "keyids": [ - "9d0d6e3ef38ee19612c2b1ca659988e08d794f7f6b8cfdcc4b1781851a2e37d1" + "3a691524e33fd1680893be335f211ccd0cc710fc43030ae6e8e5080c4e45d018" ], "threshold": 1 } }, "spec_version": "1.0.0", - "version": 15 + "version": 16 } } \ No newline at end of file diff --git a/datadog_checks_downloader/datadog_checks/downloader/download.py b/datadog_checks_downloader/datadog_checks/downloader/download.py index ac2754d63b71a..353e6d9506029 100644 --- a/datadog_checks_downloader/datadog_checks/downloader/download.py +++ b/datadog_checks_downloader/datadog_checks/downloader/download.py @@ -49,7 +49,7 @@ REPOSITORY_URL_PREFIX = 'https://dd-integrations-core-wheels-build-stable.datadoghq.com' # Where to find our in-toto root layout. IN_TOTO_METADATA_DIR = 'in-toto-metadata' -ROOT_LAYOUTS = {'core': '5.core.root.layout', 'extras': '1.extras.root.layout'} +ROOT_LAYOUTS = {'core': '6.core.root.layout', 'extras': '1.extras.root.layout'} DEFAULT_ROOT_LAYOUT_TYPE = 'core' diff --git a/datadog_checks_downloader/tests/conftest.py b/datadog_checks_downloader/tests/conftest.py index 4b0230a7e86b5..662dde6eb3d26 100644 --- a/datadog_checks_downloader/tests/conftest.py +++ b/datadog_checks_downloader/tests/conftest.py @@ -18,7 +18,7 @@ def pytest_addoption(parser): parser.addoption( "--distribution-version", action="store", - default="1.10.0", + default="4.0.0", help="The version number of the desired Datadog check.", ) parser.addoption( diff --git a/datadog_checks_downloader/tests/data/datadog-active-directory-1.10.0.zip b/datadog_checks_downloader/tests/data/datadog-active-directory-4.0.0.zip similarity index 72% rename from datadog_checks_downloader/tests/data/datadog-active-directory-1.10.0.zip rename to datadog_checks_downloader/tests/data/datadog-active-directory-4.0.0.zip index 55026ec786ea6..a06a0e47a69df 100644 Binary files a/datadog_checks_downloader/tests/data/datadog-active-directory-1.10.0.zip and b/datadog_checks_downloader/tests/data/datadog-active-directory-4.0.0.zip differ diff --git a/datadog_checks_downloader/tests/scripts/download_test_data.py b/datadog_checks_downloader/tests/scripts/download_test_data.py index 324d99e8b036b..13a59413532c6 100644 --- a/datadog_checks_downloader/tests/scripts/download_test_data.py +++ b/datadog_checks_downloader/tests/scripts/download_test_data.py @@ -18,7 +18,7 @@ REPOSITORY_BASE_URL = 'https://dd-integrations-core-wheels-build-stable.datadoghq.com/' INTEGRATION = 'active-directory' -INTEGRATION_VERSION = '1.10.0' +INTEGRATION_VERSION = '4.0.0' ZIP_FILENAME = f'datadog-{INTEGRATION}-{INTEGRATION_VERSION}.zip' TARGET_DIR = Path(__file__).parent.parent / 'data' diff --git a/datadog_checks_downloader/tests/test_downloader.py b/datadog_checks_downloader/tests/test_downloader.py index c1d3d653f582f..1325aeaae5e70 100644 --- a/datadog_checks_downloader/tests/test_downloader.py +++ b/datadog_checks_downloader/tests/test_downloader.py @@ -53,6 +53,15 @@ "datadog-dd-cluster-agent", # excluding this since actual integration is called `datadog-cluster-agent` "datadog-kubernetes", # excluding this since `kubernetes` check is Agent v5 only "datadog-go-metro", # excluding this since `go-metro` check is Agent v5 only + "datadog-agent-metrics", # excluding this since `agent-metrics` check is Agent v5 only + "datadog-amazon-kafka", # excluding this since `amazon-kafka` wasn't an official release + "datadog-tokumx", # excluding this since `tokumx` was dropped in py3 + "datadog-ntp", # excluding this since `ntp` was Agent 5 only +] + +EXCLUDED_LOG_INTEGRATIONS = [ + # Temporary exclusion until we re-release the integration or come up with a better solution. + "datadog-zeek", # log only integration released by Florent. Will fail until we re-release it. ] # Specific integration versions released for the last time by a revoked developer but not shipped anymore. @@ -153,8 +162,8 @@ def test_non_datadog_distribution(): [ ( "datadog-active-directory", - "1.10.0", - "simple/datadog-active-directory/datadog_active_directory-1.10.0-py2.py3-none-any.whl", + "4.0.0", + "simple/datadog-active-directory/datadog_active_directory-4.0.0-py2.py3-none-any.whl", ), ], ) @@ -212,7 +221,7 @@ def test_local_dir_download(capfd, local_dir, distribution_name, distribution_ve @pytest.mark.parametrize( "distribution_name,distribution_version", [ - ("datadog-active-directory", "1.10.0"), + ("datadog-active-directory", "4.0.0"), ], ) def test_local_expired_metadata_error(distribution_name, distribution_version): @@ -250,7 +259,7 @@ def test_local_unreachable_repository(): @pytest.mark.parametrize( "distribution_name,distribution_version", [ - ("datadog-active-directory", "1.10.0"), + ("datadog-active-directory", "4.0.0"), ], ) @freeze_time(_LOCAL_TESTS_DATA_TIMESTAMP) @@ -287,12 +296,12 @@ def tamper(repo_dir): @freeze_time(_LOCAL_TESTS_DATA_TIMESTAMP) def test_local_tampered_target_triggers_failure(): distribution_name = "datadog-active-directory" - distribution_version = "1.10.0" + distribution_version = "4.0.0" def tamper(repo_dir): """Modify the target that we want to download.""" files_to_change = (repo_dir / 'targets' / 'simple' / 'datadog-active-directory').glob( - '*.datadog_active_directory-1.10.0-*.whl' + '*.datadog_active_directory-4.0.0-*.whl' ) for path in files_to_change: @@ -319,7 +328,7 @@ def tamper(repo_dir): def test_local_download_non_existing_package(): """Test local verification of a wheel file.""" - with local_http_server("datadog-active-directory-1.10.0".format()) as http_url: + with local_http_server("datadog-active-directory-4.0.0".format()) as http_url: argv = [ "datadog-a-nonexisting", "--version", @@ -450,7 +459,7 @@ def test_downloader(): if not match: continue integration_name = match.group(1) - if integration_name in EXCLUDED_INTEGRATIONS: + if integration_name in EXCLUDED_INTEGRATIONS + EXCLUDED_LOG_INTEGRATIONS: continue if integration_name not in integrations_metadata: raise Exception( diff --git a/datadog_cluster_agent/CHANGELOG.md b/datadog_cluster_agent/CHANGELOG.md index 67aec4358128e..ada595d90c490 100644 --- a/datadog_cluster_agent/CHANGELOG.md +++ b/datadog_cluster_agent/CHANGELOG.md @@ -14,10 +14,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -28,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/datadog_cluster_agent/changelog.d/19229.added b/datadog_cluster_agent/changelog.d/19229.added new file mode 100644 index 0000000000000..96fec650c7fe8 --- /dev/null +++ b/datadog_cluster_agent/changelog.d/19229.added @@ -0,0 +1 @@ +add telemetry for local load store in dca diff --git a/datadog_cluster_agent/datadog_checks/datadog_cluster_agent/check.py b/datadog_cluster_agent/datadog_checks/datadog_cluster_agent/check.py index e88ac2f4acdf6..e13153eb6a611 100644 --- a/datadog_cluster_agent/datadog_checks/datadog_cluster_agent/check.py +++ b/datadog_cluster_agent/datadog_checks/datadog_cluster_agent/check.py @@ -35,6 +35,8 @@ 'autoscaling_workload_vertical_rollout_triggered': 'autoscaling.workload.vertical_rollout_triggered', 'autoscaling_workload_vertical_scaling_received_limits': 'autoscaling.workload.vertical_scaling_received_limits', 'autoscaling_workload_vertical_scaling_received_requests': 'autoscaling.workload.vertical_scaling_received_requests', # noqa: E501 + 'autoscaling_workload_store_load_entities': 'autoscaling.workload.store_load_entities', + 'autoscaling_workload_store_job_queue_length': 'autoscaling.workload.store_job_queue_length', 'aggregator__flush': 'aggregator.flush', 'aggregator__processed': 'aggregator.processed', 'api_requests': 'api_requests', diff --git a/dcgm/CHANGELOG.md b/dcgm/CHANGELOG.md index 4ca425b9ac34f..a496522d5fd39 100644 --- a/dcgm/CHANGELOG.md +++ b/dcgm/CHANGELOG.md @@ -4,9 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Align OMv2 labels with Kubernetes agent tags ([#18654](https://github.com/DataDog/integrations-core/pull/18654)) ***Fixed***: @@ -19,6 +16,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.3.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/ddev/CHANGELOG.md b/ddev/CHANGELOG.md index 0327da035a2be..423e502adc0b3 100644 --- a/ddev/CHANGELOG.md +++ b/ddev/CHANGELOG.md @@ -2,6 +2,21 @@ +## 11.0.0 / 2024-12-09 + +***Removed***: + +* Remove manifest validation call that calls deprecated endpoint ([#19208](https://github.com/DataDog/integrations-core/pull/19208)) + +***Changed***: + +* Ddev now uses the macos-13 runner instead of macos-13 for the generated test matrix, because the macos-12 runner is being discontinued by microsoft. ([#19163](https://github.com/DataDog/integrations-core/pull/19163)) + +***Added***: + +* Add unit names for bolívar digital ([#19051](https://github.com/DataDog/integrations-core/pull/19051)) +* Bump dependencies for checking and fixing code style ([#19126](https://github.com/DataDog/integrations-core/pull/19126)) + ## 10.4.0 / 2024-11-13 ***Added***: diff --git a/ddev/changelog.d/17936.added b/ddev/changelog.d/17936.added new file mode 100644 index 0000000000000..25c19f52d2856 --- /dev/null +++ b/ddev/changelog.d/17936.added @@ -0,0 +1 @@ +Add script to convert monitor export json into the JSON we can use diff --git a/ddev/changelog.d/19051.added b/ddev/changelog.d/19051.added deleted file mode 100644 index 226133c429078..0000000000000 --- a/ddev/changelog.d/19051.added +++ /dev/null @@ -1 +0,0 @@ -Add unit names for bolívar digital diff --git a/ddev/src/ddev/cli/meta/scripts/__init__.py b/ddev/src/ddev/cli/meta/scripts/__init__.py index 2e8085a4bfc55..5605258b6499d 100644 --- a/ddev/src/ddev/cli/meta/scripts/__init__.py +++ b/ddev/src/ddev/cli/meta/scripts/__init__.py @@ -7,6 +7,7 @@ from datadog_checks.dev.tooling.commands.meta.scripts.remove_labels import remove_labels from ddev.cli.meta.scripts.generate_metrics import generate_metrics +from ddev.cli.meta.scripts.monitor import monitor from ddev.cli.meta.scripts.serve_openmetrics_payload import serve_openmetrics_payload from ddev.cli.meta.scripts.upgrade_python import upgrade_python @@ -24,3 +25,4 @@ def scripts(): scripts.add_command(remove_labels) scripts.add_command(serve_openmetrics_payload) scripts.add_command(upgrade_python) +scripts.add_command(monitor) diff --git a/ddev/src/ddev/cli/meta/scripts/monitor.py b/ddev/src/ddev/cli/meta/scripts/monitor.py new file mode 100644 index 0000000000000..43bb3576f8e67 --- /dev/null +++ b/ddev/src/ddev/cli/meta/scripts/monitor.py @@ -0,0 +1,68 @@ +import copy + +import click + +DESCRIPTION_SEED = """\ +This monitor will alert you on XXX... + +- Define the problem stated by the title. +- Answer why this is an issue worth alerting on. +- Describe the impact of the problem. + +Official guidelines: +https://docs.datadoghq.com/developers/integrations/create-an-integration-recommended-monitor/#description +""" + + +@click.group +def monitor(): + """ + Work with monitors. + """ + + +def _edit(text): + edited = click.edit(text=text, require_save=False) + return "" if edited is None else edited + + +def _drop_fields(exported): + x = copy.deepcopy(exported) + x.pop('id', None) + x['options'].pop('on_missing_data', None) + return x + + +@monitor.command +@click.argument("export_json", type=click.File()) +def create(export_json): + """ + Create monitor spec from the JSON export of the monitor in the UI. + + The exported monitor cannot be committed as-is, we have to rename, add, and drop some fields. + + After you've copied the JSON in the UI you can either save it as a file or pipe it to STDIN: + + \b + pbpaste | ddev meta monitor create - + """ + import json + from datetime import date + + exported = json.load(export_json) + today = date.today().isoformat() + wrangled = { + "version": 2, + "created_at": today, + "last_updated_at": today, + "title": _edit(text=exported["name"]).strip(), + "description": _edit(text=DESCRIPTION_SEED).strip(), + "tags": exported["tags"], + "definition": _drop_fields(exported), + } + click.echo( + json.dumps( + wrangled, + indent=2, + ) + ) diff --git a/ddev/src/ddev/cli/validate/__init__.py b/ddev/src/ddev/cli/validate/__init__.py index 95b2afaa0f721..5865a9ba66c7b 100644 --- a/ddev/src/ddev/cli/validate/__init__.py +++ b/ddev/src/ddev/cli/validate/__init__.py @@ -25,7 +25,6 @@ from ddev.cli.validate.http import http from ddev.cli.validate.labeler import labeler from ddev.cli.validate.licenses import licenses -from ddev.cli.validate.manifest import manifest from ddev.cli.validate.metadata import metadata from ddev.cli.validate.openmetrics import openmetrics from ddev.cli.validate.version import version @@ -54,7 +53,6 @@ def validate(): validate.add_command(legacy_signature) validate.add_command(license_headers) validate.add_command(licenses) -validate.add_command(manifest) validate.add_command(metadata) validate.add_command(models) validate.add_command(openmetrics) diff --git a/ddev/src/ddev/cli/validate/manifest.py b/ddev/src/ddev/cli/validate/manifest.py deleted file mode 100644 index cf8acdae216dc..0000000000000 --- a/ddev/src/ddev/cli/validate/manifest.py +++ /dev/null @@ -1,49 +0,0 @@ -# (C) Datadog, Inc. 2022-present -# All rights reserved -# Licensed under a 3-clause BSD style license (see LICENSE) -from __future__ import annotations - -from typing import TYPE_CHECKING - -import click - -if TYPE_CHECKING: - from ddev.cli.application import Application - - -@click.command(short_help='Validate integration manifests') -@click.argument('integrations', nargs=-1) -@click.pass_context -def manifest(ctx: click.Context, integrations: tuple[str, ...]): - """Validate integration manifests.""" - import httpx - - app: Application = ctx.obj - validation_tracker = app.create_validation_tracker('Manifests') - - dd_url = app.config.org.config.get('dd_url', '') - if not dd_url: - app.abort(f'No `dd_url` has been set for org `{app.config.org.name}`') - - validation_endpoint = f'{dd_url}/api/beta/apps/manifest/validate' - - for integration in app.repo.integrations.iter(integrations): - payload = {'data': {'type': 'app_manifest', 'attributes': integration.manifest.get('')}} - - try: - response = httpx.post(validation_endpoint, json=payload) - - if response.status_code == 400: - for error in response.json()['errors']: - validation_tracker.error((integration.display_name, 'manifest.json'), message=error) - else: - response.raise_for_status() - validation_tracker.success() - except Exception as e: - validation_tracker.error((integration.display_name, 'manifest.json'), message=str(e)) - - if validation_tracker.errors: - validation_tracker.display() - app.abort() - - validation_tracker.display() diff --git a/ddev/src/ddev/plugin/external/hatch/environment_collector.py b/ddev/src/ddev/plugin/external/hatch/environment_collector.py index 54d6e3cce723e..d6be21adbf91a 100644 --- a/ddev/src/ddev/plugin/external/hatch/environment_collector.py +++ b/ddev/src/ddev/plugin/external/hatch/environment_collector.py @@ -144,8 +144,8 @@ def get_initial_config(self): }, # We pin deps in order to make CI more stable/reliable. 'dependencies': [ - 'black==24.2.0', - 'ruff==0.3.3', + 'black==24.10.0', + 'ruff==0.8.0', # Keep in sync with: /datadog_checks_base/pyproject.toml 'pydantic==2.7.3', ], diff --git a/ddev/src/ddev/utils/scripts/ci_matrix.py b/ddev/src/ddev/utils/scripts/ci_matrix.py index 2c9da736a53c9..04895dbcfa991 100644 --- a/ddev/src/ddev/utils/scripts/ci_matrix.py +++ b/ddev/src/ddev/utils/scripts/ci_matrix.py @@ -74,8 +74,8 @@ 'linux': __plat('Linux', 'ubuntu-22.04'), # https://github.com/actions/runner-images/blob/main/images/win/Windows2022-Readme.md 'windows': __plat('Windows', 'windows-2022'), - # https://github.com/actions/runner-images/blob/main/images/macos/macos-12-Readme.md - 'macos': __plat('macOS', 'macos-12'), + # https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md + 'macos': __plat('macOS', 'macos-13'), } diff --git a/ddev/tests/cli/validate/test_manifest.py b/ddev/tests/cli/validate/test_manifest.py deleted file mode 100644 index 5f5eb2084bc36..0000000000000 --- a/ddev/tests/cli/validate/test_manifest.py +++ /dev/null @@ -1,97 +0,0 @@ -# (C) Datadog, Inc. 2022-present -# All rights reserved -# Licensed under a 3-clause BSD style license (see LICENSE) -import json - -import pytest - -from ddev.utils.structures import EnvVars - - -@pytest.fixture(scope='module', autouse=True) -def terminal_width(): - with EnvVars({'COLUMNS': '200'}): - yield - - -def test_no_dd_url(ddev, helpers, config_file): - config_file.model.orgs['default']['dd_url'] = '' - config_file.save() - - result = ddev('validate', 'manifest', 'disk') - - assert result.exit_code == 1, result.output - assert result.output == helpers.dedent( - """ - No `dd_url` has been set for org `default` - """ - ) - - -def test_error_single_integration(ddev, repository, helpers, network_replay): - network_replay('manifest/missing_app_uuid.yaml', record_mode='none') - - check = 'mongo' - manifest_file = repository.path / check / 'manifest.json' - manifest = json.loads(manifest_file.read_text()) - del manifest['app_uuid'] - manifest_file.write_text(json.dumps(manifest)) - - result = ddev('validate', 'manifest', check) - - assert result.exit_code == 1, result.output - assert helpers.remove_trailing_spaces(result.output) == helpers.dedent( - """ - Manifests - └── MongoDB - └── manifest.json - - API input validation failed: {'app_uuid': [u'Missing data for required field.']} - - Errors: 1 - """ - ) - - -def test_error_multiple_integrations(ddev, repository, helpers, network_replay): - network_replay('manifest/missing_app_uuid.yaml', record_mode='none') - - for check in ('mongo', 'vsphere'): - manifest_file = repository.path / check / 'manifest.json' - manifest = json.loads(manifest_file.read_text()) - del manifest['app_uuid'] - manifest_file.write_text(json.dumps(manifest)) - - result = ddev('validate', 'manifest') - - assert result.exit_code == 1, result.output - assert helpers.remove_trailing_spaces(result.output) == helpers.dedent( - """ - Manifests - ├── MongoDB - │ └── manifest.json - │ - │ API input validation failed: {'app_uuid': [u'Missing data for required field.']} - └── vSphere - └── manifest.json - - API input validation failed: {'app_uuid': [u'Missing data for required field.']} - - Errors: 2 - """ - ) - - -def test_passing(ddev, helpers, network_replay): - network_replay('manifest/success.yaml', record_mode='none') - - result = ddev('validate', 'manifest', 'postgres') - - assert result.exit_code == 0, result.output - assert helpers.remove_trailing_spaces(result.output) == helpers.dedent( - """ - Manifests - - Passed: 1 - """ - ) diff --git a/directory/CHANGELOG.md b/directory/CHANGELOG.md index db85d91a30c3f..99c1e1e78a858 100644 --- a/directory/CHANGELOG.md +++ b/directory/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-02-16 / Agent 7.52.0 ***Fixed***: diff --git a/disk/CHANGELOG.md b/disk/CHANGELOG.md index c768cd40a0b2e..d3b96a84d2716 100644 --- a/disk/CHANGELOG.md +++ b/disk/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 5.4.0 / 2024-09-05 diff --git a/dns_check/CHANGELOG.md b/dns_check/CHANGELOG.md index 42f98d2c86001..13690f92ee70a 100644 --- a/dns_check/CHANGELOG.md +++ b/dns_check/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.0 / 2024-03-22 / Agent 7.53.0 ***Added***: diff --git a/docs/developer/guidelines/dashboards.md b/docs/developer/guidelines/dashboards.md index 4b355ff0d9e91..eae2d680311eb 100644 --- a/docs/developer/guidelines/dashboards.md +++ b/docs/developer/guidelines/dashboards.md @@ -96,7 +96,7 @@ A dashboard that follows best practices helps users consume data quickly. Best p 1. If log collection is enabled, make a *Logs* group. Insert a timeseries widget showing a bar graph of logs by status over time. Also include a log stream of logs with the "Error" or "Critical" status. !!! tip - Consider turning groups into powerpacks if they appear repeatedly in dashboards irrespective of the integration type, so that you can insert the entire group with the correct formatting with a few clicks rather than adding the same widgets from scratch each time. + Consider turning groups into powerpacks if they appear repeatedly in dashboards irrespective of the integration type, so that you can insert the entire group with the correct formatting with a few clicks rather than adding the same widgets from scratch each time. ### Design Guidelines diff --git a/docs/developer/meta/ci/testing.md b/docs/developer/meta/ci/testing.md index 3377cdfb58406..f514b07df4f89 100644 --- a/docs/developer/meta/ci/testing.md +++ b/docs/developer/meta/ci/testing.md @@ -113,7 +113,7 @@ Configuration for targets [lives](https://github.com/DataDog/integrations-core/b | --- | --- | --- | | Linux | `linux` | [Ubuntu 22.04](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md) | | Windows | `windows` | [Windows Server 2022](https://github.com/actions/runner-images/blob/main/images/win/Windows2022-Readme.md) | -| macOS | `macos` | [macOS 12](https://github.com/actions/runner-images/blob/main/images/macos/macos-12-Readme.md) | +| macOS | `macos` | [macOS 13](https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md) | If an integration's `manifest.json` indicates that the only supported platform is Windows then that will be used to run tests, otherwise they will run on Linux. diff --git a/dotnetclr/CHANGELOG.md b/dotnetclr/CHANGELOG.md index 2a035c938ca1a..b7407151c0ea2 100644 --- a/dotnetclr/CHANGELOG.md +++ b/dotnetclr/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/druid/CHANGELOG.md b/druid/CHANGELOG.md index 446ac6974c60d..e2fd2ecc6770b 100644 --- a/druid/CHANGELOG.md +++ b/druid/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/ecs_fargate/CHANGELOG.md b/ecs_fargate/CHANGELOG.md index e51e736c0489e..fef9b4d71491c 100644 --- a/ecs_fargate/CHANGELOG.md +++ b/ecs_fargate/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/ecs_fargate/README.md b/ecs_fargate/README.md index 8a37e79439f9f..344df0a6fa375 100644 --- a/ecs_fargate/README.md +++ b/ecs_fargate/README.md @@ -18,7 +18,7 @@ The Task Metadata endpoint is only available from within the task definition its The only configuration required to enable this metrics collection is to set an environment variable `ECS_FARGATE` to `"true"` in the task definition. -**Note**: Network Performance Monitoring (NPM) is not supported for ECS Fargate. +**Note**: Cloud Network Monitoring (CNM) is not supported for ECS Fargate. ## Setup diff --git a/eks_fargate/CHANGELOG.md b/eks_fargate/CHANGELOG.md index 5e5348cc7f0ff..b5b7b0679cc3c 100644 --- a/eks_fargate/CHANGELOG.md +++ b/eks_fargate/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/eks_fargate/README.md b/eks_fargate/README.md index e36fba6830831..f2640d6fc4703 100644 --- a/eks_fargate/README.md +++ b/eks_fargate/README.md @@ -7,7 +7,7 @@ Amazon EKS on AWS Fargate is a managed Kubernetes service that automates certain aspects of deployment and maintenance for any standard Kubernetes environment. Kubernetes nodes are managed by AWS Fargate and abstracted away from the user. -**Note**: Network Performance Monitoring (NPM) is not supported for EKS Fargate. +**Note**: Cloud Network Monitoring (CNM) is not supported for EKS Fargate. ## Setup diff --git a/elastic/CHANGELOG.md b/elastic/CHANGELOG.md index ad73e96bc264a..6ebb1ab9190e2 100644 --- a/elastic/CHANGELOG.md +++ b/elastic/CHANGELOG.md @@ -7,10 +7,6 @@ ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Add functionality to not use `host` and `port` tags in service checks ([#18687](https://github.com/DataDog/integrations-core/pull/18687)) ***Fixed***: @@ -23,6 +19,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/elastic/changelog.d/19249.fixed b/elastic/changelog.d/19249.fixed new file mode 100644 index 0000000000000..f82f8964ea031 --- /dev/null +++ b/elastic/changelog.d/19249.fixed @@ -0,0 +1 @@ +Regression fix: handle missing index fields in payload. diff --git a/elastic/datadog_checks/elastic/elastic.py b/elastic/datadog_checks/elastic/elastic.py index cb0b1cbd012de..16165921847b5 100644 --- a/elastic/datadog_checks/elastic/elastic.py +++ b/elastic/datadog_checks/elastic/elastic.py @@ -261,7 +261,7 @@ def _get_index_metrics(self, admin_forwarder, version, base_tags): index_data['health_reverse'] = dd_health.reverse_status # Ensure that index_data does not contain None values - for key, value in index_data.items(): + for key, value in list(index_data.items()): if value is None: del index_data[key] self.log.debug("The index %s has no metric data for %s", idx['index'], key) diff --git a/elastic/tests/test_unit.py b/elastic/tests/test_unit.py index 214d49b27e56d..ce0ca93e21346 100644 --- a/elastic/tests/test_unit.py +++ b/elastic/tests/test_unit.py @@ -11,7 +11,7 @@ from datadog_checks.dev.http import MockResponse from datadog_checks.elastic import ESCheck from datadog_checks.elastic.elastic import AuthenticationError, get_value_from_path -from datadog_checks.elastic.metrics import stats_for_version +from datadog_checks.elastic.metrics import INDEX_STATS_METRICS, stats_for_version from .common import URL, get_fixture_path @@ -242,3 +242,33 @@ def test_v8_process_stats_data(aggregator, instance): aggregator.assert_metric( "elasticsearch.breakers.inflight_requests.estimated_size_in_bytes", metric_type=aggregator.GAUGE ) + + +def test__get_index_metrics_empty_key(aggregator, instance, mock_http_response): + mock_http_response( + json_data=[ + { + # 'docs.count' is missing + 'docs.deleted': '0', + 'health': 'yellow', + 'index': 'testindex', + 'pri': '1', + 'pri.store.size': '225', + 'rep': '1', + 'status': 'open', + 'store.size': '225', + 'uuid': 'AHSf1ILbSHucwl2X6og55g', + }, + ] + ) + check = ESCheck('elastic', {}, instances=[instance]) + # Focus only on index metrics, so mock out index search stats. + check._get_index_search_stats = mock.MagicMock() + + check._get_index_metrics(admin_forwarder=False, version=[8, 8, 2], base_tags=[]) + + for m in INDEX_STATS_METRICS: + if m == 'elasticsearch.index.docs.count': + aggregator.assert_metric(m, count=0) + else: + aggregator.assert_metric(m) diff --git a/envoy/CHANGELOG.md b/envoy/CHANGELOG.md index a8a4ec786a0e8..c1a808b7ecbbf 100644 --- a/envoy/CHANGELOG.md +++ b/envoy/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.6.0 / 2024-09-10 ***Added***: diff --git a/envoy/tests/conftest.py b/envoy/tests/conftest.py index 3f6688c1b189b..f74c4a32de930 100644 --- a/envoy/tests/conftest.py +++ b/envoy/tests/conftest.py @@ -31,7 +31,9 @@ def dd_environment(): build=True, endpoints="{}/stats".format(URL), log_patterns=['front-envoy(.*?)all dependencies initialized. starting workers'], + sleep=10, attempts=5, + attempts_wait=10, ): # Exercising envoy a bit will trigger extra metrics requests.get('http://{}:8000/service/1'.format(HOST)) diff --git a/envoy/tests/docker/api_v2/docker-compose.yaml b/envoy/tests/docker/api_v2/docker-compose.yaml index b0823bb60acb5..1b07da7965e46 100644 --- a/envoy/tests/docker/api_v2/docker-compose.yaml +++ b/envoy/tests/docker/api_v2/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: front-envoy: diff --git a/envoy/tests/docker/api_v3/docker-compose.yaml b/envoy/tests/docker/api_v3/docker-compose.yaml index c46684c96b5ff..cfa48e601108e 100644 --- a/envoy/tests/docker/api_v3/docker-compose.yaml +++ b/envoy/tests/docker/api_v3/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: front-envoy: diff --git a/envoy/tests/docker/api_v3/go.mod b/envoy/tests/docker/api_v3/go.mod index 031a86af1ccbe..c155a6ee937c9 100644 --- a/envoy/tests/docker/api_v3/go.mod +++ b/envoy/tests/docker/api_v3/go.mod @@ -1,9 +1,15 @@ module envoy-e2e -go 1.13 +go 1.16 require ( github.com/envoyproxy/go-control-plane v0.9.9 github.com/golang/protobuf v1.4.3 google.golang.org/grpc v1.36.0 ) + +replace github.com/envoyproxy/go-control-plane => github.com/envoyproxy/go-control-plane v0.9.9 + +replace github.com/golang/protobuf => github.com/golang/protobuf v1.4.3 + +replace google.golang.org/grpc => google.golang.org/grpc v1.36.0 diff --git a/envoy/tests/docker/api_v3/go.sum b/envoy/tests/docker/api_v3/go.sum index 15f632751d4cb..2b6350df19331 100644 --- a/envoy/tests/docker/api_v3/go.sum +++ b/envoy/tests/docker/api_v3/go.sum @@ -1,42 +1,20 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed h1:OZmjad4L3H8ncOIR8rnb5MREYqG8ixi5+WbeUsquF0c= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9 h1:vQLjymTobffN2R0F8eTqw6q7iozfRO5Z0m+/4Vw+/uA= github.com/envoyproxy/go-control-plane v0.9.9/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -52,66 +30,41 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.36.0 h1:o1bcQ6imQMIOpdrO3SWf2z5RV72WbDwdXuK0MDlc8As= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/esxi/CHANGELOG.md b/esxi/CHANGELOG.md index 31b6fdeeca8c0..67dc8aa2d8777 100644 --- a/esxi/CHANGELOG.md +++ b/esxi/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.2.0 / 2024-07-05 / Agent 7.56.0 ***Added***: diff --git a/etcd/CHANGELOG.md b/etcd/CHANGELOG.md index 114766ab7d325..142b844503f43 100644 --- a/etcd/CHANGELOG.md +++ b/etcd/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.2.2 / 2024-07-05 / Agent 7.56.0 ***Fixed***: diff --git a/etcd/tests/docker/docker-compose.yaml b/etcd/tests/docker/docker-compose.yaml index ad9da29a23358..69375017f28ba 100644 --- a/etcd/tests/docker/docker-compose.yaml +++ b/etcd/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - # Adapted from https://github.com/dwilbraham/docker-compose-etcd services: etcd0: diff --git a/exchange_server/CHANGELOG.md b/exchange_server/CHANGELOG.md index 38e3f0bba21c1..36068c903fcab 100644 --- a/exchange_server/CHANGELOG.md +++ b/exchange_server/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/external_dns/CHANGELOG.md b/external_dns/CHANGELOG.md index d21d1962cb9c4..91c2ab04fee44 100644 --- a/external_dns/CHANGELOG.md +++ b/external_dns/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/flink/CHANGELOG.md b/flink/CHANGELOG.md index 4c19b66d8b61a..f758a13003b47 100644 --- a/flink/CHANGELOG.md +++ b/flink/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.5.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/fluentd/CHANGELOG.md b/fluentd/CHANGELOG.md index f0af9a8419eec..af6e92f9dba8a 100644 --- a/fluentd/CHANGELOG.md +++ b/fluentd/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/fluentd/tests/test_integration.py b/fluentd/tests/test_integration.py index 0b77bb6073102..c3ab91c91a8f3 100644 --- a/fluentd/tests/test_integration.py +++ b/fluentd/tests/test_integration.py @@ -79,3 +79,44 @@ def test_fluentd_with_custom_tags(aggregator, dd_run_check): aggregator.assert_service_check(check.SERVICE_CHECK_NAME, status=Fluentd.OK, tags=sc_tags, count=1) aggregator.assert_all_metrics_covered() + + +def test_default_timeout(instance): + # test default timeout + check = Fluentd(CHECK_NAME, {}, [instance]) + check.check(None) + + assert check.http.options['timeout'] == (5, 5) + + +def test_init_config_old_timeout(instance): + # test init_config timeout + check = Fluentd(CHECK_NAME, {'default_timeout': 2}, [instance]) + check.check(None) + assert check.http.options['timeout'] == (2, 2) + + +def test_init_config_timeout(instance): + # test init_config timeout + check = Fluentd(CHECK_NAME, {'timeout': 7}, [instance]) + check.check(None) + + assert check.http.options['timeout'] == (7, 7) + + +def test_instance_old_timeout(instance): + # test instance default_timeout + instance['default_timeout'] = 13 + check = Fluentd(CHECK_NAME, {'default_timeout': 9}, [instance]) + check.check(None) + + assert check.http.options['timeout'] == (13, 13) + + +def test_instance_timeout(instance): + # test instance timeout + instance['timeout'] = 15 + check = Fluentd(CHECK_NAME, {}, [instance]) + check.check(None) + + assert check.http.options['timeout'] == (15, 15) diff --git a/fluentd/tests/test_unit.py b/fluentd/tests/test_unit.py deleted file mode 100644 index 0a409aa5e861e..0000000000000 --- a/fluentd/tests/test_unit.py +++ /dev/null @@ -1,47 +0,0 @@ -# (C) Datadog, Inc. 2018-present -# All rights reserved -# Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.fluentd import Fluentd - -from .common import CHECK_NAME - - -def test_default_timeout(instance): - # test default timeout - check = Fluentd(CHECK_NAME, {}, [instance]) - check.check(None) - - assert check.http.options['timeout'] == (5, 5) - - -def test_init_config_old_timeout(instance): - # test init_config timeout - check = Fluentd(CHECK_NAME, {'default_timeout': 2}, [instance]) - check.check(None) - assert check.http.options['timeout'] == (2, 2) - - -def test_init_config_timeout(instance): - # test init_config timeout - check = Fluentd(CHECK_NAME, {'timeout': 7}, [instance]) - check.check(None) - - assert check.http.options['timeout'] == (7, 7) - - -def test_instance_old_timeout(instance): - # test instance default_timeout - instance['default_timeout'] = 13 - check = Fluentd(CHECK_NAME, {'default_timeout': 9}, [instance]) - check.check(None) - - assert check.http.options['timeout'] == (13, 13) - - -def test_instance_timeout(instance): - # test instance timeout - instance['timeout'] = 15 - check = Fluentd(CHECK_NAME, {}, [instance]) - check.check(None) - - assert check.http.options['timeout'] == (15, 15) diff --git a/fluxcd/CHANGELOG.md b/fluxcd/CHANGELOG.md index 3d8a89841b093..f29a7269c7199 100644 --- a/fluxcd/CHANGELOG.md +++ b/fluxcd/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/fly_io/CHANGELOG.md b/fly_io/CHANGELOG.md index d361c83c0808f..b9e299749115d 100644 --- a/fly_io/CHANGELOG.md +++ b/fly_io/CHANGELOG.md @@ -14,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.1 / 2024-09-05 ***Fixed***: diff --git a/foundationdb/CHANGELOG.md b/foundationdb/CHANGELOG.md index f3c83f8e84200..589742db02d09 100644 --- a/foundationdb/CHANGELOG.md +++ b/foundationdb/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.4.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/foundationdb/tests/docker/docker-compose.yaml b/foundationdb/tests/docker/docker-compose.yaml index f6cfdc65f435f..3f2b1c6460ad7 100644 --- a/foundationdb/tests/docker/docker-compose.yaml +++ b/foundationdb/tests/docker/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: fdb-coordinator: image: foundationdb/foundationdb:6.3.13 diff --git a/gearmand/CHANGELOG.md b/gearmand/CHANGELOG.md index 928e3d772702b..4b463f42324b3 100644 --- a/gearmand/CHANGELOG.md +++ b/gearmand/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.1.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/genesys/CHANGELOG.md b/genesys/CHANGELOG.md new file mode 100644 index 0000000000000..9fe6e7e4b6a5e --- /dev/null +++ b/genesys/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Genesys + +## 1.0.0 / 2024-11-13 + +***Added***: + +* Initial Release \ No newline at end of file diff --git a/genesys/README.md b/genesys/README.md new file mode 100644 index 0000000000000..63437522cef00 --- /dev/null +++ b/genesys/README.md @@ -0,0 +1,42 @@ +# Agent Check: genesys + +## Overview + +Genesys Cloud is a comprehensive cloud-based contact center platform that enables businesses to manage and optimize customer interactions across multiple channels, including voice, chat, email, social media, and messaging. It's known for its flexibility, scalability, and integration capabilities, helping businesses improve customer experience and streamline operations. + +## Setup + +### Installation + +The genesys check is included in the [Datadog Agent][2] package. +No additional installation is needed on your server. + +### Configuration + +!!! Add list of steps to set up this integration !!! + +### Validation + +!!! Add steps to validate integration is functioning as expected !!! + +## Data Collected + +### Logs + +The Genesys integration collects and forward logs to Datadog. + +### Metrics + +The Genesys integration collects and forward metrics to Datadog. + +### Events + +The Genesys integration does not include any events. + +## Troubleshooting + +Need help? Contact [Datadog support][3]. + +[1]: **LINK_TO_INTEGRATION_SITE** +[2]: https://app.datadoghq.com/account/settings/agent/latest +[3]: https://docs.datadoghq.com/help/ diff --git a/genesys/assets/service_checks.json b/genesys/assets/service_checks.json new file mode 100644 index 0000000000000..0637a088a01e8 --- /dev/null +++ b/genesys/assets/service_checks.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/genesys/manifest.json b/genesys/manifest.json new file mode 100644 index 0000000000000..7c26338ce0437 --- /dev/null +++ b/genesys/manifest.json @@ -0,0 +1,50 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "a0f0e600-1f10-4505-8fc3-64442e78b1a3", + "app_id": "genesys", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into Conversation Analytics metrics and Audit logs", + "title": "Genesys", + "media": [], + "classifier_tags": [ + "Category::Log Collection", + "Category::Metrics", + "Category::Collaboration", + "Submitted Data Type::Logs", + "Submitted Data Type::Metrics", + "Offering::Integration" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 30683213, + "source_type_name": "Genesys", + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "genesys.", + "check": [], + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "logs": { + "source": "genesys" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} \ No newline at end of file diff --git a/genesys/metadata.csv b/genesys/metadata.csv new file mode 100644 index 0000000000000..60d916455a42f --- /dev/null +++ b/genesys/metadata.csv @@ -0,0 +1 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags \ No newline at end of file diff --git a/gitlab/CHANGELOG.md b/gitlab/CHANGELOG.md index b0faa6f9fdc2e..6366910d279c0 100644 --- a/gitlab/CHANGELOG.md +++ b/gitlab/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 7.3.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/gitlab_runner/CHANGELOG.md b/gitlab_runner/CHANGELOG.md index 752ac541dc686..1bedca43d6a45 100644 --- a/gitlab_runner/CHANGELOG.md +++ b/gitlab_runner/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/glusterfs/CHANGELOG.md b/glusterfs/CHANGELOG.md index c7fd2a6c7c1ea..84fa435b0bae2 100644 --- a/glusterfs/CHANGELOG.md +++ b/glusterfs/CHANGELOG.md @@ -14,10 +14,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -28,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.8.0 / 2024-09-05 ***Added***: diff --git a/go_expvar/CHANGELOG.md b/go_expvar/CHANGELOG.md index d43e20a28a403..5011e954beb95 100644 --- a/go_expvar/CHANGELOG.md +++ b/go_expvar/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/gunicorn/CHANGELOG.md b/gunicorn/CHANGELOG.md index 9a6b65b1362a2..833104b7f47f3 100644 --- a/gunicorn/CHANGELOG.md +++ b/gunicorn/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 2.8.0 / 2024-09-05 diff --git a/haproxy/CHANGELOG.md b/haproxy/CHANGELOG.md index 602e7b1fc6fbd..1577c73c09b3e 100644 --- a/haproxy/CHANGELOG.md +++ b/haproxy/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/harbor/CHANGELOG.md b/harbor/CHANGELOG.md index 4bd2c82f8db34..9a0545ee646bf 100644 --- a/harbor/CHANGELOG.md +++ b/harbor/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.2 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/hazelcast/CHANGELOG.md b/hazelcast/CHANGELOG.md index 2d94d7dbfcb62..dff74deef6f98 100644 --- a/hazelcast/CHANGELOG.md +++ b/hazelcast/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.1.0 / 2024-09-06 ***Added***: diff --git a/hdfs_datanode/CHANGELOG.md b/hdfs_datanode/CHANGELOG.md index c9269221368eb..068f38546f4fa 100644 --- a/hdfs_datanode/CHANGELOG.md +++ b/hdfs_datanode/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/hdfs_namenode/CHANGELOG.md b/hdfs_namenode/CHANGELOG.md index 71d0ae2aeb44a..0cdea872d5c34 100644 --- a/hdfs_namenode/CHANGELOG.md +++ b/hdfs_namenode/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/hive/CHANGELOG.md b/hive/CHANGELOG.md index f1faf2ecc73dc..6be6028c43f16 100644 --- a/hive/CHANGELOG.md +++ b/hive/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.10.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/hivemq/CHANGELOG.md b/hivemq/CHANGELOG.md index 938bedd2ba91e..f1c175bf859d2 100644 --- a/hivemq/CHANGELOG.md +++ b/hivemq/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.8.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/http_check/CHANGELOG.md b/http_check/CHANGELOG.md index 3026cb27a8262..6498ce6df9254 100644 --- a/http_check/CHANGELOG.md +++ b/http_check/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ***Security***: * Bump version of cryptography to 43.0.1 to address vulnerability ([#18656](https://github.com/DataDog/integrations-core/pull/18656)) @@ -36,7 +36,7 @@ ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 9.7.0 / 2024-07-05 / Agent 7.56.0 diff --git a/hudi/CHANGELOG.md b/hudi/CHANGELOG.md index f484afed7625c..2fbce75e93832 100644 --- a/hudi/CHANGELOG.md +++ b/hudi/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.3.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/hudi/tests/docker/docker-compose.yaml b/hudi/tests/docker/docker-compose.yaml index 235a2b441c8f2..06dc9e17c2c3f 100644 --- a/hudi/tests/docker/docker-compose.yaml +++ b/hudi/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - # Adapted from https://github.com/big-data-europe/docker-spark/tree/master/template services: spark-app-hudi: diff --git a/hyperv/CHANGELOG.md b/hyperv/CHANGELOG.md index 0f2538e828b05..b3d0b88b08508 100644 --- a/hyperv/CHANGELOG.md +++ b/hyperv/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.11.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/hyperv/assets/dashboards/overview.json b/hyperv/assets/dashboards/overview.json index efc227a6a5699..3d2ad01e4fc0b 100644 --- a/hyperv/assets/dashboards/overview.json +++ b/hyperv/assets/dashboards/overview.json @@ -1,280 +1,366 @@ { - "title": "Hyper-V", - "description": "", - "widgets": [ - { - "id": 0, - "definition": { - "type": "query_value", - "requests": [ - { - "q": "avg:hyperv.hypervisor_logical_processor.total_run_time{$scope}", - "aggregator": "last", - "conditional_formats": [ - { - "comparator": ">", - "value": 90, - "palette": "white_on_red" - }, - { - "comparator": ">", - "value": 80, - "palette": "white_on_yellow" - }, - { - "comparator": "<", - "value": 80, - "palette": "white_on_green" - } - ] - } - ], - "custom_links": [], - "title": "Logical Processor Total Runtime %", - "title_size": "16", - "title_align": "left", - "autoscale": true, - "precision": 2 - }, - "layout": { - "x": 19, - "y": 38, - "width": 23, - "height": 11 - } - }, - { - "id": 1, - "definition": { - "type": "toplist", - "requests": [ - { - "q": "top(avg:hyperv.hypervisor_virtual_processor.total_run_time{$scope} by {instance}, 100, 'last', 'desc')", - "conditional_formats": [ - { - "comparator": ">", - "value": 90, - "palette": "white_on_red" - }, - { - "comparator": ">", - "value": 80, - "palette": "white_on_yellow" - }, - { - "comparator": "<=", - "value": 80, - "palette": "white_on_green" - } - ], - "style": { - "palette": "dog_classic" - } - } - ], - "custom_links": [], - "title": "VMs by Virtual Processor Runtime", - "title_size": "13", - "title_align": "left", - "time": { - "live_span": "1m" + "author_name": "Datadog", + "description": "", + "layout_type": "free", + "template_variables": [ + { + "available_values": [], + "default": "*", + "name": "scope" } - }, - "layout": { - "x": 1, - "y": 50, - "width": 41, - "height": 14 - } - }, - { - "id": 2, - "definition": { - "type": "timeseries", - "requests": [ - { - "q": "avg:hyperv.hypervisor_logical_processor.total_run_time{$scope}", - "display_type": "line", - "style": { - "palette": "dog_classic", - "line_type": "solid", - "line_width": "normal" + ], + "title": "Hyper-V", + "widgets": [ + { + "definition": { + "autoscale": true, + "custom_links": [], + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "palette": "white_on_red", + "value": 90 + }, + { + "comparator": ">", + "palette": "white_on_yellow", + "value": 80 + }, + { + "comparator": "<", + "palette": "white_on_green", + "value": 80 + } + ], + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "avg:hyperv.hypervisor_logical_processor.total_run_time{$scope}" + } + ], + "response_format": "scalar" + } + ], + "title": "Logical Processor Total Runtime %", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 0, + "layout": { + "height": 11, + "width": 23, + "x": 19, + "y": 38 } - } - ], - "custom_links": [], - "title": "CPU Usage by Physical Host", - "title_size": "16", - "title_align": "left", - "show_legend": true, - "legend_size": "0" - }, - "layout": { - "x": 43, - "y": 38, - "width": 61, - "height": 26 - } - }, - { - "id": 3, - "definition": { - "type": "timeseries", - "requests": [ - { - "q": "avg:hyperv.hypervisor_virtual_processor.total_run_time{$scope} by {instance}", - "display_type": "line", - "style": { - "palette": "dog_classic", - "line_type": "solid", - "line_width": "normal" + }, + { + "definition": { + "custom_links": [], + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "palette": "white_on_red", + "value": 90 + }, + { + "comparator": ">", + "palette": "white_on_yellow", + "value": 80 + }, + { + "comparator": "<=", + "palette": "white_on_green", + "value": 80 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "avg:hyperv.hypervisor_virtual_processor.total_run_time{$scope} by {instance}" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + }, + "style": { + "palette": "dog_classic" + } + } + ], + "time": { + "live_span": "1m" + }, + "title": "VMs by Virtual Processor Runtime", + "title_align": "left", + "title_size": "13", + "type": "toplist" + }, + "id": 1, + "layout": { + "height": 14, + "width": 41, + "x": 1, + "y": 50 } - } - ], - "custom_links": [], - "yaxis": { - "min": "0", - "max": "100" }, - "title": "CPU Usage by VM", - "title_size": "16", - "title_align": "left", - "show_legend": true, - "legend_size": "0" - }, - "layout": { - "x": 43, - "y": 19, - "width": 61, - "height": 18 - } - }, - { - "id": 4, - "definition": { - "type": "query_value", - "requests": [ - { - "q": "count:hyperv.hypervisor_logical_processor.guest_run_time{$scope,!instance:_total}", - "aggregator": "last" - } - ], - "custom_links": [], - "title": "Instance Count", - "title_size": "16", - "title_align": "left", - "time": { - "live_span": "1m" + { + "definition": { + "custom_links": [], + "legend_size": "0", + "requests": [ + { + "display_type": "line", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:hyperv.hypervisor_logical_processor.total_run_time{$scope}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "CPU Usage by Physical Host", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 2, + "layout": { + "height": 26, + "width": 61, + "x": 43, + "y": 38 + } }, - "autoscale": true, - "precision": 2 - }, - "layout": { - "x": 1, - "y": 38, - "width": 17, - "height": 11 - } - }, - { - "id": 5, - "definition": { - "type": "image", - "url": "https://s25966.pcdn.co/hyper-v/wp-content/uploads/2017/12/5B5EFCA7-DF8C-4123-AF48-FA67F883AD2B.jpeg", - "sizing": "zoom" - }, - "layout": { - "x": 1, - "y": 3, - "width": 41, - "height": 15 - } - }, - { - "id": 6, - "definition": { - "type": "query_value", - "requests": [ - { - "q": "avg:hyperv.dynamic_memory_balancer.available_memory{$scope}", - "aggregator": "avg" - } - ], - "custom_links": [], - "title": "Average Available Memory (bytes)", - "title_size": "16", - "title_align": "left", - "autoscale": true, - "precision": 2 - }, - "layout": { - "x": 43, - "y": 3, - "width": 26, - "height": 15 - } - }, - { - "id": 7, - "definition": { - "type": "hostmap", - "requests": { - "fill": { - "q": "avg:hyperv.hypervisor_logical_processor.guest_run_time{*} by {host}" - } + { + "definition": { + "custom_links": [], + "legend_size": "0", + "requests": [ + { + "display_type": "line", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:hyperv.hypervisor_virtual_processor.total_run_time{$scope} by {instance}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "CPU Usage by VM", + "title_align": "left", + "title_size": "16", + "type": "timeseries", + "yaxis": { + "max": "100", + "min": "0" + } + }, + "id": 3, + "layout": { + "height": 18, + "width": 61, + "x": 43, + "y": 19 + } }, - "custom_links": [], - "title": "CPU Usage by Physical Host", - "title_size": "16", - "title_align": "left", - "no_metric_hosts": false, - "no_group_hosts": true, - "group": [], - "style": { - "palette": "green_to_orange", - "palette_flip": false - } - }, - "layout": { - "x": 1, - "y": 19, - "width": 41, - "height": 18 - } - }, - { - "id": 8, - "definition": { - "type": "toplist", - "requests": [ - { - "q": "top(avg:hyperv.dynamic_memory_balancer.available_memory{$scope}, 10, 'mean', 'asc')", - "style": { - "palette": "dog_classic" + { + "definition": { + "autoscale": true, + "custom_links": [], + "precision": 2, + "requests": [ + { + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "count:hyperv.hypervisor_logical_processor.guest_run_time{$scope,!instance:_total}" + } + ], + "response_format": "scalar" + } + ], + "time": { + "live_span": "1m" + }, + "title": "Instance Count", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 4, + "layout": { + "height": 11, + "width": 17, + "x": 1, + "y": 38 + } + }, + { + "definition": { + "has_background": false, + "has_border": false, + "horizontal_align": "center", + "margin": "md", + "sizing": "cover", + "type": "image", + "url": "/static/images/logos/hyper-v_large.svg", + "url_dark_theme": "/static/images/logos/hyper-v_reversed_large.svg", + "vertical_align": "center" + }, + "id": 5, + "layout": { + "height": 15, + "width": 41, + "x": 1, + "y": 3 } - } - ], - "custom_links": [], - "title": "Least Available Memory by Host", - "title_size": "16", - "title_align": "left" - }, - "layout": { - "x": 70, - "y": 3, - "width": 34, - "height": 15 - } - } - ], - "template_variables": [ - { - "name": "scope", - "default": "*", - "prefix": null - } - ], - "layout_type": "free", - "is_read_only": true, - "notify_list": [] -} + }, + { + "definition": { + "autoscale": true, + "custom_links": [], + "precision": 2, + "requests": [ + { + "queries": [ + { + "aggregator": "avg", + "data_source": "metrics", + "name": "query1", + "query": "avg:hyperv.dynamic_memory_balancer.available_memory{$scope}" + } + ], + "response_format": "scalar" + } + ], + "title": "Average Available Memory (bytes)", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 6, + "layout": { + "height": 15, + "width": 26, + "x": 43, + "y": 3 + } + }, + { + "definition": { + "custom_links": [], + "group": [], + "no_group_hosts": true, + "no_metric_hosts": false, + "requests": { + "fill": { + "q": "avg:hyperv.hypervisor_logical_processor.guest_run_time{*} by {host}" + } + }, + "style": { + "palette": "green_to_orange", + "palette_flip": false + }, + "title": "CPU Usage by Physical Host", + "title_align": "left", + "title_size": "16", + "type": "hostmap" + }, + "id": 7, + "layout": { + "height": 18, + "width": 41, + "x": 1, + "y": 19 + } + }, + { + "definition": { + "custom_links": [], + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "aggregator": "avg", + "data_source": "metrics", + "name": "query1", + "query": "avg:hyperv.dynamic_memory_balancer.available_memory{$scope}" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "asc", + "type": "formula" + } + ] + }, + "style": { + "palette": "dog_classic" + } + } + ], + "title": "Least Available Memory by Host", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 8, + "layout": { + "height": 15, + "width": 34, + "x": 70, + "y": 3 + } + } + ] +} \ No newline at end of file diff --git a/iam_access_analyzer/README.md b/iam_access_analyzer/README.md index 9e4985f9b34f5..97355dd5464f5 100644 --- a/iam_access_analyzer/README.md +++ b/iam_access_analyzer/README.md @@ -48,6 +48,6 @@ This integration does not include any events. Need help? Contact [Datadog support][3]. -[1]: /logs/guide/forwarder/ +[1]: https://docs.datadoghq.com/logs/guide/forwarder/ [2]: https://app.datadoghq.com/logs?query=source%3Aaccess-analyzer [3]: https://docs.datadoghq.com/help diff --git a/ibm_ace/CHANGELOG.md b/ibm_ace/CHANGELOG.md index eb771d2dd6f51..5f134181fa122 100644 --- a/ibm_ace/CHANGELOG.md +++ b/ibm_ace/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-04-26 / Agent 7.54.0 ***Fixed***: diff --git a/ibm_ace/tests/docker/docker-compose.yaml b/ibm_ace/tests/docker/docker-compose.yaml index 3bf3acc951a8b..3ad304ff84fdc 100644 --- a/ibm_ace/tests/docker/docker-compose.yaml +++ b/ibm_ace/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - # https://github.com/ot4i/ace-docker services: ibm-ace: diff --git a/ibm_db2/CHANGELOG.md b/ibm_db2/CHANGELOG.md index b31c24b608408..0ba2aed87cfc2 100644 --- a/ibm_db2/CHANGELOG.md +++ b/ibm_db2/CHANGELOG.md @@ -2,16 +2,18 @@ +## 4.0.1 / 2024-11-28 + +***Fixed***: + +* Fixes 'unable to import module' on Windows ([#18908](https://github.com/DataDog/integrations-core/pull/18908)) + ## 4.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/ibm_db2/changelog.d/18908.fixed b/ibm_db2/changelog.d/18908.fixed deleted file mode 100644 index 3dadc489fa0d5..0000000000000 --- a/ibm_db2/changelog.d/18908.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixes 'unable to import module' on Windows diff --git a/ibm_db2/datadog_checks/ibm_db2/__about__.py b/ibm_db2/datadog_checks/ibm_db2/__about__.py index 78967d676d1af..59269a7bb5672 100644 --- a/ibm_db2/datadog_checks/ibm_db2/__about__.py +++ b/ibm_db2/datadog_checks/ibm_db2/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2019-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '4.0.0' +__version__ = '4.0.1' diff --git a/ibm_db2/tests/docker/docker-compose.yaml b/ibm_db2/tests/docker/docker-compose.yaml index f46e2be7aaf53..6c377329e622a 100644 --- a/ibm_db2/tests/docker/docker-compose.yaml +++ b/ibm_db2/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: ibm_db2: diff --git a/ibm_i/CHANGELOG.md b/ibm_i/CHANGELOG.md index bb42a4a224626..5d0788a96cf26 100644 --- a/ibm_i/CHANGELOG.md +++ b/ibm_i/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.0 / 2024-02-16 / Agent 7.52.0 ***Added***: diff --git a/ibm_mq/CHANGELOG.md b/ibm_mq/CHANGELOG.md index c39f37d2e197d..aea1f33056f3d 100644 --- a/ibm_mq/CHANGELOG.md +++ b/ibm_mq/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 6.4.0 / 2024-09-05 diff --git a/ibm_mq/README.md b/ibm_mq/README.md index 8bb80e851e4cd..e301efa22d713 100644 --- a/ibm_mq/README.md +++ b/ibm_mq/README.md @@ -139,6 +139,13 @@ Configure the environment variable `MQ_FILE_PATH`, to point at the data director There are many ways to set up permissions in IBM MQ. Depending on how your setup works, create a `datadog` user within MQ with read only permissions and, optionally, `+chg` permissions. `+chg` permissions are required to collect metrics for [reset queue statistics][14] (`MQCMD_RESET_Q_STATS`). If you do not wish to collect these metrics you can disable `collect_reset_queue_metrics` on the configuration. Collecting reset queue statistics performance data will also reset the performance data. +The example below sets the required permissions on the queue manager `QM1` for the `mqclient` group, the group the `datadog` user is using to execute commands. You can use wildcards to grant permissions to many queues at once. + +{{< code-block lang="shell" >}} +setmqaut -m QM1 -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -g mqclient +dsp +inq +get +put +setmqaut -m QM1 -n SYSTEM.MQEXPLORER.REPLY.MODEL -t queue -g mqclient +dsp +inq +get +put +{{< /code-block >}} + **Note**: "Queue Monitoring" must be enabled on the MQ server and set to at least "Medium". This can be done using the MQ UI or with an `mqsc` command in the server's host: ```text diff --git a/ibm_was/CHANGELOG.md b/ibm_was/CHANGELOG.md index 59d1efa33626d..af40b435fa179 100644 --- a/ibm_was/CHANGELOG.md +++ b/ibm_was/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Bump lxml version for py3.12 E2E tests ([#18637](https://github.com/DataDog/integrations-core/pull/18637)) ## 3.3.2 / 2024-08-28 / Agent 7.57.0 diff --git a/ibm_was/tests/docker/docker-compose.yaml b/ibm_was/tests/docker/docker-compose.yaml index cf38aea05438f..612fd311acb29 100644 --- a/ibm_was/tests/docker/docker-compose.yaml +++ b/ibm_was/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: ibm_was: container_name: ibm_was diff --git a/ignite/CHANGELOG.md b/ignite/CHANGELOG.md index cf8218d1cb91a..a3d477413991b 100644 --- a/ignite/CHANGELOG.md +++ b/ignite/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.4.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/iis/CHANGELOG.md b/iis/CHANGELOG.md index cc8f2a6a368b6..7d122302a165e 100644 --- a/iis/CHANGELOG.md +++ b/iis/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.1.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/impala/CHANGELOG.md b/impala/CHANGELOG.md index fcbbb30121c84..fdbd196d6633b 100644 --- a/impala/CHANGELOG.md +++ b/impala/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/istio/CHANGELOG.md b/istio/CHANGELOG.md index 537689df67076..bfe5ca8ccf67c 100644 --- a/istio/CHANGELOG.md +++ b/istio/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.1.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/istio/README.md b/istio/README.md index f89340b6a9f84..2d657017a5b0c 100644 --- a/istio/README.md +++ b/istio/README.md @@ -5,7 +5,7 @@ Datadog monitors every aspect of your Istio environment, so you can: - Assess the health of Envoy and the Istio control plane with [logs](#log-collection). - Break down the performance of your service mesh with [request, bandwidth, and resource consumption metrics](#metrics). -- Map network communication between containers, pods, and services over the mesh with [Network Performance Monitoring][1]. +- Map network communication between containers, pods, and services over the mesh with [Cloud Network Monitoring][1]. - Drill into distributed traces for applications transacting over the mesh with [APM][2]. To learn more about monitoring your Istio environment with Datadog, [see the Monitor blog post][3]. diff --git a/jboss_wildfly/CHANGELOG.md b/jboss_wildfly/CHANGELOG.md index add07da148de4..5d6008353c7f4 100644 --- a/jboss_wildfly/CHANGELOG.md +++ b/jboss_wildfly/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/jboss_wildfly/tests/docker/docker-compose.yml b/jboss_wildfly/tests/docker/docker-compose.yml index 4e806f9bd0118..382b6aa12b83b 100644 --- a/jboss_wildfly/tests/docker/docker-compose.yml +++ b/jboss_wildfly/tests/docker/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3' services: jboss_wildfly: image: jboss/wildfly:16.0.0.Final diff --git a/journald/CHANGELOG.md b/journald/CHANGELOG.md index 076ec25714dd6..1c85c0721ec5b 100644 --- a/journald/CHANGELOG.md +++ b/journald/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.2.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/kafka/CHANGELOG.md b/kafka/CHANGELOG.md index 3f8dcab5d9540..32295bbad7d4b 100644 --- a/kafka/CHANGELOG.md +++ b/kafka/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.16.0 / 2024-05-31 / Agent 7.55.0 ***Added***: diff --git a/kafka_consumer/CHANGELOG.md b/kafka_consumer/CHANGELOG.md index e6191714d124e..7e993f84c168e 100644 --- a/kafka_consumer/CHANGELOG.md +++ b/kafka_consumer/CHANGELOG.md @@ -2,16 +2,18 @@ +## 6.1.0 / 2024-11-25 + +***Security***: + +* Bump confluent-kafka to 2.6.1 ([#19099](https://github.com/DataDog/integrations-core/pull/19099)) + ## 6.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.6.1 / 2024-09-05 ***Fixed***: @@ -32,7 +38,7 @@ ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 4.5.0 / 2024-07-05 / Agent 7.56.0 diff --git a/kafka_consumer/changelog.d/19099.security b/kafka_consumer/changelog.d/19099.security deleted file mode 100644 index 48e5443d8c3a5..0000000000000 --- a/kafka_consumer/changelog.d/19099.security +++ /dev/null @@ -1 +0,0 @@ -Bump confluent-kafka to 2.6.1 \ No newline at end of file diff --git a/kafka_consumer/datadog_checks/kafka_consumer/__about__.py b/kafka_consumer/datadog_checks/kafka_consumer/__about__.py index 91262416e46c9..34fa89c4d14c1 100644 --- a/kafka_consumer/datadog_checks/kafka_consumer/__about__.py +++ b/kafka_consumer/datadog_checks/kafka_consumer/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = "6.0.0" +__version__ = "6.1.0" diff --git a/kafka_consumer/datadog_checks/kafka_consumer/client.py b/kafka_consumer/datadog_checks/kafka_consumer/client.py index 288354acd49db..6c93f8e3887fd 100644 --- a/kafka_consumer/datadog_checks/kafka_consumer/client.py +++ b/kafka_consumer/datadog_checks/kafka_consumer/client.py @@ -6,15 +6,13 @@ from confluent_kafka import Consumer, ConsumerGroupTopicPartitions, KafkaException, TopicPartition from confluent_kafka.admin import AdminClient -from datadog_checks.kafka_consumer.constants import KAFKA_INTERNAL_TOPICS, OFFSET_INVALID - class KafkaClient: def __init__(self, config, log) -> None: self.config = config self.log = log self._kafka_client = None - self.topic_partition_cache = {} + self._consumer = None @property def kafka_client(self): @@ -31,7 +29,7 @@ def kafka_client(self): return self._kafka_client - def __create_consumer(self, consumer_group): + def open_consumer(self, consumer_group): config = { "bootstrap.servers": self.config._kafka_connect_str, "group.id": consumer_group, @@ -41,7 +39,12 @@ def __create_consumer(self, consumer_group): } config.update(self.__get_authentication_config()) - return Consumer(config, logger=self.log) + self._consumer = Consumer(config, logger=self.log) + self.log.debug("Consumer instance %s created for group %s", self._consumer, consumer_group) + + def close_consumer(self): + self.log.debug("Closing consumer instance %s", self._consumer) + self._consumer.close() def __get_authentication_config(self): config = { @@ -79,252 +82,105 @@ def __get_authentication_config(self): return config - def get_highwater_offsets(self, consumer_offsets): - self.log.debug('Getting highwater offsets') - - cluster_id = "" - highwater_offsets = {} - topics_with_consumer_offset = set() - topic_partition_with_consumer_offset = set() - - if not self.config._monitor_all_broker_highwatermarks: - for _, topic, partition in consumer_offsets: - topics_with_consumer_offset.add(topic) - topic_partition_with_consumer_offset.add((topic, partition)) - - topic_partition_checked = set() - - for consumer_group, _topic, _partition in consumer_offsets: - self.log.debug('CONSUMER GROUP: %s', consumer_group) - if (_topic, _partition) in topic_partition_checked: - self.log.debug('Highwater offset already collected for topic %s with partition %s', _topic, _partition) - continue - - topic_partitions_for_highwater_offsets = set() - - consumer = self.__create_consumer(consumer_group) - self.log.debug("Consumer instance %s created for group %s", consumer, consumer_group) - cluster_metadata = consumer.list_topics(timeout=self.config._request_timeout) - try: - cluster_id = cluster_metadata.cluster_id - except AttributeError: - self.log.error("Failed to get cluster metadata for consumer group %s", consumer_group) - topics = cluster_metadata.topics - - for topic in topics: - if topic in KAFKA_INTERNAL_TOPICS: - self.log.debug("Skipping internal topic %s", topic) - continue - if not self.config._monitor_all_broker_highwatermarks and topic not in topics_with_consumer_offset: - self.log.debug("Skipping non-relevant topic %s", topic) - continue - - for partition in topics[topic].partitions: - if ( - self.config._monitor_all_broker_highwatermarks - or (topic, partition) in topic_partition_with_consumer_offset - ): - # Setting offset to -1 will return the latest highwater offset while calling offsets_for_times - # Reference: https://github.com/fede1024/rust-rdkafka/issues/460 - topic_partitions_for_highwater_offsets.add( - TopicPartition(topic=topic, partition=partition, offset=-1) - ) - self.log.debug('TOPIC: %s', topic) - self.log.debug('PARTITION: %s', partition) - else: - self.log.debug("Skipping non-relevant partition %s of topic %s", partition, topic) - - if len(topic_partitions_for_highwater_offsets) > 0: - self.log.debug( - 'Querying %s highwater offsets for consumer group %s', - len(topic_partitions_for_highwater_offsets), - consumer_group, - ) - for topic_partition_with_highwater_offset in consumer.offsets_for_times( - partitions=list(topic_partitions_for_highwater_offsets), - timeout=self.config._request_timeout, - ): - self.log.debug('Topic partition with highwater offset: %s', topic_partition_with_highwater_offset) - topic = topic_partition_with_highwater_offset.topic - partition = topic_partition_with_highwater_offset.partition - offset = topic_partition_with_highwater_offset.offset - highwater_offsets[(topic, partition)] = offset - self.log.debug("Adding %s %s to checked set to facilitate early exit", topic, partition) - topic_partition_checked.add((topic, partition)) - else: - self.log.debug('No new highwater offsets to query for consumer group %s', consumer_group) - - self.log.debug("Closing consumer instance %s", consumer) - consumer.close() - - self.log.debug('Got %s highwater offsets', len(highwater_offsets)) - return highwater_offsets, cluster_id + def consumer_get_cluster_id_and_list_topics(self, consumer_group): + cluster_metadata = self._consumer.list_topics(timeout=self.config._request_timeout) + try: + # TODO: remove this try-except, the attribute is always present. + cluster_id = cluster_metadata.cluster_id + except AttributeError: + self.log.error("Failed to get cluster metadata for consumer group %s", consumer_group) + return "", [] + return (cluster_id, [(name, list(metadata.partitions)) for name, metadata in cluster_metadata.topics.items()]) + + def consumer_offsets_for_times(self, partitions): + topicpartitions_for_querying = [ + # Setting offset to -1 will return the latest highwater offset while calling offsets_for_times + # Reference: https://github.com/fede1024/rust-rdkafka/issues/460 + TopicPartition(topic=topic, partition=partition, offset=-1) + for topic, partition in partitions + ] + return [ + (tp.topic, tp.partition, tp.offset) + for tp in self._consumer.offsets_for_times( + partitions=topicpartitions_for_querying, timeout=self.config._request_timeout + ) + ] def get_partitions_for_topic(self, topic): - if partitions := self.topic_partition_cache.get(topic): - return partitions - try: cluster_metadata = self.kafka_client.list_topics(topic, timeout=self.config._request_timeout) except KafkaException as e: self.log.error("Received exception when getting partitions for topic %s: %s", topic, e) - return None - else: - topic_metadata = cluster_metadata.topics[topic] - partitions = list(topic_metadata.partitions.keys()) - self.topic_partition_cache[topic] = partitions - return partitions + return [] + topic_metadata = cluster_metadata.topics[topic] + return list(topic_metadata.partitions) def request_metadata_update(self): # https://github.com/confluentinc/confluent-kafka-python/issues/594 self.kafka_client.list_topics(None, timeout=self.config._request_timeout) - def get_consumer_offsets(self): - # {(consumer_group, topic, partition): offset} - self.log.debug('Getting consumer offsets') - consumer_offsets = {} - - consumer_groups = self._get_consumer_groups() - self.log.debug('Identified %s consumer groups', len(consumer_groups)) + def list_consumer_groups(self): + groups = [] + try: + groups_res = self.kafka_client.list_consumer_groups().result() + for valid_group in groups_res.valid: + self.log.debug("Discovered consumer group: %s", valid_group.group_id) + groups.append(valid_group.group_id) + except Exception as e: + self.log.error("Failed to collect consumer groups: %s", e) + return groups + + def list_consumer_group_offsets(self, groups): + """ + For every group and (optionally) its topics and partitions retrieve consumer offsets. - futures = self._get_consumer_offset_futures(consumer_groups) - self.log.debug('%s futures to be waited on', len(futures)) + As input expects a list of tuples: (consumer_group_id, topic_partitions). + topic_partitions are either None to indicate we want all topics and partitions OR a list of (topic, partition). - for future in as_completed(futures): + Returns a list of tuples with members: + 1. group id + 2. list of tuples: (topic, partition, offset) + """ + futures = [] + for consumer_group, topic_partitions in groups: + topic_partitions = ( + topic_partitions if topic_partitions is None else [TopicPartition(t, p) for t, p in topic_partitions] + ) + futures.append( + self.kafka_client.list_consumer_group_offsets( + [ConsumerGroupTopicPartitions(group_id=consumer_group, topic_partitions=topic_partitions)] + )[consumer_group] + ) + offsets = [] + for completed in as_completed(futures): try: - response_offset_info = future.result() + response_offset_info = completed.result() except KafkaException as e: - self.log.debug("Failed to read consumer offsets for future %s: %s", future, e) - else: - consumer_group = response_offset_info.group_id - topic_partitions = response_offset_info.topic_partitions - - self.log.debug('RESULT CONSUMER GROUP: %s', consumer_group) - self.log.debug('RESULT TOPIC PARTITIONS: %s', topic_partitions) - - for topic_partition in topic_partitions: - topic = topic_partition.topic - partition = topic_partition.partition - offset = topic_partition.offset - - self.log.debug('RESULTS TOPIC: %s', topic) - self.log.debug('RESULTS PARTITION: %s', partition) - self.log.debug('RESULTS OFFSET: %s', offset) - - if topic_partition.error: - self.log.debug( - "Encountered error: %s. Occurred with topic: %s; partition: [%s]", - topic_partition.error.str(), - topic_partition.topic, - str(topic_partition.partition), - ) - continue - - if offset == OFFSET_INVALID: - continue - - if self.config._monitor_unlisted_consumer_groups or not self.config._consumer_groups_compiled_regex: - consumer_offsets[(consumer_group, topic, partition)] = offset - else: - to_match = f"{consumer_group},{topic},{partition}" - if self.config._consumer_groups_compiled_regex.match(to_match): - consumer_offsets[(consumer_group, topic, partition)] = offset - - self.log.debug('Got %s consumer offsets', len(consumer_offsets)) - return consumer_offsets - - def _get_consumer_groups(self): - # Get all consumer groups to monitor - consumer_groups = [] - if self.config._monitor_unlisted_consumer_groups or self.config._consumer_groups_compiled_regex: - consumer_groups_future = self.kafka_client.list_consumer_groups() - try: - list_consumer_groups_result = consumer_groups_future.result() - for valid_consumer_group in list_consumer_groups_result.valid: - self.log.debug("Discovered consumer group: %s", valid_consumer_group.group_id) - - consumer_groups.extend( - valid_consumer_group.group_id - for valid_consumer_group in list_consumer_groups_result.valid - if valid_consumer_group.group_id != "" - ) - except Exception as e: - self.log.error("Failed to collect consumer groups: %s", e) - return consumer_groups - else: - return self.config._consumer_groups - - def get_consumer_group_state(self, consumer_group): - consumer_group_state = "" - # Get the consumer group state if present - consumer_groups_future = self._describe_consumer_groups(consumer_group) - consumer_groups_result = consumer_groups_future[consumer_group].result() - self.log.debug( - "Consumer group: %s in state %s", - consumer_groups_result.group_id, - consumer_groups_result.state, - ) - consumer_group_result_state = str(consumer_groups_result.state) - consumer_group_state = consumer_group_result_state.split('.')[1] - - return consumer_group_state - - def _list_consumer_group_offsets(self, cg_tp): - """ - :returns: A dict of futures for each group, keyed by the group id. - The future result() method returns :class:`ConsumerGroupTopicPartitions`. - - :rtype: dict[str, future] - """ - return self.kafka_client.list_consumer_group_offsets([cg_tp]) + self.log.debug("Failed to read consumer offsets for future %s: %s", completed, e) + continue + tpo = [] + for tp in response_offset_info.topic_partitions: + if tp.error: + self.log.debug( + "Encountered error: %s. Occurred with topic: %s; partition: [%s]", + tp.error.str(), + tp.topic, + str(tp.partition), + ) + continue + tpo.append((tp.topic, tp.partition, tp.offset)) + offsets.append((response_offset_info.group_id, tpo)) + return offsets - def _describe_consumer_groups(self, consumer_group): + def describe_consumer_groups(self, consumer_group): """ :returns: A dict of futures for each group, keyed by the group_id. The future result() method returns :class:`ConsumerGroupDescription`. :rtype: dict[str, future] """ - return self.kafka_client.describe_consumer_groups([consumer_group]) + desc = self.kafka_client.describe_consumer_groups([consumer_group])[consumer_group].result() + return (desc.group_id, desc.state.value) def close_admin_client(self): self._kafka_client = None - - def _get_consumer_offset_futures(self, consumer_groups): - futures = [] - - # If either monitoring all consumer groups or regex, return all consumer group offsets (can filter later) - if self.config._monitor_unlisted_consumer_groups or self.config._consumer_groups_compiled_regex: - for consumer_group in consumer_groups: - futures.append( - self._list_consumer_group_offsets(ConsumerGroupTopicPartitions(consumer_group))[consumer_group] - ) - return futures - - for consumer_group in consumer_groups: - # If topics are specified - topics = consumer_groups.get(consumer_group) - if not topics: - futures.append( - self._list_consumer_group_offsets(ConsumerGroupTopicPartitions(consumer_group))[consumer_group] - ) - continue - - for topic in topics: - # If partitions are defined - if partitions := topics[topic]: - topic_partitions = [TopicPartition(topic, partition) for partition in partitions] - # If partitions are not defined - else: - # get all the partitions for this topic - partitions = self.get_partitions_for_topic(topic) - - topic_partitions = [TopicPartition(topic, partition) for partition in partitions] - - futures.append( - self._list_consumer_group_offsets(ConsumerGroupTopicPartitions(consumer_group, topic_partitions))[ - consumer_group - ] - ) - - return futures diff --git a/kafka_consumer/datadog_checks/kafka_consumer/kafka_consumer.py b/kafka_consumer/datadog_checks/kafka_consumer/kafka_consumer.py index ca5887039aed5..554ef4f6d3373 100644 --- a/kafka_consumer/datadog_checks/kafka_consumer/kafka_consumer.py +++ b/kafka_consumer/datadog_checks/kafka_consumer/kafka_consumer.py @@ -8,6 +8,7 @@ from datadog_checks.base import AgentCheck, is_affirmative from datadog_checks.kafka_consumer.client import KafkaClient from datadog_checks.kafka_consumer.config import KafkaConfig +from datadog_checks.kafka_consumer.constants import KAFKA_INTERNAL_TOPICS, OFFSET_INVALID MAX_TIMESTAMPS = 1000 @@ -22,6 +23,7 @@ def __init__(self, name, init_config, instances): self._data_streams_enabled = is_affirmative(self.instance.get('data_streams_enabled', False)) self._max_timestamps = int(self.instance.get('timestamp_history_size', MAX_TIMESTAMPS)) self.client = KafkaClient(self.config, self.log) + self.topic_partition_cache = {} self.check_initializations.insert(0, self.config.validate_config) def check(self, _): @@ -40,7 +42,7 @@ def check(self, _): try: # Fetch consumer offsets # Expected format: {(consumer_group, topic, partition): offset} - consumer_offsets = self.client.get_consumer_offsets() + consumer_offsets = self.get_consumer_offsets() except Exception: self.log.exception("There was a problem collecting consumer offsets from Kafka.") # don't raise because we might get valid broker offsets @@ -54,7 +56,7 @@ def check(self, _): if len(consumer_offsets) < self._context_limit: # Fetch highwater offsets # Expected format: ({(topic, partition): offset}, cluster_id) - highwater_offsets, cluster_id = self.client.get_highwater_offsets(consumer_offsets) + highwater_offsets, cluster_id = self.get_highwater_offsets(consumer_offsets) if self._data_streams_enabled: broker_timestamps = self._load_broker_timestamps(persistent_cache_key) self._add_broker_timestamps(broker_timestamps, highwater_offsets) @@ -95,6 +97,74 @@ def check(self, _): if self.config._close_admin_client: self.client.close_admin_client() + def get_consumer_offsets(self): + # {(consumer_group, topic, partition): offset} + self.log.debug('Getting consumer offsets') + consumer_offsets = {} + + consumer_groups = self._get_consumer_groups() + self.log.debug('Identified %s consumer groups', len(consumer_groups)) + + offsets = self._get_offsets_for_groups(consumer_groups) + self.log.debug('%s futures to be waited on', len(offsets)) + + for consumer_group, topic_partitions in offsets: + + self.log.debug('RESULT CONSUMER GROUP: %s', consumer_group) + + for topic, partition, offset in topic_partitions: + self.log.debug('RESULTS TOPIC: %s', topic) + self.log.debug('RESULTS PARTITION: %s', partition) + self.log.debug('RESULTS OFFSET: %s', offset) + + if offset == OFFSET_INVALID: + continue + + if self.config._monitor_unlisted_consumer_groups or not self.config._consumer_groups_compiled_regex: + consumer_offsets[(consumer_group, topic, partition)] = offset + else: + to_match = f"{consumer_group},{topic},{partition}" + if self.config._consumer_groups_compiled_regex.match(to_match): + consumer_offsets[(consumer_group, topic, partition)] = offset + + self.log.debug('Got %s consumer offsets', len(consumer_offsets)) + return consumer_offsets + + def _get_consumer_groups(self): + # Get all consumer groups to monitor + if self.config._monitor_unlisted_consumer_groups or self.config._consumer_groups_compiled_regex: + return [grp for grp in self.client.list_consumer_groups() if grp] + else: + return self.config._consumer_groups + + def _get_offsets_for_groups(self, consumer_groups): + groups = [] + + # If either monitoring all consumer groups or regex, return all consumer group offsets (can filter later) + if self.config._monitor_unlisted_consumer_groups or self.config._consumer_groups_compiled_regex: + for consumer_group in consumer_groups: + groups.append((consumer_group, None)) + return self.client.list_consumer_group_offsets(groups) + + for consumer_group in consumer_groups: + # If topics are specified + topics = consumer_groups.get(consumer_group) + if not topics: + groups.append((consumer_group, None)) + continue + + for topic, partitions in topics.items(): + if not partitions: + if topic in self.topic_partition_cache: + partitions = self.topic_partition_cache[topic] + else: + partitions = self.topic_partition_cache[topic] = self.client.get_partitions_for_topic(topic) + topic_partitions = [(topic, p) for p in partitions] + + groups.append((consumer_group, topic_partitions)) + + return self.client.list_consumer_group_offsets(groups) + def _load_broker_timestamps(self, persistent_cache_key): """Loads broker timestamps from persistent cache.""" broker_timestamps = defaultdict(dict) @@ -139,7 +209,7 @@ def report_consumer_offsets_and_lag( reported_contexts = 0 self.log.debug("Reporting consumer offsets and lag metrics") for (consumer_group, topic, partition), consumer_offset in consumer_offsets.items(): - consumer_group_state = self.client.get_consumer_group_state(consumer_group) + consumer_group_state = self.get_consumer_group_state(consumer_group) if reported_contexts >= contexts_limit: self.log.debug( "Reported contexts number %s greater than or equal to contexts limit of %s, returning", @@ -207,7 +277,7 @@ def report_consumer_offsets_and_lag( self.gauge('estimated_consumer_lag', lag, tags=consumer_group_tags) reported_contexts += 1 else: - if partitions is None: + if not partitions: msg = ( "Consumer group: %s has offsets for topic: %s, partition: %s, but that topic has no partitions " "in the cluster, so skipping reporting these offsets." @@ -221,6 +291,82 @@ def report_consumer_offsets_and_lag( self.client.request_metadata_update() # force metadata update on next poll() self.log.debug('%s consumer offsets reported', reported_contexts) + def get_consumer_group_state(self, consumer_group): + consumer_group_state = "" + # Get the consumer group state if present + group_id, consumer_group_state = self.client.describe_consumer_groups(consumer_group) + self.log.debug( + "Consumer group: %s in state %s", + group_id, + consumer_group_state, + ) + return consumer_group_state + + def get_highwater_offsets(self, consumer_offsets): + self.log.debug('Getting highwater offsets') + + cluster_id = "" + highwater_offsets = {} + topics_with_consumer_offset = set() + topic_partition_with_consumer_offset = set() + + if not self.config._monitor_all_broker_highwatermarks: + for _, topic, partition in consumer_offsets: + topics_with_consumer_offset.add(topic) + topic_partition_with_consumer_offset.add((topic, partition)) + + topic_partition_checked = set() + + for consumer_group, _topic, _partition in consumer_offsets: + self.log.debug('CONSUMER GROUP: %s', consumer_group) + if (_topic, _partition) in topic_partition_checked: + self.log.debug('Highwater offset already collected for topic %s with partition %s', _topic, _partition) + continue + + topic_partitions_for_highwater_offsets = set() + + self.client.open_consumer(consumer_group) + cluster_id, topics = self.client.consumer_get_cluster_id_and_list_topics(consumer_group) + + for topic, partitions in topics: + if topic in KAFKA_INTERNAL_TOPICS: + self.log.debug("Skipping internal topic %s", topic) + continue + if not self.config._monitor_all_broker_highwatermarks and topic not in topics_with_consumer_offset: + self.log.debug("Skipping non-relevant topic %s", topic) + continue + + for partition in partitions: + if ( + self.config._monitor_all_broker_highwatermarks + or (topic, partition) in topic_partition_with_consumer_offset + ): + topic_partitions_for_highwater_offsets.add((topic, partition)) + self.log.debug('TOPIC: %s', topic) + self.log.debug('PARTITION: %s', partition) + else: + self.log.debug("Skipping non-relevant partition %s of topic %s", partition, topic) + + if len(topic_partitions_for_highwater_offsets) > 0: + self.log.debug( + 'Querying %s highwater offsets for consumer group %s', + len(topic_partitions_for_highwater_offsets), + consumer_group, + ) + for topic, partition, offset in self.client.consumer_offsets_for_times( + partitions=topic_partitions_for_highwater_offsets + ): + highwater_offsets[(topic, partition)] = offset + self.log.debug("Adding %s %s to checked set to facilitate early exit", topic, partition) + topic_partition_checked.add((topic, partition)) + else: + self.log.debug('No new highwater offsets to query for consumer group %s', consumer_group) + + self.client.close_consumer() + + self.log.debug('Got %s highwater offsets', len(highwater_offsets)) + return highwater_offsets, cluster_id + def send_event(self, title, text, tags, event_type, aggregation_key, severity='info'): """Emit an event to the Datadog Event Stream.""" event_dict = { diff --git a/kafka_consumer/tests/test_integration.py b/kafka_consumer/tests/test_integration.py index 4886cd74633b7..f94d8e213ed66 100644 --- a/kafka_consumer/tests/test_integration.py +++ b/kafka_consumer/tests/test_integration.py @@ -467,3 +467,42 @@ def test_regex_consumer_groups( aggregator.assert_metric("kafka.estimated_consumer_lag", count=consumer_lag_seconds_count) assert expected_warning in caplog.text + + +@pytest.mark.parametrize( + 'read_persistent_cache, kafka_instance_config, consumer_lag_seconds_count', + [ + pytest.param( + "", + { + 'consumer_groups': {}, + 'data_streams_enabled': 'true', + 'monitor_unlisted_consumer_groups': True, + }, + 0, + id='Read from cache failed', + ), + ], +) +def test_load_broker_timestamps_empty( + read_persistent_cache, + kafka_instance_config, + consumer_lag_seconds_count, + kafka_instance, + dd_run_check, + caplog, + aggregator, + check, +): + + kafka_instance.update(kafka_instance_config) + check = check(kafka_instance) + check.read_persistent_cache = mock.Mock(return_value=read_persistent_cache) + dd_run_check(check) + + caplog.set_level(logging.WARN) + expected_warning = " Could not read broker timestamps from cache" + + assert expected_warning in caplog.text + aggregator.assert_metric("kafka.estimated_consumer_lag", count=consumer_lag_seconds_count) + assert check.read_persistent_cache.mock_calls == [mock.call("broker_timestamps_")] diff --git a/kafka_consumer/tests/test_unit.py b/kafka_consumer/tests/test_unit.py index ac593a9761e94..f38bda65e8c23 100644 --- a/kafka_consumer/tests/test_unit.py +++ b/kafka_consumer/tests/test_unit.py @@ -1,20 +1,50 @@ # (C) Datadog, Inc. 2023-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -import concurrent.futures import logging from contextlib import nullcontext as does_not_raise import mock import pytest -from confluent_kafka.admin._group import ConsumerGroupListing, ListConsumerGroupsResult from datadog_checks.kafka_consumer import KafkaCheck +from datadog_checks.kafka_consumer.client import KafkaClient from datadog_checks.kafka_consumer.kafka_consumer import _get_interpolated_timestamp pytestmark = [pytest.mark.unit] +def fake_consumer_offsets_for_times(partitions): + """In our testing environment the offset is 80 for all partitions and topics.""" + + return [(t, p, 80) for t, p in partitions] + + +def seed_mock_client(): + """Set some common defaults for the mock client to kafka.""" + client = mock.create_autospec(KafkaClient) + client.list_consumer_groups.return_value = ["consumer_group1"] + client.get_partitions_for_topic.return_value = ['partition1'] + client.list_consumer_group_offsets.return_value = [("consumer_group1", [("topic1", "partition1", 2)])] + client.describe_consumer_groups.return_value = ('consumer_group', 'STABLE') + client.consumer_get_cluster_id_and_list_topics.return_value = ( + "cluster_id", + # topics + [ + # Used in unit tets + ('topic1', ["partition1"]), + ('topic2', ["partition2"]), + # Copied from integration tests + ('dc', [0, 1]), + ('unconsumed_topic', [0, 1]), + ('marvel', [0, 1]), + ('__consumer_offsets', [0, 1, 2, 3, 4, 5, 6, 7, 8, 9]), + ], + ) + client.consumer_offsets_for_times = fake_consumer_offsets_for_times + return client + + @pytest.mark.parametrize( 'legacy_config, kafka_client_config, value', [ @@ -149,24 +179,15 @@ def test_oauth_config( # TODO: After these tests are finished and the revamp is complete, # the tests should be refactored to be parameters instead of separate tests -@mock.patch("datadog_checks.kafka_consumer.kafka_consumer.KafkaClient") -def test_when_consumer_lag_less_than_zero_then_emit_event( - mock_generic_client, check, kafka_instance, dd_run_check, aggregator -): +def test_when_consumer_lag_less_than_zero_then_emit_event(check, kafka_instance, dd_run_check, aggregator): # Given - # consumer_offset = {(consumer_group, topic, partition): offset} - consumer_offset = {("consumer_group1", "topic1", "partition1"): 2} - # highwater_offset = {(topic, partition): offset} - highwater_offset = {("topic1", "partition1"): 1} - mock_client = mock.MagicMock() - mock_client.get_consumer_offsets.return_value = consumer_offset - mock_client.get_highwater_offsets.return_value = (highwater_offset, "cluster_id") - mock_client.get_partitions_for_topic.return_value = ['partition1'] - mock_client.get_consumer_group_state.return_value = "STABLE" - mock_generic_client.return_value = mock_client + mock_client = seed_mock_client() + # We need the consumer offset to be higher than the highwater offset. + mock_client.list_consumer_group_offsets.return_value = [("consumer_group1", [("topic1", "partition1", 81)])] + kafka_consumer_check = check(kafka_instance) + kafka_consumer_check.client = mock_client # When - kafka_consumer_check = check(kafka_instance) dd_run_check(kafka_consumer_check) # Then @@ -216,24 +237,16 @@ def test_when_consumer_lag_less_than_zero_then_emit_event( ) -@mock.patch("datadog_checks.kafka_consumer.kafka_consumer.KafkaClient") -def test_when_partition_is_none_then_emit_warning_log( - mock_generic_client, check, kafka_instance, dd_run_check, aggregator, caplog -): +def test_when_no_partitions_then_emit_warning_log(check, kafka_instance, dd_run_check, aggregator, caplog): # Given - # consumer_offset = {(consumer_group, topic, partition): offset} - consumer_offset = {("consumer_group1", "topic1", "partition1"): 2} - # highwater_offset = {(topic, partition): offset} - highwater_offset = {("topic1", "partition1"): 1} - mock_client = mock.MagicMock() - mock_client.get_consumer_offsets.return_value = consumer_offset - mock_client.get_highwater_offsets.return_value = (highwater_offset, "cluster_id") - mock_client.get_partitions_for_topic.return_value = None - mock_generic_client.return_value = mock_client caplog.set_level(logging.WARNING) - # When + mock_client = seed_mock_client() + mock_client.get_partitions_for_topic.return_value = [] kafka_consumer_check = check(kafka_instance) + kafka_consumer_check.client = mock_client + + # When dd_run_check(kafka_consumer_check) # Then @@ -261,24 +274,18 @@ def test_when_partition_is_none_then_emit_warning_log( assert expected_warning in caplog.text -@mock.patch("datadog_checks.kafka_consumer.kafka_consumer.KafkaClient") def test_when_partition_not_in_partitions_then_emit_warning_log( - mock_generic_client, check, kafka_instance, dd_run_check, aggregator, caplog + check, kafka_instance, dd_run_check, aggregator, caplog ): # Given - # consumer_offset = {(consumer_group, topic, partition): offset} - consumer_offset = {("consumer_group1", "topic1", "partition1"): 2} - # highwater_offset = {(topic, partition): offset} - highwater_offset = {("topic1", "partition1"): 1} - mock_client = mock.MagicMock() - mock_client.get_consumer_offsets.return_value = consumer_offset - mock_client.get_highwater_offsets.return_value = (highwater_offset, "cluster_id") - mock_client.get_partitions_for_topic.return_value = ['partition2'] - mock_generic_client.return_value = mock_client caplog.set_level(logging.WARNING) - # When + mock_client = seed_mock_client() + mock_client.get_partitions_for_topic.return_value = ['partition2'] kafka_consumer_check = check(kafka_instance) + kafka_consumer_check.client = mock_client + + # When dd_run_check(kafka_consumer_check) # Then @@ -306,54 +313,44 @@ def test_when_partition_not_in_partitions_then_emit_warning_log( assert expected_warning in caplog.text -@mock.patch("datadog_checks.kafka_consumer.kafka_consumer.KafkaClient") def test_when_highwater_metric_count_hit_context_limit_then_no_more_highwater_metrics( - mock_generic_client, kafka_instance, dd_run_check, aggregator, caplog + check, kafka_instance, dd_run_check, aggregator, caplog ): # Given - # consumer_offset = {(consumer_group, topic, partition): offset} - consumer_offset = {("consumer_group1", "topic1", "partition1"): 2} - # highwater_offset = {(topic, partition): offset} - highwater_offset = {("topic1", "partition1"): 3, ("topic2", "partition2"): 3} - mock_client = mock.MagicMock() - mock_client.get_consumer_offsets.return_value = consumer_offset - mock_client.get_highwater_offsets.return_value = (highwater_offset, "cluster_id") - mock_client.get_partitions_for_topic.return_value = ['partition1'] - mock_generic_client.return_value = mock_client caplog.set_level(logging.WARNING) + mock_client = seed_mock_client() + kafka_consumer_check = check(kafka_instance, init_config={'max_partition_contexts': 2}) + kafka_consumer_check.client = mock_client + # When - kafka_consumer_check = KafkaCheck('kafka_consumer', {'max_partition_contexts': 2}, [kafka_instance]) dd_run_check(kafka_consumer_check) # Then - aggregator.assert_metric("kafka.broker_offset", count=2) - aggregator.assert_metric("kafka.consumer_offset", count=0) + aggregator.assert_metric("kafka.broker_offset", count=1) + aggregator.assert_metric("kafka.consumer_offset", count=1) aggregator.assert_metric("kafka.consumer_lag", count=0) - expected_warning = "Discovered 3 metric contexts" + expected_warning = "Discovered 2 metric contexts" assert expected_warning in caplog.text -@mock.patch("datadog_checks.kafka_consumer.kafka_consumer.KafkaClient") def test_when_consumer_metric_count_hit_context_limit_then_no_more_consumer_metrics( - mock_generic_client, kafka_instance, dd_run_check, aggregator, caplog + check, kafka_instance, dd_run_check, aggregator, caplog ): # Given - # consumer_offset = {(consumer_group, topic, partition): offset} - consumer_offset = {("consumer_group1", "topic1", "partition1"): 2, ("consumer_group1", "topic2", "partition2"): 2} - # highwater_offset = {(topic, partition): offset} - highwater_offset = {("topic1", "partition1"): 3, ("topic2", "partition2"): 3} - mock_client = mock.MagicMock() - mock_client.get_consumer_offsets.return_value = consumer_offset - mock_client.get_highwater_offsets.return_value = (highwater_offset, "cluster_id") - mock_client.get_partitions_for_topic.return_value = ['partition1'] - mock_generic_client.return_value = mock_client caplog.set_level(logging.DEBUG) + mock_client = seed_mock_client() + mock_client.list_consumer_group_offsets.return_value = [ + ("consumer_group1", [("topic1", "partition1", 2)]), + ("consumer_group1", [("topic2", "partition2", 2)]), + ] + kafka_consumer_check = check(kafka_instance, init_config={'max_partition_contexts': 3}) + kafka_consumer_check.client = mock_client + # When - kafka_consumer_check = KafkaCheck('kafka_consumer', {'max_partition_contexts': 3}, [kafka_instance]) dd_run_check(kafka_consumer_check) # Then @@ -369,19 +366,13 @@ def test_when_consumer_metric_count_hit_context_limit_then_no_more_consumer_metr def test_when_empty_string_consumer_group_then_skip(kafka_instance): - consumer_groups_result = ListConsumerGroupsResult( - valid=[ - ConsumerGroupListing(group_id="", is_simple_consumer_group=True), # Should be filtered out - ConsumerGroupListing(group_id="my_consumer", is_simple_consumer_group=True), - ] - ) - kafka_instance['monitor_unlisted_consumer_groups'] = True - future = concurrent.futures.Future() - future.set_result(consumer_groups_result) - - with mock.patch("datadog_checks.kafka_consumer.client.AdminClient.list_consumer_groups", return_value=future): + kafka_instance["monitor_unlisted_consumer_groups"] = True + with mock.patch( + "datadog_checks.kafka_consumer.kafka_consumer.KafkaClient.list_consumer_groups", + return_value=["", "my_consumer"], + ): kafka_consumer_check = KafkaCheck('kafka_consumer', {}, [kafka_instance]) - assert kafka_consumer_check.client._get_consumer_groups() == ["my_consumer"] + assert kafka_consumer_check._get_consumer_groups() == ["my_consumer"] def test_get_interpolated_timestamp(): @@ -389,42 +380,3 @@ def test_get_interpolated_timestamp(): assert _get_interpolated_timestamp({10: 100, 20: 200}, 5) == 50 assert _get_interpolated_timestamp({0: 100, 10: 200}, 15) == 250 assert _get_interpolated_timestamp({10: 200}, 15) is None - - -@pytest.mark.parametrize( - 'read_persistent_cache, kafka_instance_config, consumer_lag_seconds_count', - [ - pytest.param( - "", - { - 'consumer_groups': {}, - 'data_streams_enabled': 'true', - 'monitor_unlisted_consumer_groups': True, - }, - 0, - id='Read from cache failed', - ), - ], -) -def test_load_broker_timestamps_empty( - read_persistent_cache, - kafka_instance_config, - consumer_lag_seconds_count, - kafka_instance, - dd_run_check, - caplog, - aggregator, - check, -): - - kafka_instance.update(kafka_instance_config) - check = check(kafka_instance) - check.read_persistent_cache = mock.Mock(return_value=read_persistent_cache) - dd_run_check(check) - - caplog.set_level(logging.WARN) - expected_warning = " Could not read broker timestamps from cache" - - assert expected_warning in caplog.text - aggregator.assert_metric("kafka.estimated_consumer_lag", count=consumer_lag_seconds_count) - assert check.read_persistent_cache.mock_calls == [mock.call("broker_timestamps_")] diff --git a/karpenter/CHANGELOG.md b/karpenter/CHANGELOG.md index b28cf677e974d..4449d023b6150 100644 --- a/karpenter/CHANGELOG.md +++ b/karpenter/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.6.0 / 2024-09-23 ***Added***: diff --git a/kong/CHANGELOG.md b/kong/CHANGELOG.md index 9a649188f0a00..8af351bd063b1 100644 --- a/kong/CHANGELOG.md +++ b/kong/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/kube_apiserver_metrics/CHANGELOG.md b/kube_apiserver_metrics/CHANGELOG.md index e1ff1a8c1560c..f8c3e58842219 100644 --- a/kube_apiserver_metrics/CHANGELOG.md +++ b/kube_apiserver_metrics/CHANGELOG.md @@ -23,6 +23,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kube_controller_manager/CHANGELOG.md b/kube_controller_manager/CHANGELOG.md index ee42fc661a2d6..e7169db8de71c 100644 --- a/kube_controller_manager/CHANGELOG.md +++ b/kube_controller_manager/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.1.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kube_dns/CHANGELOG.md b/kube_dns/CHANGELOG.md index 1194de7980a2e..576b386963dcb 100644 --- a/kube_dns/CHANGELOG.md +++ b/kube_dns/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.4.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kube_metrics_server/CHANGELOG.md b/kube_metrics_server/CHANGELOG.md index ea5c0b53fca0f..df967873766a5 100644 --- a/kube_metrics_server/CHANGELOG.md +++ b/kube_metrics_server/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kube_proxy/CHANGELOG.md b/kube_proxy/CHANGELOG.md index fd4be2028653b..85f498a299594 100644 --- a/kube_proxy/CHANGELOG.md +++ b/kube_proxy/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kube_scheduler/CHANGELOG.md b/kube_scheduler/CHANGELOG.md index 4f0dadb9d13c2..73c70354de149 100644 --- a/kube_scheduler/CHANGELOG.md +++ b/kube_scheduler/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.10.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kubeflow/README.md b/kubeflow/README.md index b801a22c3dedf..ac0046026ab9f 100644 --- a/kubeflow/README.md +++ b/kubeflow/README.md @@ -7,6 +7,10 @@ This check monitors [Kubeflow][1] through the Datadog Agent. ## Setup +
+This integration is currently released in Preview mode. Its availability is subject to change in the future. +
+ Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the [Autodiscovery Integration Templates][3] for guidance on applying these instructions. ### Installation diff --git a/kubeflow/assets/dashboards/overview.json b/kubeflow/assets/dashboards/overview.json index b573e5f477156..333b5652c6a7c 100644 --- a/kubeflow/assets/dashboards/overview.json +++ b/kubeflow/assets/dashboards/overview.json @@ -94,7 +94,7 @@ { "definition": { "background_color": "pink", - "content": "If many widgets are empty, you are using a version of Kubeflow that does not expose certain metrics. Refer to the metadata.csv file for metrics list. \n\nReach out to support to indicate version incompatibilities.", + "content": "This integration is currently released in Preview mode. Its availability is subject to change in the future. \n\nIf many widgets are empty, you are using a version of Kubeflow that does not expose certain metrics. Refer to the metadata.csv file for metrics list. \n\nReach out to support to indicate version incompatibilities.", "font_size": "14", "has_padding": true, "show_tick": true, diff --git a/kubelet/CHANGELOG.md b/kubelet/CHANGELOG.md index 45b605e8b2df6..0f8d3df2a871b 100644 --- a/kubelet/CHANGELOG.md +++ b/kubelet/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 8.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 7.13.2 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kubernetes_cluster_autoscaler/CHANGELOG.md b/kubernetes_cluster_autoscaler/CHANGELOG.md index a781ea4bc9ce7..aec66b04cddeb 100644 --- a/kubernetes_cluster_autoscaler/CHANGELOG.md +++ b/kubernetes_cluster_autoscaler/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/kubernetes_state/CHANGELOG.md b/kubernetes_state/CHANGELOG.md index fa780ce429b1a..9853802b31fea 100644 --- a/kubernetes_state/CHANGELOG.md +++ b/kubernetes_state/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 8.1.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kubernetes_state_core/README.md b/kubernetes_state_core/README.md index 3550f6b26b699..ca0d16233572a 100644 --- a/kubernetes_state_core/README.md +++ b/kubernetes_state_core/README.md @@ -305,10 +305,10 @@ Need help? Contact [Datadog support][9]. [1]: https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/ [2]: #migration-from-kubernetes_state-to-kubernetes_state_core [3]: #data-collected -[4]: /agent/cluster_agent/ +[4]: https://docs.datadoghq.com/agent/cluster_agent/ [5]: https://github.com/DataDog/integrations-core/blob/master/kubernetes_state_core/metadata.csv -[6]: /getting_started/tagging/unified_service_tagging/#configuration +[6]: https://docs.datadoghq.com/getting_started/tagging/unified_service_tagging/#configuration [7]: https://github.com/DataDog/integrations-core/blob/master/kubernetes/assets/service_checks.json -[8]: /agent/guide/agent-commands/#agent-status-and-information -[9]: /help/ +[8]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information +[9]: https://docs.datadoghq.com/help/ [10]: https://www.datadoghq.com/blog/engineering/our-journey-taking-kubernetes-state-metrics-to-the-next-level/ diff --git a/kubevirt_api/README.md b/kubevirt_api/README.md index 0abed8b00a418..bf5d8dd4c7dc4 100644 --- a/kubevirt_api/README.md +++ b/kubevirt_api/README.md @@ -1,5 +1,9 @@ # Agent Check: KubeVirt API +
+This integration is in public beta and should be enabled on production workloads with caution. +
+ ## Overview This check monitors [KubeVirt API][1] through the Datadog Agent. diff --git a/kubevirt_api/manifest.json b/kubevirt_api/manifest.json index 68274dbad8c03..37a18199f5631 100644 --- a/kubevirt_api/manifest.json +++ b/kubevirt_api/manifest.json @@ -2,7 +2,7 @@ "manifest_version": "2.0.0", "app_uuid": "6b760149-4a9f-4ec7-a5bf-081fcd1d75b0", "app_id": "kubevirt-api", - "display_on_public_website": false, + "display_on_public_website": true, "tile": { "overview": "README.md#Overview", "configuration": "README.md#Setup", diff --git a/kubevirt_controller/README.md b/kubevirt_controller/README.md index e14ae467a20b4..7256e35676f67 100644 --- a/kubevirt_controller/README.md +++ b/kubevirt_controller/README.md @@ -1,5 +1,9 @@ # Agent Check: KubeVirt Controller +
+This integration is in public beta and should be enabled on production workloads with caution. +
+ ## Overview This check monitors [KubeVirt Controller][1] through the Datadog Agent. diff --git a/kubevirt_controller/manifest.json b/kubevirt_controller/manifest.json index 552896c23a325..78398a784ec82 100644 --- a/kubevirt_controller/manifest.json +++ b/kubevirt_controller/manifest.json @@ -2,7 +2,7 @@ "manifest_version": "2.0.0", "app_uuid": "f213050d-a54c-4a72-bf51-e9290a7d050c", "app_id": "kubevirt-controller", - "display_on_public_website": false, + "display_on_public_website": true, "tile": { "overview": "README.md#Overview", "configuration": "README.md#Setup", diff --git a/kubevirt_handler/CHANGELOG.md b/kubevirt_handler/CHANGELOG.md index 2644cdb8cfe3e..eb367ead79890 100644 --- a/kubevirt_handler/CHANGELOG.md +++ b/kubevirt_handler/CHANGELOG.md @@ -2,6 +2,12 @@ +## 1.0.1 / 2024-11-28 + +***Fixed***: + +* Bump base package dependency to get fixed pyyaml. ([#19156](https://github.com/DataDog/integrations-core/pull/19156)) + ## 1.0.0 / 2024-10-04 / Agent 7.59.0 ***Added***: diff --git a/kubevirt_handler/README.md b/kubevirt_handler/README.md index 33908b202c1e4..fb246f07d1bc9 100644 --- a/kubevirt_handler/README.md +++ b/kubevirt_handler/README.md @@ -1,5 +1,9 @@ # Agent Check: KubeVirt Handler +
+This integration is in public beta and should be enabled on production workloads with caution. +
+ ## Overview This check monitors [KubeVirt Handler][1] through the Datadog Agent. diff --git a/kubevirt_handler/datadog_checks/kubevirt_handler/__about__.py b/kubevirt_handler/datadog_checks/kubevirt_handler/__about__.py index acbfd1c866b84..e0db4e56d553f 100644 --- a/kubevirt_handler/datadog_checks/kubevirt_handler/__about__.py +++ b/kubevirt_handler/datadog_checks/kubevirt_handler/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2024-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '1.0.0' +__version__ = '1.0.1' diff --git a/kubevirt_handler/manifest.json b/kubevirt_handler/manifest.json index a9a0d6db1620c..d033d75c44e2b 100644 --- a/kubevirt_handler/manifest.json +++ b/kubevirt_handler/manifest.json @@ -2,7 +2,7 @@ "manifest_version": "2.0.0", "app_uuid": "751006a9-b87a-4f54-acc5-2886ec49073e", "app_id": "kubevirt-handler", - "display_on_public_website": false, + "display_on_public_website": true, "tile": { "overview": "README.md#Overview", "configuration": "README.md#Setup", diff --git a/kubevirt_handler/pyproject.toml b/kubevirt_handler/pyproject.toml index 41884d9e03d39..696173f60ec65 100644 --- a/kubevirt_handler/pyproject.toml +++ b/kubevirt_handler/pyproject.toml @@ -29,7 +29,7 @@ classifiers = [ "Topic :: System :: Monitoring", ] dependencies = [ - "datadog-checks-base>=32.6.0", + "datadog-checks-base>=36.5.0", ] dynamic = [ "version", diff --git a/kyototycoon/CHANGELOG.md b/kyototycoon/CHANGELOG.md index 015656cee87fc..484df0919e797 100644 --- a/kyototycoon/CHANGELOG.md +++ b/kyototycoon/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/kyverno/CHANGELOG.md b/kyverno/CHANGELOG.md index d7331651c7d2c..53af87b19b594 100644 --- a/kyverno/CHANGELOG.md +++ b/kyverno/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.2 / 2024-07-31 / Agent 7.56.0 ***Fixed***: diff --git a/lighttpd/CHANGELOG.md b/lighttpd/CHANGELOG.md index 10be3e35795c8..c26809adc3230 100644 --- a/lighttpd/CHANGELOG.md +++ b/lighttpd/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/lighttpd/tests/docker/auth/docker-compose.yaml b/lighttpd/tests/docker/auth/docker-compose.yaml index dd252739371b7..925e39c935217 100644 --- a/lighttpd/tests/docker/auth/docker-compose.yaml +++ b/lighttpd/tests/docker/auth/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.5' - services: lighttpd: image: ${LIGHTTPD_IMAGE} diff --git a/lighttpd/tests/docker/noauth/docker-compose.yaml b/lighttpd/tests/docker/noauth/docker-compose.yaml index 9cfc5ab3db2da..c6f491db44207 100644 --- a/lighttpd/tests/docker/noauth/docker-compose.yaml +++ b/lighttpd/tests/docker/noauth/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.5' - services: lighttpd: image: ${LIGHTTPD_IMAGE} @@ -8,4 +6,4 @@ services: volumes: - ./lighttpd.conf:/etc/lighttpd/lighttpd.conf - ${DD_LOG_1}:/var/log/lighttpd/access.log - - ${DD_LOG_2}:/var/log/lighttpd/error.log \ No newline at end of file + - ${DD_LOG_2}:/var/log/lighttpd/error.log diff --git a/linkerd/CHANGELOG.md b/linkerd/CHANGELOG.md index eedb343d0ba63..455bccecd15b7 100644 --- a/linkerd/CHANGELOG.md +++ b/linkerd/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/linux_proc_extras/CHANGELOG.md b/linux_proc_extras/CHANGELOG.md index e6633c937dac5..5b3812622571f 100644 --- a/linux_proc_extras/CHANGELOG.md +++ b/linux_proc_extras/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.5.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/mapr/CHANGELOG.md b/mapr/CHANGELOG.md index 34d17b06e9c9c..84da53694a1a3 100644 --- a/mapr/CHANGELOG.md +++ b/mapr/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.11.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/mapreduce/CHANGELOG.md b/mapreduce/CHANGELOG.md index a2f0a06fbc62a..7e5af27d9fc03 100644 --- a/mapreduce/CHANGELOG.md +++ b/mapreduce/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/marathon/CHANGELOG.md b/marathon/CHANGELOG.md index b0984e57954df..0152edd5841a6 100644 --- a/marathon/CHANGELOG.md +++ b/marathon/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/marklogic/CHANGELOG.md b/marklogic/CHANGELOG.md index 2f3c74f664ae7..974518be9ddaa 100644 --- a/marklogic/CHANGELOG.md +++ b/marklogic/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/mcache/CHANGELOG.md b/mcache/CHANGELOG.md index 56c05bbaa71d7..97f53001d2de0 100644 --- a/mcache/CHANGELOG.md +++ b/mcache/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.1.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/mesos_master/CHANGELOG.md b/mesos_master/CHANGELOG.md index 2955a6bb9f11f..f30ce7106d362 100644 --- a/mesos_master/CHANGELOG.md +++ b/mesos_master/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/mesos_slave/CHANGELOG.md b/mesos_slave/CHANGELOG.md index 8d76b4a785b94..ebbc24993cd1a 100644 --- a/mesos_slave/CHANGELOG.md +++ b/mesos_slave/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/mongo/CHANGELOG.md b/mongo/CHANGELOG.md index 443834f9bfde0..61820b10cfe17 100644 --- a/mongo/CHANGELOG.md +++ b/mongo/CHANGELOG.md @@ -2,6 +2,20 @@ +## 8.3.0 / 2024-11-28 + +***Added***: + +* Add `metrics_collection_interval` config option to customize the collection interval for collection stats, index stats, and sharded data distribution metrics. + The default collection interval for collection stats and index stats remains unchanged at check min collection interval of 15 seconds. + The default collection interval for sharded data distribution metrics is 300 seconds. ([#19098](https://github.com/DataDog/integrations-core/pull/19098)) + +***Fixed***: + +* Fixes timezone parsing bug in slow query log, preventing incorrect timestamp conversions on non-UTC servers. ([#19057](https://github.com/DataDog/integrations-core/pull/19057)) +* Fix crash in DBM operation samples collection when a node is in recovering mode. ([#19080](https://github.com/DataDog/integrations-core/pull/19080)) +* Resolved deprecation warning for `collStats` by using `$collStats` aggregation pipeline to collect oplog size in MongoDB 6.2+. ([#19133](https://github.com/DataDog/integrations-core/pull/19133)) + ## 8.2.1 / 2024-11-06 ***Fixed***: @@ -30,10 +44,6 @@ ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Bump datadog-checks-base dependency ([#18583](https://github.com/DataDog/integrations-core/pull/18583)) * Add `mongodb.system.cpu.percent` metric to track total CPU usage of the MongoDB process on self-hosted instances (only available on self-hosted MongoDB running on the same host as the Agent). ([#18618](https://github.com/DataDog/integrations-core/pull/18618)) * Always emit `database_instance` metadata regardless of DBM status; previously emitted only when DBM was enabled. ([#18750](https://github.com/DataDog/integrations-core/pull/18750)) @@ -51,6 +61,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 6.11.0 / 2024-09-10 diff --git a/mongo/assets/configuration/spec.yaml b/mongo/assets/configuration/spec.yaml index 5aade80133fbc..495e54b21f31e 100644 --- a/mongo/assets/configuration/spec.yaml +++ b/mongo/assets/configuration/spec.yaml @@ -166,9 +166,6 @@ files: - name: dbm description: | Set to `true` enable Database Monitoring. - - NOTE: Database Monitoring for MongoDB is currently in private beta. - If you are interested in participating, please reach out to your Datadog Customer Success Manager. enabled: false value: type: boolean @@ -347,6 +344,32 @@ files: type: string example: [metrics.commands, tcmalloc, top, collection, jumbo_chunks, sharded_data_distribution] + - name: metrics_collection_interval + description: | + The interval in seconds at which to collect certain types of metrics. + hidden: true + options: + - name: collection + description: | + The interval in seconds at which to collect collection metrics. + Only applicable when `collection` is added to `additional_metrics`. + value: + type: integer + example: 15 + - name: collections_indexes_stats + description: | + The interval in seconds at which to collect collection indexes stats metrics. + Only applicable when `collections_indexes_stats` is set to `true`. + value: + type: integer + example: 15 + - name: sharded_data_distribution + description: | + The interval in seconds at which to collect sharded data distribution metrics. + Only applicable when `sharded_data_distribution` is added to `additional_metrics`. + value: + type: integer + example: 300 - name: collections description: | Collect metrics on specific collections from the database specified diff --git a/mongo/changelog.d/19057.fixed b/mongo/changelog.d/19057.fixed deleted file mode 100644 index 2f93fc8d654ec..0000000000000 --- a/mongo/changelog.d/19057.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixes timezone parsing bug in slow query log, preventing incorrect timestamp conversions on non-UTC servers. diff --git a/mongo/changelog.d/19080.fixed b/mongo/changelog.d/19080.fixed deleted file mode 100644 index 347af2c7cc8f3..0000000000000 --- a/mongo/changelog.d/19080.fixed +++ /dev/null @@ -1,2 +0,0 @@ -Fix crash in DBM operation samples collection when a node is in recovering mode. - diff --git a/mongo/changelog.d/19244.fixed b/mongo/changelog.d/19244.fixed new file mode 100644 index 0000000000000..120bd5e2976f1 --- /dev/null +++ b/mongo/changelog.d/19244.fixed @@ -0,0 +1 @@ +Skip unauthorized `local` database collections `system.replset`, `replset.election`, and `replset.minvalid` in collection and index stats gathering to avoid permission errors. diff --git a/mongo/datadog_checks/mongo/__about__.py b/mongo/datadog_checks/mongo/__about__.py index 0673b43c370ef..88bbe435de59f 100644 --- a/mongo/datadog_checks/mongo/__about__.py +++ b/mongo/datadog_checks/mongo/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '8.2.1' +__version__ = '8.3.0' diff --git a/mongo/datadog_checks/mongo/api.py b/mongo/datadog_checks/mongo/api.py index f302c925f4f4c..45bdd3d280d73 100644 --- a/mongo/datadog_checks/mongo/api.py +++ b/mongo/datadog_checks/mongo/api.py @@ -67,6 +67,9 @@ def __init__(self, config, log, replicaset: str = None): self._cli = MongoClient(**options) self.__hostname = None + # Check if the server supports the $collStats aggregation pipeline stage. + self.coll_stats_pipeline_supported = True + def __getitem__(self, item): return self._cli[item] @@ -95,21 +98,39 @@ def current_op(self, session=None): # The $currentOp stage returns a cursor over a stream of documents, each of which reports a single operation. return self["admin"].aggregate([{'$currentOp': {'allUsers': True}}], session=session) - def coll_stats(self, db_name, coll_name, session=None): + def get_collection_stats(self, db_name, coll_name, stats=None, session=None): + if not self.coll_stats_pipeline_supported: + return [self.coll_stats_compatible(db_name, coll_name, session)] + try: + return self.coll_stats(db_name, coll_name, stats, session) + except OperationFailure as e: + if e.code == 13: + # Unauthorized to run $collStats, do not try use the compatible mode, raise the exception + raise e + # Failed to get collection stats using $collStats aggregation + self._log.debug( + "Failed to collect stats for collection %s with $collStats, fallback to collStats command", + coll_name, + e.details, + ) + self.coll_stats_pipeline_supported = False + return [self.coll_stats_compatible(db_name, coll_name, session)] + + def coll_stats(self, db_name, coll_name, stats=None, session=None): + if not stats: + stats = {"latencyStats", "storageStats", "queryExecStats"} + stats = {stat: {} for stat in stats} + return self[db_name][coll_name].aggregate( [ { - "$collStats": { - "latencyStats": {}, - "storageStats": {}, - "queryExecStats": {}, - } + "$collStats": stats, }, ], session=session, ) - def coll_stats_compatable(self, db_name, coll_name, session=None): + def coll_stats_compatible(self, db_name, coll_name, session=None): # collStats is deprecated in MongoDB 6.2. Use the $collStats aggregation stage instead. return self[db_name].command({'collStats': coll_name}, session=session) diff --git a/mongo/datadog_checks/mongo/collectors/base.py b/mongo/datadog_checks/mongo/collectors/base.py index be88dfcf179af..7b7e5b5d139d8 100644 --- a/mongo/datadog_checks/mongo/collectors/base.py +++ b/mongo/datadog_checks/mongo/collectors/base.py @@ -3,6 +3,8 @@ # Licensed under a 3-clause BSD style license (see LICENSE) import re +import time +from functools import wraps from datadog_checks.base import AgentCheck from datadog_checks.mongo.metrics import CASE_SENSITIVE_METRIC_NAME_SUFFIXES @@ -23,6 +25,11 @@ def __init__(self, check, tags): self.gauge = self.check.gauge self.base_tags = tags self.metrics_to_collect = self.check.metrics_to_collect + self._collection_interval = None + self._collector_key = (self.__class__.__name__,) + self._system_collections_skip_stats = { + "local": frozenset(["system.replset", "replset.election", "replset.minvalid"]) + } def collect(self, api): """The main method exposed by the collector classes, needs to be implemented by every subclass. @@ -33,6 +40,15 @@ def compatible_with(self, deployment): """Whether or not this specific collector is compatible with this specific deployment type.""" raise NotImplementedError() + def should_skip_system_collection(self, coll_name): + """Whether or not the collection should be skipped because collStats or indexStats + is not authorized to run on certain system collections. + """ + db_name = getattr(self, "db_name", None) + if not db_name or db_name not in self._system_collections_skip_stats: + return False + return coll_name in self._system_collections_skip_stats[db_name] + def _normalize(self, metric_name, submit_method, prefix=None): """Replace case-sensitive metric name characters, normalize the metric name, prefix and suffix according to its type. @@ -126,3 +142,32 @@ def _submit_payload(self, payload, additional_tags=None, metrics_to_collect=None # Keep old incorrect metric name # 'top' and 'index', 'collectionscans' metrics are affected self.gauge(metric_name_alias[:-2], value, tags=tags) + + def get_last_collection_timestamp(self): + return self.check.metrics_last_collection_timestamp.get(self._collector_key) + + def set_last_collection_timestamp(self, timestamp): + self.check.metrics_last_collection_timestamp[self._collector_key] = timestamp + + +def collection_interval_checker(func): + @wraps(func) + def wrapper(self, *args, **kwargs): + current_time = time.time() + # If _collection_interval not set or set to the check default, call the function to collect the metrics + if ( + self._collection_interval is None + or self._collection_interval <= self.check._config.min_collection_interval # Ensure the interval is valid + ): + self.set_last_collection_timestamp(current_time) + return func(self, *args, **kwargs) + + # Check if enough time has passed since the last collection + last_collection_timestamp = self.get_last_collection_timestamp() + if not last_collection_timestamp or current_time - last_collection_timestamp >= self._collection_interval: + self.set_last_collection_timestamp(current_time) + return func(self, *args, **kwargs) + else: + self.log.debug("%s skipped: collection interval not reached yet.", self.__class__.__name__) + + return wrapper diff --git a/mongo/datadog_checks/mongo/collectors/coll_stats.py b/mongo/datadog_checks/mongo/collectors/coll_stats.py index 02c8809641a24..5d4cf1836d3ff 100644 --- a/mongo/datadog_checks/mongo/collectors/coll_stats.py +++ b/mongo/datadog_checks/mongo/collectors/coll_stats.py @@ -5,7 +5,7 @@ from pymongo.errors import OperationFailure from datadog_checks.base import AgentCheck -from datadog_checks.mongo.collectors.base import MongoCollector +from datadog_checks.mongo.collectors.base import MongoCollector, collection_interval_checker from datadog_checks.mongo.metrics import COLLECTION_METRICS @@ -19,7 +19,8 @@ def __init__(self, check, db_name, tags, coll_names=None): self.coll_names = coll_names self.db_name = db_name self.max_collections_per_database = check._config.database_autodiscovery_config['max_collections_per_database'] - self.coll_stats_pipeline_supported = True + self._collection_interval = check._config.metrics_collection_interval['collection'] + self._collector_key = (self.__class__.__name__, db_name) # db_name is part of collector key def compatible_with(self, deployment): # Can only be run once per cluster. @@ -38,26 +39,16 @@ def __calculate_oplatency_avg(self, latency_stats): return latency_stats def _get_collection_stats(self, api, coll_name): - if not self.coll_stats_pipeline_supported: - return [api.coll_stats_compatable(self.db_name, coll_name)] - try: - return api.coll_stats(self.db_name, coll_name) - except OperationFailure as e: - if e.code == 13: - # Unauthorized to run $collStats, do not try use the compatible mode, raise the exception - raise e - # Failed to get collection stats using $collStats aggregation - self.log.debug( - "Failed not collect stats for collection %s with $collStats, fallback to collStats command", - coll_name, - e.details, - ) - self.coll_stats_pipeline_supported = False - return [api.coll_stats_compatable(self.db_name, coll_name)] + return api.get_collection_stats(self.db_name, coll_name) + @collection_interval_checker def collect(self, api): coll_names = self._get_collections(api) for coll_name in coll_names: + if self.should_skip_system_collection(coll_name): + self.log.debug("Skipping collStats for system collection %s.%s", self.db_name, coll_name) + continue + # Grab the stats from the collection try: collection_stats = self._get_collection_stats(api, coll_name) @@ -80,7 +71,7 @@ def collect(self, api): # If the collection is sharded, add the shard tag additional_tags.append("shard:%s" % coll_stats['shard']) # Submit the metrics - if self.coll_stats_pipeline_supported: + if api.coll_stats_pipeline_supported: storage_stats = coll_stats.get('storageStats', {}) latency_stats = coll_stats.get('latencyStats', {}) query_stats = coll_stats.get('queryExecStats', {}) diff --git a/mongo/datadog_checks/mongo/collectors/index_stats.py b/mongo/datadog_checks/mongo/collectors/index_stats.py index fa1fe0c7d3a51..397467328f7ad 100644 --- a/mongo/datadog_checks/mongo/collectors/index_stats.py +++ b/mongo/datadog_checks/mongo/collectors/index_stats.py @@ -4,7 +4,7 @@ from pymongo.errors import OperationFailure -from datadog_checks.mongo.collectors.base import MongoCollector +from datadog_checks.mongo.collectors.base import MongoCollector, collection_interval_checker from datadog_checks.mongo.metrics import INDEX_METRICS @@ -16,6 +16,8 @@ def __init__(self, check, db_name, tags, coll_names=None): self.coll_names = coll_names self.db_name = db_name self.max_collections_per_database = check._config.database_autodiscovery_config['max_collections_per_database'] + self._collection_interval = check._config.metrics_collection_interval['collections_indexes_stats'] + self._collector_key = (self.__class__.__name__, db_name) # db_name is part of collector key def compatible_with(self, deployment): # Can only be run once per cluster. @@ -26,9 +28,14 @@ def _get_collections(self, api): return self.coll_names return api.list_authorized_collections(self.db_name, limit=self.max_collections_per_database) + @collection_interval_checker def collect(self, api): coll_names = self._get_collections(api) for coll_name in coll_names: + if self.should_skip_system_collection(coll_name): + self.log.debug("Skipping indexStats for system collection %s.%s", self.db_name, coll_name) + continue + try: for stats in api.index_stats(self.db_name, coll_name): idx_name = stats.get('name', 'unknown') diff --git a/mongo/datadog_checks/mongo/collectors/replication_info.py b/mongo/datadog_checks/mongo/collectors/replication_info.py index 69b86043c39ea..db5fbdc8da23d 100644 --- a/mongo/datadog_checks/mongo/collectors/replication_info.py +++ b/mongo/datadog_checks/mongo/collectors/replication_info.py @@ -25,6 +25,24 @@ def compatible_with(self, deployment): return True + def _get_oplog_size(self, api, oplog_collection_name): + try: + oplog_storage_stats = api.get_collection_stats("local", oplog_collection_name, stats=["storageStats"])[0] + except pymongo.errors.OperationFailure as e: + self.log.warning( + "Could not collect oplog used size for collection %s: %s", oplog_collection_name, e.details + ) + return + except Exception as e: + self.log.error( + "Unexpected error when fetch oplog used size for collection %s: %s", oplog_collection_name, e + ) + return + + if api.coll_stats_pipeline_supported: + return oplog_storage_stats.get("storageStats", {}).get("size") + return oplog_storage_stats.get('size') + def collect(self, api): # Fetch information analogous to Mongo's db.getReplicationInfo() localdb = api["local"] @@ -46,9 +64,9 @@ def collect(self, api): oplog = localdb[collection_name] - oplog_data['usedSizeMB'] = round_value( - localdb.command("collstats", collection_name)['size'] / 2.0**20, 2 - ) + oplog_data_size = self._get_oplog_size(api, collection_name) + if oplog_data_size is not None: + oplog_data['usedSizeMB'] = round_value(oplog_data_size / 2.0**20, 2) op_asc_cursor = oplog.find({"ts": {"$exists": 1}}).sort("$natural", pymongo.ASCENDING).limit(1) op_dsc_cursor = oplog.find({"ts": {"$exists": 1}}).sort("$natural", pymongo.DESCENDING).limit(1) diff --git a/mongo/datadog_checks/mongo/collectors/sharded_data_distribution_stats.py b/mongo/datadog_checks/mongo/collectors/sharded_data_distribution_stats.py index 9725b24cc0a1c..0a4d6498f4fe3 100644 --- a/mongo/datadog_checks/mongo/collectors/sharded_data_distribution_stats.py +++ b/mongo/datadog_checks/mongo/collectors/sharded_data_distribution_stats.py @@ -2,7 +2,7 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.mongo.collectors.base import MongoCollector +from datadog_checks.mongo.collectors.base import MongoCollector, collection_interval_checker from datadog_checks.mongo.common import MongosDeployment from datadog_checks.mongo.metrics import SHARDED_DATA_DISTRIBUTION_METRICS @@ -14,11 +14,13 @@ class ShardedDataDistributionStatsCollector(MongoCollector): def __init__(self, check, tags): super(ShardedDataDistributionStatsCollector, self).__init__(check, tags) + self._collection_interval = check._config.metrics_collection_interval['sharded_data_distribution'] def compatible_with(self, deployment): # Can only be run on mongos nodes. return isinstance(deployment, MongosDeployment) + @collection_interval_checker def collect(self, api): for distribution in api.sharded_data_distribution_stats(): ns = distribution['ns'] diff --git a/mongo/datadog_checks/mongo/config.py b/mongo/datadog_checks/mongo/config.py index 834ad7959f661..54e39a1c69d04 100644 --- a/mongo/datadog_checks/mongo/config.py +++ b/mongo/datadog_checks/mongo/config.py @@ -95,6 +95,7 @@ def __init__(self, instance, log, init_config): self.collections_indexes_stats = is_affirmative(instance.get('collections_indexes_stats')) self.coll_names = instance.get('collections', []) self.custom_queries = instance.get("custom_queries", []) + self._metrics_collection_interval = instance.get("metrics_collection_interval", {}) self._base_tags = list(set(instance.get('tags', []))) @@ -256,3 +257,19 @@ def _get_database_autodiscovery_config(self, instance): database_autodiscovery_config.get("max_collections_per_database", 100) ) return database_autodiscovery_config + + @property + def metrics_collection_interval(self): + ''' + metrics collection interval is used to customize how often to collect different types of metrics + by default, metrics are collected on every check run with default interval of 15 seconds + ''' + return { + # $collStats and $indexStats are collected on every check run but they can get expensive on large databases + 'collection': int(self._metrics_collection_interval.get('collection', self.min_collection_interval)), + 'collections_indexes_stats': int( + self._metrics_collection_interval.get('collections_indexes_stats', self.min_collection_interval) + ), + # $shardDataDistribution stats are collected every 5 minutes by default due to the high resource usage + 'sharded_data_distribution': int(self._metrics_collection_interval.get('sharded_data_distribution', 300)), + } diff --git a/mongo/datadog_checks/mongo/config_models/instance.py b/mongo/datadog_checks/mongo/config_models/instance.py index 8bc78569024d6..8d054bafdb9d6 100644 --- a/mongo/datadog_checks/mongo/config_models/instance.py +++ b/mongo/datadog_checks/mongo/config_models/instance.py @@ -73,6 +73,16 @@ class MetricPatterns(BaseModel): include: Optional[tuple[str, ...]] = None +class MetricsCollectionInterval(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + collection: Optional[int] = None + collections_indexes_stats: Optional[int] = None + sharded_data_distribution: Optional[int] = None + + class OperationSamples(BaseModel): model_config = ConfigDict( arbitrary_types_allowed=True, @@ -128,6 +138,7 @@ class InstanceConfig(BaseModel): empty_default_hostname: Optional[bool] = None hosts: Optional[Union[str, tuple[str, ...]]] = None metric_patterns: Optional[MetricPatterns] = None + metrics_collection_interval: Optional[MetricsCollectionInterval] = None min_collection_interval: Optional[float] = None operation_samples: Optional[OperationSamples] = None options: Optional[MappingProxyType[str, Any]] = None diff --git a/mongo/datadog_checks/mongo/data/conf.yaml.example b/mongo/datadog_checks/mongo/data/conf.yaml.example index ef57b5dc4b788..0ed5a3e59f305 100644 --- a/mongo/datadog_checks/mongo/data/conf.yaml.example +++ b/mongo/datadog_checks/mongo/data/conf.yaml.example @@ -145,9 +145,6 @@ instances: ## @param dbm - boolean - optional - default: false ## Set to `true` enable Database Monitoring. - ## - ## NOTE: Database Monitoring for MongoDB is currently in private beta. - ## If you are interested in participating, please reach out to your Datadog Customer Success Manager. # # dbm: false diff --git a/mongo/datadog_checks/mongo/mongo.py b/mongo/datadog_checks/mongo/mongo.py index 141988637a0cb..7b5b2a02639ef 100644 --- a/mongo/datadog_checks/mongo/mongo.py +++ b/mongo/datadog_checks/mongo/mongo.py @@ -93,6 +93,7 @@ def __init__(self, name, init_config, instances=None): self.metrics_to_collect = self._build_metric_list_to_collect() self.collectors = [] self.last_states_by_server = {} + self.metrics_last_collection_timestamp = {} self.deployment_type = None self._mongo_version = None diff --git a/mongo/tests/conftest.py b/mongo/tests/conftest.py index f9a075c73197d..409a6d3832ecc 100644 --- a/mongo/tests/conftest.py +++ b/mongo/tests/conftest.py @@ -140,6 +140,7 @@ def instance_integration_autodiscovery(instance_integration): instance["database_autodiscovery"] = { "enabled": True, } + instance.pop("collections", None) return instance diff --git a/mongo/tests/fixtures/$collStats-oplog.rs b/mongo/tests/fixtures/$collStats-oplog.rs new file mode 100644 index 0000000000000..025d1331c5862 --- /dev/null +++ b/mongo/tests/fixtures/$collStats-oplog.rs @@ -0,0 +1,225 @@ +[ + { + "ns": "local.oplog.rs", + "host": "7515219d9503:27017", + "localTime": { + "$date": "2024-07-01T20:36:49.358Z" + }, + "latencyStats": { + "reads": { + "latency": 13165, + "ops": 10 + }, + "writes": { + "latency": 8542, + "ops": 1 + }, + "commands": { + "latency": 0, + "ops": 0 + }, + "transactions": { + "latency": 0, + "ops": 0 + } + }, + "storageStats": { + "size": 907806, + "count": 4341, + "avgObjSize": 209, + "storageSize": 196608, + "capped": true, + "max": 10, + "maxSize": 16777216, + "sleepCount": 0, + "sleepMS": 0, + "wiredTiger": { + "metadata": { + "formatVersion": 1, + "oplogKeyExtractionVersion": 1 + }, + "creationString": "access_pattern_hint=none,allocation_size=4KB,app_metadata=(formatVersion=1,oplogKeyExtractionVersion=1),assert=(commit_timestamp=none,durable_timestamp=none,read_timestamp=none),block_allocation=best,block_compressor=snappy,cache_resident=false,checksum=on,colgroups=,collator=,columns=,dictionary=0,encryption=(keyid=,name=),exclusive=false,extractor=,format=btree,huffman_key=,huffman_value=,ignore_in_memory_cache_size=false,immutable=false,internal_item_max=0,internal_key_max=0,internal_key_truncate=true,internal_page_max=4KB,key_format=q,key_gap=10,leaf_item_max=0,leaf_key_max=0,leaf_page_max=32KB,leaf_value_max=64MB,log=(enabled=true),lsm=(auto_throttle=true,bloom=true,bloom_bit_count=16,bloom_config=,bloom_hash_count=8,bloom_oldest=false,chunk_count_limit=0,chunk_max=5GB,chunk_size=10MB,merge_custom=(prefix=,start_generation=0,suffix=),merge_max=15,merge_min=0),memory_page_image_max=0,memory_page_max=10m,os_cache_dirty_max=0,os_cache_max=0,prefix_compression=false,prefix_compression_min=4,source=,split_deepen_min_child=0,split_deepen_per_child=0,split_pct=90,type=file,value_format=u", + "type": "file", + "uri": "statistics:table:collection-8--9025131032214742726", + "LSM": { + "bloom filter false positives": 0, + "bloom filter hits": 0, + "bloom filter misses": 0, + "bloom filter pages evicted from cache": 0, + "bloom filter pages read into cache": 0, + "bloom filters in the LSM tree": 0, + "chunks in the LSM tree": 0, + "highest merge generation in the LSM tree": 0, + "queries that could have benefited from a Bloom filter that did not exist": 0, + "sleep for LSM checkpoint throttle": 0, + "sleep for LSM merge throttle": 0, + "total size of bloom filters": 0 + }, + "block-manager": { + "allocations requiring file extension": 56, + "blocks allocated": 577, + "blocks freed": 146, + "checkpoint size": 151552, + "file allocation unit size": 4096, + "file bytes available for reuse": 28672, + "file magic number": 120897, + "file major version number": 1, + "file size in bytes": 196608, + "minor version number": 0 + }, + "btree": { + "btree checkpoint generation": 143, + "column-store fixed-size leaf pages": 0, + "column-store internal pages": 0, + "column-store variable-size RLE encoded values": 0, + "column-store variable-size deleted values": 0, + "column-store variable-size leaf pages": 0, + "fixed-record size": 0, + "maximum internal page key size": 368, + "maximum internal page size": 4096, + "maximum leaf page key size": 2867, + "maximum leaf page size": 32768, + "maximum leaf page value size": 67108864, + "maximum tree depth": 3, + "number of key/value pairs": 0, + "overflow pages": 0, + "pages rewritten by compaction": 0, + "row-store empty values": 0, + "row-store internal pages": 0, + "row-store leaf pages": 0 + }, + "cache": { + "bytes currently in the cache": 1412447, + "bytes dirty in the cache cumulative": 79714225, + "bytes read into cache": 0, + "bytes written from cache": 14326498, + "checkpoint blocked page eviction": 0, + "data source pages selected for eviction unable to be evicted": 0, + "eviction walk passes of a file": 0, + "eviction walk target pages histogram - 0-9": 0, + "eviction walk target pages histogram - 10-31": 0, + "eviction walk target pages histogram - 128 and higher": 0, + "eviction walk target pages histogram - 32-63": 0, + "eviction walk target pages histogram - 64-128": 0, + "eviction walks abandoned": 0, + "eviction walks gave up because they restarted their walk twice": 0, + "eviction walks gave up because they saw too many pages and found no candidates": 0, + "eviction walks gave up because they saw too many pages and found too few candidates": 0, + "eviction walks reached end of tree": 0, + "eviction walks started from root of tree": 0, + "eviction walks started from saved location in tree": 0, + "hazard pointer blocked page eviction": 0, + "in-memory page passed criteria to be split": 0, + "in-memory page splits": 0, + "internal pages evicted": 0, + "internal pages split during eviction": 0, + "leaf pages split during eviction": 0, + "modified pages evicted": 0, + "overflow pages read into cache": 0, + "page split during eviction deepened the tree": 0, + "page written requiring cache overflow records": 0, + "pages read into cache": 0, + "pages read into cache after truncate": 1, + "pages read into cache after truncate in prepare state": 0, + "pages read into cache requiring cache overflow entries": 0, + "pages requested from the cache": 11348, + "pages seen by eviction walk": 0, + "pages written from cache": 296, + "pages written requiring in-memory restoration": 0, + "tracked dirty bytes in the cache": 1411928, + "unmodified pages evicted": 0 + }, + "cache_walk": { + "Average difference between current eviction generation when the page was last considered": 0, + "Average on-disk page image size seen": 0, + "Average time in cache for pages that have been visited by the eviction server": 0, + "Average time in cache for pages that have not been visited by the eviction server": 0, + "Clean pages currently in cache": 0, + "Current eviction generation": 0, + "Dirty pages currently in cache": 0, + "Entries in the root page": 0, + "Internal pages currently in cache": 0, + "Leaf pages currently in cache": 0, + "Maximum difference between current eviction generation when the page was last considered": 0, + "Maximum page size seen": 0, + "Minimum on-disk page image size seen": 0, + "Number of pages never visited by eviction server": 0, + "On-disk page image sizes smaller than a single allocation unit": 0, + "Pages created in memory and never written": 0, + "Pages currently queued for eviction": 0, + "Pages that could not be queued for eviction": 0, + "Refs skipped during cache traversal": 0, + "Size of the root page": 0, + "Total number of pages currently in cache": 0 + }, + "compression": { + "compressed page maximum internal page size prior to compression": 4096, + "compressed page maximum leaf page size prior to compression ": 131072, + "compressed pages read": 0, + "compressed pages written": 154, + "page written failed to compress": 0, + "page written was too small to compress": 142 + }, + "cursor": { + "bulk loaded cursor insert calls": 0, + "cache cursors reuse count": 2843, + "close calls that result in cache": 0, + "create calls": 62, + "insert calls": 4341, + "insert key and value bytes": 946875, + "modify": 0, + "modify key and value bytes affected": 0, + "modify value bytes modified": 0, + "next calls": 9366, + "open cursor count": 0, + "operation restarted": 1, + "prev calls": 20, + "remove calls": 0, + "remove key bytes removed": 0, + "reserve calls": 0, + "reset calls": 12395, + "search calls": 6969, + "search near calls": 14, + "truncate calls": 0, + "update calls": 0, + "update key and value bytes": 0, + "update value size change": 0 + }, + "reconciliation": { + "dictionary matches": 0, + "fast-path pages deleted": 0, + "internal page key bytes discarded using suffix compression": 1409, + "internal page multi-block writes": 0, + "internal-page overflow keys": 0, + "leaf page key bytes discarded using prefix compression": 0, + "leaf page multi-block writes": 120, + "leaf-page overflow keys": 0, + "maximum blocks required for a page": 1, + "overflow values written": 0, + "page checksum matches": 431, + "page reconciliation calls": 282, + "page reconciliation calls for eviction": 0, + "pages deleted": 0 + }, + "session": { + "object compaction": 0 + }, + "transaction": { + "update conflicts": 0 + } + }, + "nindexes": 0, + "indexDetails": {}, + "indexBuilds": [], + "totalIndexSize": 0, + "indexSizes": {}, + "scaleFactor": 1 + }, + "queryExecStats": { + "collectionScans": { + "total": 81753, + "nonTailable": 81750 + } + } + } +] \ No newline at end of file diff --git a/mongo/tests/fixtures/list_collection_names-local b/mongo/tests/fixtures/list_collection_names-local new file mode 100644 index 0000000000000..f2ef8afbb9f89 --- /dev/null +++ b/mongo/tests/fixtures/list_collection_names-local @@ -0,0 +1 @@ +["oplog.rs", "replset.minvalid"] \ No newline at end of file diff --git a/mongo/tests/mocked_api.py b/mongo/tests/mocked_api.py index 06776a152acd7..ffb367b1c496c 100644 --- a/mongo/tests/mocked_api.py +++ b/mongo/tests/mocked_api.py @@ -98,7 +98,10 @@ def command(self, command, *args, **_): return json.load(f, object_hook=json_util.object_hook) def list_collection_names(self, session=None, filter=None, comment=None, **kwargs): - with open(os.path.join(HERE, "fixtures", "list_collection_names"), 'r') as f: + filename = f"list_collection_names-{self._db_name}" + if not os.path.exists(os.path.join(HERE, "fixtures", filename)): + filename = "list_collection_names" + with open(os.path.join(HERE, "fixtures", filename), 'r') as f: return json.load(f) def aggregate(self, pipeline, session=None, **kwargs): diff --git a/mongo/tests/results/metrics-collection-autodiscover.json b/mongo/tests/results/metrics-collection-autodiscover.json index 987fc35208f1c..cbf678fa293ec 100644 --- a/mongo/tests/results/metrics-collection-autodiscover.json +++ b/mongo/tests/results/metrics-collection-autodiscover.json @@ -926,61 +926,31 @@ { "name": "mongodb.collection.size", "type": 0, - "value": 5670.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.size", - "type": 0, - "value": 2600.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.avgobjsize", - "type": 0, - "value": 27.0, + "value": 907806.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.avgobjsize", "type": 0, - "value": 26.0, + "value": 209.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.count", "type": 0, - "value": 210.0, + "value": 4341.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.count", - "type": 0, - "value": 100.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -990,17 +960,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.capped", - "type": 0, - "value": 1.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -1010,129 +970,47 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.max", - "type": 0, - "value": 10.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.maxsize", "type": 0, - "value": 10.0, + "value": 16777216.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.maxsize", - "type": 0, - "value": 10.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.storagesize", "type": 0, - "value": 16384.0, + "value": 196608.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.storagesize", - "type": 0, - "value": 16384.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.nindexes", "type": 0, - "value": 1.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.nindexes", - "type": 0, - "value": 1.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.indexsizes", - "type": 0, - "value": 16384.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo", - "index:_id_" - ] - }, - { - "name": "mongodb.collection.indexsizes", - "type": 0, - "value": 16384.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar", - "index:_id_" - ] - }, - { - "name": "mongodb.collection.totalindexsize", - "type": 0, - "value": 16384.0, + "value": 0.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.totalindexsize", "type": 0, - "value": 16384.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.reads.latency", - "type": 0, - "value": 13165.0, + "value": 0.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { @@ -1142,17 +1020,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.reads.opsps", - "type": 1, - "value": 10.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { @@ -1162,7 +1030,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -1172,17 +1040,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.writes.latency", - "type": 0, - "value": 8542.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -1192,17 +1050,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.writes.opsps", - "type": 1, - "value": 1.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -1212,27 +1060,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.commands.latency", - "type": 0, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.commands.opsps", - "type": 1, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { @@ -1242,7 +1070,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -1252,17 +1080,7 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.transactions.latency", - "type": 0, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { @@ -1272,97 +1090,47 @@ "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.transactions.opsps", - "type": 1, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.collectionscans.nontailable", - "type": 0, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.collectionscans.nontailable", "type": 0, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.collectionscans.total", - "type": 0, - "value": 0.0, + "value": 81750.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.collectionscans.total", "type": 0, - "value": 0.0, + "value": 81753.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.collectionscans.nontailableps", "type": 1, - "value": 0.0, + "value": 81750.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:foo" - ] - }, - { - "name": "mongodb.collection.collectionscans.nontailableps", - "type": 1, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:bar" - ] - }, - { - "name": "mongodb.collection.collectionscans.totalps", - "type": 1, - "value": 0.0, - "tags": [ - "server:mongodb://testUser2:*****@localhost:27017/test", - "db:local", - "collection:foo" + "collection:oplog.rs" ] }, { "name": "mongodb.collection.collectionscans.totalps", "type": 1, - "value": 0.0, + "value": 81753.0, "tags": [ "server:mongodb://testUser2:*****@localhost:27017/test", "db:local", - "collection:bar" + "collection:oplog.rs" ] }, { diff --git a/mongo/tests/test_integration.py b/mongo/tests/test_integration.py index 88d253cfc7eb8..075de05746abc 100644 --- a/mongo/tests/test_integration.py +++ b/mongo/tests/test_integration.py @@ -61,7 +61,13 @@ def _assert_mongodb_instance_event( } -@pytest.mark.parametrize("dbm", [True, False]) +@pytest.mark.parametrize( + "dbm", + [ + pytest.param(True, id="DBM enabled"), + pytest.param(False, id="DBM disabled"), + ], +) def test_integration_mongos(instance_integration_cluster, aggregator, check, dd_run_check, dbm): instance_integration_cluster['dbm'] = dbm instance_integration_cluster['operation_samples'] = {'enabled': False} @@ -137,6 +143,19 @@ def test_integration_mongos(instance_integration_cluster, aggregator, check, dd_ cluster_name='my_cluster', modules=['enterprise'], ) + # run the check again to verify sharded data distribution metrics are NOT collected + # because the collection interval is not reached + aggregator.reset() + with mock_pymongo("mongos"): + dd_run_check(mongos_check) + + assert_metrics( + mongos_check, + aggregator, + ['sharded-data-distribution'], + ['sharding_cluster_role:mongos', 'clustername:my_cluster', 'hosting_type:self-hosted'], + count=0, + ) def test_integration_replicaset_primary_in_shard(instance_integration, aggregator, check, dd_run_check): diff --git a/mongo/tests/test_unit_config.py b/mongo/tests/test_unit_config.py index ab23b2b49898a..fbd4fa6f0fa2d 100644 --- a/mongo/tests/test_unit_config.py +++ b/mongo/tests/test_unit_config.py @@ -200,3 +200,33 @@ def test_amazon_docdb_cloud_metadata(instance_integration_cluster, aws_cloud_met assert aws['cluster_identifier'] == aws_cloud_metadata['cluster_identifier'] else: assert aws['cluster_identifier'] == instance_integration_cluster['cluster_name'] + + +@pytest.mark.parametrize( + 'metrics_collection_interval, expected_metrics_collection_interval', + [ + pytest.param( + {}, {'collection': 15, 'collections_indexes_stats': 15, 'sharded_data_distribution': 300}, id='default' + ), + pytest.param( + { + 'collection': '60', + 'collections_indexes_stats': '30', + 'sharded_data_distribution': '600', + }, + {'collection': 60, 'collections_indexes_stats': 30, 'sharded_data_distribution': 600}, + id='custom', + ), + pytest.param( + { + 'collection': 60, + }, + {'collection': 60, 'collections_indexes_stats': 15, 'sharded_data_distribution': 300}, + id='partial', + ), + ], +) +def test_metrics_collection_interval(instance, metrics_collection_interval, expected_metrics_collection_interval): + instance['metrics_collection_interval'] = metrics_collection_interval + config = MongoConfig(instance, mock.Mock(), {}) + assert config.metrics_collection_interval == expected_metrics_collection_interval diff --git a/mongo/tests/utils.py b/mongo/tests/utils.py index 99fa9ca04ab29..07d4891e3810c 100644 --- a/mongo/tests/utils.py +++ b/mongo/tests/utils.py @@ -8,7 +8,7 @@ from .common import HERE -def assert_metrics(check_instance, aggregator, metrics_categories, additional_tags=None): +def assert_metrics(check_instance, aggregator, metrics_categories, additional_tags=None, count=1): if additional_tags is None: additional_tags = [] for cat in metrics_categories: @@ -17,7 +17,7 @@ def assert_metrics(check_instance, aggregator, metrics_categories, additional_ta aggregator.assert_metric( metric['name'], value=metric['value'], - count=1, + count=count, tags=additional_tags + metric['tags'] + check_instance.internal_resource_tags, metric_type=metric['type'], ) diff --git a/mux/CHANGELOG.md b/mux/CHANGELOG.md new file mode 100644 index 0000000000000..0902c9b8e5fc3 --- /dev/null +++ b/mux/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Mux + +## 1.0.0 / 2024-09-24 + +***Added***: + +* Initial Release diff --git a/mux/README.md b/mux/README.md new file mode 100644 index 0000000000000..26d7b13e44832 --- /dev/null +++ b/mux/README.md @@ -0,0 +1,53 @@ +# MUX + +## Overview + +[Mux][1] is an all-in-one video streaming platform. It offers APIs and tools for video hosting, live streaming, etc. enabling users to easily create, manage, and optimize video content. Mux provides scalable video infrastructure to build seamless video experiences. + +Integrate Mux with Datadog to gain insights into mux video performance data. + +## Setup + +### Get config parameters from Mux + +#### Find your Access Token ID and Secret Key from Mux +1. Login to [MUX account][2]. +2. In the sidebar, click on **Settings**. +3. Click on **Access Tokens**. +4. Select **Generate new token**. +5. Choose the environment. +6. Under the **permission** section, select **Mux Data(read-only)**. +7. Enter the access token name. +8. Click on **Generate Token**. +9. Save the Access Token ID and Secret Key from the **Here's your new Access Token** tab. + +### Add your Mux credentials +- Access token ID +- Secret key + +## Data Collected + +### Logs + +The Mux integration does not include any logs. + +### Metrics + +The Mux integration collects and forwards mux metrics data to Datadog. See [metadata.csv][4] for a list of metrics provided by this integration. + +### Service Checks + +The Mux integration does not include any service checks. + +### Events + +The Mux integration does not include any events. + +## Troubleshooting + +Need help? Contact [Datadog support][3]. + +[1]: https://www.mux.com/ +[2]: https://dashboard.mux.com/ +[3]: https://docs.datadoghq.com/help/ +[4]: https://github.com/DataDog/integrations-core/blob/master/mux/metadata.csv diff --git a/mux/assets/dashboards/mux_metrics.json b/mux/assets/dashboards/mux_metrics.json new file mode 100644 index 0000000000000..0477d130ad678 --- /dev/null +++ b/mux/assets/dashboards/mux_metrics.json @@ -0,0 +1,3690 @@ +{ + "title": "Mux - Metrics", + "description": "This Dashboard provides comprehensive insights, including views, unique viewers, playing time, viewer experience score, playback success score, player startup time, smoothness score, video quality score, and rebuffer percentage, with the latest metrics showcasing consolidated statistics for video performance.", + "widgets": [ + { + "id": 8740298734186812, + "definition": { + "type": "image", + "url": "https://www.mux.com/images/mux-logo.png", + "url_dark_theme": "", + "sizing": "contain", + "margin": "sm", + "has_background": true, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 8407084925998778, + "definition": { + "title": "Monitors Summary", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "background", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "tag:integration:mux $Video_Id", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 5 + } + }, + { + "id": 323399805713430, + "definition": { + "type": "note", + "content": "**[Mux](https://www.mux.com/)** is an all-in-one video streaming platform designed for developers and businesses. It offers APIs and tools for video hosting, live streaming, web player customization, and in-depth analytics, enabling users to easily create, manage, and optimize video content. \n\nThis Dashboard provides comprehensive insights, including views, unique viewers, playing time, viewer experience score, playback success score, player startup time, smoothness score, video quality score, and rebuffer percentage, with the latest metrics showcasing consolidated statistics for video performance.\n\nFor more information, see the [Mux Integration Documentation](https://docs.datadoghq.com/integrations/mux/).\n\n**Tip**:\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "purple", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": true, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 3 + } + }, + { + "id": 1220293637488098, + "definition": { + "title": "Overview", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4009446443373264, + "definition": { + "title": "Views by Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Views", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:mux.metric.views{video_id:*,$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 3481055536288754, + "definition": { + "title": "Unique Viewers by Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Unique Viewers", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:mux.metric.unique_viewers{video_id:*,$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 3 + } + }, + { + "id": 6200752868207150, + "definition": { + "title": "Playing Time by Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Playing Time", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:mux.metric.playing_time{video_id:*,$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 3 + } + }, + { + "id": 5837183919298942, + "definition": { + "title": "Top Videos with High Views", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:mux.metric.views{video_id:*,$Video_Id} by {video_id}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 3 + } + }, + { + "id": 5794093284934446, + "definition": { + "title": "Views Distribution by OS", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:mux.metric.views{operating_system:*} by {operating_system}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 6, + "height": 4 + } + }, + { + "id": 439902379343072, + "definition": { + "title": "Views Distribution by Browser", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:mux.metric.views{browser:*} by {browser}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 12, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 5, + "width": 12, + "height": 17 + } + }, + { + "id": 6745713151482410, + "definition": { + "title": "Quality of Experience", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 6596360524579660, + "definition": { + "title": "Average Viewer Experience Score", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.viewer_experience_score{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8602979691001942, + "definition": { + "title": "Top Videos with High Viewer Experience Score", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.viewer_experience_score{$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 2626845644049264, + "definition": { + "title": "Viewer Experience Score Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "viewer experience score", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.viewer_experience_score{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 22, + "width": 12, + "height": 7 + } + }, + { + "id": 8893308504271682, + "definition": { + "title": "Playback Success", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 298345148190314, + "definition": { + "title": "Average Playback Success Score", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_success_score{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4801477252304832, + "definition": { + "title": "Playback Success Score Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Playback Success Score", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_success_score{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 4396501637723620, + "definition": { + "title": "Average Playback Failure Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_failure_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 3169127014752062, + "definition": { + "title": "Playback Failure Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Playback Failure Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_failure_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 3 + } + }, + { + "id": 2367630247389044, + "definition": { + "title": "Average Video Startup Failure Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_failure_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 3, + "height": 3 + } + }, + { + "id": 786592074502738, + "definition": { + "title": "Video Startup Failure Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Video Startup Failure Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_failure_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 6, + "width": 9, + "height": 3 + } + }, + { + "id": 2295034455275454, + "definition": { + "title": "Average Exits Before Video Start", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.exits_before_video_start{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 3, + "height": 3 + } + }, + { + "id": 2406312015360100, + "definition": { + "title": "Exits Before Video Start Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Exits Before Video Start", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.exits_before_video_start{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 9, + "width": 9, + "height": 3 + } + }, + { + "id": 5177056228052332, + "definition": { + "title": "Average Business Exception Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_business_exception_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 3, + "height": 3 + } + }, + { + "id": 6903804040098836, + "definition": { + "title": "Video Startup Business Exception Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Video Startup Business Exception Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_business_exception_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 12, + "width": 9, + "height": 3 + } + }, + { + "id": 4977786892663128, + "definition": { + "title": "Average Video Startup Business Exception Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_business_exception_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 4, + "height": 3 + } + }, + { + "id": 8519844538070258, + "definition": { + "title": "Video Startup Business Exception Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Video Startup Business Exception Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_business_exception_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 15, + "width": 8, + "height": 3 + } + }, + { + "id": 2566518125633970, + "definition": { + "title": "Top Videos with High Playback Success Score", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_success_score{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 18, + "width": 6, + "height": 3 + } + }, + { + "id": 4450192488486708, + "definition": { + "title": "Top Videos with High Playback Failure Percentage", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.playback_failure_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 18, + "width": 6, + "height": 3 + } + }, + { + "id": 3013528366385814, + "definition": { + "title": "Playback Success Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:mux.metric.playback_success_score{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:mux.metric.playback_failure_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:mux.metric.playback_business_exception_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "alias": "Playback Success Score", + "formula": "query1 * 100" + }, + { + "alias": "Playback Failure Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query2 * 100" + }, + { + "alias": "Playback Business Exception Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query3 * 100" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 21, + "width": 12, + "height": 4 + } + }, + { + "id": 2801208370061346, + "definition": { + "title": "Video Startup Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:mux.metric.video_startup_failure_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:mux.metric.video_startup_business_exception_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:mux.metric.exits_before_video_start{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "alias": "Video Startup Failure Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + }, + { + "alias": "Video Startup Business Exception Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query2 * 100" + }, + { + "cell_display_mode": "number", + "alias": "Exits Before Video Starts", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query3 * 100" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 25, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 29, + "width": 12, + "height": 30 + } + }, + { + "id": 1266663704400704, + "definition": { + "title": "Startup Time", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2236256623748982, + "definition": { + "title": "Average Startup Time Score", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.startup_time_score{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 2495307867177718, + "definition": { + "title": "Startup Time Score Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Startup Time Score", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.startup_time_score{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 3 + } + }, + { + "id": 474393580792922, + "definition": { + "title": "Average Page Load Time", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.page_load_time{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 7742531014991664, + "definition": { + "title": "Page Load Time Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Page Load Time", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.page_load_time{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 3 + } + }, + { + "id": 5326722891696668, + "definition": { + "title": "Average Video Startup Time", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_time{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 4, + "height": 3 + } + }, + { + "id": 8707762128124154, + "definition": { + "title": "Video Startup Time Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Video Startup Time", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_startup_time{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 6, + "width": 8, + "height": 3 + } + }, + { + "id": 8353431131543564, + "definition": { + "title": "Average Aggregate Startup Time", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.aggregate_startup_time{$Video_Id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 4, + "height": 3 + } + }, + { + "id": 6242206807126068, + "definition": { + "title": "Aggregate Startup Time Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Aggregate Startup Time", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.aggregate_startup_time{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 9, + "width": 8, + "height": 3 + } + }, + { + "id": 5162449502127588, + "definition": { + "title": "Average Player Startup Time", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.player_startup_time{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 3 + } + }, + { + "id": 1323822117530074, + "definition": { + "title": "Player Startup Time Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Player Startup Time", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.player_startup_time{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 12, + "width": 8, + "height": 3 + } + }, + { + "id": 4337513725726252, + "definition": { + "title": "Average Seek Latency", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.seek_latency{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 4, + "height": 3 + } + }, + { + "id": 2620359520153796, + "definition": { + "title": "Seek Latency Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Seek Latency", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.seek_latency{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 15, + "width": 8, + "height": 3 + } + }, + { + "id": 8528252805378674, + "definition": { + "title": "Seek Latency Overtime by Video Id", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.seek_latency{video_id:*,$Video_Id} by {video_id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ], + "yaxis": { + "include_zero": true, + "max": "auto" + } + }, + "layout": { + "x": 0, + "y": 18, + "width": 12, + "height": 4 + } + }, + { + "id": 7582158836467120, + "definition": { + "title": "Startup Time Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:mux.metric.startup_time_score{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:mux.metric.video_startup_time{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:mux.metric.player_startup_time{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "avg:mux.metric.page_load_time{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query5", + "query": "avg:mux.metric.aggregate_startup_time{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query6", + "query": "avg:mux.metric.seek_latency{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 5, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Video Startup Time", + "formula": "query2" + }, + { + "cell_display_mode": "number", + "alias": "Player Startup Time", + "formula": "query3" + }, + { + "cell_display_mode": "number", + "alias": "Page Load Time", + "formula": "query4" + }, + { + "cell_display_mode": "number", + "alias": "Aggregate Startup Time", + "formula": "query5" + }, + { + "cell_display_mode": "number", + "alias": "Seek Latency", + "formula": "query6" + }, + { + "alias": "Startup Time Score", + "formula": "query1 * 100" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 22, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 59, + "width": 12, + "height": 27, + "is_column_break": true + } + }, + { + "id": 7334379080331064, + "definition": { + "title": "Smoothness", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4608661273329986, + "definition": { + "title": "Average Smoothness Score", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.smoothness_score{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 4494292675722788, + "definition": { + "title": "Smoothness Score Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Smoothness Score", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.smoothness_score{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 3 + } + }, + { + "id": 6473814659260960, + "definition": { + "title": "Average Rebuffer Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_count{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 1932274358183966, + "definition": { + "title": "Rebuffer Count Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Rebuffer Count", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_count{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 3 + } + }, + { + "id": 4132996472752296, + "definition": { + "title": "Average Rebuffer Duration", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_duration{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 4, + "height": 3 + } + }, + { + "id": 2813049649778638, + "definition": { + "title": "Rebuffer Duration Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Rebuffer Duration", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_duration{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 6, + "width": 8, + "height": 3 + } + }, + { + "id": 5931318482078592, + "definition": { + "title": "Average Rebuffer Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 4, + "height": 3 + } + }, + { + "id": 8093326950057642, + "definition": { + "title": "Rebuffer Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Rebuffer Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 9, + "width": 8, + "height": 3 + } + }, + { + "id": 3309016372158672, + "definition": { + "title": "Average Rebuffer Frequency", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_frequency{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "per_unit_name": "minute" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 3 + } + }, + { + "id": 41683318688066, + "definition": { + "title": "Rebuffer Frequency Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Rebuffer Frequency", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.rebuffer_frequency{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 12, + "width": 8, + "height": 3 + } + }, + { + "id": 6656902652971822, + "definition": { + "title": "Top Videos with High Smoothness Score", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.smoothness_score{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + }, + { + "id": 8881348044212578, + "definition": { + "title": "Smoothness Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:mux.metric.smoothness_score{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:mux.metric.rebuffer_count{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:mux.metric.rebuffer_duration{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "avg:mux.metric.rebuffer_frequency{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query5", + "query": "avg:mux.metric.rebuffer_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 3, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Rebuffer Count", + "formula": "query2" + }, + { + "cell_display_mode": "number", + "alias": "Rebuffer Duration", + "formula": "query3" + }, + { + "cell_display_mode": "number", + "alias": "Rebuffer Frequency", + "number_format": { + "unit": { + "type": "canonical_unit", + "per_unit_name": "minute" + } + }, + "formula": "query4" + }, + { + "alias": "Smoothness Score", + "formula": "query1 * 100" + }, + { + "alias": "Rebuffer Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query5 * 100" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 19, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 86, + "width": 12, + "height": 24 + } + }, + { + "id": 5070840369040136, + "definition": { + "title": "Video Quality", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7390564078879392, + "definition": { + "title": "Average Video Quality Score", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_quality_score{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 1229883020208502, + "definition": { + "title": "Video Quality Score Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Video Quality Score", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_quality_score{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 3 + } + }, + { + "id": 2309946839235418, + "definition": { + "title": "Weighted Average Bitrate", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.weighted_average_bitrate{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit_scale": { + "type": "canonical_unit", + "unit_name": "bit" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 38538954247440, + "definition": { + "title": "Weighted Average Bitrate Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Weighted Average Bitrate", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.weighted_average_bitrate{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 3 + } + }, + { + "id": 2741121569755672, + "definition": { + "title": "Average Upscale Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.upscale_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": false, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 4, + "height": 3 + } + }, + { + "id": 4128572692652006, + "definition": { + "title": "Upscale Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Upscale Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.upscale_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 6, + "width": 8, + "height": 3 + } + }, + { + "id": 5478455287138638, + "definition": { + "title": "Average Downscale Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.downscale_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 4, + "height": 3 + } + }, + { + "id": 2007567121576290, + "definition": { + "title": "Downscale Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Downscale Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.downscale_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 9, + "width": 8, + "height": 3 + } + }, + { + "id": 6862787917948638, + "definition": { + "title": "Average of Max Upscale Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.max_upscale_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 3 + } + }, + { + "id": 3869465964272090, + "definition": { + "title": "Max Upscale Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Max Upscale Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.max_upscale_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 12, + "width": 8, + "height": 3 + } + }, + { + "id": 1056987583365914, + "definition": { + "title": "Average of Max Downscale Percentage", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.max_downscale_percentage{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 4, + "height": 3 + } + }, + { + "id": 5172304773900428, + "definition": { + "title": "Max Downscale Percentage Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Max Downscale Percentage", + "formula": "query1 * 100" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.max_downscale_percentage{$Video_Id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 15, + "width": 8, + "height": 3 + } + }, + { + "id": 6114720235628602, + "definition": { + "title": "Average Live Stream Latency", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.live_stream_latency{$Video_Id}", + "aggregator": "avg" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cde5f5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 18, + "width": 4, + "height": 3 + } + }, + { + "id": 8337865062113938, + "definition": { + "title": "Live Stream Latency Overtime", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "alias": "Live Stream Latency", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.live_stream_latency{$Video_Id} by {video_id}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ], + "yaxis": { + "include_zero": true, + "max": "auto" + } + }, + "layout": { + "x": 4, + "y": 18, + "width": 8, + "height": 3 + } + }, + { + "id": 6601500419927196, + "definition": { + "title": "Top Videos with High Quality Score", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:mux.metric.video_quality_score{$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1 * 100" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 21, + "width": 12, + "height": 4 + } + }, + { + "id": 3271158187474932, + "definition": { + "title": "Video Quality Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:mux.metric.video_quality_score{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:mux.metric.live_stream_latency{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:mux.metric.weighted_average_bitrate{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 2, + "order": "desc" + } + ] + }, + "formulas": [ + { + "alias": "Live Stream Latency", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "formula": "query2" + }, + { + "alias": "Weighted Average Bitrate", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "bit", + "per_unit_name": "second" + }, + "unit_scale": { + "type": "canonical_unit", + "unit_name": "bit" + } + }, + "formula": "query3" + }, + { + "alias": "Video Quality Score", + "formula": "query1 * 100" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 25, + "width": 12, + "height": 4 + } + }, + { + "id": 6980401583290302, + "definition": { + "title": "Upscale/Downscale Percentage Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:mux.metric.upscale_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:mux.metric.max_upscale_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:mux.metric.downscale_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "avg:mux.metric.max_downscale_percentage{video_id:*,$Video_Id} by {video_id}", + "aggregator": "avg" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "alias": "Upscale Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100" + }, + { + "alias": "Max Upscale Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query2 * 100" + }, + { + "alias": "Downscale Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query3 * 100" + }, + { + "alias": "Max Downscale Percentage", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query4 * 100" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 29, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 110, + "width": 12, + "height": 34 + } + } + ], + "template_variables": [ + { + "name": "Video_Id", + "prefix": "video_id", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/mux/assets/monitors/anomaly_detected_in_page_load_time.json b/mux/assets/monitors/anomaly_detected_in_page_load_time.json new file mode 100644 index 0000000000000..48a2c223e3e7d --- /dev/null +++ b/mux/assets/monitors/anomaly_detected_in_page_load_time.json @@ -0,0 +1,45 @@ +{ + "version": 2, + "created_at": "2024-09-24", + "last_updated_at": "2024-09-24", + "title": "Anomaly Detected in Page Load Time", + "description": "Anomalies in page load time indicate potential performance issues affecting user experience. This monitor detects deviations from normal load times to identify slowdowns. Timely alerts help ensure quick resolution, maintaining optimal site performance and user satisfaction.", + "definition": { + "id": 154116834, + "name": "[Mux] Anomaly Detected in Page Load Time", + "type": "query alert", + "query": "avg(last_2d):anomalies(max:mux.metric.page_load_time{*} by {video_id}, 'agile', 2, direction='both', interval=600, alert_window='last_4h', timezone='utc', count_default_zero='true', seasonality='daily') >= 1", + "message": "{{#is_warning}} \nThe page load time for video id: {{video_id.name}} has exceeded the threshold. \nCurrent Page Load Time: {{value}}% \nThreshold: {{warn_threshold}}% \n{{/is_warning}}\n\n{{#is_alert}} \nThe page load time for video id: {{video_id.name}} has exceeded the threshold. \nCurrent Page Load Time: {{value}}% \nThreshold: {{threshold}}% \n{{/is_alert}}\n\n\n@example@example.com", + "tags": [ + "integration:mux" + ], + "options": { + "thresholds": { + "critical": 1, + "critical_recovery": 0, + "warning": 0.5 + }, + "notify_audit": false, + "require_full_window": false, + "renotify_interval": 0, + "threshold_windows": { + "trigger_window": "last_4h", + "recovery_window": "last_1h" + }, + "on_missing_data": "default", + "include_tags": false, + "notify_by": [ + "*" + ], + "new_group_delay": 60, + "silenced": {} + }, + "priority": 3, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:mux" + ] +} diff --git a/mux/assets/monitors/playback_failure_percentage_is_higher_than_usual.json b/mux/assets/monitors/playback_failure_percentage_is_higher_than_usual.json new file mode 100644 index 0000000000000..3316d0ed8f1ef --- /dev/null +++ b/mux/assets/monitors/playback_failure_percentage_is_higher_than_usual.json @@ -0,0 +1,35 @@ +{ + "version": 2, + "created_at": "2024-09-24", + "last_updated_at": "2024-09-24", + "title": "Playback Failure Percentage is higher than usual", + "description": "Playback failures occur when a video cannot be played successfully. This monitor tracks the percentage of these failures to identify streaming quality issues. High rates can frustrate users and reduce engagement, so timely alerts are essential for maintaining a smooth viewing experience.", + "definition": { + "id": 154118176, + "name": "[Mux] Playback Failure Percentage is higher than usual", + "type": "query alert", + "query": "max(last_4h):max:mux.metric.playback_failure_percentage{*} by {video_id} > 20", + "message": "{{#is_warning}} \nThe playback failure percentage for video id: {{video_id.name}} has exceeded the threshold. \nCurrent Playback Failure Percentage: {{value}}% \nThreshold: {{warn_threshold}}% \n{{/is_warning}}\n\n{{#is_alert}} \nThe playback failure percentage for video id: {{video_id.name}} has exceeded the threshold. \nCurrent Playback Failure Percentage: {{value}}% \nThreshold: {{threshold}}% \n{{/is_alert}}\n\n\n@example@example.com", + "tags": [ + "integration:mux" + ], + "options": { + "thresholds": { + "critical": 20, + "warning": 10 + }, + "notify_audit": false, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "silenced": {} + }, + "priority": 2, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:mux" + ] +} diff --git a/mux/assets/monitors/video_startup_failure_percentage_is_higher_than_usual.json b/mux/assets/monitors/video_startup_failure_percentage_is_higher_than_usual.json new file mode 100644 index 0000000000000..880bc63f322de --- /dev/null +++ b/mux/assets/monitors/video_startup_failure_percentage_is_higher_than_usual.json @@ -0,0 +1,35 @@ +{ + "version": 2, + "created_at": "2024-09-24", + "last_updated_at": "2024-09-24", + "title": "Video Startup Failure Percentage is higher than usual", + "description": "Video startup failures happen when a video fails to start for users. This monitor tracks the percentage of these failures to identify issues in delivery. High rates can lead to poor user experience and increased churn, making timely alerts essential for maintaining viewer satisfaction.", + "definition": { + "id": 154118482, + "name": "[Mux] Video Startup Failure Percentage is higher than usual", + "type": "query alert", + "query": "max(last_4h):max:mux.metric.video_startup_failure_percentage{*} by {video_id} > 20", + "message": "{{#is_warning}} \nThe Video Startup Failure Percentage for video id: {{video_id.name}} has exceeded the threshold. \nCurrent Video Startup Failure Percentage: {{value}}% \nThreshold: {{warn_threshold}}% \n{{/is_warning}}\n\n{{#is_alert}} \nThe Video Startup Failure Percentage for video id: {{video_id.name}} has exceeded the threshold. \nCurrent Video Startup Failure Percentage: {{value}}% \nThreshold: {{threshold}}% \n{{/is_alert}}\n\n\n@example@example.com", + "tags": [ + "integration:mux" + ], + "options": { + "thresholds": { + "critical": 20, + "warning": 10 + }, + "notify_audit": false, + "on_missing_data": "default", + "include_tags": true, + "new_group_delay": 60, + "silenced": {} + }, + "priority": 2, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:mux" + ] +} diff --git a/mux/assets/mux.svg b/mux/assets/mux.svg new file mode 100644 index 0000000000000..d40e1c30ac301 --- /dev/null +++ b/mux/assets/mux.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/mux/assets/service_checks.json b/mux/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/mux/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/mux/images/mux_metrics_1.png b/mux/images/mux_metrics_1.png new file mode 100644 index 0000000000000..6fa40973b6294 Binary files /dev/null and b/mux/images/mux_metrics_1.png differ diff --git a/mux/images/mux_metrics_2.png b/mux/images/mux_metrics_2.png new file mode 100644 index 0000000000000..ced125df21148 Binary files /dev/null and b/mux/images/mux_metrics_2.png differ diff --git a/mux/images/mux_metrics_3.png b/mux/images/mux_metrics_3.png new file mode 100644 index 0000000000000..26221160c989b Binary files /dev/null and b/mux/images/mux_metrics_3.png differ diff --git a/mux/images/mux_metrics_4.png b/mux/images/mux_metrics_4.png new file mode 100644 index 0000000000000..b550dd6437ba0 Binary files /dev/null and b/mux/images/mux_metrics_4.png differ diff --git a/mux/images/mux_metrics_5.png b/mux/images/mux_metrics_5.png new file mode 100644 index 0000000000000..6f8a9376fbadb Binary files /dev/null and b/mux/images/mux_metrics_5.png differ diff --git a/mux/images/mux_overview.png b/mux/images/mux_overview.png new file mode 100644 index 0000000000000..4825148a62c2a Binary files /dev/null and b/mux/images/mux_overview.png differ diff --git a/mux/manifest.json b/mux/manifest.json new file mode 100644 index 0000000000000..5210072ad0ace --- /dev/null +++ b/mux/manifest.json @@ -0,0 +1,78 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "9c1e5a09-836f-49c8-bbb2-2dd7f86ad0de", + "app_id": "mux", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Monitor Mux video performance and metrics.", + "title": "Mux", + "media": [ + { + "caption": "Mux - Metrics", + "image_url": "images/mux_metrics_1.png", + "media_type": "image" + }, + { + "caption": "Mux - Metrics", + "image_url": "images/mux_metrics_2.png", + "media_type": "image" + }, + { + "caption": "Mux - Metrics", + "image_url": "images/mux_metrics_3.png", + "media_type": "image" + }, + { + "caption": "Mux - Metrics", + "image_url": "images/mux_metrics_4.png", + "media_type": "image" + }, + { + "caption": "Mux - Metrics", + "image_url": "images/mux_metrics_5.png", + "media_type": "image" + } + ], + "classifier_tags": [ + "Category::Metrics", + "Offering::Integration", + "Submitted Data Type::Metrics" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 26205496, + "source_type_name": "Mux", + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "mux.", + "check": "mux.metric.views", + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "dashboards": { + "Mux - Metrics": "assets/dashboards/mux_metrics.json" + }, + "monitors": { + "Anomaly Detected in Page Load Time": "assets/monitors/anomaly_detected_in_page_load_time.json", + "Playback Failure Percentage is higher than usual": "assets/monitors/playback_failure_percentage_is_higher_than_usual.json", + "Video Startup Failure Percentage is higher than usual": "assets/monitors/video_startup_failure_percentage_is_higher_than_usual.json" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/mux/metadata.csv b/mux/metadata.csv new file mode 100644 index 0000000000000..0d4e5bc0507fa --- /dev/null +++ b/mux/metadata.csv @@ -0,0 +1,29 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags +mux.metric.aggregate_startup_time,gauge,,millisecond,,Total time taken for the video to start across all viewers.,1,mux,aggregate_startup_time,, +mux.metric.downscale_percentage,gauge,,percent,,Percentage of time the video was downscaled to a lower resolution.,1,mux,downscale_percentage,, +mux.metric.exits_before_video_start,gauge,,percent,,Percentage of users who exited before the video started playing.,1,mux,exits_before_video_start,, +mux.metric.live_stream_latency,gauge,,millisecond,,Delay between the live stream broadcast and when viewers see it.,1,mux,live_stream_latency,, +mux.metric.max_downscale_percentage,gauge,,percent,,Highest percentage of downscaled video during playback.,1,mux,max_downscale_percentage,, +mux.metric.max_upscale_percentage,gauge,,percent,,Highest percentage of upscaled video during playback.,1,mux,max_upscale_percentage,, +mux.metric.page_load_time,gauge,,millisecond,,Time it takes for the page hosting the video to load.,1,mux,page_load_time,, +mux.metric.playback_business_exception_percentage,gauge,,percent,,Percentage of playback failures caused by business-related issues.,1,mux,playback_business_exception_percentage,, +mux.metric.playback_failure_percentage,gauge,,percent,,Percentage of playback failures due to technical issues.,1,mux,playback_failure_percentage,, +mux.metric.playback_success_score,gauge,,,,Score representing playback success score of the video.,1,mux,playback_success_score,, +mux.metric.player_startup_time,gauge,,millisecond,,Time it takes for the video player to start playback.,1,mux,player_startup_time,, +mux.metric.playing_time,gauge,,millisecond,,Total time viewers spent watching the video.,1,mux,playing_time,, +mux.metric.rebuffer_count,gauge,,,,Total number of times the video buffered during playback.,1,mux,rebuffer_count,, +mux.metric.rebuffer_duration,gauge,,millisecond,,Total duration of buffering during playback.,1,mux,rebuffer_duration,, +mux.metric.rebuffer_frequency,gauge,,,minute,Frequency of buffering events per viewer.,1,mux,rebuffer_frequency,, +mux.metric.rebuffer_percentage,gauge,,percent,,Percentage of time spent buffering during playback.,1,mux,rebuffer_percentage,, +mux.metric.seek_latency,gauge,,millisecond,,Delay experienced when seeking to different parts of the video.,1,mux,seek_latency,, +mux.metric.smoothness_score,gauge,,,,Score representing smoothness score of the video.,1,mux,smoothness_score,, +mux.metric.startup_time_score,gauge,,,,Score representing how efficiently videos are starting.,1,mux,startup_time_score,, +mux.metric.unique_viewers,gauge,,,,Number of unique viewers who watched the video.,1,mux,unique_viewers,, +mux.metric.upscale_percentage,gauge,,percent,,Percentage of time the video was upscaled to a higher resolution.,1,mux,upscale_percentage,, +mux.metric.video_quality_score,gauge,,,,Score representing overall video quality based on resolution and bitrate.,1,mux,video_quality_score,, +mux.metric.video_startup_business_exception_percentage,gauge,,percent,,Percentage of video startup issues due to business-related exceptions.,1,mux,video_startup_business_exception_percentage,, +mux.metric.video_startup_failure_percentage,gauge,,percent,,Percentage of video startup failures due to technical issues.,1,mux,video_startup_failure_percentage,, +mux.metric.video_startup_time,gauge,,millisecond,,Time it takes for the video to start after a viewer initiates playback.,1,mux,video_startup_time,, +mux.metric.viewer_experience_score,gauge,,,,Score representing the overall viewer experience based on key metrics.,1,mux,viewer_experience_score,, +mux.metric.views,gauge,,,,Total number of views for the video.,1,mux,views,, +mux.metric.weighted_average_bitrate,gauge,,bit,second,"Average bitrate of video playback, weighted by viewer experience.",1,mux,weighted_average_bitrate,, diff --git a/mysql/CHANGELOG.md b/mysql/CHANGELOG.md index 3547c67c68d54..8955a0d54701d 100644 --- a/mysql/CHANGELOG.md +++ b/mysql/CHANGELOG.md @@ -2,6 +2,13 @@ +## 14.3.0 / 2024-11-28 + +***Added***: + +* Added the `dbms_flavor` tag to MySQL integration metrics and events to identify the database type. This tag indicates whether the database is MySQL or MariaDB. ([#18950](https://github.com/DataDog/integrations-core/pull/18950)) +* Submit database_hostname with database instance and metrics for MySQL, Postgres, and SQLServer ([#18969](https://github.com/DataDog/integrations-core/pull/18969)) + ## 14.2.0 / 2024-11-06 ***Added***: @@ -28,10 +35,6 @@ ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Update the `propagate_agent_tags` setting. When set to `true`, the tags from the agent host are now added to the check's tags for all instances. ([#18400](https://github.com/DataDog/integrations-core/pull/18400)) ***Fixed***: @@ -48,6 +51,10 @@ * Bump version of cryptography to 43.0.1 to address vulnerability ([#18656](https://github.com/DataDog/integrations-core/pull/18656)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 12.8.0 / 2024-09-05 ***Added***: @@ -64,7 +71,7 @@ * Adding databases (schemas) data collection to MySQL These data include information about the tables, their columns, indexes, foreign keys, and partitions. ([#17916](https://github.com/DataDog/integrations-core/pull/17916)) -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ***Fixed***: diff --git a/mysql/assets/configuration/spec.yaml b/mysql/assets/configuration/spec.yaml index ce50bc273edf2..4b6104ea1cf89 100644 --- a/mysql/assets/configuration/spec.yaml +++ b/mysql/assets/configuration/spec.yaml @@ -665,6 +665,8 @@ files: description: | Set to `false` to disable the collection of comments in your SQL statements. Requires `collect_metadata: true`. + Note: This option must be `true` in order to correlate Database Monitoring samples and APM traces. + See https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm value: type: boolean example: true diff --git a/mysql/changelog.d/18950.added b/mysql/changelog.d/18950.added deleted file mode 100644 index e5959091a608d..0000000000000 --- a/mysql/changelog.d/18950.added +++ /dev/null @@ -1 +0,0 @@ -Added the `dbms_flavor` tag to MySQL integration metrics and events to identify the database type. This tag indicates whether the database is MySQL or MariaDB. diff --git a/mysql/changelog.d/19121.added b/mysql/changelog.d/19121.added new file mode 100644 index 0000000000000..97990bdf0ca9b --- /dev/null +++ b/mysql/changelog.d/19121.added @@ -0,0 +1 @@ +Add `mysql.performance.performance_schema_digest_lost`, the number of digest instances that could not be instrumented in the `events_statements_summary_by_digest` table. diff --git a/mysql/datadog_checks/mysql/__about__.py b/mysql/datadog_checks/mysql/__about__.py index 89a066d3cc640..58eaa19f57f56 100644 --- a/mysql/datadog_checks/mysql/__about__.py +++ b/mysql/datadog_checks/mysql/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = "14.2.0" +__version__ = "14.3.0" diff --git a/mysql/datadog_checks/mysql/const.py b/mysql/datadog_checks/mysql/const.py index fc2cb7d1f2e48..d69dc33dae014 100644 --- a/mysql/datadog_checks/mysql/const.py +++ b/mysql/datadog_checks/mysql/const.py @@ -39,6 +39,8 @@ # Table Cache Metrics 'Open_files': ('mysql.performance.open_files', GAUGE), 'Open_tables': ('mysql.performance.open_tables', GAUGE), + # Performance schema metrics + 'Performance_schema_digest_lost': ('mysql.performance.performance_schema_digest_lost', GAUGE), # Network Metrics 'Bytes_sent': ('mysql.performance.bytes_sent', RATE), 'Bytes_received': ('mysql.performance.bytes_received', RATE), diff --git a/mysql/datadog_checks/mysql/data/conf.yaml.example b/mysql/datadog_checks/mysql/data/conf.yaml.example index 3dbf966831e81..234a9fb7312e3 100644 --- a/mysql/datadog_checks/mysql/data/conf.yaml.example +++ b/mysql/datadog_checks/mysql/data/conf.yaml.example @@ -609,6 +609,8 @@ instances: ## @param collect_comments - boolean - optional - default: true ## Set to `false` to disable the collection of comments in your SQL statements. ## Requires `collect_metadata: true`. + ## Note: This option must be `true` in order to correlate Database Monitoring samples and APM traces. + ## See https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm # # collect_comments: true diff --git a/mysql/datadog_checks/mysql/mysql.py b/mysql/datadog_checks/mysql/mysql.py index 69e40133a0a09..23f571a09368a 100644 --- a/mysql/datadog_checks/mysql/mysql.py +++ b/mysql/datadog_checks/mysql/mysql.py @@ -109,6 +109,7 @@ def __init__(self, name, init_config, instances): self.is_mariadb = None self._resolved_hostname = None self._agent_hostname = None + self._database_hostname = None self._is_aurora = None self._config = MySQLConfig(self.instance, init_config) self.tags = self._config.tags @@ -170,7 +171,16 @@ def agent_hostname(self): self._agent_hostname = datadog_agent.get_hostname() return self._agent_hostname + @property + def database_hostname(self): + # type: () -> str + if self._database_hostname is None: + self._database_hostname = self.resolve_db_host() + return self._database_hostname + def set_resource_tags(self): + self.tags.append("database_hostname:{}".format(self.database_hostname)) + if self.cloud_metadata.get("gcp") is not None: self.tags.append( "dd.internal.resource:gcp_sql_database_instance:{}:{}".format( @@ -1303,6 +1313,7 @@ def _send_database_instance_metadata(self): event = { "host": self.resolved_hostname, "port": self._config.port, + "database_hostname": self.database_hostname, "agent_version": datadog_agent.get_version(), "dbms": "mysql", "kind": "database_instance", diff --git a/mysql/metadata.csv b/mysql/metadata.csv index 4737e971e22c2..027b8ce425e3a 100644 --- a/mysql/metadata.csv +++ b/mysql/metadata.csv @@ -170,6 +170,7 @@ mysql.performance.max_prepared_stmt_count,gauge,,,,The maximum allowed prepared mysql.performance.open_files,gauge,,file,,The number of open files.,0,mysql,open files, mysql.performance.open_tables,gauge,,table,,The number of of tables that are open.,0,mysql,open tables, mysql.performance.opened_tables,gauge,,table,second,"The number of tables that have been opened. If `opened_tables` is big, your `table_open_cache` value is probably too small.",0,mysql,mysql performance opened_tables, +mysql.performance.performance_schema_digest_lost,gauge,,,,The number of digest instances that could not be instrumented in the events_statements_summary_by_digest table. This can be nonzero if the value of performance_schema_digests_size is too small.,0,mysql,mysql performance performance schema digest lost, mysql.performance.prepared_stmt_count,gauge,,query,second,The current number of prepared statements.,0,mysql,current prepared statements, mysql.performance.qcache.utilization,gauge,,fraction,,Fraction of the query cache memory currently being used.,0,mysql,mysql performance qcache utilization, mysql.performance.qcache_free_blocks,gauge,,block,,The number of free memory blocks in the query cache.,0,mysql,mysql performance qcache_free_blocks, diff --git a/mysql/tests/tags.py b/mysql/tests/tags.py index 0543af7c2bbdf..4cd89f39fcc81 100644 --- a/mysql/tests/tags.py +++ b/mysql/tests/tags.py @@ -3,12 +3,16 @@ # Licensed under a 3-clause BSD style license (see LICENSE) from . import common -DATABASE_INSTANCE_RESOURCE_TAG = 'dd.internal.resource:database_instance:{hostname}' + +def database_instance_resource_tags(hostname): + return [f'dd.internal.resource:database_instance:{hostname}', f'database_hostname:{hostname}'] + + METRIC_TAGS = ['tag1:value1', 'tag2:value2'] METRIC_TAGS_WITH_RESOURCE = [ 'tag1:value1', 'tag2:value2', - DATABASE_INSTANCE_RESOURCE_TAG.format(hostname='stubbed.hostname'), + *database_instance_resource_tags('stubbed.hostname'), 'dbms_flavor:{}'.format(common.MYSQL_FLAVOR.lower()), ] SC_TAGS = [ @@ -16,11 +20,18 @@ 'tag1:value1', 'tag2:value2', ] -SC_TAGS_MIN = ['port:' + str(common.PORT), DATABASE_INSTANCE_RESOURCE_TAG.format(hostname='stubbed.hostname')] +SC_TAGS_MIN = [ + 'port:' + str(common.PORT), + *database_instance_resource_tags('stubbed.hostname'), +] SC_TAGS_REPLICA = [ 'port:' + str(common.SLAVE_PORT), 'tag1:value1', 'tag2:value2', 'dd.internal.resource:database_instance:stubbed.hostname', + 'database_hostname:stubbed.hostname', +] +SC_FAILURE_TAGS = [ + 'port:unix_socket', + *database_instance_resource_tags('stubbed.hostname'), ] -SC_FAILURE_TAGS = ['port:unix_socket', DATABASE_INSTANCE_RESOURCE_TAG.format(hostname='stubbed.hostname')] diff --git a/mysql/tests/test_metadata.py b/mysql/tests/test_metadata.py index b60f1d08bd428..648fe032a6d36 100644 --- a/mysql/tests/test_metadata.py +++ b/mysql/tests/test_metadata.py @@ -676,6 +676,7 @@ def test_collect_schemas(aggregator, dd_run_check, dbm_instance): assert schema_event.get("dbms_version") is not None assert (schema_event.get("flavor") == "MariaDB") or (schema_event.get("flavor") == "MySQL") assert sorted(schema_event["tags"]) == [ + 'database_hostname:stubbed.hostname', 'dbms_flavor:{}'.format(common.MYSQL_FLAVOR.lower()), 'dd.internal.resource:database_instance:stubbed.hostname', 'port:13306', @@ -701,6 +702,7 @@ def test_collect_schemas(aggregator, dd_run_check, dbm_instance): assert deep_compare(expected_data_for_db[db_name], actual_payload) +@pytest.mark.integration def test_schemas_collection_truncated(aggregator, dd_run_check, dbm_instance): dbm_instance['dbm'] = True diff --git a/mysql/tests/test_mysql.py b/mysql/tests/test_mysql.py index e732801b59b3e..f8214ee777781 100644 --- a/mysql/tests/test_mysql.py +++ b/mysql/tests/test_mysql.py @@ -101,7 +101,7 @@ def test_complex_config(aggregator, dd_run_check, instance_complex): _assert_complex_config( aggregator, - tags.SC_TAGS + [tags.DATABASE_INSTANCE_RESOURCE_TAG.format(hostname='stubbed.hostname')], + tags.SC_TAGS + tags.database_instance_resource_tags('stubbed.hostname'), tags.METRIC_TAGS_WITH_RESOURCE, ) aggregator.assert_metrics_using_metadata( @@ -116,8 +116,8 @@ def test_e2e(dd_agent_check, dd_default_hostname, instance_complex): aggregator = dd_agent_check(instance_complex) _assert_complex_config( aggregator, - tags.SC_TAGS + [tags.DATABASE_INSTANCE_RESOURCE_TAG.format(hostname=dd_default_hostname)], - tags.METRIC_TAGS + ['dbms_flavor:{}'.format(MYSQL_FLAVOR.lower())], + tags.SC_TAGS + tags.database_instance_resource_tags(dd_default_hostname), + tags.METRIC_TAGS + [f'database_hostname:{dd_default_hostname}', 'dbms_flavor:{}'.format(MYSQL_FLAVOR.lower())], hostname=dd_default_hostname, e2e=True, ) @@ -390,6 +390,7 @@ def test_complex_config_replica(aggregator, dd_run_check, instance_complex): assert mysql_check._is_group_replication_active(db) is False +@pytest.mark.integration @pytest.mark.parametrize( 'dbm_enabled, reported_hostname, expected_hostname', [ @@ -413,12 +414,10 @@ def test_correct_hostname(dbm_enabled, reported_hostname, expected_hostname, agg with mock.patch('datadog_checks.mysql.MySql.resolve_db_host', return_value='resolved.hostname') as resolve_db_host: mysql_check = MySql(common.CHECK_NAME, {}, [instance_basic]) dd_run_check(mysql_check) - if reported_hostname: - assert resolve_db_host.called is False, 'Expected resolve_db_host.called to be False' - else: - assert resolve_db_host.called is True + assert resolve_db_host.called is True expected_tags = [ + 'database_hostname:{}'.format(mysql_check.database_hostname), 'server:{}'.format(HOST), 'port:{}'.format(PORT), 'dd.internal.resource:database_instance:{}'.format(expected_hostname), @@ -709,7 +708,8 @@ def test_set_resources(aggregator, dd_run_check, instance_basic, cloud_metadata, for m in metric_names: aggregator.assert_metric_has_tag("mysql.net.connections", m) aggregator.assert_metric_has_tag( - "mysql.net.connections", tags.DATABASE_INSTANCE_RESOURCE_TAG.format(hostname=mysql_check.resolved_hostname) + "mysql.net.connections", + f'dd.internal.resource:database_instance:{mysql_check.resolved_hostname}', ) @@ -792,6 +792,7 @@ def test_propagate_agent_tags( expected_tags = ( instance_basic.get('tags', []) + [ + 'database_hostname:stubbed.hostname', 'server:{}'.format(HOST), 'port:{}'.format(PORT), 'dd.internal.resource:database_instance:forced_hostname', diff --git a/mysql/tests/test_query_activity.py b/mysql/tests/test_query_activity.py index 5189f4b23be6e..6571e60c6d820 100644 --- a/mysql/tests/test_query_activity.py +++ b/mysql/tests/test_query_activity.py @@ -113,6 +113,7 @@ def _run_blocking(conn): assert activity['ddsource'] == 'mysql' assert activity['ddagentversion'], "missing agent version" assert set(activity['ddtags']) == { + 'database_hostname:stubbed.hostname', 'tag1:value1', 'tag2:value2', 'port:13306', @@ -525,6 +526,7 @@ def test_events_wait_current_disabled_no_warning_azure_flexible_server( # directly to metrics-intake, so they should also be properly tagged with a resource def _expected_dbm_job_err_tags(dbm_instance): return dbm_instance['tags'] + [ + 'database_hostname:stubbed.hostname', 'job:query-activity', 'port:{}'.format(PORT), 'dd.internal.resource:database_instance:stubbed.hostname', diff --git a/mysql/tests/test_statements.py b/mysql/tests/test_statements.py index 0f667e164c2af..8269073ea517a 100644 --- a/mysql/tests/test_statements.py +++ b/mysql/tests/test_statements.py @@ -854,6 +854,7 @@ def test_async_job_cancel(aggregator, dd_run_check, dbm_instance): def _expected_dbm_instance_tags(dbm_instance): return dbm_instance.get('tags', []) + [ + 'database_hostname:{}'.format('stubbed.hostname'), 'server:{}'.format(common.HOST), 'port:{}'.format(common.PORT), 'dbms_flavor:{}'.format(MYSQL_FLAVOR.lower()), @@ -864,6 +865,7 @@ def _expected_dbm_instance_tags(dbm_instance): # directly to metrics-intake, so they should also be properly tagged with a resource def _expected_dbm_job_err_tags(dbm_instance): return dbm_instance['tags'] + [ + 'database_hostname:{}'.format('stubbed.hostname'), 'port:{}'.format(common.PORT), 'server:{}'.format(common.HOST), 'dd.internal.resource:database_instance:stubbed.hostname', diff --git a/mysql/tests/test_unit.py b/mysql/tests/test_unit.py index 94ae3912e4197..ac84bbf83d4fb 100644 --- a/mysql/tests/test_unit.py +++ b/mysql/tests/test_unit.py @@ -298,14 +298,44 @@ def cursor(self): @pytest.mark.parametrize( 'disable_generic_tags, hostname, expected_tags', [ - (True, None, {'port:unix_socket', 'dd.internal.resource:database_instance:stubbed.hostname'}), + ( + True, + None, + { + 'port:unix_socket', + 'database_hostname:stubbed.hostname', + 'dd.internal.resource:database_instance:stubbed.hostname', + }, + ), ( False, None, - {'port:unix_socket', 'server:localhost', 'dd.internal.resource:database_instance:stubbed.hostname'}, + { + 'port:unix_socket', + 'server:localhost', + 'database_hostname:stubbed.hostname', + 'dd.internal.resource:database_instance:stubbed.hostname', + }, + ), + ( + True, + 'foo', + { + 'port:unix_socket', + 'database_hostname:stubbed.hostname', + 'dd.internal.resource:database_instance:stubbed.hostname', + }, + ), + ( + False, + 'foo', + { + 'port:unix_socket', + 'server:foo', + 'database_hostname:stubbed.hostname', + 'dd.internal.resource:database_instance:stubbed.hostname', + }, ), - (True, 'foo', {'port:unix_socket', 'dd.internal.resource:database_instance:stubbed.hostname'}), - (False, 'foo', {'port:unix_socket', 'server:foo', 'dd.internal.resource:database_instance:stubbed.hostname'}), ], ) def test_service_check(disable_generic_tags, expected_tags, hostname): diff --git a/mysql/tests/variables.py b/mysql/tests/variables.py index 246616bc1c426..825c44307f76e 100644 --- a/mysql/tests/variables.py +++ b/mysql/tests/variables.py @@ -25,6 +25,8 @@ # Table Cache Metrics 'mysql.performance.open_files', 'mysql.performance.open_tables', + # Performance schema metrics + 'mysql.performance.performance_schema_digest_lost', # Network Metrics 'mysql.performance.bytes_sent', 'mysql.performance.bytes_received', diff --git a/nagios/CHANGELOG.md b/nagios/CHANGELOG.md index 7bd7b40f61ad2..355b10560e7ff 100644 --- a/nagios/CHANGELOG.md +++ b/nagios/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.13.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/network/CHANGELOG.md b/network/CHANGELOG.md index 7f343bb2e6437..ee06a54a087e3 100644 --- a/network/CHANGELOG.md +++ b/network/CHANGELOG.md @@ -14,10 +14,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -36,6 +32,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 3.4.0 / 2024-09-05 diff --git a/network_path/manifest.json b/network_path/manifest.json index ea5c107897c1f..e43f0cf937a66 100644 --- a/network_path/manifest.json +++ b/network_path/manifest.json @@ -13,6 +13,7 @@ "media": [], "classifier_tags": [ "Supported OS::Linux", + "Supported OS::Windows", "Category::Network", "Offering::Integration" ] diff --git a/nfsstat/CHANGELOG.md b/nfsstat/CHANGELOG.md index f0a3086537b07..2ee0f4464afbd 100644 --- a/nfsstat/CHANGELOG.md +++ b/nfsstat/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.13.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/nginx/CHANGELOG.md b/nginx/CHANGELOG.md index 22fd3f5399c01..e4619d46162d8 100644 --- a/nginx/CHANGELOG.md +++ b/nginx/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/nginx/tests/docker/docker-compose.yaml b/nginx/tests/docker/docker-compose.yaml index 115f96399c8c8..6c7b2ecc34dc3 100644 --- a/nginx/tests/docker/docker-compose.yaml +++ b/nginx/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.5' - services: nginx: image: ${NGINX_IMAGE} diff --git a/nginx_ingress_controller/CHANGELOG.md b/nginx_ingress_controller/CHANGELOG.md index 7a56d7c237053..d136636c95aab 100644 --- a/nginx_ingress_controller/CHANGELOG.md +++ b/nginx_ingress_controller/CHANGELOG.md @@ -23,6 +23,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.6.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/nvidia_nim/CHANGELOG.md b/nvidia_nim/CHANGELOG.md new file mode 100644 index 0000000000000..fbd141ca35f92 --- /dev/null +++ b/nvidia_nim/CHANGELOG.md @@ -0,0 +1,13 @@ +# CHANGELOG - nvidia_nim + + + +## 1.0.0 / 2024-11-28 + +***Added***: + +* Initial Release ([#18964](https://github.com/DataDog/integrations-core/pull/18964)) + +***Fixed***: + +* Bump base package dependency to get fixed pyyaml. ([#19156](https://github.com/DataDog/integrations-core/pull/19156)) diff --git a/nvidia_nim/README.md b/nvidia_nim/README.md new file mode 100644 index 0000000000000..53d980b7bc0e9 --- /dev/null +++ b/nvidia_nim/README.md @@ -0,0 +1,62 @@ +# Agent Check: nvidia_nim + +## Overview + +This check monitors [NVIDIA NIM][1] through the Datadog Agent. + +## Setup + +Follow the instructions below to install and configure this check for an Agent running on a host. For containerized environments, see the [Autodiscovery Integration Templates][3] for guidance on applying these instructions. + +**Requirements**: +- This check requires Agent v7.61.0+ +- This check uses [OpenMetrics][10] for metric collection, which requires Python 3. + +### Installation + +The NVIDIA NIM check is included in the [Datadog Agent][2] package. No additional installation is needed on your server. + +### Configuration + +NVIDIA NIM provides Prometheus [metrics][1] indicating request statistics. By default, these metrics are available at http://localhost:8000/metrics. The Datadog Agent can collect the exposed metrics using this integration. Follow the instructions below to configure data collection from any or all of the components. + +To start collecting your NVIDIA NIM performance data: +1. Edit the `nvidia_nim.d/conf.yaml` file, in the `conf.d/` folder at the root of your Agent's configuration directory to start collecting your NVIDIA NIM performance data. See the [sample nvidia_nim.d/conf.yaml][4] for all available configuration options. + +2. [Restart the Agent][5]. + +### Validation + +[Run the Agent's status subcommand][6] and look for `nvidia_nim` under the Checks section. + +## Data Collected + +### Metrics + +See [metadata.csv][7] for a list of metrics provided by this integration. + +### Events + +The NVIDIA NIM integration does not include any events. + +### Service Checks + +The NVIDIA NIM integration does not include any service checks. + +See [service_checks.json][8] for a list of service checks provided by this integration. + +## Troubleshooting + +Need help? Contact [Datadog support][9]. + + +[1]: https://docs.nvidia.com/nim/large-language-models/latest/observability.html +[2]: https://app.datadoghq.com/account/settings/agent/latest +[3]: https://docs.datadoghq.com/agent/kubernetes/integrations/ +[4]: https://github.com/DataDog/integrations-core/blob/master/nvidia_nim/datadog_checks/nvidia_nim/data/conf.yaml.example +[5]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent +[6]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information +[7]: https://github.com/DataDog/integrations-core/blob/master/nvidia_nim/metadata.csv +[8]: https://github.com/DataDog/integrations-core/blob/master/nvidia_nim/assets/service_checks.json +[9]: https://docs.datadoghq.com/help/ +[10]: https://docs.datadoghq.com/integrations/openmetrics/ \ No newline at end of file diff --git a/nvidia_nim/assets/configuration/spec.yaml b/nvidia_nim/assets/configuration/spec.yaml new file mode 100644 index 0000000000000..6f739175a5acc --- /dev/null +++ b/nvidia_nim/assets/configuration/spec.yaml @@ -0,0 +1,16 @@ +name: nvidia_nim +files: +- name: nvidia_nim.yaml + options: + - template: init_config + options: + - template: init_config/openmetrics + - template: instances + options: + - template: instances/openmetrics + overrides: + openmetrics_endpoint.required: true + openmetrics_endpoint.value.example: http://localhost:8000/metrics + openmetrics_endpoint.description: | + Endpoint exposing the NVIDIA NIM's Prometheus metrics. For more information refer to: + https://docs.nvidia.com/nim/large-language-models/latest/observability.html \ No newline at end of file diff --git a/nvidia_nim/assets/dashboards/nvidia_nim_overview.json b/nvidia_nim/assets/dashboards/nvidia_nim_overview.json new file mode 100644 index 0000000000000..299362b371984 --- /dev/null +++ b/nvidia_nim/assets/dashboards/nvidia_nim_overview.json @@ -0,0 +1,1212 @@ +{ + "title": "NVIDIA NIM Overview", + "description": "## NVIDIA NIM\n\nThis dashboard provides observability for your NIM deployments with the NVIDIA NIM Integration.\n\nIt shows information about how many tokens your model is generating per second as well as exposing low-level details such as GPU usage and Python memory management.\n\n# Useful Links\n- [NVIDIA NIM Integration â†—](https://docs.datadoghq.com/integrations/nvidia_nim)\n- [NVIDIA NIM Metrics â†—](https://docs.nvidia.com/nim/large-language-models/latest/observability.html)\n- [vLLM Documentation â†—](https://docs.nvidia.com/nim/large-language-models/latest/introduction.html)", + "widgets": [ + { + "id": 4717263751542750, + "definition": { + "title": "", + "banner_img": "/static/images/logos/nvidia-nim_large.svg", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5685022835071772, + "definition": { + "type": "note", + "content": "## NVIDIA NIM\n\nThis dashboard provides observability for your NIM deployments with the NVIDIA NIM Integration.\n\nIt shows information about how many tokens your model is generating per second as well as exposing low-level details such as GPU usage and Python memory management.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8921963557059570, + "definition": { + "type": "note", + "content": "# Useful Links\n- [NVIDIA NIM Integration â†—](https://docs.datadoghq.com/integrations/nvidia_nim)\n- [NVIDIA NIM Metrics â†—](https://docs.nvidia.com/nim/large-language-models/latest/observability.html)\n- [NVIDIA NIM Documentation â†—](https://docs.nvidia.com/nim/large-language-models/latest/introduction.html)", + "background_color": "white", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 6 + } + }, + { + "id": 2737008660122334, + "definition": { + "title": "Overview", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4528647613111842, + "definition": { + "type": "note", + "content": "Here you can see an overview of your LLM of your system activity and any NIM alerts. The service checks on the left speak to the health of your NVIDIA NIM environment, while the ones on the right report on the readiness of your dependencies.\n", + "background_color": "green", + "font_size": "14", + "text_align": "center", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 1 + } + }, + { + "id": 2166067869769356, + "definition": { + "title": "NVIDIA NIM Health Check", + "title_size": "16", + "title_align": "left", + "type": "check_status", + "check": "nvidia_nim.openmetrics.health", + "grouping": "cluster", + "group_by": [ + "endpoint" + ], + "tags": [] + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 3037068311385910, + "definition": { + "title": "Successful Requests", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "aggregator": "sum", + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.request.success.count{$model_name}.as_count()" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars" + } + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 5175941643906344, + "definition": { + "title": "Average Request Latency", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query2 / query1" + } + ], + "queries": [ + { + "aggregator": "avg", + "data_source": "metrics", + "name": "query2", + "query": "sum:nvidia_nim.e2e_request_latency.seconds.sum{$model_name}.as_count()" + }, + { + "aggregator": "avg", + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.e2e_request_latency.seconds.count{$model_name}.as_count()" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars" + } + }, + "layout": { + "x": 4, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 7873059155305294, + "definition": { + "title": "Monitor Summary", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "text", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "tag:(integration:nvidia_nim)", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 2 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 6 + } + }, + { + "id": 2300381400792284, + "definition": { + "title": "K/V Cache Utilization and Request Metrics", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 995705405594846, + "definition": { + "type": "note", + "content": "The GPU is the workhorse of any LLM. It is also expensive to run. See here how many requests your GPU is running and how much you are taking advantage of its caching mechanisms.", + "background_color": "green", + "font_size": "18", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 1818057086692970, + "definition": { + "title": "Requests Waiting", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit" + } + }, + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:nvidia_nim.num_requests.waiting{$model_name, $host} by {model_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 1, + "width": 8, + "height": 3 + } + }, + { + "id": 6975549889095854, + "definition": { + "title": "Requests Waiting", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:nvidia_nim.num_requests.waiting{$model_name}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": "=", + "value": 0, + "palette": "white_on_green" + }, + { + "comparator": ">", + "value": 5, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 15, + "palette": "white_on_red" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "request" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "yaxis": { + "include_zero": false + }, + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 1, + "width": 4, + "height": 3 + } + }, + { + "id": 1084963586222678, + "definition": { + "title": "Requests Failed", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit" + } + }, + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.request.failure.count{$model_name, $host} by {model_name}.as_count()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 8, + "height": 3 + } + }, + { + "id": 2525646835263004, + "definition": { + "title": "Requests Failed", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "request" + } + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.request.failure.count{$model_name}.as_count()", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": "<=", + "value": 0, + "palette": "white_on_green" + }, + { + "comparator": ">", + "value": 0, + "palette": "white_on_red" + } + ] + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "bars" + } + }, + "layout": { + "x": 8, + "y": 4, + "width": 4, + "height": 3 + } + }, + { + "id": 6776207665378710, + "definition": { + "title": "Requests per second", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "requests", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.request.success.count{$model_name, $host} by {model_name}.as_rate()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 8, + "height": 3 + } + }, + { + "id": 3747999506353878, + "definition": { + "title": "Requests Running", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:nvidia_nim.num_requests.running{$model_name}", + "aggregator": "sum" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 0, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 3 + } + }, + { + "id": 2448557456884510, + "definition": { + "title": "GPU Cache Utilization", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:nvidia_nim.gpu_cache_usage_percent{$model_name, $host} by {model_name}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 10, + "width": 8, + "height": 3 + } + }, + { + "id": 5942456558543848, + "definition": { + "title": "K/V Cache Utilization", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:nvidia_nim.gpu_cache_usage_percent{$model_name}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": "<", + "value": 60, + "palette": "white_on_green" + }, + { + "comparator": "<=", + "value": 80, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 80, + "palette": "white_on_red" + } + ] + } + ], + "autoscale": false, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": false + }, + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 10, + "width": 4, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 14 + } + }, + { + "id": 880646291321010, + "definition": { + "title": "Text Generation", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5193429521650892, + "definition": { + "type": "note", + "content": "These metrics measure response latency, input-output token balance, and token generation efficiency to ensure performance and scalability.", + "background_color": "green", + "font_size": "18", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 7057133142091754, + "definition": { + "title": "Average Time to First Token (TFTT)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit" + } + }, + "formula": "query1 / query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.time_to_first_token.seconds.sum{$model_name, $host} by {model_name}.as_count()" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:nvidia_nim.time_to_first_token.seconds.count{$model_name, $host} by {model_name}.as_count()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 1, + "width": 6, + "height": 4 + } + }, + { + "id": 1276907480965038, + "definition": { + "title": "Context vs Generated Tokens", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Context", + "formula": "(query2 / (query2 + query1)) * 100" + }, + { + "alias": "Generated", + "formula": "(query1 / (query2 + query1)) * 100" + } + ], + "queries": [ + { + "query": "avg:nvidia_nim.request.prompt_tokens.sum{$model_name, $host} by {model_name}.as_count()", + "data_source": "metrics", + "name": "query2" + }, + { + "query": "avg:nvidia_nim.request.generation_tokens.sum{$model_name, $host} by {model_name}.as_count()", + "data_source": "metrics", + "name": "query1" + } + ], + "response_format": "timeseries", + "style": { + "palette": "cool", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 6, + "y": 1, + "width": 6, + "height": 4 + } + }, + { + "id": 1973749730991538, + "definition": { + "title": "Average Inter Token Latency (ITL)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit" + } + }, + "formula": "query1 / query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.time_per_output_token.seconds.sum{$model_name, $host} by {model_name}.as_count()" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:nvidia_nim.time_per_output_token.seconds.count{$model_name, $host} by {model_name}.as_count()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "cool", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 5, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 10, + "is_column_break": true + } + }, + { + "id": 3331850504686986, + "definition": { + "title": "Python Garbage Collector", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5960991703038874, + "definition": { + "type": "note", + "content": "This section helps explore how NVIDIA NIM uses memory. The garbage collector collects objects in generations. You can see how each generation of objects gets processed.", + "background_color": "green", + "font_size": "18", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 2577004928803106, + "definition": { + "title": "Resident Memory", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:nvidia_nim.process.resident_memory_bytes{$host} by {endpoint}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 0, + "y": 1, + "width": 4, + "height": 3 + } + }, + { + "id": 4400803113146958, + "definition": { + "title": "Total Runs", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.python.gc.collections.count{$host} by {generation,endpoint}.as_count()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 4, + "y": 1, + "width": 4, + "height": 6 + } + }, + { + "id": 5270613800707436, + "definition": { + "title": "Uncollectable Objects", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.python.gc.objects.uncollectable.count{$host} by {endpoint,generation}.as_count()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 8, + "y": 1, + "width": 4, + "height": 3 + } + }, + { + "id": 289938027327656, + "definition": { + "title": "Virtual Memory", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:nvidia_nim.process.virtual_memory_bytes{$host} by {endpoint}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 3 + } + }, + { + "id": 5699420889371520, + "definition": { + "title": "Collected Objects", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:nvidia_nim.python.gc.objects.collected.count{$model_name, $host} by {generation}.as_count()" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 8, + "y": 4, + "width": 4, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 10, + "width": 12, + "height": 8 + } + } + ], + "template_variables": [ + { + "name": "model_name", + "prefix": "model_name", + "available_values": [], + "default": "*" + }, + { + "name": "process", + "prefix": "process", + "available_values": [], + "default": "*" + }, + { + "name": "host", + "prefix": "host", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/nvidia_nim/assets/logs/nvidia_nim.yaml b/nvidia_nim/assets/logs/nvidia_nim.yaml new file mode 100644 index 0000000000000..18048ac761ac8 --- /dev/null +++ b/nvidia_nim/assets/logs/nvidia_nim.yaml @@ -0,0 +1,47 @@ +id: nvidia_nim +metric_id: nvidia-nim +backend_only: false +facets: +pipeline: + type: pipeline + name: 'NVIDIA NIM' + enabled: true + filter: + query: source:nvidia_nim + processors: + - type: grok-parser + name: Parse timestamp, level, logger, and message + enabled: true + source: message + samples: + - "2024-10-30 21:56:25,295 [INFO] PyTorch version 2.3.1 available." + - "2024-10-30 21:58:26,914 [WARNING] [TRT-LLM] [W] Logger level already set from environment. Discard new verbosity: error" + - "INFO 2024-10-30 21:56:28.831 ngc_injector.py:152] Valid profile: e45b4b991bbc51d0df3ce53e87060fc3a7f76555406ed534a8479c6faa706987 (tensorrt_llm-a10g-bf16-tp4-latency) on GPUs [0, 1, 2, 3]" + - "WARNING 2024-10-30 21:58:27.670 arg_utils.py:775] Chunked prefill is enabled by default for models with max_model_len > 32K. Currently, chunked prefill might not work with some features or models. If you encounter any issues, please disable chunked prefill by setting --enable-chunked-prefill=False." + - "[1730325496.647520] [dd317ab0670e:126 :0] parser.c:2305 UCX WARN (set UCX_WARN_UNUSED_ENV_VARS=n to suppress this warning)" + grok: + matchRules: | + nvidia_nim %{date("yyyy-MM-dd HH:mm:ss,SSS"):timestamp} \[%{_level}\] \[%{notSpace:component_name}\] \[%{word}\] %{_msg} + nvidia_nim_logger %{_level} %{date("yyyy-MM-dd HH:mm:ss.SSS"):timestamp} %{_logger_name}:%{_logger_line}\] %{_msg} + generic_log %{date("yyyy-MM-dd HH:mm:ss,SSS"):timestamp} \[%{_level}\] %{_msg} + componont_log \[%{number:timestamp}\]\W+\[%{notSpace:container_id}:%{number:pid}\W+:%{number:thread_id}\W+%{_logger_name}:%{_logger_line} %{word:component_name}\W+%{_level}\W+\(%{_msg}\) + supportRules: | + _logger_line %{notSpace:logger.line} + _logger_name %{notSpace:logger.name} + _level %{word:level} + _msg %{data:msg} + - type: message-remapper + name: Define `msg` as the official message of the log + enabled: true + sources: + - msg + - type: date-remapper + name: Define `timestamp` as the official date of the log + enabled: true + sources: + - timestamp + - type: status-remapper + name: Define `level` as the official status of the log + enabled: true + sources: + - level diff --git a/nvidia_nim/assets/logs/nvidia_nim_tests.yaml b/nvidia_nim/assets/logs/nvidia_nim_tests.yaml new file mode 100644 index 0000000000000..7efc720d7c725 --- /dev/null +++ b/nvidia_nim/assets/logs/nvidia_nim_tests.yaml @@ -0,0 +1,58 @@ +id: "nvidia_nim" +tests: + # This log sample satisfies the validation. + - + sample: |- + 2024-10-30 21:56:25,295 [INFO] PyTorch version 2.3.1 available. + result: + custom: + level: "INFO" + timestamp: 1730325385295 + message: "PyTorch version 2.3.1 available." + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1730325385295 + - + sample: |- + 2024-10-30 21:58:26,914 [WARNING] [TRT-LLM] [W] Logger level already set from environment. Discard new verbosity: error + result: + custom: + level: "WARNING" + timestamp: 1730325506914 + component_name: "TRT-LLM" + message: "Logger level already set from environment. Discard new verbosity: error" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1730325506914 + - + sample: |- + INFO 2024-10-30 21:56:28.831 ngc_injector.py:152] Valid profile: e45b4b991bbc51d0df3ce53e87060fc3a7f76555406ed534a8479c6faa706987 (tensorrt_llm-a10g-bf16-tp4-latency) on GPUs [0, 1, 2, 3] + result: + custom: + level: "INFO" + timestamp: 1730325388831 + logger: + line: "152" + name: "ngc_injector.py" + message: "Valid profile: e45b4b991bbc51d0df3ce53e87060fc3a7f76555406ed534a8479c6faa706987 (tensorrt_llm-a10g-bf16-tp4-latency) on GPUs [0, 1, 2, 3]" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1730325388831 + - + sample: |- + WARNING 2024-10-30 21:58:27.670 arg_utils.py:775] Chunked prefill is enabled by default for models with max_model_len > 32K. Currently, chunked prefill might not work with some features or models. If you encounter any issues, please disable chunked prefill by setting --enable-chunked-prefill=False. + result: + custom: + level: "WARNING" + timestamp: 1730325507670 + logger: + line: "775" + name: "arg_utils.py" + message: "Chunked prefill is enabled by default for models with max_model_len > 32K. Currently, chunked prefill might not work with some features or models. If you encounter any issues, please disable chunked prefill by setting --enable-chunked-prefill=False." + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1730325507670 \ No newline at end of file diff --git a/nvidia_nim/assets/monitors/latency.json b/nvidia_nim/assets/monitors/latency.json new file mode 100644 index 0000000000000..5ad93751d27bd --- /dev/null +++ b/nvidia_nim/assets/monitors/latency.json @@ -0,0 +1,33 @@ +{ + "version": 2, + "created_at": "2024-07-02", + "last_updated_at": "2024-07-02", + "title": "Average Request Latency is High", + "description": "This monitor alerts you if NVIDIA request latency is too high. High latency means requests are waiting long to be processed. This results in clients having to wait longer for their requests to complete. It also indicates your NVIDIA server is receiving more requests than it can comfortably handle.", + "tags": [ + "integration:nvidia-nim" + ], + "definition": { + "name": "Average request latency is high", + "type": "query alert", + "query": "sum(last_15m):sum:nvidia_nim.e2e_request_latency.seconds.sum{*}.as_count() / sum:nvidia_nim.e2e_request_latency.seconds.count{*}.as_count() > 0.3", + "message": "The average latency for requests coming into your NVIDIA instance is higher than the threshold. This means requests are waiting too long to be processed.", + "tags": [ + "integration:nvidia_nim" + ], + "options": { + "thresholds": { + "critical": 0.3 + }, + "notify_audit": false, + "include_tags": false, + "avalanche_window": 10, + "new_host_delay": 300, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + } + } \ No newline at end of file diff --git a/nvidia_nim/assets/saved_views/nim_errors.json b/nvidia_nim/assets/saved_views/nim_errors.json new file mode 100644 index 0000000000000..1079bd345ad08 --- /dev/null +++ b/nvidia_nim/assets/saved_views/nim_errors.json @@ -0,0 +1,20 @@ +{ + "name": "NVIDIA NIM Errors", + "options": { + "columns": [ + "host", + "service" + ], + "message_display": "inline", + "show_date_column": true, + "show_message_column": true, + "show_timeline": true + }, + "page": "stream", + "query": "source:nvidia_nim status:error", + "timerange": { + "interval_ms": 900000 + }, + "type": "logs", + "visible_facets": [] +} diff --git a/nvidia_nim/assets/service_checks.json b/nvidia_nim/assets/service_checks.json new file mode 100644 index 0000000000000..d0f0c79071ec4 --- /dev/null +++ b/nvidia_nim/assets/service_checks.json @@ -0,0 +1,17 @@ +[ + { + "agent_version": "7.61.0", + "integration": "nvidia_nim", + "check": "nvidia_nim.openmetrics.health", + "statuses": [ + "ok", + "critical" + ], + "groups": [ + "host", + "endpoint" + ], + "name": "NVIDIA NIM OpenMetrics endpoint health", + "description": "Returns `CRITICAL` if the Agent is unable to connect to the NVIDIA NIM OpenMetrics endpoint, otherwise returns `OK`." + } +] \ No newline at end of file diff --git a/nvidia_nim/datadog_checks/__init__.py b/nvidia_nim/datadog_checks/__init__.py new file mode 100644 index 0000000000000..1517d901c0aae --- /dev/null +++ b/nvidia_nim/datadog_checks/__init__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__path__ = __import__('pkgutil').extend_path(__path__, __name__) # type: ignore diff --git a/nvidia_nim/datadog_checks/nvidia_nim/__about__.py b/nvidia_nim/datadog_checks/nvidia_nim/__about__.py new file mode 100644 index 0000000000000..acbfd1c866b84 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/__about__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__version__ = '1.0.0' diff --git a/nvidia_nim/datadog_checks/nvidia_nim/__init__.py b/nvidia_nim/datadog_checks/nvidia_nim/__init__.py new file mode 100644 index 0000000000000..98c1e93e6e79c --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/__init__.py @@ -0,0 +1,7 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +from .__about__ import __version__ +from .check import NvidiaNIMCheck + +__all__ = ['__version__', 'NvidiaNIMCheck'] diff --git a/nvidia_nim/datadog_checks/nvidia_nim/check.py b/nvidia_nim/datadog_checks/nvidia_nim/check.py new file mode 100644 index 0000000000000..fe48310886506 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/check.py @@ -0,0 +1,49 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +from datadog_checks.base import AgentCheck, OpenMetricsBaseCheckV2 # noqa: F401 + +from .metrics import METRIC_MAP, RENAME_LABELS_MAP + + +class NvidiaNIMCheck(OpenMetricsBaseCheckV2): + + DEFAULT_METRIC_LIMIT = 0 + # This will be the prefix of every metric and service check the integration sends + __NAMESPACE__ = 'nvidia_nim' + + def get_default_config(self): + return { + 'metrics': [METRIC_MAP], + "rename_labels": RENAME_LABELS_MAP, + } + + @AgentCheck.metadata_entrypoint + def _submit_version_metadata(self): + + endpoint = self.instance["openmetrics_endpoint"].replace("/metrics", "/v1/version") + response = self.http.get(endpoint) + response.raise_for_status() + + data = response.json() + version = data.get("release", "") + version_split = version.split(".") + if len(version_split) >= 3: + major = version_split[0] + minor = version_split[1] + patch = version_split[2] + + version_raw = f'{major}.{minor}.{patch}' + + version_parts = { + 'major': major, + 'minor': minor, + 'patch': patch, + } + self.set_metadata('version', version_raw, scheme='semver', part_map=version_parts) + else: + self.log.debug("Invalid NVIDIA NIM release format: %s", version) + + def check(self, instance): + super().check(instance) + self._submit_version_metadata() diff --git a/nvidia_nim/datadog_checks/nvidia_nim/config_models/__init__.py b/nvidia_nim/datadog_checks/nvidia_nim/config_models/__init__.py new file mode 100644 index 0000000000000..106fff2032f68 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/config_models/__init__.py @@ -0,0 +1,24 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +# This file is autogenerated. +# To change this file you should edit assets/configuration/spec.yaml and then run the following commands: +# ddev -x validate config -s +# ddev -x validate models -s + +from .instance import InstanceConfig +from .shared import SharedConfig + + +class ConfigMixin: + _config_model_instance: InstanceConfig + _config_model_shared: SharedConfig + + @property + def config(self) -> InstanceConfig: + return self._config_model_instance + + @property + def shared_config(self) -> SharedConfig: + return self._config_model_shared diff --git a/nvidia_nim/datadog_checks/nvidia_nim/config_models/defaults.py b/nvidia_nim/datadog_checks/nvidia_nim/config_models/defaults.py new file mode 100644 index 0000000000000..bf7519af75f42 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/config_models/defaults.py @@ -0,0 +1,132 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +# This file is autogenerated. +# To change this file you should edit assets/configuration/spec.yaml and then run the following commands: +# ddev -x validate config -s +# ddev -x validate models -s + + +def shared_skip_proxy(): + return False + + +def shared_timeout(): + return 10 + + +def instance_allow_redirects(): + return True + + +def instance_auth_type(): + return 'basic' + + +def instance_cache_metric_wildcards(): + return True + + +def instance_cache_shared_labels(): + return True + + +def instance_collect_counters_with_distributions(): + return False + + +def instance_collect_histogram_buckets(): + return True + + +def instance_disable_generic_tags(): + return False + + +def instance_empty_default_hostname(): + return False + + +def instance_enable_health_service_check(): + return True + + +def instance_histogram_buckets_as_distributions(): + return False + + +def instance_ignore_connection_errors(): + return False + + +def instance_kerberos_auth(): + return 'disabled' + + +def instance_kerberos_delegate(): + return False + + +def instance_kerberos_force_initiate(): + return False + + +def instance_log_requests(): + return False + + +def instance_min_collection_interval(): + return 15 + + +def instance_non_cumulative_histogram_buckets(): + return False + + +def instance_persist_connections(): + return False + + +def instance_request_size(): + return 16 + + +def instance_skip_proxy(): + return False + + +def instance_tag_by_endpoint(): + return True + + +def instance_telemetry(): + return False + + +def instance_timeout(): + return 10 + + +def instance_tls_ignore_warning(): + return False + + +def instance_tls_use_host_header(): + return False + + +def instance_tls_verify(): + return True + + +def instance_use_latest_spec(): + return False + + +def instance_use_legacy_auth_encoding(): + return True + + +def instance_use_process_start_time(): + return False diff --git a/nvidia_nim/datadog_checks/nvidia_nim/config_models/instance.py b/nvidia_nim/datadog_checks/nvidia_nim/config_models/instance.py new file mode 100644 index 0000000000000..8e39a0e921719 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/config_models/instance.py @@ -0,0 +1,171 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +# This file is autogenerated. +# To change this file you should edit assets/configuration/spec.yaml and then run the following commands: +# ddev -x validate config -s +# ddev -x validate models -s + +from __future__ import annotations + +from types import MappingProxyType +from typing import Any, Optional, Union + +from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator + +from datadog_checks.base.utils.functions import identity +from datadog_checks.base.utils.models import validation + +from . import defaults, validators + + +class AuthToken(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + reader: Optional[MappingProxyType[str, Any]] = None + writer: Optional[MappingProxyType[str, Any]] = None + + +class ExtraMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + extra='allow', + frozen=True, + ) + name: Optional[str] = None + type: Optional[str] = None + + +class MetricPatterns(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + exclude: Optional[tuple[str, ...]] = None + include: Optional[tuple[str, ...]] = None + + +class Metrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + extra='allow', + frozen=True, + ) + name: Optional[str] = None + type: Optional[str] = None + + +class Proxy(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + http: Optional[str] = None + https: Optional[str] = None + no_proxy: Optional[tuple[str, ...]] = None + + +class ShareLabels(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + labels: Optional[tuple[str, ...]] = None + match: Optional[tuple[str, ...]] = None + + +class InstanceConfig(BaseModel): + model_config = ConfigDict( + validate_default=True, + arbitrary_types_allowed=True, + frozen=True, + ) + allow_redirects: Optional[bool] = None + auth_token: Optional[AuthToken] = None + auth_type: Optional[str] = None + aws_host: Optional[str] = None + aws_region: Optional[str] = None + aws_service: Optional[str] = None + cache_metric_wildcards: Optional[bool] = None + cache_shared_labels: Optional[bool] = None + collect_counters_with_distributions: Optional[bool] = None + collect_histogram_buckets: Optional[bool] = None + connect_timeout: Optional[float] = None + disable_generic_tags: Optional[bool] = None + empty_default_hostname: Optional[bool] = None + enable_health_service_check: Optional[bool] = None + exclude_labels: Optional[tuple[str, ...]] = None + exclude_metrics: Optional[tuple[str, ...]] = None + exclude_metrics_by_labels: Optional[MappingProxyType[str, Union[bool, tuple[str, ...]]]] = None + extra_headers: Optional[MappingProxyType[str, Any]] = None + extra_metrics: Optional[tuple[Union[str, MappingProxyType[str, Union[str, ExtraMetrics]]], ...]] = None + headers: Optional[MappingProxyType[str, Any]] = None + histogram_buckets_as_distributions: Optional[bool] = None + hostname_format: Optional[str] = None + hostname_label: Optional[str] = None + ignore_connection_errors: Optional[bool] = None + ignore_tags: Optional[tuple[str, ...]] = None + include_labels: Optional[tuple[str, ...]] = None + kerberos_auth: Optional[str] = None + kerberos_cache: Optional[str] = None + kerberos_delegate: Optional[bool] = None + kerberos_force_initiate: Optional[bool] = None + kerberos_hostname: Optional[str] = None + kerberos_keytab: Optional[str] = None + kerberos_principal: Optional[str] = None + log_requests: Optional[bool] = None + metric_patterns: Optional[MetricPatterns] = None + metrics: Optional[tuple[Union[str, MappingProxyType[str, Union[str, Metrics]]], ...]] = None + min_collection_interval: Optional[float] = None + namespace: Optional[str] = Field(None, pattern='\\w*') + non_cumulative_histogram_buckets: Optional[bool] = None + ntlm_domain: Optional[str] = None + openmetrics_endpoint: str + password: Optional[str] = None + persist_connections: Optional[bool] = None + proxy: Optional[Proxy] = None + raw_line_filters: Optional[tuple[str, ...]] = None + raw_metric_prefix: Optional[str] = None + read_timeout: Optional[float] = None + rename_labels: Optional[MappingProxyType[str, Any]] = None + request_size: Optional[float] = None + service: Optional[str] = None + share_labels: Optional[MappingProxyType[str, Union[bool, ShareLabels]]] = None + skip_proxy: Optional[bool] = None + tag_by_endpoint: Optional[bool] = None + tags: Optional[tuple[str, ...]] = None + telemetry: Optional[bool] = None + timeout: Optional[float] = None + tls_ca_cert: Optional[str] = None + tls_cert: Optional[str] = None + tls_ignore_warning: Optional[bool] = None + tls_private_key: Optional[str] = None + tls_protocols_allowed: Optional[tuple[str, ...]] = None + tls_use_host_header: Optional[bool] = None + tls_verify: Optional[bool] = None + use_latest_spec: Optional[bool] = None + use_legacy_auth_encoding: Optional[bool] = None + use_process_start_time: Optional[bool] = None + username: Optional[str] = None + + @model_validator(mode='before') + def _initial_validation(cls, values): + return validation.core.initialize_config(getattr(validators, 'initialize_instance', identity)(values)) + + @field_validator('*', mode='before') + def _validate(cls, value, info): + field = cls.model_fields[info.field_name] + field_name = field.alias or info.field_name + if field_name in info.context['configured_fields']: + value = getattr(validators, f'instance_{info.field_name}', identity)(value, field=field) + else: + value = getattr(defaults, f'instance_{info.field_name}', lambda: value)() + + return validation.utils.make_immutable(value) + + @model_validator(mode='after') + def _final_validation(cls, model): + return validation.core.check_model(getattr(validators, 'check_instance', identity)(model)) diff --git a/nvidia_nim/datadog_checks/nvidia_nim/config_models/shared.py b/nvidia_nim/datadog_checks/nvidia_nim/config_models/shared.py new file mode 100644 index 0000000000000..0e8a9ecab10a2 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/config_models/shared.py @@ -0,0 +1,60 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +# This file is autogenerated. +# To change this file you should edit assets/configuration/spec.yaml and then run the following commands: +# ddev -x validate config -s +# ddev -x validate models -s + +from __future__ import annotations + +from typing import Optional + +from pydantic import BaseModel, ConfigDict, field_validator, model_validator + +from datadog_checks.base.utils.functions import identity +from datadog_checks.base.utils.models import validation + +from . import defaults, validators + + +class Proxy(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + http: Optional[str] = None + https: Optional[str] = None + no_proxy: Optional[tuple[str, ...]] = None + + +class SharedConfig(BaseModel): + model_config = ConfigDict( + validate_default=True, + arbitrary_types_allowed=True, + frozen=True, + ) + proxy: Optional[Proxy] = None + service: Optional[str] = None + skip_proxy: Optional[bool] = None + timeout: Optional[float] = None + + @model_validator(mode='before') + def _initial_validation(cls, values): + return validation.core.initialize_config(getattr(validators, 'initialize_shared', identity)(values)) + + @field_validator('*', mode='before') + def _validate(cls, value, info): + field = cls.model_fields[info.field_name] + field_name = field.alias or info.field_name + if field_name in info.context['configured_fields']: + value = getattr(validators, f'shared_{info.field_name}', identity)(value, field=field) + else: + value = getattr(defaults, f'shared_{info.field_name}', lambda: value)() + + return validation.utils.make_immutable(value) + + @model_validator(mode='after') + def _final_validation(cls, model): + return validation.core.check_model(getattr(validators, 'check_shared', identity)(model)) diff --git a/nvidia_nim/datadog_checks/nvidia_nim/config_models/validators.py b/nvidia_nim/datadog_checks/nvidia_nim/config_models/validators.py new file mode 100644 index 0000000000000..70150e85e6124 --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/config_models/validators.py @@ -0,0 +1,13 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +# Here you can include additional config validators or transformers +# +# def initialize_instance(values, **kwargs): +# if 'my_option' not in values and 'my_legacy_option' in values: +# values['my_option'] = values['my_legacy_option'] +# if values.get('my_number') > 10: +# raise ValueError('my_number max value is 10, got %s' % str(values.get('my_number'))) +# +# return values diff --git a/nvidia_nim/datadog_checks/nvidia_nim/data/conf.yaml.example b/nvidia_nim/datadog_checks/nvidia_nim/data/conf.yaml.example new file mode 100644 index 0000000000000..c5e8d23aa4e1b --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/data/conf.yaml.example @@ -0,0 +1,626 @@ +## All options defined here are available to all instances. +# +init_config: + + ## @param proxy - mapping - optional + ## Set HTTP or HTTPS proxies for all instances. Use the `no_proxy` list + ## to specify hosts that must bypass proxies. + ## + ## The SOCKS protocol is also supported like so: + ## + ## socks5://user:pass@host:port + ## + ## Using the scheme `socks5` causes the DNS resolution to happen on the + ## client, rather than on the proxy server. This is in line with `curl`, + ## which uses the scheme to decide whether to do the DNS resolution on + ## the client or proxy. If you want to resolve the domains on the proxy + ## server, use `socks5h` as the scheme. + # + # proxy: + # http: http://: + # https: https://: + # no_proxy: + # - + # - + + ## @param skip_proxy - boolean - optional - default: false + ## If set to `true`, this makes the check bypass any proxy + ## settings enabled and attempt to reach services directly. + # + # skip_proxy: false + + ## @param timeout - number - optional - default: 10 + ## The timeout for connecting to services. + # + # timeout: 10 + + ## @param service - string - optional + ## Attach the tag `service:` to every metric, event, and service check emitted by this integration. + ## + ## Additionally, this sets the default `service` for every log source. + # + # service: + +## Every instance is scheduled independently of the others. +# +instances: + + ## @param openmetrics_endpoint - string - required + ## Endpoint exposing the NVIDIA NIM's Prometheus metrics. For more information refer to: + ## https://docs.nvidia.com/nim/large-language-models/latest/observability.html + # + - openmetrics_endpoint: http://localhost:8000/metrics + + ## @param raw_metric_prefix - string - optional + ## A prefix that is removed from all exposed metric names, if present. + ## All configuration options will use the prefix-less name. + # + # raw_metric_prefix: _ + + ## @param extra_metrics - (list of string or mapping) - optional + ## This list defines metrics to collect from the `openmetrics_endpoint`, in addition to + ## what the check collects by default. If the check already collects a metric, then + ## metric definitions here take precedence. Metrics may be defined in 3 ways: + ## + ## 1. If the item is a string, then it represents the exposed metric name, and + ## the sent metric name will be identical. For example: + ## + ## extra_metrics: + ## - + ## - + ## 2. If the item is a mapping, then the keys represent the exposed metric names. + ## + ## a. If a value is a string, then it represents the sent metric name. For example: + ## + ## extra_metrics: + ## - : + ## - : + ## b. If a value is a mapping, then it must have a `name` and/or `type` key. + ## The `name` represents the sent metric name, and the `type` represents how + ## the metric should be handled, overriding any type information the endpoint + ## may provide. For example: + ## + ## extra_metrics: + ## - : + ## name: + ## type: + ## - : + ## name: + ## type: + ## + ## The supported native types are `gauge`, `counter`, `histogram`, and `summary`. + ## + ## Note: To collect counter metrics with names ending in `_total`, specify the metric name without the `_total` + ## suffix. For example, to collect the counter metric `promhttp_metric_handler_requests_total`, specify + ## `promhttp_metric_handler_requests`. This submits to Datadog the metric name appended with `.count`. + ## For more information, see: + ## https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md#suffixes + ## + ## Regular expressions may be used to match the exposed metric names, for example: + ## + ## extra_metrics: + ## - ^network_(ingress|egress)_.+ + ## - .+: + ## type: gauge + # + # extra_metrics: [] + + ## @param exclude_metrics - list of strings - optional + ## A list of metrics to exclude, with each entry being either + ## the exact metric name or a regular expression. + ## In order to exclude all metrics but the ones matching a specific filter, + ## you can use a negative lookahead regex like: + ## - ^(?!foo).*$ + # + # exclude_metrics: [] + + ## @param exclude_metrics_by_labels - mapping - optional + ## A mapping of labels to exclude metrics with matching label name and their corresponding metric values. To match + ## all values of a label, set it to `true`. + ## + ## Note: Label filtering happens before `rename_labels`. + ## + ## For example, the following configuration instructs the check to exclude all metrics with + ## a label `worker` or a label `pid` with the value of either `23` or `42`. + ## + ## exclude_metrics_by_labels: + ## worker: true + ## pid: + ## - '23' + ## - '42' + # + # exclude_metrics_by_labels: {} + + ## @param exclude_labels - list of strings - optional + ## A list of labels to exclude, useful for high cardinality values like timestamps or UUIDs. + ## May be used in conjunction with `include_labels`. + ## Labels defined in `exclude_labels` will take precedence in case of overlap. + ## + ## Note: Label filtering happens before `rename_labels`. + # + # exclude_labels: [] + + ## @param include_labels - list of strings - optional + ## A list of labels to include. May be used in conjunction with `exclude_labels`. + ## Labels defined in `exclude_labels` will take precedence in case of overlap. + ## + ## Note: Label filtering happens before `rename_labels`. + # + # include_labels: [] + + ## @param rename_labels - mapping - optional + ## A mapping of label names to their new names. + # + # rename_labels: + # : + # : + + ## @param enable_health_service_check - boolean - optional - default: true + ## Whether or not to send a service check named `.openmetrics.health` which reports + ## the health of the `openmetrics_endpoint`. + # + # enable_health_service_check: true + + ## @param ignore_connection_errors - boolean - optional - default: false + ## Whether or not to ignore connection errors when scraping `openmetrics_endpoint`. + # + # ignore_connection_errors: false + + ## @param hostname_label - string - optional + ## Override the hostname for every metric submission with the value of one of its labels. + # + # hostname_label: + + ## @param hostname_format - string - optional + ## When `hostname_label` is set, this instructs the check how to format the values. The string + ## `` is replaced by the value of the label defined by `hostname_label`. + # + # hostname_format: + + ## @param collect_histogram_buckets - boolean - optional - default: true + ## Whether or not to send histogram buckets. + # + # collect_histogram_buckets: true + + ## @param non_cumulative_histogram_buckets - boolean - optional - default: false + ## Whether or not histogram buckets are non-cumulative and to come with a `lower_bound` tag. + # + # non_cumulative_histogram_buckets: false + + ## @param histogram_buckets_as_distributions - boolean - optional - default: false + ## Whether or not to send histogram buckets as Datadog distribution metrics. This implicitly + ## enables the `collect_histogram_buckets` and `non_cumulative_histogram_buckets` options. + ## + ## Learn more about distribution metrics: + ## https://docs.datadoghq.com/developers/metrics/types/?tab=distribution#metric-types + # + # histogram_buckets_as_distributions: false + + ## @param collect_counters_with_distributions - boolean - optional - default: false + ## Whether or not to also collect the observation counter metrics ending in `.sum` and `.count` + ## when sending histogram buckets as Datadog distribution metrics. This implicitly enables the + ## `histogram_buckets_as_distributions` option. + # + # collect_counters_with_distributions: false + + ## @param use_process_start_time - boolean - optional - default: false + ## Whether to enable a heuristic for reporting counter values on the first scrape. When true, + ## the first time an endpoint is scraped, check `process_start_time_seconds` to decide whether zero + ## initial value can be assumed for counters. This requires keeping metrics in memory until the entire + ## response is received. + # + # use_process_start_time: false + + ## @param share_labels - mapping - optional + ## This mapping allows for the sharing of labels across multiple metrics. The keys represent the + ## exposed metrics from which to share labels, and the values are mappings that configure the + ## sharing behavior. Each mapping must have at least one of the following keys: + ## + ## labels - This is a list of labels to share. All labels are shared if this is not set. + ## match - This is a list of labels to match on other metrics as a condition for sharing. + ## values - This is a list of allowed values as a condition for sharing. + ## + ## To unconditionally share all labels of a metric, set it to `true`. + ## + ## For example, the following configuration instructs the check to apply all labels from `metric_a` + ## to all other metrics, the `node` label from `metric_b` to only those metrics that have a `pod` + ## label value that matches the `pod` label value of `metric_b`, and all labels from `metric_c` + ## to all other metrics if their value is equal to `23` or `42`. + ## + ## share_labels: + ## metric_a: true + ## metric_b: + ## labels: + ## - node + ## match: + ## - pod + ## metric_c: + ## values: + ## - 23 + ## - 42 + # + # share_labels: {} + + ## @param cache_shared_labels - boolean - optional - default: true + ## When `share_labels` is set, it instructs the check to cache labels collected from the first payload + ## for improved performance. + ## + ## Set this to `false` to compute label sharing for every payload at the risk of potentially increased memory usage. + # + # cache_shared_labels: true + + ## @param raw_line_filters - list of strings - optional + ## A list of regular expressions used to exclude lines read from the `openmetrics_endpoint` + ## from being parsed. + # + # raw_line_filters: [] + + ## @param cache_metric_wildcards - boolean - optional - default: true + ## Whether or not to cache data from metrics that are defined by regular expressions rather + ## than the full metric name. + # + # cache_metric_wildcards: true + + ## @param telemetry - boolean - optional - default: false + ## Whether or not to submit metrics prefixed by `.telemetry.` for debugging purposes. + # + # telemetry: false + + ## @param ignore_tags - list of strings - optional + ## A list of regular expressions used to ignore tags added by Autodiscovery and entries in the `tags` option. + # + # ignore_tags: + # - + # - + # - + + ## @param proxy - mapping - optional + ## This overrides the `proxy` setting in `init_config`. + ## + ## Set HTTP or HTTPS proxies for this instance. Use the `no_proxy` list + ## to specify hosts that must bypass proxies. + ## + ## The SOCKS protocol is also supported, for example: + ## + ## socks5://user:pass@host:port + ## + ## Using the scheme `socks5` causes the DNS resolution to happen on the + ## client, rather than on the proxy server. This is in line with `curl`, + ## which uses the scheme to decide whether to do the DNS resolution on + ## the client or proxy. If you want to resolve the domains on the proxy + ## server, use `socks5h` as the scheme. + # + # proxy: + # http: http://: + # https: https://: + # no_proxy: + # - + # - + + ## @param skip_proxy - boolean - optional - default: false + ## This overrides the `skip_proxy` setting in `init_config`. + ## + ## If set to `true`, this makes the check bypass any proxy + ## settings enabled and attempt to reach services directly. + # + # skip_proxy: false + + ## @param auth_type - string - optional - default: basic + ## The type of authentication to use. The available types (and related options) are: + ## + ## - basic + ## |__ username + ## |__ password + ## |__ use_legacy_auth_encoding + ## - digest + ## |__ username + ## |__ password + ## - ntlm + ## |__ ntlm_domain + ## |__ password + ## - kerberos + ## |__ kerberos_auth + ## |__ kerberos_cache + ## |__ kerberos_delegate + ## |__ kerberos_force_initiate + ## |__ kerberos_hostname + ## |__ kerberos_keytab + ## |__ kerberos_principal + ## - aws + ## |__ aws_region + ## |__ aws_host + ## |__ aws_service + ## + ## The `aws` auth type relies on boto3 to automatically gather AWS credentials, for example: from `.aws/credentials`. + ## Details: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials + # + # auth_type: basic + + ## @param use_legacy_auth_encoding - boolean - optional - default: true + ## When `auth_type` is set to `basic`, this determines whether to encode as `latin1` rather than `utf-8`. + # + # use_legacy_auth_encoding: true + + ## @param username - string - optional + ## The username to use if services are behind basic or digest auth. + # + # username: + + ## @param password - string - optional + ## The password to use if services are behind basic or NTLM auth. + # + # password: + + ## @param ntlm_domain - string - optional + ## If your services use NTLM authentication, specify + ## the domain used in the check. For NTLM Auth, append + ## the username to domain, not as the `username` parameter. + # + # ntlm_domain: \ + + ## @param kerberos_auth - string - optional - default: disabled + ## If your services use Kerberos authentication, you can specify the Kerberos + ## strategy to use between: + ## + ## - required + ## - optional + ## - disabled + ## + ## See https://github.com/requests/requests-kerberos#mutual-authentication + # + # kerberos_auth: disabled + + ## @param kerberos_cache - string - optional + ## Sets the KRB5CCNAME environment variable. + ## It should point to a credential cache with a valid TGT. + # + # kerberos_cache: + + ## @param kerberos_delegate - boolean - optional - default: false + ## Set to `true` to enable Kerberos delegation of credentials to a server that requests delegation. + ## + ## See https://github.com/requests/requests-kerberos#delegation + # + # kerberos_delegate: false + + ## @param kerberos_force_initiate - boolean - optional - default: false + ## Set to `true` to preemptively initiate the Kerberos GSS exchange and + ## present a Kerberos ticket on the initial request (and all subsequent). + ## + ## See https://github.com/requests/requests-kerberos#preemptive-authentication + # + # kerberos_force_initiate: false + + ## @param kerberos_hostname - string - optional + ## Override the hostname used for the Kerberos GSS exchange if its DNS name doesn't + ## match its Kerberos hostname, for example: behind a content switch or load balancer. + ## + ## See https://github.com/requests/requests-kerberos#hostname-override + # + # kerberos_hostname: + + ## @param kerberos_principal - string - optional + ## Set an explicit principal, to force Kerberos to look for a + ## matching credential cache for the named user. + ## + ## See https://github.com/requests/requests-kerberos#explicit-principal + # + # kerberos_principal: + + ## @param kerberos_keytab - string - optional + ## Set the path to your Kerberos key tab file. + # + # kerberos_keytab: + + ## @param auth_token - mapping - optional + ## This allows for the use of authentication information from dynamic sources. + ## Both a reader and writer must be configured. + ## + ## The available readers are: + ## + ## - type: file + ## path (required): The absolute path for the file to read from. + ## pattern: A regular expression pattern with a single capture group used to find the + ## token rather than using the entire file, for example: Your secret is (.+) + ## - type: oauth + ## url (required): The token endpoint. + ## client_id (required): The client identifier. + ## client_secret (required): The client secret. + ## basic_auth: Whether the provider expects credentials to be transmitted in + ## an HTTP Basic Auth header. The default is: false + ## options: Mapping of additional options to pass to the provider, such as the audience + ## or the scope. For example: + ## options: + ## audience: https://example.com + ## scope: read:example + ## + ## The available writers are: + ## + ## - type: header + ## name (required): The name of the field, for example: Authorization + ## value: The template value, for example `Bearer `. The default is: + ## placeholder: The substring in `value` to replace with the token, defaults to: + # + # auth_token: + # reader: + # type: + # : + # : + # writer: + # type: + # : + # : + + ## @param aws_region - string - optional + ## If your services require AWS Signature Version 4 signing, set the region. + ## + ## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html + # + # aws_region: + + ## @param aws_host - string - optional + ## If your services require AWS Signature Version 4 signing, set the host. + ## This only needs the hostname and does not require the protocol (HTTP, HTTPS, and more). + ## For example, if connecting to https://us-east-1.amazonaws.com/, set `aws_host` to `us-east-1.amazonaws.com`. + ## + ## Note: This setting is not necessary for official integrations. + ## + ## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html + # + # aws_host: + + ## @param aws_service - string - optional + ## If your services require AWS Signature Version 4 signing, set the service code. For a list + ## of available service codes, see https://docs.aws.amazon.com/general/latest/gr/rande.html + ## + ## Note: This setting is not necessary for official integrations. + ## + ## See https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html + # + # aws_service: + + ## @param tls_verify - boolean - optional - default: true + ## Instructs the check to validate the TLS certificate of services. + # + # tls_verify: true + + ## @param tls_use_host_header - boolean - optional - default: false + ## If a `Host` header is set, this enables its use for SNI (matching against the TLS certificate CN or SAN). + # + # tls_use_host_header: false + + ## @param tls_ignore_warning - boolean - optional - default: false + ## If `tls_verify` is disabled, security warnings are logged by the check. + ## Disable those by setting `tls_ignore_warning` to true. + # + # tls_ignore_warning: false + + ## @param tls_cert - string - optional + ## The path to a single file in PEM format containing a certificate as well as any + ## number of CA certificates needed to establish the certificate's authenticity for + ## use when connecting to services. It may also contain an unencrypted private key to use. + # + # tls_cert: + + ## @param tls_private_key - string - optional + ## The unencrypted private key to use for `tls_cert` when connecting to services. This is + ## required if `tls_cert` is set and it does not already contain a private key. + # + # tls_private_key: + + ## @param tls_ca_cert - string - optional + ## The path to a file of concatenated CA certificates in PEM format or a directory + ## containing several CA certificates in PEM format. If a directory, the directory + ## must have been processed using the `openssl rehash` command. See: + ## https://www.openssl.org/docs/man3.2/man1/c_rehash.html + # + # tls_ca_cert: + + ## @param tls_protocols_allowed - list of strings - optional + ## The expected versions of TLS/SSL when fetching intermediate certificates. + ## Only `SSLv3`, `TLSv1.2`, `TLSv1.3` are allowed by default. The possible values are: + ## SSLv3 + ## TLSv1 + ## TLSv1.1 + ## TLSv1.2 + ## TLSv1.3 + # + # tls_protocols_allowed: + # - SSLv3 + # - TLSv1.2 + # - TLSv1.3 + + ## @param headers - mapping - optional + ## The headers parameter allows you to send specific headers with every request. + ## You can use it for explicitly specifying the host header or adding headers for + ## authorization purposes. + ## + ## This overrides any default headers. + # + # headers: + # Host: + # X-Auth-Token: + + ## @param extra_headers - mapping - optional + ## Additional headers to send with every request. + # + # extra_headers: + # Host: + # X-Auth-Token: + + ## @param timeout - number - optional - default: 10 + ## The timeout for accessing services. + ## + ## This overrides the `timeout` setting in `init_config`. + # + # timeout: 10 + + ## @param connect_timeout - number - optional + ## The connect timeout for accessing services. Defaults to `timeout`. + # + # connect_timeout: + + ## @param read_timeout - number - optional + ## The read timeout for accessing services. Defaults to `timeout`. + # + # read_timeout: + + ## @param request_size - number - optional - default: 16 + ## The number of kibibytes (KiB) to read from streaming HTTP responses at a time. + # + # request_size: 16 + + ## @param log_requests - boolean - optional - default: false + ## Whether or not to debug log the HTTP(S) requests made, including the method and URL. + # + # log_requests: false + + ## @param persist_connections - boolean - optional - default: false + ## Whether or not to persist cookies and use connection pooling for improved performance. + # + # persist_connections: false + + ## @param allow_redirects - boolean - optional - default: true + ## Whether or not to allow URL redirection. + # + # allow_redirects: true + + ## @param tags - list of strings - optional + ## A list of tags to attach to every metric and service check emitted by this instance. + ## + ## Learn more about tagging at https://docs.datadoghq.com/tagging + # + # tags: + # - : + # - : + + ## @param service - string - optional + ## Attach the tag `service:` to every metric, event, and service check emitted by this integration. + ## + ## Overrides any `service` defined in the `init_config` section. + # + # service: + + ## @param min_collection_interval - number - optional - default: 15 + ## This changes the collection interval of the check. For more information, see: + ## https://docs.datadoghq.com/developers/write_agent_check/#collection-interval + # + # min_collection_interval: 15 + + ## @param empty_default_hostname - boolean - optional - default: false + ## This forces the check to send metrics with no hostname. + ## + ## This is useful for cluster-level checks. + # + # empty_default_hostname: false + + ## @param metric_patterns - mapping - optional + ## A mapping of metrics to include or exclude, with each entry being a regular expression. + ## + ## Metrics defined in `exclude` will take precedence in case of overlap. + # + # metric_patterns: + # include: + # - + # exclude: + # - diff --git a/nvidia_nim/datadog_checks/nvidia_nim/metrics.py b/nvidia_nim/datadog_checks/nvidia_nim/metrics.py new file mode 100644 index 0000000000000..f140776d35b3d --- /dev/null +++ b/nvidia_nim/datadog_checks/nvidia_nim/metrics.py @@ -0,0 +1,34 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +METRIC_MAP = { + 'process_virtual_memory_bytes': 'process.virtual_memory_bytes', + 'process_resident_memory_bytes': 'process.resident_memory_bytes', + 'process_start_time_seconds': {'name': 'process.start_time_seconds', 'type': 'time_elapsed'}, + 'process_cpu_seconds': 'process.cpu_seconds', + 'process_open_fds': 'process.open_fds', + 'process_max_fds': 'process.max_fds', + 'prompt_tokens': 'prompt_tokens', + 'python_gc_objects_collected': 'python.gc.objects.collected', + 'python_gc_objects_uncollectable': 'python.gc.objects.uncollectable', + 'python_gc_collections': 'python.gc.collections', + 'python_info': 'python.info', + 'num_request_max': 'num_request.max', + 'num_requests_running': 'num_requests.running', + 'num_requests_waiting': 'num_requests.waiting', + 'gpu_cache_usage_perc': 'gpu_cache_usage_percent', + 'generation_tokens': 'generation_tokens', + 'time_to_first_token_seconds': 'time_to_first_token.seconds', + 'time_per_output_token_seconds': 'time_per_output_token.seconds', + 'e2e_request_latency_seconds': 'e2e_request_latency.seconds', + 'request_finish': 'request.finish', + 'request_generation_tokens': 'request.generation_tokens', + 'request_prompt_tokens': 'request.prompt_tokens', + 'request_success': 'request.success', + 'request_failure': 'request.failure', +} + +RENAME_LABELS_MAP = { + 'version': 'python_version', +} diff --git a/nvidia_nim/hatch.toml b/nvidia_nim/hatch.toml new file mode 100644 index 0000000000000..c85c5f07a7df2 --- /dev/null +++ b/nvidia_nim/hatch.toml @@ -0,0 +1,4 @@ +[env.collectors.datadog-checks] + +[[envs.default.matrix]] +python = ["3.12"] diff --git a/nvidia_nim/manifest.json b/nvidia_nim/manifest.json new file mode 100644 index 0000000000000..800c968407043 --- /dev/null +++ b/nvidia_nim/manifest.json @@ -0,0 +1,63 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "c7307eb9-7bbf-4dae-b74f-6396bf5bf514", + "app_id": "nvidia-nim", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "NVIDIA NIM integration with Datadog enables real-time GPU observability by collecting Prometheus metrics for monitoring.", + "title": "nvidia_nim", + "media": [], + "classifier_tags": [ + "Supported OS::Linux", + "Supported OS::Windows", + "Supported OS::macOS", + "Category::Log Collection", + "Category::AI/ML", + "Submitted Data Type::Metrics", + "Offering::Integration" + ] + }, + "assets": { + "integration": { + "auto_install": true, + "source_type_id": 30338252, + "source_type_name": "nvidia_nim", + "configuration": { + "spec": "assets/configuration/spec.yaml" + }, + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "nvidia_nim.", + "check": "nvidia_nim.num_requests.running", + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + }, + "process_signatures": [ + "vllm_nvext.entrypoints.openai.api_server" + ] + }, + "dashboards": { + "NVIDIA NIM Overview": "assets/dashboards/nvidia_nim_overview.json" + }, + "monitors": { + "Average Request Latency is High": "assets/monitors/latency.json" + }, + "saved_views": { + "NVIDIA NIM Errors": "assets/saved_views/nim_errors.json" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/nvidia_nim/metadata.csv b/nvidia_nim/metadata.csv new file mode 100644 index 0000000000000..b9d4a088c841d --- /dev/null +++ b/nvidia_nim/metadata.csv @@ -0,0 +1,35 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags +nvidia_nim.e2e_request_latency.seconds.bucket,count,,,,The observations of end to end request latency bucketed by seconds.,0,nvidia_nim,,, +nvidia_nim.e2e_request_latency.seconds.count,count,,,,The total number of observations of end to end request latency.,0,nvidia_nim,,, +nvidia_nim.e2e_request_latency.seconds.sum,count,,second,,The sum of end to end request latency in seconds.,0,nvidia_nim,,, +nvidia_nim.generation_tokens.count,count,,token,,Number of generation tokens processed.,0,nvidia_nim,,, +nvidia_nim.gpu_cache_usage_percent,gauge,,fraction,,GPU KV-cache usage. 1 means 100 percent usage.,0,nvidia_nim,,, +nvidia_nim.num_request.max,gauge,,request,,The max number of concurrently running requests.,0,nvidia_nim,,, +nvidia_nim.num_requests.running,gauge,,request,,Number of requests currently running on GPU.,0,nvidia_nim,,, +nvidia_nim.num_requests.waiting,gauge,,request,,Number of requests waiting.,0,nvidia_nim,,, +nvidia_nim.process.cpu_seconds.count,count,,second,,Total user and system CPU time spent in seconds.,0,nvidia_nim,,, +nvidia_nim.process.max_fds,gauge,,file,,Maximum number of open file descriptors.,0,nvidia_nim,,, +nvidia_nim.process.open_fds,gauge,,file,,Number of open file descriptors.,0,nvidia_nim,,, +nvidia_nim.process.resident_memory_bytes,gauge,,byte,,Resident memory size in bytes.,0,nvidia_nim,,, +nvidia_nim.process.start_time_seconds,gauge,,second,,Time in seconds since process started.,0,nvidia_nim,,, +nvidia_nim.process.virtual_memory_bytes,gauge,,byte,,Virtual memory size in bytes.,0,nvidia_nim,,, +nvidia_nim.prompt_tokens.count,count,,token,,Number of prefill tokens processed.,0,nvidia_nim,,, +nvidia_nim.python.gc.collections.count,count,,,,Number of times this generation was collected.,0,nvidia_nim,,, +nvidia_nim.python.gc.objects.collected.count,count,,,,Objects collected during GC.,0,nvidia_nim,,, +nvidia_nim.python.gc.objects.uncollectable.count,count,,,,Uncollectable objects found during GC.,0,nvidia_nim,,, +nvidia_nim.python.info,gauge,,,,Python platform information.,0,nvidia_nim,,, +nvidia_nim.request.failure.count,count,,request,,The count of failed requests.,0,nvidia_nim,,, +nvidia_nim.request.finish.count,count,,request,,The count of finished requests.,0,nvidia_nim,,, +nvidia_nim.request.generation_tokens.bucket,count,,,,Number of generation tokens processed.,0,nvidia_nim,,, +nvidia_nim.request.generation_tokens.count,count,,,,Number of generation tokens processed.,0,nvidia_nim,,, +nvidia_nim.request.generation_tokens.sum,count,,token,,Number of generation tokens processed.,0,nvidia_nim,,, +nvidia_nim.request.prompt_tokens.bucket,count,,,,Number of prefill tokens processed.,0,nvidia_nim,,, +nvidia_nim.request.prompt_tokens.count,count,,,,Number of prefill tokens processed.,0,nvidia_nim,,, +nvidia_nim.request.prompt_tokens.sum,count,,token,,Number of prefill tokens processed.,0,nvidia_nim,,, +nvidia_nim.request.success.count,count,,,,Count of successfully processed requests.,0,nvidia_nim,,, +nvidia_nim.time_per_output_token.seconds.bucket,count,,,,The observations of time per output token bucketed by seconds.,0,nvidia_nim,,, +nvidia_nim.time_per_output_token.seconds.count,count,,,,The total number of observations of time per output token.,0,nvidia_nim,,, +nvidia_nim.time_per_output_token.seconds.sum,count,,second,,The sum of time per output token in seconds.,0,nvidia_nim,,, +nvidia_nim.time_to_first_token.seconds.bucket,count,,,,The observations of time to first token bucketed by seconds.,0,nvidia_nim,,, +nvidia_nim.time_to_first_token.seconds.count,count,,,,The total number of observations of time to first token.,0,nvidia_nim,,, +nvidia_nim.time_to_first_token.seconds.sum,count,,second,,The sum of time to first token in seconds.,0,nvidia_nim,,, \ No newline at end of file diff --git a/nvidia_nim/pyproject.toml b/nvidia_nim/pyproject.toml new file mode 100644 index 0000000000000..805bb2533fb3b --- /dev/null +++ b/nvidia_nim/pyproject.toml @@ -0,0 +1,60 @@ +[build-system] +requires = [ + "hatchling>=0.13.0", +] +build-backend = "hatchling.build" + +[project] +name = "datadog-nvidia-nim" +description = "The nvidia_nim check" +readme = "README.md" +license = "BSD-3-Clause" +requires-python = ">=3.12" +keywords = [ + "datadog", + "datadog agent", + "datadog check", + "nvidia_nim", +] +authors = [ + { name = "Datadog", email = "packages@datadoghq.com" }, +] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Intended Audience :: System Administrators", + "License :: OSI Approved :: BSD License", + "Private :: Do Not Upload", + "Programming Language :: Python :: 3.11", + "Topic :: System :: Monitoring", +] +dependencies = [ + "datadog-checks-base>=33.0.0", +] +dynamic = [ + "version", +] + +[project.optional-dependencies] +deps = [] + +[project.urls] +Source = "https://github.com/DataDog/integrations-core" + +[tool.hatch.version] +path = "datadog_checks/nvidia_nim/__about__.py" + +[tool.hatch.build.targets.sdist] +include = [ + "/datadog_checks", + "/tests", + "/manifest.json", +] + +[tool.hatch.build.targets.wheel] +include = [ + "/datadog_checks/nvidia_nim", +] +dev-mode-dirs = [ + ".", +] diff --git a/nvidia_nim/tests/__init__.py b/nvidia_nim/tests/__init__.py new file mode 100644 index 0000000000000..9103122bf028d --- /dev/null +++ b/nvidia_nim/tests/__init__.py @@ -0,0 +1,3 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) diff --git a/nvidia_nim/tests/common.py b/nvidia_nim/tests/common.py new file mode 100644 index 0000000000000..1ee147c550a71 --- /dev/null +++ b/nvidia_nim/tests/common.py @@ -0,0 +1,63 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +import os + +from datadog_checks.dev import get_docker_hostname, get_here + +HERE = get_here() +HOST = get_docker_hostname() +PORT = 8000 + + +def get_fixture_path(filename): + return os.path.join(HERE, 'fixtures', filename) + + +MOCKED_INSTANCE = { + "openmetrics_endpoint": f"http://{HOST}:{PORT}/metrics", + "tags": ['test:test'], +} + +MOCKED_VERSION_ENDPOINT = f"http://{HOST}:{PORT}/version" + +COMPOSE_FILE = os.path.join(HERE, 'docker', 'docker-compose.yaml') + +METRICS_MOCK = [ + 'e2e_request_latency.seconds.bucket', + 'e2e_request_latency.seconds.count', + 'e2e_request_latency.seconds.sum', + 'generation_tokens.count', + 'gpu_cache_usage_percent', + 'num_request.max', + 'num_requests.running', + 'num_requests.waiting', + 'process.cpu_seconds.count', + 'process.max_fds', + 'process.open_fds', + 'process.resident_memory_bytes', + 'process.start_time_seconds', + 'process.virtual_memory_bytes', + 'prompt_tokens.count', + 'python.gc.collections.count', + 'python.gc.objects.collected.count', + 'python.gc.objects.uncollectable.count', + 'python.info', + 'request.failure.count', + 'request.finish.count', + 'request.generation_tokens.bucket', + 'request.generation_tokens.count', + 'request.generation_tokens.sum', + 'request.prompt_tokens.bucket', + 'request.prompt_tokens.count', + 'request.prompt_tokens.sum', + 'request.success.count', + 'time_per_output_token.seconds.bucket', + 'time_per_output_token.seconds.count', + 'time_per_output_token.seconds.sum', + 'time_to_first_token.seconds.bucket', + 'time_to_first_token.seconds.count', + 'time_to_first_token.seconds.sum', +] + +METRICS_MOCK = [f'nvidia_nim.{m}' for m in METRICS_MOCK] diff --git a/nvidia_nim/tests/conftest.py b/nvidia_nim/tests/conftest.py new file mode 100644 index 0000000000000..07ddd62b31d33 --- /dev/null +++ b/nvidia_nim/tests/conftest.py @@ -0,0 +1,30 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +import copy + +import pytest + +from datadog_checks.dev import docker_run +from datadog_checks.dev.conditions import CheckDockerLogs, CheckEndpoints + +from .common import COMPOSE_FILE, MOCKED_INSTANCE, MOCKED_VERSION_ENDPOINT + + +@pytest.fixture(scope='session') +def dd_environment(): + compose_file = COMPOSE_FILE + conditions = [ + CheckDockerLogs(identifier='caddy', patterns=['server running']), + CheckEndpoints(MOCKED_INSTANCE["openmetrics_endpoint"]), + CheckEndpoints(MOCKED_VERSION_ENDPOINT), + ] + with docker_run(compose_file, conditions=conditions): + yield { + 'instances': [MOCKED_INSTANCE], + } + + +@pytest.fixture +def instance(): + return copy.deepcopy(MOCKED_INSTANCE) diff --git a/nvidia_nim/tests/docker/Caddyfile b/nvidia_nim/tests/docker/Caddyfile new file mode 100644 index 0000000000000..3715320034cb3 --- /dev/null +++ b/nvidia_nim/tests/docker/Caddyfile @@ -0,0 +1,15 @@ +:8000 { + route /metrics { + rewrite * /metrics + file_server { + root /usr/share/caddy + } + } + + route /v1/version { + rewrite * /version + file_server { + root /usr/share/caddy + } + } +} \ No newline at end of file diff --git a/nvidia_nim/tests/docker/docker-compose.yaml b/nvidia_nim/tests/docker/docker-compose.yaml new file mode 100644 index 0000000000000..89fae66a27a87 --- /dev/null +++ b/nvidia_nim/tests/docker/docker-compose.yaml @@ -0,0 +1,11 @@ +version: "3.9" +services: + caddy: + image: caddy:2.7 + container_name: caddy + ports: + - "8000:8000" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - ../fixtures/nim_metrics.txt:/usr/share/caddy/metrics + - ../fixtures/nim_version.json:/usr/share/caddy/version \ No newline at end of file diff --git a/nvidia_nim/tests/fixtures/nim_metrics.txt b/nvidia_nim/tests/fixtures/nim_metrics.txt new file mode 100644 index 0000000000000..d503a454265d7 --- /dev/null +++ b/nvidia_nim/tests/fixtures/nim_metrics.txt @@ -0,0 +1,159 @@ +# HELP python_gc_objects_collected_total Objects collected during gc +# TYPE python_gc_objects_collected_total counter +python_gc_objects_collected_total{generation="0"} 12502.0 +python_gc_objects_collected_total{generation="1"} 5884.0 +python_gc_objects_collected_total{generation="2"} 1228.0 +# HELP python_gc_objects_uncollectable_total Uncollectable objects found during GC +# TYPE python_gc_objects_uncollectable_total counter +python_gc_objects_uncollectable_total{generation="0"} 0.0 +python_gc_objects_uncollectable_total{generation="1"} 0.0 +python_gc_objects_uncollectable_total{generation="2"} 0.0 +# HELP python_gc_collections_total Number of times this generation was collected +# TYPE python_gc_collections_total counter +python_gc_collections_total{generation="0"} 2991.0 +python_gc_collections_total{generation="1"} 271.0 +python_gc_collections_total{generation="2"} 13.0 +# HELP python_info Python platform information +# TYPE python_info gauge +python_info{implementation="CPython",major="3",minor="10",patchlevel="12",version="3.10.12"} 1.0 +# HELP process_virtual_memory_bytes Virtual memory size in bytes. +# TYPE process_virtual_memory_bytes gauge +process_virtual_memory_bytes 1.15891634176e+011 +# HELP process_resident_memory_bytes Resident memory size in bytes. +# TYPE process_resident_memory_bytes gauge +process_resident_memory_bytes 1.0463768576e+010 +# HELP process_start_time_seconds Start time of the process since unix epoch in seconds. +# TYPE process_start_time_seconds gauge +process_start_time_seconds 1.7303128549e+09 +# HELP process_cpu_seconds_total Total user and system CPU time spent in seconds. +# TYPE process_cpu_seconds_total counter +process_cpu_seconds_total 44.87 +# HELP process_open_fds Number of open file descriptors. +# TYPE process_open_fds gauge +process_open_fds 159.0 +# HELP process_max_fds Maximum number of open file descriptors. +# TYPE process_max_fds gauge +process_max_fds 1.048576e+06 +# HELP num_requests_running Number of requests currently running on GPU. +# TYPE num_requests_running gauge +num_requests_running{model_name="meta/llama-3.1-8b-instruct"} 1.0 +# HELP num_requests_waiting Number of requests waiting to be processed. +# TYPE num_requests_waiting gauge +num_requests_waiting{model_name="meta/llama-3.1-8b-instruct"} 0.0 +# HELP num_request_max Max number of concurrently running requests. +# TYPE num_request_max gauge +num_request_max{model_name="meta/llama-3.1-8b-instruct"} 64.0 +# HELP gpu_cache_usage_perc GPU KV-cache usage. 1 means 100 percent usage. +# TYPE gpu_cache_usage_perc gauge +gpu_cache_usage_perc{model_name="meta/llama-3.1-8b-instruct"} 0.0002848191398461977 +# HELP prompt_tokens_total Number of prefill tokens processed. +# TYPE prompt_tokens_total counter +prompt_tokens_total{model_name="meta/llama-3.1-8b-instruct"} 109.0 +# HELP generation_tokens_total Number of generation tokens processed. +# TYPE generation_tokens_total counter +generation_tokens_total{model_name="meta/llama-3.1-8b-instruct"} 174.0 +# HELP time_to_first_token_seconds Histogram of time to first token in seconds. +# TYPE time_to_first_token_seconds histogram +time_to_first_token_seconds_bucket{le="0.001",model_name="meta/llama-3.1-8b-instruct"} 0.0 +time_to_first_token_seconds_bucket{le="0.005",model_name="meta/llama-3.1-8b-instruct"} 0.0 +time_to_first_token_seconds_bucket{le="0.01",model_name="meta/llama-3.1-8b-instruct"} 0.0 +time_to_first_token_seconds_bucket{le="0.02",model_name="meta/llama-3.1-8b-instruct"} 2.0 +time_to_first_token_seconds_bucket{le="0.04",model_name="meta/llama-3.1-8b-instruct"} 4.0 +time_to_first_token_seconds_bucket{le="0.06",model_name="meta/llama-3.1-8b-instruct"} 4.0 +time_to_first_token_seconds_bucket{le="0.08",model_name="meta/llama-3.1-8b-instruct"} 4.0 +time_to_first_token_seconds_bucket{le="0.1",model_name="meta/llama-3.1-8b-instruct"} 4.0 +time_to_first_token_seconds_bucket{le="0.25",model_name="meta/llama-3.1-8b-instruct"} 4.0 +time_to_first_token_seconds_bucket{le="0.5",model_name="meta/llama-3.1-8b-instruct"} 4.0 +time_to_first_token_seconds_bucket{le="0.75",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_bucket{le="1.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_bucket{le="2.5",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_bucket{le="5.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_bucket{le="7.5",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_bucket{le="10.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_bucket{le="+Inf",model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_count{model_name="meta/llama-3.1-8b-instruct"} 5.0 +time_to_first_token_seconds_sum{model_name="meta/llama-3.1-8b-instruct"} 0.6119842529296875 +# HELP time_per_output_token_seconds Histogram of time per output token in seconds. +# TYPE time_per_output_token_seconds histogram +time_per_output_token_seconds_bucket{le="0.01",model_name="meta/llama-3.1-8b-instruct"} 0.0 +time_per_output_token_seconds_bucket{le="0.025",model_name="meta/llama-3.1-8b-instruct"} 168.0 +time_per_output_token_seconds_bucket{le="0.05",model_name="meta/llama-3.1-8b-instruct"} 168.0 +time_per_output_token_seconds_bucket{le="0.075",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.1",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.15",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.2",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.3",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.4",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.5",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="0.75",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="1.0",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="2.5",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_bucket{le="+Inf",model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_count{model_name="meta/llama-3.1-8b-instruct"} 169.0 +time_per_output_token_seconds_sum{model_name="meta/llama-3.1-8b-instruct"} 1.856855869293213 +# HELP e2e_request_latency_seconds Histogram of end to end request latency in seconds. +# TYPE e2e_request_latency_seconds histogram +e2e_request_latency_seconds_bucket{le="1.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="2.5",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="5.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="10.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="15.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="20.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="30.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="40.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="50.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="60.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_bucket{le="+Inf",model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_count{model_name="meta/llama-3.1-8b-instruct"} 5.0 +e2e_request_latency_seconds_sum{model_name="meta/llama-3.1-8b-instruct"} 2.4688401222229004 +# HELP request_prompt_tokens Number of prefill tokens processed. +# TYPE request_prompt_tokens histogram +request_prompt_tokens_bucket{le="1.0",model_name="meta/llama-3.1-8b-instruct"} 0.0 +request_prompt_tokens_bucket{le="2.0",model_name="meta/llama-3.1-8b-instruct"} 0.0 +request_prompt_tokens_bucket{le="5.0",model_name="meta/llama-3.1-8b-instruct"} 3.0 +request_prompt_tokens_bucket{le="10.0",model_name="meta/llama-3.1-8b-instruct"} 3.0 +request_prompt_tokens_bucket{le="20.0",model_name="meta/llama-3.1-8b-instruct"} 3.0 +request_prompt_tokens_bucket{le="50.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="100.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="200.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="500.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="1000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="2000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="5000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="10000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="20000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="50000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="100000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_bucket{le="+Inf",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_count{model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_prompt_tokens_sum{model_name="meta/llama-3.1-8b-instruct"} 109.0 +# HELP request_generation_tokens Number of generation tokens processed. +# TYPE request_generation_tokens histogram +request_generation_tokens_bucket{le="1.0",model_name="meta/llama-3.1-8b-instruct"} 0.0 +request_generation_tokens_bucket{le="2.0",model_name="meta/llama-3.1-8b-instruct"} 0.0 +request_generation_tokens_bucket{le="5.0",model_name="meta/llama-3.1-8b-instruct"} 0.0 +request_generation_tokens_bucket{le="10.0",model_name="meta/llama-3.1-8b-instruct"} 0.0 +request_generation_tokens_bucket{le="20.0",model_name="meta/llama-3.1-8b-instruct"} 3.0 +request_generation_tokens_bucket{le="50.0",model_name="meta/llama-3.1-8b-instruct"} 3.0 +request_generation_tokens_bucket{le="100.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="200.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="500.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="1000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="2000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="5000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="10000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="20000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="50000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="100000.0",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_bucket{le="+Inf",model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_count{model_name="meta/llama-3.1-8b-instruct"} 5.0 +request_generation_tokens_sum{model_name="meta/llama-3.1-8b-instruct"} 174.0 +# HELP request_finish_total Count of finished requests, differentiated by finish reason as label. +# TYPE request_finish_total counter +request_finish_total{finished_reason="length",model_name="meta/llama-3.1-8b-instruct"} 5.0 +# HELP request_success_total Count of successful requests. +# TYPE request_success_total counter +request_success_total{model_name="meta/llama-3.1-8b-instruct"} 5.0 +# HELP request_failure_total Count of failed requests. +# TYPE request_failure_total counter +request_failure_total{model_name="meta/llama-3.1-8b-instruct"} 0.0 \ No newline at end of file diff --git a/nvidia_nim/tests/fixtures/nim_version.json b/nvidia_nim/tests/fixtures/nim_version.json new file mode 100644 index 0000000000000..697168b8dabdd --- /dev/null +++ b/nvidia_nim/tests/fixtures/nim_version.json @@ -0,0 +1 @@ +{"release":"1.0.0","api":"1.0.0"} \ No newline at end of file diff --git a/nvidia_nim/tests/test_e2e.py b/nvidia_nim/tests/test_e2e.py new file mode 100644 index 0000000000000..9151982259dca --- /dev/null +++ b/nvidia_nim/tests/test_e2e.py @@ -0,0 +1,11 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +from datadog_checks.base.constants import ServiceCheck +from datadog_checks.dev.utils import assert_service_checks + + +def test_check_nvidia_nim_e2e(dd_agent_check, instance): + aggregator = dd_agent_check(instance, rate=True) + aggregator.assert_service_check('nvidia_nim.openmetrics.health', ServiceCheck.OK, count=2) + assert_service_checks(aggregator) diff --git a/nvidia_nim/tests/test_unit.py b/nvidia_nim/tests/test_unit.py new file mode 100644 index 0000000000000..980580e11fab3 --- /dev/null +++ b/nvidia_nim/tests/test_unit.py @@ -0,0 +1,61 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) + +from unittest import mock + +import pytest + +from datadog_checks.base.constants import ServiceCheck +from datadog_checks.dev.http import MockResponse +from datadog_checks.dev.utils import get_metadata_metrics +from datadog_checks.nvidia_nim import NvidiaNIMCheck + +from .common import METRICS_MOCK, get_fixture_path + + +def test_check_nvidia_nim(dd_run_check, aggregator, datadog_agent, instance): + check = NvidiaNIMCheck("nvidia_nim", {}, [instance]) + check.check_id = "test:123" + with mock.patch( + 'requests.get', + side_effect=[ + MockResponse(file_path=get_fixture_path("nim_metrics.txt")), + MockResponse(file_path=get_fixture_path("nim_version.json")), + ], + ): + dd_run_check(check) + + for metric in METRICS_MOCK: + aggregator.assert_metric(metric) + aggregator.assert_metric_has_tag(metric, "test:test") + + aggregator.assert_all_metrics_covered() + aggregator.assert_metrics_using_metadata(get_metadata_metrics()) + aggregator.assert_service_check("nvidia_nim.openmetrics.health", ServiceCheck.OK) + + raw_version = "1.0.0" + major, minor, patch = raw_version.split(".") + version_metadata = { + "version.scheme": "semver", + "version.major": major, + "version.minor": minor, + "version.patch": patch, + "version.raw": raw_version, + } + datadog_agent.assert_metadata("test:123", version_metadata) + + +def test_emits_critical_openemtrics_service_check_when_service_is_down( + dd_run_check, aggregator, instance, mock_http_response +): + """ + If we fail to reach the openmetrics endpoint the openmetrics service check should report as critical + """ + mock_http_response(status_code=404) + check = NvidiaNIMCheck("nvidia_nim", {}, [instance]) + with pytest.raises(Exception, match="requests.exceptions.HTTPError"): + dd_run_check(check) + + aggregator.assert_all_metrics_covered() + aggregator.assert_service_check("nvidia_nim.openmetrics.health", ServiceCheck.CRITICAL) diff --git a/nvidia_triton/CHANGELOG.md b/nvidia_triton/CHANGELOG.md index 42ba6664d93b5..07a911a43cfec 100644 --- a/nvidia_triton/CHANGELOG.md +++ b/nvidia_triton/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/oke/README.md b/oke/README.md index a3ba86962c906..2cf8e71dd55dc 100644 --- a/oke/README.md +++ b/oke/README.md @@ -2,22 +2,40 @@ ## Overview -Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) is a fully-managed Kubernetes service for deploying and running your containerized applications on Oracle Cloud. Datadog provides you with comprehensive visibility to your Kubernetes clusters managed by OKE. Once you have enabled your Datadog integration, you can view your Kubernetes infrastructure, monitor live processes, and track key metrics from all of your pods and containers in one place. +Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) is a managed Kubernetes service that simplifies the operations of enterprise-grade Kubernetes at scale. + +This integration collects metrics and tags from the [`oci_oke`][1] namespace to help you monitor your Kubernetes control plane, clusters, and node states. + +Deploying the [Datadog Agent][2] on your OKE cluster can also help you track the load on your clusters, pods, and individual nodes to get better insights into how to provision and deploy your resources. + +In addition to monitoring your nodes, pods, and containers, the Agent can also collect and report metrics from the services running in your cluster, so that you can: + +- Explore your OKE clusters with [pre-configured Kubernetes dashboards][3] +- Monitor containers and processes in real time +- Automatically track and monitor containerized services ## Setup +Once you set up the [Oracle Cloud Infrastructure][4] integration, ensure that the `oci_oke` namespace is included in your [Connector Hub][5]. + Because Datadog already integrates with Kubernetes, it is ready-made to monitor OKE. If you're running the Agent in a Kubernetes cluster and plan to migrate to OKE, you can continue monitoring your cluster with Datadog. -Additionally, OKE node pools are supported. +Deploying the Agent as a DaemonSet with the [Helm chart][6] is the most straightforward (and recommended) method, since it ensures that the Agent will run as a pod on every node within your cluster and that each new node automatically has the Agent installed. You can also configure the Agent to collect process data, traces, and logs by adding a few extra lines to a Helm values file. Additionally, OKE node pools are supported. ## Troubleshooting -Need help? Contact [Datadog support][1]. +Need help? Contact [Datadog support][7]. ## Further Reading -- [How to monitor OKE with Datadog][2] +- [How to monitor OKE with Datadog][8] -[1]: https://docs.datadoghq.com/help/ -[2]: https://www.datadoghq.com/blog/monitor-oracle-kubernetes-engine/ +[1]: https://docs.oracle.com/en-us/iaas/Content/ContEng/Reference/contengmetrics.htm +[2]: https://docs.datadoghq.com/agent/kubernetes/#installation +[3]: https://app.datadoghq.com/dashboard/lists/preset/3?q=kubernetes +[4]: https://docs.datadoghq.com/integrations/oracle_cloud_infrastructure/ +[5]: https://cloud.oracle.com/connector-hub/service-connectors +[6]: https://docs.datadoghq.com/agent/kubernetes/?tab=helm +[7]: https://docs.datadoghq.com/help/ +[8]: https://www.datadoghq.com/blog/monitor-oracle-kubernetes-engine/ diff --git a/oke/manifest.json b/oke/manifest.json index 7b33e09ff665d..3273ec58c78e7 100644 --- a/oke/manifest.json +++ b/oke/manifest.json @@ -8,12 +8,14 @@ "configuration": "README.md#Setup", "support": "README.md#Support", "changelog": "CHANGELOG.md", - "description": "OKE is an Oracle-managed container orchestration service.", + "description": "OKE is an OCI managed container orchestration service.", "title": "Oracle Container Engine for Kubernetes", "media": [], "classifier_tags": [ + "Category::Configuration & Deployment", "Category::Containers", "Category::Kubernetes", + "Category::Metrics", "Category::Oracle", "Category::Orchestration", "Supported OS::Linux", diff --git a/openldap/CHANGELOG.md b/openldap/CHANGELOG.md index 03e4ee219a7dc..9d6366c8f311b 100644 --- a/openldap/CHANGELOG.md +++ b/openldap/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.12.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/openmetrics/CHANGELOG.md b/openmetrics/CHANGELOG.md index 01154a3552f75..9c0393d7cf3d2 100644 --- a/openmetrics/CHANGELOG.md +++ b/openmetrics/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/openstack/CHANGELOG.md b/openstack/CHANGELOG.md index ef39c1512c661..2e3361b25b5b6 100644 --- a/openstack/CHANGELOG.md +++ b/openstack/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.0.0 / 2024-01-05 / Agent 7.51.0 ***Changed***: diff --git a/openstack_controller/CHANGELOG.md b/openstack_controller/CHANGELOG.md index 3da3a8b274510..bd68268c2a5c5 100644 --- a/openstack_controller/CHANGELOG.md +++ b/openstack_controller/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,11 +18,15 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.9.0 / 2024-08-09 / Agent 7.57.0 ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 6.8.1 / 2024-07-24 / Agent 7.56.0 diff --git a/oracle/CHANGELOG.md b/oracle/CHANGELOG.md index 2a3d81e4ba022..e871cd2804ee1 100644 --- a/oracle/CHANGELOG.md +++ b/oracle/CHANGELOG.md @@ -8,6 +8,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.2.0 / 2024-03-22 / Agent 7.53.0 ***Deprecated***: diff --git a/oracle/metadata.csv b/oracle/metadata.csv index 094ca2fecc13f..e0aad71bbf027 100644 --- a/oracle/metadata.csv +++ b/oracle/metadata.csv @@ -1,32 +1,35 @@ -metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric -oracle.active_sessions,gauge,,,,number of active sessions,0,oracle_database,active sessions, -oracle.buffer_cachehit_ratio,gauge,,percent,,Ratio of buffer cache hits,1,oracle_database,buff cache hit ratio, -oracle.cache_blocks_corrupt,gauge,,block,,corrupt cache blocks,0,oracle_database,corrupt cache blocks, -oracle.cache_blocks_lost,gauge,,block,,lost cache blocks,0,oracle_database,lost cache blocks, -oracle.cursor_cachehit_ratio,gauge,,percent,,Ratio of cursor cache hits,1,oracle_database,cursor cache hit ratio, -oracle.database_wait_time_ratio,gauge,,percent,,memory sorts per second,0,oracle_database,db wait-time ratio, -oracle.disk_sorts,gauge,,operation,second,disk sorts per second,0,oracle_database,disk sorts, -oracle.enqueue_timeouts,gauge,,timeout,second,enqueue timeouts per sec,0,oracle_database,enqueue timeouts, -oracle.gc_cr_block_received,gauge,,block,second,GC CR block received,0,oracle_database,gc cr block rcv , -oracle.library_cachehit_ratio,gauge,,percent,,Ratio of library cache hits,1,oracle_database,lib cache hit ratio, -oracle.logons,gauge,,,,number of logon attempts,0,oracle_database,logons, -oracle.long_table_scans,gauge,,scan,second,number of long table scans per sec,0,oracle_database,long tbl scans, -oracle.memory_sorts_ratio,gauge,,percent,,memory sorts ratio,0,oracle_database,memory sort ratio, -oracle.physical_reads,gauge,,read,second,physical reads per sec,0,oracle_database,phys reads, -oracle.physical_writes,gauge,,write,second,physical writes per sec,0,oracle_database,phys reads, -oracle.process.pga_allocated_memory,gauge,,byte,,PGA memory allocated by process,0,oracle_database,pga memory allocated, -oracle.process.pga_freeable_memory,gauge,,byte,,PGA memory freeable by process,0,oracle_database,pga memory freeable, -oracle.process.pga_maximum_memory,gauge,,byte,,PGA maximum memory ever allocated by process,0,oracle_database,pga max memory allocated, -oracle.process.pga_used_memory,gauge,,byte,,PGA memory used by process,0,oracle_database,pga memory used, -oracle.rows_per_sort,gauge,,row,operation,rows per sort,0,oracle_database,rows per sort, -oracle.service_response_time,gauge,,second,,service response time,0,oracle_database,svc resp time, -oracle.session_count,gauge,,,,session count,0,oracle_database,session count, -oracle.session_limit_usage,gauge,,percent,,session limit usage,0,oracle_database,session lim usage %, -oracle.shared_pool_free,gauge,,percent,,shared pool free memory %,0,oracle_database,shared pool free, -oracle.sorts_per_user_call,gauge,,,,sorts per user call,0,oracle_database,sorts per user call, -oracle.tablespace.in_use,gauge,,percent,,tablespace in-use,0,oracle_database,tablespace in-use, -oracle.tablespace.offline,gauge,,,,tablespace offline,0,oracle_database,tablespace offline, -oracle.tablespace.size,gauge,,byte,,tablespace size,0,oracle_database,tablespace size, -oracle.tablespace.used,gauge,,byte,,tablespace used,0,oracle_database,tablespace used, -oracle.temp_space_used,gauge,,byte,,temp space used,0,oracle_database,temp space used, -oracle.user_rollbacks,gauge,,operation,,number of user rollbacks,0,oracle_database,user rollbacks, +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags +oracle.active_sessions,gauge,,,,Number of active sessions,0,oracle_database,active sessions,, +oracle.asm_diskgroup.free_mb,gauge,,,,"The unused capacity of a disk group in megabytes, tagged by `state` (DBM only)",0,oracle_database,disk group free megabytes,, +oracle.asm_diskgroup.offline_disks,gauge,,,,"The number of disks in an ASM disk group that are offline, tagged by `state` (DBM only)",0,oracle_database,offline disks in asm disk group,, +oracle.asm_diskgroup.total_mb,gauge,,,,"The total usable capacity of the disk group, tagged by `state` (DBM only)",0,oracle_database,disk group total megabytes,, +oracle.buffer_cachehit_ratio,gauge,,percent,,Ratio of buffer cache hits,1,oracle_database,buff cache hit ratio,, +oracle.cache_blocks_corrupt,gauge,,block,,Corrupt cache blocks,0,oracle_database,corrupt cache blocks,, +oracle.cache_blocks_lost,gauge,,block,,Lost cache blocks,0,oracle_database,lost cache blocks,, +oracle.cursor_cachehit_ratio,gauge,,percent,,Ratio of cursor cache hits,1,oracle_database,cursor cache hit ratio,, +oracle.database_wait_time_ratio,gauge,,percent,,Memory sorts per second,0,oracle_database,db wait-time ratio,, +oracle.disk_sorts,gauge,,operation,second,Disk sorts per second,0,oracle_database,disk sorts,, +oracle.enqueue_timeouts,gauge,,timeout,second,Enqueue timeouts per sec,0,oracle_database,enqueue timeouts,, +oracle.gc_cr_block_received,gauge,,block,second,GC CR block received,0,oracle_database,gc cr block rcv ,, +oracle.library_cachehit_ratio,gauge,,percent,,Ratio of library cache hits,1,oracle_database,lib cache hit ratio,, +oracle.logons,gauge,,,,Number of logon attempts,0,oracle_database,logons,, +oracle.long_table_scans,gauge,,scan,second,Number of long table scans per sec,0,oracle_database,long tbl scans,, +oracle.memory_sorts_ratio,gauge,,percent,,Memory sorts ratio,0,oracle_database,memory sort ratio,, +oracle.physical_reads,gauge,,read,second,Physical reads per sec,0,oracle_database,phys reads,, +oracle.physical_writes,gauge,,write,second,Physical writes per sec,0,oracle_database,phys reads,, +oracle.process.pga_allocated_memory,gauge,,byte,,PGA memory allocated by process,0,oracle_database,pga memory allocated,, +oracle.process.pga_freeable_memory,gauge,,byte,,PGA memory freeable by process,0,oracle_database,pga memory freeable,, +oracle.process.pga_maximum_memory,gauge,,byte,,PGA maximum memory ever allocated by process,0,oracle_database,pga max memory allocated,, +oracle.process.pga_used_memory,gauge,,byte,,PGA memory used by process,0,oracle_database,pga memory used,, +oracle.rows_per_sort,gauge,,row,operation,Rows per sort,0,oracle_database,rows per sort,, +oracle.service_response_time,gauge,,second,,Service response time,0,oracle_database,svc resp time,, +oracle.session_count,gauge,,,,Session count,0,oracle_database,session count,, +oracle.session_limit_usage,gauge,,percent,,Session limit usage,0,oracle_database,session lim usage %,, +oracle.shared_pool_free,gauge,,percent,,Shared pool free memory %,0,oracle_database,shared pool free,, +oracle.sorts_per_user_call,gauge,,,,Sorts per user call,0,oracle_database,sorts per user call,, +oracle.tablespace.in_use,gauge,,percent,,Tablespace in-use,0,oracle_database,tablespace in-use,, +oracle.tablespace.offline,gauge,,,,Tablespace offline,0,oracle_database,tablespace offline,, +oracle.tablespace.size,gauge,,byte,,Tablespace size,0,oracle_database,tablespace size,, +oracle.tablespace.used,gauge,,byte,,Tablespace used,0,oracle_database,tablespace used,, +oracle.temp_space_used,gauge,,byte,,Temp space used,0,oracle_database,temp space used,, +oracle.user_rollbacks,gauge,,operation,,number of user rollbacks,0,oracle_database,user rollbacks,, diff --git a/ossec_security/CHANGELOG.md b/ossec_security/CHANGELOG.md index 713f506d40c13..57fa73dad058d 100644 --- a/ossec_security/CHANGELOG.md +++ b/ossec_security/CHANGELOG.md @@ -8,6 +8,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/pan_firewall/CHANGELOG.md b/pan_firewall/CHANGELOG.md index 431eea2116116..b51fc38f17992 100644 --- a/pan_firewall/CHANGELOG.md +++ b/pan_firewall/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.2.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/pdh_check/CHANGELOG.md b/pdh_check/CHANGELOG.md index 8840b8c5f0806..57aa3798bb182 100644 --- a/pdh_check/CHANGELOG.md +++ b/pdh_check/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/pgbouncer/CHANGELOG.md b/pgbouncer/CHANGELOG.md index 1f6b9a6f51adb..45e0357593394 100644 --- a/pgbouncer/CHANGELOG.md +++ b/pgbouncer/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 6.2.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/php_fpm/CHANGELOG.md b/php_fpm/CHANGELOG.md index e681bf8494f11..dfe360c68b5f6 100644 --- a/php_fpm/CHANGELOG.md +++ b/php_fpm/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/ping_federate/CHANGELOG.md b/ping_federate/CHANGELOG.md index 1a15386e3ff1a..1a1b18c0a7aa0 100644 --- a/ping_federate/CHANGELOG.md +++ b/ping_federate/CHANGELOG.md @@ -8,6 +8,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/plaid/CHANGELOG.md b/plaid/CHANGELOG.md new file mode 100644 index 0000000000000..76f7b7ed1d71e --- /dev/null +++ b/plaid/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Plaid + +## 1.0.0 / 2024-10-25 + +***Added***: + +* Initial Release \ No newline at end of file diff --git a/plaid/README.md b/plaid/README.md new file mode 100644 index 0000000000000..4f508b4d0af23 --- /dev/null +++ b/plaid/README.md @@ -0,0 +1,46 @@ +# Agent Check: Plaid + +[Plaid](https://plaid.com/) specializes in financial technology by offering APIs that allow developers to integrate banking services into their applications. By connecting users' bank accounts to apps, Plaid enables features like account verification, transaction history retrieval, and balance checks. This functionality is crucial for various applications, including budgeting tools, personal finance management, and payment processing. + +## Overview + +Here are some insights that can be drawn from your Plaid dashboard: + +- **Descriptive Trends**: Assess common descriptions for categorization. +- **Failure Patterns**: Investigate failure reasons to improve reliability. +- **Network Performance**: Evaluate network effectiveness and transaction success rates. +- **Status Monitoring**: Track overall transaction statuses for operational efficiency. +- **Sweep Trends**: Analyze sweep statuses to understand fund movement dynamics. +- **Type Classification**: Categorize transactions by type for deeper financial insights. +- **Currency Insights**: Examine iso_currency_code for multi-currency transaction patterns. + +## Setup + +1. Log in to [Plaid](https://dashboard.plaid.com/signin/). +2. Client ID and Secret can be obtained through this [link](https://dashboard.plaid.com/developers/keys). + +### Configuration + +Configure the Datadog endpoint to forward Plaid logs to Datadog. +1. Navigate to Plaid. +2. Add your Plaid credentials. + +| Plaid Parameters | Description | +|----------|----------| +| Client ID | Client of the Plaid account. | +| Secret | Secret of the Plaid account | + + +## Data Collected + +The crawler will implement data collection of Plaid logs for the List of Transfer events, remove sensitive data and send it to Datadog. + + +## Troubleshooting + +Need help? Contact [Datadog support][3]. + +[1]: **LINK_TO_INTEGRATION_SITE** +[2]: https://app.datadoghq.com/account/settings/agent/latest +[3]: https://docs.datadoghq.com/help/ + diff --git a/plaid/assets/service_checks.json b/plaid/assets/service_checks.json new file mode 100644 index 0000000000000..0637a088a01e8 --- /dev/null +++ b/plaid/assets/service_checks.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/plaid/manifest.json b/plaid/manifest.json new file mode 100644 index 0000000000000..695580a4b390a --- /dev/null +++ b/plaid/manifest.json @@ -0,0 +1,47 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "104e8e43-bf5b-44f1-8ef3-76ad53a39c05", + "app_id": "plaid", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into Plaid logs.", + "title": "Plaid", + "media": [], + "classifier_tags": [ + "Category::Log Collection", + "Offering::Integration", + "Submitted Data Type::Logs" + ] + }, + "assets": { + "integration": { + "auto_install": true, + "source_type_id": 30173459, + "source_type_name": "plaid", + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "plaid.", + "check": "", + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} + + + \ No newline at end of file diff --git a/plaid/metadata.csv b/plaid/metadata.csv new file mode 100644 index 0000000000000..02cde5e98381e --- /dev/null +++ b/plaid/metadata.csv @@ -0,0 +1 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags diff --git a/postfix/CHANGELOG.md b/postfix/CHANGELOG.md index 530deea25b3cc..3419fe148522e 100644 --- a/postfix/CHANGELOG.md +++ b/postfix/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.14.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/postgres/CHANGELOG.md b/postgres/CHANGELOG.md index dc8dd7b06804c..cb8a7c57f2734 100644 --- a/postgres/CHANGELOG.md +++ b/postgres/CHANGELOG.md @@ -2,6 +2,17 @@ +## 22.3.0 / 2024-11-28 + +***Added***: + +* Submit database_hostname with database instance and metrics for MySQL, Postgres, and SQLServer ([#18969](https://github.com/DataDog/integrations-core/pull/18969)) +* Track logical replication slot catalog_xmin age ([#19083](https://github.com/DataDog/integrations-core/pull/19083)) + +***Fixed***: + +* Add alloydbadmin & alloydbmetadata to default list of databases to exclude from autodiscovery and databases to ignore to prevent failures on GCP AlloyDB for PostgreSQL. ([#19061](https://github.com/DataDog/integrations-core/pull/19061)) + ## 22.2.0 / 2024-11-06 ***Added***: @@ -42,10 +53,6 @@ ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Add `keep_json_path` to `obfuscator_options` to allow users to control whether JSON paths following JSON operators in SQL statements should be obfuscated. By default, these paths are treated as literals and are obfuscated to `?`. ([#18726](https://github.com/DataDog/integrations-core/pull/18726)) * Add additional debug logging to help with schema collection investigations ([#18754](https://github.com/DataDog/integrations-core/pull/18754)) * Add Postgres cross-org telemetry metrics. ([#18758](https://github.com/DataDog/integrations-core/pull/18758)) @@ -60,6 +67,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 20.0.0 / 2024-09-05 ***Changed***: @@ -88,7 +99,7 @@ * Allow filtering of schema collection in Postgres using regexes to include or exclude objects ([#18145](https://github.com/DataDog/integrations-core/pull/18145)) * Collect blk read/write time from pg_stat_database ([#18169](https://github.com/DataDog/integrations-core/pull/18169)) * Use QueryManager to collect `custom_queries` and `global_custom_queries`. `custom_queries` now supports configurable `collection_interval`. ([#18183](https://github.com/DataDog/integrations-core/pull/18183)) -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) * Add new config option `role_arn` to AWS managed authentication to support cross account IAM auth. ([#18228](https://github.com/DataDog/integrations-core/pull/18228)) ***Fixed***: diff --git a/postgres/assets/configuration/spec.yaml b/postgres/assets/configuration/spec.yaml index deb2db6cb8f9f..016064d782779 100644 --- a/postgres/assets/configuration/spec.yaml +++ b/postgres/assets/configuration/spec.yaml @@ -888,6 +888,8 @@ files: description: | Set to `false` to disable the collection of comments in your SQL statements. Requires `collect_metadata: true`. + Note: This option must be `true` in order to correlate Database Monitoring samples and APM traces. + See https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm value: type: boolean example: true diff --git a/postgres/changelog.d/19061.fixed b/postgres/changelog.d/19061.fixed deleted file mode 100644 index 8fc692037374f..0000000000000 --- a/postgres/changelog.d/19061.fixed +++ /dev/null @@ -1 +0,0 @@ -Add alloydbadmin & alloydbmetadata to default list of databases to exclude from autodiscovery and databases to ignore to prevent failures on GCP AlloyDB for PostgreSQL. diff --git a/postgres/changelog.d/19083.added b/postgres/changelog.d/19083.added deleted file mode 100644 index 9a4d0e63f76db..0000000000000 --- a/postgres/changelog.d/19083.added +++ /dev/null @@ -1 +0,0 @@ -Track logical replication slot catalog_xmin age diff --git a/postgres/changelog.d/19218.added b/postgres/changelog.d/19218.added new file mode 100644 index 0000000000000..7ba3bd2933029 --- /dev/null +++ b/postgres/changelog.d/19218.added @@ -0,0 +1 @@ +Add postgresql.relation.xmin metric diff --git a/postgres/datadog_checks/postgres/__about__.py b/postgres/datadog_checks/postgres/__about__.py index 97cbee2999388..c510a97eec89f 100644 --- a/postgres/datadog_checks/postgres/__about__.py +++ b/postgres/datadog_checks/postgres/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = "22.2.0" +__version__ = "22.3.0" diff --git a/postgres/datadog_checks/postgres/data/conf.yaml.example b/postgres/datadog_checks/postgres/data/conf.yaml.example index e39a8b1d87fc9..d9d3c396afa0e 100644 --- a/postgres/datadog_checks/postgres/data/conf.yaml.example +++ b/postgres/datadog_checks/postgres/data/conf.yaml.example @@ -778,6 +778,8 @@ instances: ## @param collect_comments - boolean - optional - default: true ## Set to `false` to disable the collection of comments in your SQL statements. ## Requires `collect_metadata: true`. + ## Note: This option must be `true` in order to correlate Database Monitoring samples and APM traces. + ## See https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm # # collect_comments: true diff --git a/postgres/datadog_checks/postgres/postgres.py b/postgres/datadog_checks/postgres/postgres.py index 28f6e32a73197..3f20801a9a399 100644 --- a/postgres/datadog_checks/postgres/postgres.py +++ b/postgres/datadog_checks/postgres/postgres.py @@ -97,6 +97,7 @@ def __init__(self, name, init_config, instances): super(PostgreSql, self).__init__(name, init_config, instances) self._resolved_hostname = None self._agent_hostname = None + self._database_hostname = None self._db = None self.version = None self.raw_version = None @@ -168,6 +169,8 @@ def _build_autodiscovery(self): return discovery def set_resource_tags(self): + self.tags.append("database_hostname:{}".format(self.database_hostname)) + if self.cloud_metadata.get("gcp") is not None: self.tags.append( "dd.internal.resource:gcp_sql_database_instance:{}:{}".format( @@ -476,6 +479,13 @@ def agent_hostname(self): self._agent_hostname = datadog_agent.get_hostname() return self._agent_hostname + @property + def database_hostname(self): + # type: () -> str + if self._database_hostname is None: + self._database_hostname = self.resolve_db_host() + return self._database_hostname + def resolve_db_host(self): return agent_host_resolver(self._config.host) @@ -912,6 +922,7 @@ def _send_database_instance_metadata(self): event = { "host": self.resolved_hostname, "port": self._config.port, + "database_hostname": self.database_hostname, "agent_version": datadog_agent.get_version(), "dbms": "postgres", "kind": "database_instance", diff --git a/postgres/datadog_checks/postgres/relationsmanager.py b/postgres/datadog_checks/postgres/relationsmanager.py index b9dec77283709..1952534049e1c 100644 --- a/postgres/datadog_checks/postgres/relationsmanager.py +++ b/postgres/datadog_checks/postgres/relationsmanager.py @@ -187,7 +187,8 @@ pg_stat_get_vacuum_count(C.reltoastrelid), pg_stat_get_autovacuum_count(C.reltoastrelid), EXTRACT(EPOCH FROM age(CURRENT_TIMESTAMP, pg_stat_get_last_vacuum_time(C.reltoastrelid))), - EXTRACT(EPOCH FROM age(CURRENT_TIMESTAMP, pg_stat_get_last_autovacuum_time(C.reltoastrelid))) + EXTRACT(EPOCH FROM age(CURRENT_TIMESTAMP, pg_stat_get_last_autovacuum_time(C.reltoastrelid))), + C.xmin FROM pg_class C LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace) LEFT JOIN pg_locks L ON C.oid = L.relation AND L.locktype = 'relation' @@ -234,6 +235,7 @@ {'name': 'toast.autovacuumed', 'type': 'monotonic_count'}, {'name': 'toast.last_vacuum_age', 'type': 'gauge'}, {'name': 'toast.last_autovacuum_age', 'type': 'gauge'}, + {'name': 'relation.xmin', 'type': 'gauge'}, ], } diff --git a/postgres/metadata.csv b/postgres/metadata.csv index 1cf6813327fe3..49183d67a61cc 100644 --- a/postgres/metadata.csv +++ b/postgres/metadata.csv @@ -116,6 +116,7 @@ postgresql.queries.time,count,,nanosecond,,"The total query execution time per q postgresql.relation.all_visible,gauge,,,,"Number of pages that are marked as all visible in the table's visibility map. This is only an estimation used by the planner and is updated by VACUUM or ANALYZE. This metric is tagged with db, schema, table, partition_of",0,postgres,relation all_visible, postgresql.relation.pages,gauge,,,,"Size of a table in pages (1 page == 8KB by default). This is only an estimation used by the planner and is updated by VACUUM or ANALYZE. This metric is tagged with db, schema, table, partition_of.",0,postgres,relation pages, postgresql.relation.tuples,gauge,,,,"Number of live rows in the table. This is only an estimation used by the planner and is updated by VACUUM or ANALYZE. If the table has never been vacuumed or analyze, -1 will be reported. This metric is tagged with db, schema, table, partition_of",0,postgres,relation tuples, +postgresql.relation.xmin,gauge,,,,"Transaction ID of the latest relation's modification in pg_class. This metric is tagged with db, schema, table",0,postgres,relation xmin, postgresql.relation_size,gauge,,byte,,"The disk space used by the specified table. TOAST data, indexes, free space map and visibility map are not included. This metric is tagged with db, schema, table.",0,postgres,relation size, postgresql.replication.backend_xmin_age,gauge,,,,The age of the standby server's xmin horizon (relative to latest stable xid) reported by hot_standby_feedback.,-1,postgres,repl backend xmin, postgresql.replication.wal_flush_lag,gauge,,second,,Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it (but not yet applied it). This can be used to gauge the delay that synchronous_commit level on incurred while committing if this server was configured as a synchronous standby. Only available with postgresql 10 and newer.,-1,postgres,repl flush lag, diff --git a/postgres/tests/common.py b/postgres/tests/common.py index f051d673bacc3..df966caf3201a 100644 --- a/postgres/tests/common.py +++ b/postgres/tests/common.py @@ -151,7 +151,7 @@ def _get_expected_tags( role='master', **kwargs, ): - base_tags = pg_instance['tags'] + [f'port:{pg_instance["port"]}'] + base_tags = pg_instance['tags'] + [f'port:{pg_instance["port"]}'] + [f'database_hostname:{check.database_hostname}'] if role: base_tags.append(f'replication_role:{role}') if with_db: diff --git a/postgres/tests/test_e2e.py b/postgres/tests/test_e2e.py index 461f020e80c98..3a0ae87e7b798 100644 --- a/postgres/tests/test_e2e.py +++ b/postgres/tests/test_e2e.py @@ -2,6 +2,8 @@ # All rights reserved # Licensed under Simplified BSD License (see LICENSE) +import socket + import pytest from .common import _get_expected_tags, check_bgw_metrics, check_common_metrics @@ -23,6 +25,7 @@ def test_e2e(check, dd_agent_check, pg_instance): cur.execute("SHOW cluster_name;") check.cluster_name = cur.fetchone()[0] + check._database_hostname = socket.gethostname().lower() expected_tags = _get_expected_tags(check, pg_instance, with_host=False) check_bgw_metrics(aggregator, expected_tags) check_common_metrics(aggregator, expected_tags=expected_tags, count=None) diff --git a/postgres/tests/test_pg_integration.py b/postgres/tests/test_pg_integration.py index 53fad5c8d29c9..b5c27a830530f 100644 --- a/postgres/tests/test_pg_integration.py +++ b/postgres/tests/test_pg_integration.py @@ -463,7 +463,7 @@ def test_activity_vacuum_excluded(aggregator, integration_check, pg_instance): thread.join() -@pytest.mark.flaky(max_runs=5) +@pytest.mark.flaky(max_runs=10) def test_backend_transaction_age(aggregator, integration_check, pg_instance): pg_instance['collect_activity_metrics'] = True check = integration_check(pg_instance) @@ -731,10 +731,7 @@ def test_correct_hostname(dbm_enabled, reported_hostname, expected_hostname, agg ) as resolve_db_host: check = PostgreSql('test_instance', {}, [pg_instance]) check.run() - if reported_hostname: - assert resolve_db_host.called is False, 'Expected resolve_db_host.called to be False' - else: - assert resolve_db_host.called is True + assert resolve_db_host.called is True expected_tags_no_db = _get_expected_tags(check, pg_instance, server=HOST) expected_tags_with_db = expected_tags_no_db + ['db:datadog_test'] diff --git a/postgres/tests/test_relations.py b/postgres/tests/test_relations.py index e2e5799d7c128..97e9c192732bb 100644 --- a/postgres/tests/test_relations.py +++ b/postgres/tests/test_relations.py @@ -197,6 +197,35 @@ def test_relations_metrics_regex(aggregator, integration_check, pg_instance): _check_metrics_for_relation_wo_index(aggregator, expected_tags[relation]) +@pytest.mark.integration +@pytest.mark.usefixtures('dd_environment') +def test_relations_xmin(aggregator, integration_check, pg_instance): + pg_instance['relations'] = ['persons'] + + conn = _get_superconn(pg_instance) + cursor = conn.cursor() + cursor.execute("SELECT xmin FROM pg_class WHERE relname='persons'") + start_xmin = float(cursor.fetchone()[0]) + + # Check that initial xmin metric match + check = integration_check(pg_instance) + check.check(pg_instance) + expected_tags = _get_expected_tags(check, pg_instance, db=pg_instance['dbname'], table='persons', schema='public') + aggregator.assert_metric('postgresql.relation.xmin', count=1, value=start_xmin, tags=expected_tags) + aggregator.reset() + + # Run multiple DDL modifying the persons relation which will increase persons' xmin in pg_class + cursor.execute("ALTER TABLE persons REPLICA IDENTITY FULL;") + cursor.execute("ALTER TABLE persons REPLICA IDENTITY DEFAULT;") + cursor.close() + conn.close() + + check.check(pg_instance) + + # xmin metric should be greater than initial xmin + assert_metric_at_least(aggregator, 'postgresql.relation.xmin', lower_bound=start_xmin + 1, tags=expected_tags) + + @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') def test_max_relations(aggregator, integration_check, pg_instance): diff --git a/postgres/tests/test_unit.py b/postgres/tests/test_unit.py index 1fa3164fa1f22..79ea811764ca7 100644 --- a/postgres/tests/test_unit.py +++ b/postgres/tests/test_unit.py @@ -142,6 +142,7 @@ def test_query_timeout_connection_string(aggregator, integration_check, pg_insta 'port:5432', 'foo:bar', 'dd.internal.resource:database_instance:stubbed.hostname', + 'database_hostname:stubbed.hostname', }, ), ( @@ -152,6 +153,7 @@ def test_query_timeout_connection_string(aggregator, integration_check, pg_insta 'port:5432', 'server:localhost', 'dd.internal.resource:database_instance:stubbed.hostname', + 'database_hostname:stubbed.hostname', }, ), ], diff --git a/powerdns_recursor/CHANGELOG.md b/powerdns_recursor/CHANGELOG.md index 889ff01a435ef..f3f7339d9a413 100644 --- a/powerdns_recursor/CHANGELOG.md +++ b/powerdns_recursor/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/presto/CHANGELOG.md b/presto/CHANGELOG.md index 83ff4312f7d7d..a66e7d6ee52cf 100644 --- a/presto/CHANGELOG.md +++ b/presto/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.8.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/presto/tests/docker/docker-compose.yaml b/presto/tests/docker/docker-compose.yaml index 646051a306922..acc67216ad1e2 100644 --- a/presto/tests/docker/docker-compose.yaml +++ b/presto/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - # Adapted from https://github.com/Lewuathe/docker-presto-cluster services: coordinator: diff --git a/process/CHANGELOG.md b/process/CHANGELOG.md index 3c834000f8220..7942368d14c37 100644 --- a/process/CHANGELOG.md +++ b/process/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 3.5.0 / 2024-09-05 diff --git a/prometheus/CHANGELOG.md b/prometheus/CHANGELOG.md index 10c0b00eaecba..1b838e6341257 100644 --- a/prometheus/CHANGELOG.md +++ b/prometheus/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.6.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/prometheus/tests/docker/docker-compose.yaml b/prometheus/tests/docker/docker-compose.yaml index cef7c7959835a..ac2352af67a69 100644 --- a/prometheus/tests/docker/docker-compose.yaml +++ b/prometheus/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: prometheus: image: prom/prometheus diff --git a/proxysql/CHANGELOG.md b/proxysql/CHANGELOG.md index 1939ee58e6f40..23d8e0491f04c 100644 --- a/proxysql/CHANGELOG.md +++ b/proxysql/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.1.1 / 2024-06-11 / Agent 7.54.1 ***Fixed***: diff --git a/pulsar/CHANGELOG.md b/pulsar/CHANGELOG.md index 2d28e1f125cd2..876e715f6a870 100644 --- a/pulsar/CHANGELOG.md +++ b/pulsar/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/pulsar/tests/docker/docker-compose.yaml b/pulsar/tests/docker/docker-compose.yaml index 312230805e63f..a4c1cef62d028 100644 --- a/pulsar/tests/docker/docker-compose.yaml +++ b/pulsar/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - # https://pulsar.apache.org/docs/en/next/standalone-docker/ services: pulsar: diff --git a/rabbitmq/CHANGELOG.md b/rabbitmq/CHANGELOG.md index b0d70707d02fa..87727df760663 100644 --- a/rabbitmq/CHANGELOG.md +++ b/rabbitmq/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.3.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/ray/CHANGELOG.md b/ray/CHANGELOG.md index b55ba28294f13..dcf756eea5b3d 100644 --- a/ray/CHANGELOG.md +++ b/ray/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/ray/tests/docker/docker-compose.yaml b/ray/tests/docker/docker-compose.yaml index 69075a2295464..1720f3226b96b 100644 --- a/ray/tests/docker/docker-compose.yaml +++ b/ray/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.9' - services: ray-head: container_name: ray-head diff --git a/redisdb/CHANGELOG.md b/redisdb/CHANGELOG.md index 141d970a21936..167d25edbc34f 100644 --- a/redisdb/CHANGELOG.md +++ b/redisdb/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,11 +18,15 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.7.0 / 2024-08-09 / Agent 7.57.0 ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 5.6.0 / 2024-07-05 / Agent 7.56.0 diff --git a/requirements-agent-release.txt b/requirements-agent-release.txt index 316f42c8a2c9a..25cbc26497221 100644 --- a/requirements-agent-release.txt +++ b/requirements-agent-release.txt @@ -13,7 +13,7 @@ datadog-appgate-sdp==1.0.0; sys_platform != 'win32' datadog-arangodb==3.1.0 datadog-argo-rollouts==2.1.0 datadog-argo-workflows==2.1.0 -datadog-argocd==3.1.0 +datadog-argocd==3.2.0 datadog-aspdotnet==4.0.0; sys_platform == 'win32' datadog-avi-vantage==5.1.0 datadog-aws-neuron==2.0.1 @@ -27,21 +27,21 @@ datadog-cassandra==3.0.0 datadog-ceph==4.0.0; sys_platform != 'win32' datadog-cert-manager==5.1.0 datadog-checkpoint-quantum-firewall==1.0.0 -datadog-checks-base==37.1.0 +datadog-checks-base==37.2.0 datadog-checks-dependency-provider==3.0.0 -datadog-checks-downloader==6.1.0 +datadog-checks-downloader==7.0.0 datadog-cilium==5.0.0 datadog-cisco-aci==4.1.0 datadog-cisco-secure-firewall==1.0.0 datadog-citrix-hypervisor==5.0.0 -datadog-clickhouse==5.0.0 +datadog-clickhouse==5.1.0 datadog-cloud-foundry-api==5.0.0 datadog-cloudera==3.2.0 datadog-cockroachdb==5.0.0 datadog-confluent-platform==3.0.0 datadog-consul==4.0.0 datadog-coredns==5.0.0; sys_platform == 'linux2' -datadog-couch==8.0.0 +datadog-couch==8.1.0 datadog-couchbase==5.0.0 datadog-crio==4.0.0 datadog-datadog-cluster-agent==5.1.0 @@ -81,7 +81,7 @@ datadog-http-check==11.0.0 datadog-hudi==4.0.0 datadog-hyperv==3.0.0; sys_platform == 'win32' datadog-ibm-ace==4.0.0 -datadog-ibm-db2==4.0.0 +datadog-ibm-db2==4.0.1 datadog-ibm-i==4.0.0; sys_platform != 'win32' datadog-ibm-mq==8.0.0 datadog-ibm-was==5.0.0 @@ -91,7 +91,7 @@ datadog-impala==3.1.0 datadog-istio==8.0.0 datadog-jboss-wildfly==3.1.0 datadog-journald==3.0.0 -datadog-kafka-consumer==6.0.0 +datadog-kafka-consumer==6.1.0 datadog-kafka==4.0.0 datadog-karpenter==2.1.0 datadog-kong==5.0.0 @@ -107,7 +107,7 @@ datadog-kubernetes-cluster-autoscaler==2.1.0 datadog-kubernetes-state==10.0.0 datadog-kubevirt-api==1.0.0 datadog-kubevirt-controller==1.0.0 -datadog-kubevirt-handler==1.0.0 +datadog-kubevirt-handler==1.0.1 datadog-kyototycoon==4.0.0 datadog-kyverno==2.1.0 datadog-lighttpd==5.0.0 @@ -120,13 +120,14 @@ datadog-marklogic==6.0.0 datadog-mcache==6.0.0; sys_platform != 'win32' datadog-mesos-master==5.0.0; sys_platform != 'win32' datadog-mesos-slave==5.0.0; sys_platform != 'win32' -datadog-mongo==8.2.1 -datadog-mysql==14.2.0 +datadog-mongo==8.3.0 +datadog-mysql==14.3.0 datadog-nagios==3.0.0 datadog-network==5.1.0 datadog-nfsstat==3.0.0; sys_platform == 'linux2' datadog-nginx-ingress-controller==4.0.0 datadog-nginx==8.0.0 +datadog-nvidia-nim==1.0.0 datadog-nvidia-triton==2.1.0 datadog-openldap==3.0.0 datadog-openmetrics==6.0.0 @@ -141,7 +142,7 @@ datadog-pgbouncer==8.0.0; sys_platform != 'win32' datadog-php-fpm==5.0.0 datadog-ping-federate==2.0.0 datadog-postfix==3.0.0; sys_platform != 'win32' -datadog-postgres==22.2.0 +datadog-postgres==22.3.0 datadog-powerdns-recursor==4.0.0 datadog-presto==3.1.0 datadog-process==5.0.0 @@ -159,19 +160,21 @@ datadog-scylla==4.0.0 datadog-sidekiq==3.0.0 datadog-silk==4.0.0 datadog-singlestore==4.0.0 -datadog-slurm==1.0.0; sys_platform == 'linux2' -datadog-snmp==9.0.0 -datadog-snowflake==7.0.0 +datadog-slurm==1.0.3; sys_platform == 'linux2' +datadog-snmp==9.1.0 +datadog-snowflake==7.1.0 datadog-solr==2.1.0 -datadog-sonarqube==5.0.0 +datadog-sonarqube==5.1.0 +datadog-sonicwall-firewall==1.0.0 datadog-spark==6.1.0 -datadog-sqlserver==20.1.0 +datadog-sqlserver==20.2.0 datadog-squid==4.0.0 datadog-ssh-check==4.0.0 datadog-statsd==3.0.0 datadog-strimzi==3.1.0 datadog-supervisord==4.0.0 datadog-suricata==2.0.0 +datadog-symantec-endpoint-protection==1.0.0 datadog-system-core==4.0.0 datadog-system-swap==3.0.0 datadog-tcp-check==6.0.0 @@ -196,6 +199,7 @@ datadog-vertica==6.0.0 datadog-vllm==2.1.0 datadog-voltdb==5.0.0 datadog-vsphere==8.1.0 +datadog-wazuh==1.0.0 datadog-weaviate==3.1.0 datadog-weblogic==3.0.0 datadog-win32-event-log==5.0.0; sys_platform == 'win32' diff --git a/rethinkdb/CHANGELOG.md b/rethinkdb/CHANGELOG.md index b593410168b49..c7e8149039315 100644 --- a/rethinkdb/CHANGELOG.md +++ b/rethinkdb/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Bump RethinkDB version for py3.12 E2E tests ([#18636](https://github.com/DataDog/integrations-core/pull/18636)) ## 3.1.0 / 2024-01-05 / Agent 7.51.0 diff --git a/riak/CHANGELOG.md b/riak/CHANGELOG.md index 95daf0a813439..230d2060e7352 100644 --- a/riak/CHANGELOG.md +++ b/riak/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/riakcs/CHANGELOG.md b/riakcs/CHANGELOG.md index 86af4c57e7e60..215864fe3aa68 100644 --- a/riakcs/CHANGELOG.md +++ b/riakcs/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.12.0 / 2024-09-05 ***Added***: diff --git a/sap_hana/CHANGELOG.md b/sap_hana/CHANGELOG.md index 1bdd37a7e5432..6aa0d9bfffde0 100644 --- a/sap_hana/CHANGELOG.md +++ b/sap_hana/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 4.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/sap_hana/tests/conftest.py b/sap_hana/tests/conftest.py index fb2a205656ed3..900f28e33e6a2 100644 --- a/sap_hana/tests/conftest.py +++ b/sap_hana/tests/conftest.py @@ -116,6 +116,8 @@ def dd_environment(schema="SYS_DATABASES"): env_vars={'PASSWORD': ADMIN_CONFIG['password']}, mount_logs=True, sleep=10, + attempts=5, + attempts_wait=10, ): yield CONFIG, E2E_METADATA diff --git a/sap_hana/tests/docker/docker-compose.yaml b/sap_hana/tests/docker/docker-compose.yaml index bd5b3783e4b02..5a3b7f4cf8fa9 100644 --- a/sap_hana/tests/docker/docker-compose.yaml +++ b/sap_hana/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: sap-hana: container_name: sap-hana diff --git a/scylla/CHANGELOG.md b/scylla/CHANGELOG.md index f92b14e1a58ee..97ec9b5fe7474 100644 --- a/scylla/CHANGELOG.md +++ b/scylla/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.7.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/shopify/CHANGELOG.md b/shopify/CHANGELOG.md new file mode 100644 index 0000000000000..d8ad990765e59 --- /dev/null +++ b/shopify/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - shopify + +## 1.0.0 / 2024-09-23 + +***Added***: + +* Initial Release diff --git a/shopify/README.md b/shopify/README.md new file mode 100644 index 0000000000000..dbebe4f49dc51 --- /dev/null +++ b/shopify/README.md @@ -0,0 +1,60 @@ +# Shopify + +## Overview + +[Shopify][1] is a comprehensive commerce platform designed to help individuals start, manage, and grow their businesses. It provides tools to build an online store, manage sales, market to customers, and accept payments in both digital and physical locations. + +The Shopify Integration collects Event, Product, Customer, and Order logs, sending them to Datadog for detailed analysis. + +It includes dashboards that show and analyze logs, making it easier to monitor and understand patterns. + +## Setup + +### Configuration + +#### Get Shopify credentials +1. Log in to [Shopify][2] admin account. +2. The Shopify Store name is the `xxxx` part of the Store URL (`https://admin.shopify.com/store/xxxx`). +3. Navigate to **Settings > Apps and sales channels**. +4. Select **Develop apps** and click **Allow custom app development**. +5. Click **Create a custom app**, provide the necessary details and click **Create app**. +6. Click **Configure Admin API Scopes** under the Overview tab. +7. In the **Admin API access scopes section**, select the following scopes: + - **read_orders** + - **read_products** + - **read_customers** + - **read_content** + - **read_price_rules** +8. Click **Save** to apply the changes. +9. Click **Install app**. +10. Under the **Admin API access token** section, click **Reveal token once**. + +#### Add Shopify credentials +- Shopify Store Name +- Shopify Access Token + +## Data Collected + +### Logs + +The Shopify integration collects and forwards Event, Product, Customer, and Order logs to Datadog. + +### Metrics + +The Shopify integration does not include any metrics. + +### Service Checks + +The Shopify integration does not include any service checks. + +### Events + +The Shopify integration does not include any events. + +## Troubleshooting + +Need help? Contact [Datadog support][3]. + +[1]: https://www.shopify.com/ +[2]: https://www.shopify.com/in/store-login +[3]: https://docs.datadoghq.com/help/ diff --git a/shopify/assets/dashboards/shopify_customer_overview.json b/shopify/assets/dashboards/shopify_customer_overview.json new file mode 100644 index 0000000000000..0ac696dbf349e --- /dev/null +++ b/shopify/assets/dashboards/shopify_customer_overview.json @@ -0,0 +1,1156 @@ +{ + "title": "Shopify - Customer Overview", + "description": "", + "widgets": [ + { + "id": 6457589008412640, + "definition": { + "type": "image", + "url": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-primary-logo-456baa801ee66a0a435671082365958316831c9960c480451dd0330bcdae304f.svg", + "url_dark_theme": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-inverted-primary-logo-bdc6ddd67862d9bb1f8c559e1bb50dd233112ac57b29cac2edcf17ed2e1fe6fa.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 7447057642776924, + "definition": { + "type": "note", + "content": "\n**[Shopify](https://www.shopify.com/)** is a comprehensive commerce platform designed to help individuals start, manage, and grow their businesses. It provides tools to build an online store, manage sales, market to customers, and accept payments in both digital and physical locations.\n\nThe **Shopify Customer Overview** Dashboard provides an overview of customers within your store. It provides insights into customer's marketing and order details.\n\nFor more information, see the [Shopify Integration Documentation](https://docs.datadoghq.com/integrations/shopify/).\n\n### Tip:-\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n", + "background_color": "green", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 8587137220738596, + "definition": { + "title": "Total Customers", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 2522113371979004, + "definition": { + "title": "First Time Customers", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:customer @numberOfOrders:1 $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 3033015122548506, + "definition": { + "title": "Returning Customers", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:customer @numberOfOrders:>1 $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 4601366202227524, + "definition": { + "title": "Customer Returning Rate", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:customer @numberOfOrders:>1 $customer_name $customer_id $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "(query1 / query2) * 100" + } + ], + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "yellow_on_white" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 6, + "width": 4, + "height": 4 + } + }, + { + "id": 6324267437916298, + "definition": { + "title": "Sales by Customer", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@amountSpent.amount" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@amountSpent.amount" + } + }, + { + "facet": "@amountSpent.currencyCode", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@amountSpent.amount" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "text_formats": [], + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Order Value", + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 6, + "width": 8, + "height": 4 + } + }, + { + "id": 4312648521138476, + "definition": { + "title": "Amount Spent by First Time Customers (Avg)", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@amountSpent.amount" + }, + "group_by": [ + { + "facet": "@amountSpent.currencyCode", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@amountSpent.amount" + } + } + ], + "search": { + "query": "source:shopify service:customer @numberOfOrders:1 $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "white_on_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 4, + "height": 4 + } + }, + { + "id": 8540082775305124, + "definition": { + "title": "Amount Spent by Returning Customers (Avg)", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@amountSpent.amount" + }, + "group_by": [ + { + "facet": "@amountSpent.currencyCode", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@amountSpent.amount" + } + } + ], + "search": { + "query": "source:shopify service:customer @numberOfOrders:>1 $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "white_on_yellow" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 10, + "width": 4, + "height": 4 + } + }, + { + "id": 6208927249201918, + "definition": { + "title": "Amount Spent by Currency (Avg)", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@amountSpent.amount" + }, + "group_by": [ + { + "facet": "@amountSpent.currencyCode", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@amountSpent.amount" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 10, + "width": 4, + "height": 4 + } + }, + { + "id": 2471531239284296, + "definition": { + "title": "Customers by City", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [ + { + "facet": "@defaultAddress.city", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@usr.id" + } + } + ], + "search": { + "query": "source:shopify service:customer -@defaultAddress.city:\"\" $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 14, + "width": 4, + "height": 4 + } + }, + { + "id": 3660022425769518, + "definition": { + "title": "Customers by Default Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [ + { + "facet": "@defaultAddress.countryCodeV2", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@usr.id" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "Plasma", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 4, + "y": 14, + "width": 8, + "height": 4 + } + }, + { + "id": 8504166996883148, + "definition": { + "title": "Customers by Email Marketing State", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [ + { + "facet": "@emailMarketingConsent.marketingState", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@usr.id" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 18, + "width": 6, + "height": 4 + } + }, + { + "id": 8504970604682638, + "definition": { + "title": "Customers by SMS Marketing State", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [ + { + "facet": "@smsMarketingConsent.marketingState", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@usr.id" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 18, + "width": 6, + "height": 4 + } + }, + { + "id": 3112514483697428, + "definition": { + "title": "Customers by Last Order Value", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@lastOrder.totalPriceSet.shopMoney.amount" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@lastOrder.totalPriceSet.shopMoney.amount" + } + }, + { + "facet": "@lastOrder.totalPriceSet.shopMoney.currencyCode", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@lastOrder.totalPriceSet.shopMoney.amount" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 22, + "width": 3, + "height": 4 + } + }, + { + "id": 4536649778544610, + "definition": { + "title": "Top Customers by Order Count", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "max", + "metric": "@numberOfOrders" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "max", + "metric": "@numberOfOrders" + } + }, + { + "facet": "@usr.id", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "max", + "metric": "@numberOfOrders" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "none" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 3, + "y": 22, + "width": 3, + "height": 4 + } + }, + { + "id": 2373335191656186, + "definition": { + "title": "Customers by Subscription Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.id" + }, + "group_by": [ + { + "facet": "@productSubscriberStatus", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@usr.id" + } + } + ], + "search": { + "query": "source:shopify service:customer $customer_name $customer_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 22, + "width": 6, + "height": 4 + } + }, + { + "id": 1987008830400332, + "definition": { + "title": "Customers Summary", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:shopify service:customer $customer_name $customer_id $currency", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "usr.id", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "numberOfOrders", + "width": "auto" + }, + { + "field": "lifetimeDuration", + "width": "auto" + }, + { + "field": "taxExempt", + "width": "auto" + }, + { + "field": "emailMarketingConsent.marketingState", + "width": "auto" + }, + { + "field": "smsMarketingConsent.marketingState", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 26, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "customer_id", + "prefix": "@usr.id", + "available_values": [], + "default": "*" + }, + { + "name": "customer_name", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "currency", + "prefix": "@amountSpent.currencyCode", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/shopify/assets/dashboards/shopify_event_overview.json b/shopify/assets/dashboards/shopify_event_overview.json new file mode 100644 index 0000000000000..30b17a2994e9f --- /dev/null +++ b/shopify/assets/dashboards/shopify_event_overview.json @@ -0,0 +1,716 @@ +{ + "title": "Shopify - Event Overview", + "description": "", + "widgets": [ + { + "id": 2362748552655712, + "definition": { + "type": "image", + "url": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-primary-logo-456baa801ee66a0a435671082365958316831c9960c480451dd0330bcdae304f.svg", + "url_dark_theme": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-inverted-primary-logo-bdc6ddd67862d9bb1f8c559e1bb50dd233112ac57b29cac2edcf17ed2e1fe6fa.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 6595375037827088, + "definition": { + "type": "note", + "content": "**[Shopify](https://www.shopify.com/)** is a comprehensive commerce platform that helps individuals to start, manage, and grow a business. It offers a set of tools to build an online store, manage sales, market to customers, and accept payments in digital and physical locations.\n\nThe **Shopify Event Overview** Dashboard provides an overview of event logs, offering insights into events, type, and action distribution.\n\nFor more information, see the [Shopify Integration Documentation](https://docs.datadoghq.com/integrations/shopify/).\n\n### Tip:-\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "green", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 4156249446142690, + "definition": { + "title": "Total Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 6434718208472006, + "definition": { + "title": "Events Overview", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 4 + } + }, + { + "id": 7313898452003926, + "definition": { + "title": "Events by Type", + "type": "treemap", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@subject_type", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 5, + "height": 4 + } + }, + { + "id": 2516121826658084, + "definition": { + "title": "Events by Type Overview", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@subject_type", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "count", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 5, + "y": 7, + "width": 7, + "height": 4 + } + }, + { + "id": 2101689610312290, + "definition": { + "title": "Events by Action", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@verb", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "classic" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 5, + "height": 4 + } + }, + { + "id": 5713539676901512, + "definition": { + "title": "Events by Action Overview", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@verb", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "count", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 5, + "y": 11, + "width": 7, + "height": 4 + } + }, + { + "id": 6973490408831438, + "definition": { + "title": "Top Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@subject_type", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + }, + { + "facet": "@verb", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16", + "scaling": "relative" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 5, + "height": 4 + } + }, + { + "id": 5837771255186112, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 5, + "y": 15, + "width": 3, + "height": 4 + } + }, + { + "id": 2751619566114168, + "definition": { + "title": "Top User Actions", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + }, + { + "facet": "@subject_type", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + }, + { + "facet": "@verb", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:event $event_type $event_action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 3375, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Events", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "never" + }, + "layout": { + "x": 8, + "y": 15, + "width": 4, + "height": 4 + } + }, + { + "id": 4587011956440926, + "definition": { + "title": "Event Summary", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:shopify service:event $event_type $event_action", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "subject_type", + "width": "auto" + }, + { + "field": "verb", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 19, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "event_type", + "prefix": "@subject_type", + "available_values": [], + "default": "*" + }, + { + "name": "event_action", + "prefix": "@verb", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/shopify/assets/dashboards/shopify_order_overview.json b/shopify/assets/dashboards/shopify_order_overview.json new file mode 100644 index 0000000000000..7173613cf3067 --- /dev/null +++ b/shopify/assets/dashboards/shopify_order_overview.json @@ -0,0 +1,1497 @@ +{ + "title": "Shopify - Order Overview", + "description": "", + "widgets": [ + { + "id": 3630919149544800, + "definition": { + "type": "image", + "url": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-primary-logo-456baa801ee66a0a435671082365958316831c9960c480451dd0330bcdae304f.svg", + "url_dark_theme": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-inverted-primary-logo-bdc6ddd67862d9bb1f8c559e1bb50dd233112ac57b29cac2edcf17ed2e1fe6fa.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 2 + } + }, + { + "id": 2768065097473154, + "definition": { + "title": "Shopify Monitor Summary", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "background", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "tag:shopify", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 7, + "y": 0, + "width": 5, + "height": 4 + } + }, + { + "id": 8602455036825926, + "definition": { + "type": "note", + "content": "\n**[Shopify](https://www.shopify.com/)** is a comprehensive commerce platform that helps individuals to start, manage, and grow a business. It offers a set of tools to build an online store, manage sales, market to customers, and accept payments in digital and physical locations.\n\nThe **Shopify Orders Overview** Dashboard provides an overview of orders within your store. It provides insights into order tracking, fulfillments, customers, and product details.\n\nFor more information, see the [Shopify Integration Documentation](https://docs.datadoghq.com/integrations/shopify/).\n\n### Tip:-\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n", + "background_color": "green", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 2, + "width": 7, + "height": 2 + } + }, + { + "id": 4916600894722990, + "definition": { + "title": "Total Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 2 + } + }, + { + "id": 7701449148798980, + "definition": { + "title": "Confirmed Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @confirmed:true $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 2 + } + }, + { + "id": 1812191786714824, + "definition": { + "title": "Refunded Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @refunds.transactions.status:success $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 4, + "width": 3, + "height": 2 + } + }, + { + "id": 2581889973783936, + "definition": { + "title": "Marketing Accepted Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @buyer_accepts_marketing:true $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 4, + "width": 3, + "height": 2 + } + }, + { + "id": 7618442638763158, + "definition": { + "title": "Completed Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @closed_at:* $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 6, + "width": 3, + "height": 2 + } + }, + { + "id": 230307842331210, + "definition": { + "title": "Cancelled Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @cancelled_at:* $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 6, + "width": 3, + "height": 2 + } + }, + { + "id": 3796810043555928, + "definition": { + "title": "Tax Exempted Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order (@tax_exempt:true OR @tax_included:false) $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "default_zero(query1)" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 6, + "width": 3, + "height": 2 + } + }, + { + "id": 5694819066898408, + "definition": { + "title": "Gift Card Orders", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "default_zero(query1)" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @line_items.gift_card:true $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 6, + "width": 3, + "height": 2 + } + }, + { + "id": 4902698799419696, + "definition": { + "title": "Average Order Price by Customer", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@total_price" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order -@usr.name:\" \" $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 3, + "height": 4 + } + }, + { + "id": 3843387744924516, + "definition": { + "title": "Order Summary (rounded price)", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@total_price" + }, + "group_by": [ + { + "facet": "@id", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@subtotal_price" + }, + "group_by": [ + { + "facet": "@id", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query3", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@total_discounts" + }, + "group_by": [ + { + "facet": "@id", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query4", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@total_line_items_price" + }, + "group_by": [ + { + "facet": "@id", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query5", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@total_tax" + }, + "group_by": [ + { + "facet": "@id", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query6", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@total_tip_received" + }, + "group_by": [ + { + "facet": "@id", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + }, + { + "facet": "@currency", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@total_price" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "text_formats": [], + "sort": { + "count": 60000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Total Price", + "formula": "query1" + }, + { + "cell_display_mode": "bar", + "alias": "Sub Total Price", + "formula": "query2" + }, + { + "cell_display_mode": "bar", + "alias": "Total Discount", + "formula": "query3" + }, + { + "cell_display_mode": "bar", + "alias": "Total Line Item Price", + "formula": "query4" + }, + { + "cell_display_mode": "bar", + "alias": "Total Tax", + "formula": "query5" + }, + { + "cell_display_mode": "bar", + "alias": "Total Tip Received", + "formula": "query6" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 3, + "y": 8, + "width": 9, + "height": 4 + } + }, + { + "id": 7339194611439248, + "definition": { + "title": "Top Ordered Products", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@line_items.title", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 445727493366610, + "definition": { + "title": "Top Customers by Order", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order -@usr.name:\" \" $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 623764250336340, + "definition": { + "title": "Orders by Fulfillment Tracking Company", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@fulfillments.tracking_company", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 4715342708650584, + "definition": { + "title": "Orders by Finance Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@financial_status", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 16, + "width": 6, + "height": 4 + } + }, + { + "id": 1687344262907466, + "definition": { + "title": "Orders by Fulfillment Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@fulfillments.status", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 16, + "width": 6, + "height": 4 + } + }, + { + "id": 7729756975880686, + "definition": { + "title": "Top Cities by Customer Order", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@network.client.geoip.city.name", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 20, + "width": 6, + "height": 4 + } + }, + { + "id": 6552248278099246, + "definition": { + "title": "Orders by Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 6, + "y": 20, + "width": 6, + "height": 4 + } + }, + { + "id": 7263169748961898, + "definition": { + "title": "Device Distribution by Order Placed", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@http.useragent_details.device.category", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 6, + "height": 4 + } + }, + { + "id": 2120592637920540, + "definition": { + "title": "Orders By Shipping Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@shipping_address.country_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:order $order_id $customer_name $customer_city $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 6, + "y": 24, + "width": 6, + "height": 4 + } + }, + { + "id": 7126489403928608, + "definition": { + "title": "Order Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:shopify service:order $order_id $customer_name $customer_city $currency", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "@id", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "total_price", + "width": "auto" + }, + { + "field": "financial_status", + "width": "auto" + }, + { + "field": "currency", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 28, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "order_id", + "prefix": "@id", + "available_values": [], + "default": "*" + }, + { + "name": "customer_name", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "customer_city", + "prefix": "@network.client.geoip.city.name", + "available_values": [], + "default": "*" + }, + { + "name": "currency", + "prefix": "@currency", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/shopify/assets/dashboards/shopify_product_overview.json b/shopify/assets/dashboards/shopify_product_overview.json new file mode 100644 index 0000000000000..6d10b3c2a8954 --- /dev/null +++ b/shopify/assets/dashboards/shopify_product_overview.json @@ -0,0 +1,621 @@ +{ + "title": "Shopify - Product Overview", + "description": "", + "widgets": [ + { + "id": 8506652285430826, + "definition": { + "type": "image", + "url": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-primary-logo-456baa801ee66a0a435671082365958316831c9960c480451dd0330bcdae304f.svg", + "url_dark_theme": "https://cdn.shopify.com/shopifycloud/brochure/assets/brand-assets/shopify-logo-inverted-primary-logo-bdc6ddd67862d9bb1f8c559e1bb50dd233112ac57b29cac2edcf17ed2e1fe6fa.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 2 + } + }, + { + "id": 8770406996449935, + "definition": { + "title": "Shopify Monitor Summary", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "background", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "tag:shopify", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 7, + "y": 0, + "width": 5, + "height": 4 + } + }, + { + "id": 1767411351951850, + "definition": { + "type": "note", + "content": "**[Shopify](https://www.shopify.com/)** is a comprehensive commerce platform that helps individuals to start, manage, and grow a business. It offers a set of tools to build an online store, manage sales, market to customers, and accept payments in digital and physical locations.\n\nThe **Shopify Product Overview** Dashboard provides an overview of products within your store. It provides insights into product types, status distribution, inventory, and variant details.\n\nFor more information, see the [Shopify Integration Documentation](https://docs.datadoghq.com/integrations/shopify/).\n\n### Tip:-\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.\n", + "background_color": "green", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 2, + "width": 7, + "height": 2 + } + }, + { + "id": 2446181804882916, + "definition": { + "title": "Total Products", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:product $product_name $product_type $product_id $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 3 + } + }, + { + "id": 6613518820826564, + "definition": { + "title": "Top Product Count by Type", + "type": "treemap", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@productType", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:product -@productType:\"\" $product_name $product_type $product_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ] + }, + "layout": { + "x": 3, + "y": 4, + "width": 9, + "height": 3 + } + }, + { + "id": 4043889896241554, + "definition": { + "title": "Products with Out of Stock Variants", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:product @hasOutOfStockVariants:true $product_name $product_type $product_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 2 + } + }, + { + "id": 1141858048342154, + "definition": { + "title": "Products with Out of Stock Inventory", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:product @tracksInventory:true @totalInventory:<=0 $product_type $product_name $product_id $currency" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 2 + } + }, + { + "id": 5213489288870882, + "definition": { + "title": "Products with Inventory Tracking", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:product @tracksInventory:true $product_type $product_name $product_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 2 + } + }, + { + "id": 8353371234267758, + "definition": { + "title": "Products by Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [ + { + "facet": "@product_status", + "limit": 25, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@id" + } + } + ], + "search": { + "query": "source:shopify service:product $product_type $product_name $product_id $currency" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "inline" + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 4, + "height": 4 + } + }, + { + "id": 3849686844214096, + "definition": { + "title": "Product Variant Price (Avg)", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + }, + "group_by": [ + { + "facet": "@legacyResourceId", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + } + }, + { + "facet": "@title", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + } + }, + { + "facet": "@priceRangeV2.maxVariantPrice.currencyCode", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + } + } + ], + "search": { + "query": "source:shopify service:product $product_type $product_name $product_id $currency" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "avg", + "metric": "@priceRangeV2.minVariantPrice.amount" + }, + "group_by": [ + { + "facet": "@legacyResourceId", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + } + }, + { + "facet": "@title", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + } + }, + { + "facet": "@priceRangeV2.maxVariantPrice.currencyCode", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "avg", + "metric": "@priceRangeV2.maxVariantPrice.amount" + } + } + ], + "search": { + "query": "source:shopify service:product $product_type $product_name $product_id $currency" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 6750, + "order_by": [ + { + "type": "formula", + "index": 2, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Max Variant Price", + "formula": "query1" + }, + { + "cell_display_mode": "number", + "alias": "Min Variant Price", + "formula": "query2" + }, + { + "alias": "Average Variant Price", + "cell_display_mode": "bar", + "formula": "(query1 + query2) / 2" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 9, + "width": 8, + "height": 4 + } + }, + { + "id": 6140658451404220, + "definition": { + "title": "Product Summary", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:shopify service:product $product_name $product_type $product_id $currency", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "legacyResourceId", + "width": "auto" + }, + { + "field": "title", + "width": "auto" + }, + { + "field": "productType", + "width": "auto" + }, + { + "field": "product_status", + "width": "auto" + }, + { + "field": "tracksInventory", + "width": "auto" + }, + { + "field": "totalInventory", + "width": "auto" + }, + { + "field": "priceRangeV2.maxVariantPrice.amount", + "width": "auto" + }, + { + "field": "priceRangeV2.minVariantPrice.amount", + "width": "auto" + }, + { + "field": "priceRangeV2.maxVariantPrice.currencyCode", + "width": "auto" + }, + { + "field": "vendor", + "width": "auto" + }, + { + "field": "isGiftCard", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 13, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "product_id", + "prefix": "@id", + "available_values": [], + "default": "*" + }, + { + "name": "product_name", + "prefix": "@title", + "available_values": [], + "default": "*" + }, + { + "name": "product_type", + "prefix": "@productType", + "available_values": [], + "default": "*" + }, + { + "name": "currency", + "prefix": "@priceRangeV2.maxVariantPrice.currencyCode", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/shopify/assets/logs/shopify.yaml b/shopify/assets/logs/shopify.yaml new file mode 100644 index 0000000000000..c099b9da32853 --- /dev/null +++ b/shopify/assets/logs/shopify.yaml @@ -0,0 +1,246 @@ +id: shopify +metric_id: shopify +backend_only: false +facets: + - groups: + - Web Access + name: User-Agent + path: http.useragent + source: log + - groups: + - Web Access + name: Browser + path: http.useragent_details.browser.family + source: log + - groups: + - Web Access + name: Device + path: http.useragent_details.device.family + source: log + - groups: + - Web Access + name: OS + path: http.useragent_details.os.family + source: log + - groups: + - Geoip + name: City Name + path: network.client.geoip.city.name + source: log + - groups: + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name + source: log + - groups: + - Web Access + name: Client IP + path: network.client.ip + source: log + - groups: + - User + name: User Email + path: usr.email + source: log + - groups: + - User + name: User ID + path: usr.id + source: log + - groups: + - User + name: User Name + path: usr.name + source: log +pipeline: + type: pipeline + name: Shopify + enabled: true + filter: + query: "source:shopify" + processors: + - type: pipeline + name: Event + enabled: true + filter: + query: "service:event" + processors: + - type: date-remapper + name: Define `created_at` as the official date of the log + enabled: true + sources: + - created_at + - type: attribute-remapper + name: Map `author` to `usr.name` + enabled: true + sources: + - author + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: pipeline + name: Order + enabled: true + filter: + query: "service:order" + processors: + - type: date-remapper + name: Define `updated_at` as the official date of the log + enabled: true + sources: + - updated_at + - type: attribute-remapper + name: Map `client_details.browser_ip` to `network.client.ip` + enabled: true + sources: + - client_details.browser_ip + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `client_details.user_agent` to `http.useragent` + enabled: true + sources: + - client_details.user_agent + sourceType: attribute + target: http.useragent + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `customer.id` to `usr.id` + enabled: true + sources: + - customer.id + sourceType: attribute + target: usr.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `customer.email` to `usr.email` + enabled: true + sources: + - customer.email + sourceType: attribute + target: usr.email + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: string-builder-processor + name: Define `usr.name` equal to %{customer.first_name} %{customer.last_name} + enabled: true + template: "%{customer.first_name} %{customer.last_name}" + target: usr.name + replaceMissing: false + - type: geo-ip-parser + name: GeoIP Parser for `network.client.ip` + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: user-agent-parser + name: Extract details from `http.useragent` + enabled: true + sources: + - http.useragent + target: http.useragent_details + encoded: false + combineVersionDetails: false + - type: pipeline + name: Customer + enabled: true + filter: + query: "service:customer" + processors: + - type: date-remapper + name: Define `updatedAt` as the official date of the log + enabled: true + sources: + - updatedAt + - type: attribute-remapper + name: Map `legacyResourceId` to `usr.id` + enabled: true + sources: + - legacyResourceId + sourceType: attribute + target: usr.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `displayName` to `usr.name` + enabled: true + sources: + - displayName + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: pipeline + name: Product + enabled: true + filter: + query: "service:product" + processors: + - type: date-remapper + name: Define `updatedAt` as the official date of the log + enabled: true + sources: + - updatedAt + - type: attribute-remapper + name: Map `status` to `product_status` + enabled: true + sources: + - status + sourceType: attribute + target: product_status + targetType: attribute + preserveSource: false + overrideOnConflict: false + - name: Lookup for `product_status` to `status` + enabled: true + source: product_status + target: status + lookupTable: |- + ACTIVE,info + ARCHIVED,info + DRAFT,info + defaultLookup: info + type: lookup-processor + - type: status-remapper + name: Define `status` as the official status of the log + enabled: true + sources: + - status diff --git a/shopify/assets/logs/shopify_tests.yaml b/shopify/assets/logs/shopify_tests.yaml new file mode 100644 index 0000000000000..3245c3565d2b7 --- /dev/null +++ b/shopify/assets/logs/shopify_tests.yaml @@ -0,0 +1,1565 @@ +id: shopify +tests: + - + sample: |- + { + "subject_id" : 1234, + "path" : "/admin/pages", + "subject_type" : "Blog", + "author" : "Shopify", + "verb" : "create", + "created_at" : "2024-08-27T15:36:38+05:30", + "description" : "Blog was created: News.", + "arguments" : [ "News" ], + "id" : 222397999050809, + "message" : "Blog was created: News." + } + service: "event" + result: + custom: + arguments: + - "News" + created_at: "2024-08-27T15:36:38+05:30" + description: "Blog was created: News." + id: 222397999050809 + path: "/admin/pages" + subject_id: 1234 + subject_type: "Blog" + usr: + name: "Shopify" + verb: "create" + message: "Blog was created: News." + service: "event" + tags: + - "source:LOGS_SOURCE" + timestamp: 1724753198000 + - + sample: |- + { + "confirmation_number" : "L5MIX0PUW", + "fulfillment_status" : "fulfilled", + "total_outstanding" : "1296.82", + "order_number" : 1002, + "created_at" : "2024-08-28T14:48:43+05:30", + "taxes_included" : false, + "line_items" : [ { + "variant_title" : "Black", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Shoes", + "product_exists" : true, + "variant_id" : 43744593936441, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "233.82", + "price_set" : { + "shop_money" : { + "amount" : "233.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "233.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "1299.00", + "vendor" : "Dummy Vendor", + "product_id" : 7688312913977, + "id" : 12778730618937, + "grams" : 500, + "sku" : "SHOES-1", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12778730618937", + "name" : "Shoes - Black", + "price_set" : { + "shop_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + } + } + }, { + "variant_title" : "L", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Cotton tshirt", + "product_exists" : true, + "variant_id" : 43741030744121, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "53.82", + "price_set" : { + "shop_money" : { + "amount" : "53.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "53.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "299.00", + "vendor" : "My Store", + "product_id" : 7687579762745, + "id" : 12801614413881, + "grams" : 100, + "sku" : "", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12801614413881", + "name" : "Cotton tshirt - L", + "price_set" : { + "shop_money" : { + "amount" : "299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "299.00", + "currency_code" : "INR" + } + } + }, { + "fulfillable_quantity" : 0, + "fulfillment_status" : "fulfilled", + "quantity" : 1, + "total_discount" : "0.00", + "fulfillment_service" : "manual", + "gift_card" : false, + "taxable" : true, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Desk Lamp", + "current_quantity" : 1, + "product_exists" : true, + "variant_id" : 43744917815353, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "144.00", + "price_set" : { + "shop_money" : { + "amount" : "144.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "144.00", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "800.00", + "vendor" : "Dummy Vendor", + "admin_graphql_api_id" : "gid://shopify/LineItem/12801628569657", + "product_id" : 7688576860217, + "name" : "Desk Lamp", + "id" : 12801628569657, + "grams" : 0, + "price_set" : { + "shop_money" : { + "amount" : "800.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "800.00", + "currency_code" : "INR" + } + }, + "sku" : "DL789" + } ], + "buyer_accepts_marketing" : false, + "presentment_currency" : "INR", + "confirmed" : true, + "total_weight" : 600, + "total_discounts" : "0.00", + "fulfillments" : [ { + "updated_at" : "2024-09-20T10:13:23+05:30", + "service" : "manual", + "admin_graphql_api_id" : "gid://shopify/Fulfillment/4542375952441", + "name" : "#1002.1", + "created_at" : "2024-09-20T10:13:23+05:30", + "id" : 4542375952441, + "line_items" : [ { + "variant_title" : "Black", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Shoes", + "product_exists" : true, + "variant_id" : 43744593936441, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "233.82", + "price_set" : { + "shop_money" : { + "amount" : "233.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "233.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "1299.00", + "vendor" : "Dummy Vendor", + "product_id" : 7688312913977, + "id" : 12778730618937, + "grams" : 500, + "sku" : "SHOES-1", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12778730618937", + "name" : "Shoes - Black", + "price_set" : { + "shop_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + } + } + }, { + "variant_title" : "L", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Cotton tshirt", + "product_exists" : true, + "variant_id" : 43741030744121, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "53.82", + "price_set" : { + "shop_money" : { + "amount" : "53.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "53.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "299.00", + "vendor" : "My Store", + "product_id" : 7687579762745, + "id" : 12801614413881, + "grams" : 100, + "sku" : "", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12801614413881", + "name" : "Cotton tshirt - L", + "price_set" : { + "shop_money" : { + "amount" : "299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "299.00", + "currency_code" : "INR" + } + } + }, { + "fulfillable_quantity" : 0, + "fulfillment_status" : "fulfilled", + "quantity" : 1, + "total_discount" : "0.00", + "fulfillment_service" : "manual", + "gift_card" : false, + "taxable" : true, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Desk Lamp", + "current_quantity" : 1, + "product_exists" : true, + "variant_id" : 43744917815353, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "144.00", + "price_set" : { + "shop_money" : { + "amount" : "144.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "144.00", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "800.00", + "vendor" : "Dummy Vendor", + "admin_graphql_api_id" : "gid://shopify/LineItem/12801628569657", + "product_id" : 7688576860217, + "name" : "Desk Lamp", + "id" : 12801628569657, + "grams" : 0, + "price_set" : { + "shop_money" : { + "amount" : "800.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "800.00", + "currency_code" : "INR" + } + }, + "sku" : "DL789" + } ], + "order_id" : 5030430111111, + "location_id" : 75274649657, + "status" : "success" + } ], + "client_details" : { + "browser_ip" : "10.0.0.0", + "user_agent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" + }, + "updated_at" : "2024-09-20T10:13:23+05:30", + "customer_locale" : "en", + "processed_at" : "2024-08-28T14:48:43+05:30", + "currency" : "INR", + "id" : 5030430111111, + "subtotal_price" : "2398.00", + "total_price" : "2829.64", + "total_line_items_price" : "2398.00", + "total_tax" : "431.64", + "total_tip_received" : "0.00", + "financial_status" : "partially_paid", + "name" : "#1002", + "customer" : { + "note" : "", + "tax_exempt" : false, + "email_marketing_consent" : { + "state" : "not_subscribed", + "opt_in_level" : "single_opt_in" + }, + "created_at" : "2024-08-28T15:50:36+05:30", + "last_name" : "Doe", + "verified_email" : true, + "tags" : "", + "default_address" : { + "zip" : "", + "country" : "India", + "address2" : "", + "city" : "Ahmedabad", + "address1" : "", + "last_name" : "Doe", + "province_code" : "GJ", + "country_code" : "IN", + "default" : true, + "province" : "Gujarat", + "name" : "John Doe", + "country_name" : "India", + "company" : "", + "id" : 8518800900153, + "customer_id" : 7597194181111, + "first_name" : "John" + }, + "updated_at" : "2024-09-23T12:22:38+05:30", + "admin_graphql_api_id" : "gid://shopify/Customer/7597194181111", + "currency" : "INR", + "id" : 7597194181111, + "state" : "disabled", + "first_name" : "John", + "email" : "example@gmail.com" + } + } + service: "order" + result: + custom: + buyer_accepts_marketing: false + confirmation_number: "L5MIX0PUW" + confirmed: true + created_at: "2024-08-28T14:48:43+05:30" + currency: "INR" + customer: + admin_graphql_api_id: "gid://shopify/Customer/7597194181111" + created_at: "2024-08-28T15:50:36+05:30" + currency: "INR" + default_address: + address1: "" + address2: "" + city: "Ahmedabad" + company: "" + country: "India" + country_code: "IN" + country_name: "India" + customer_id: 7597194181111 + default: true + first_name: "John" + id: 8518800900153 + last_name: "Doe" + name: "John Doe" + province: "Gujarat" + province_code: "GJ" + zip: "" + email_marketing_consent: + opt_in_level: "single_opt_in" + state: "not_subscribed" + first_name: "John" + last_name: "Doe" + note: "" + state: "disabled" + tags: "" + tax_exempt: false + updated_at: "2024-09-23T12:22:38+05:30" + verified_email: true + customer_locale: "en" + financial_status: "partially_paid" + fulfillment_status: "fulfilled" + fulfillments: + - + updated_at: "2024-09-20T10:13:23+05:30" + service: "manual" + admin_graphql_api_id: "gid://shopify/Fulfillment/4542375952441" + name: "#1002.1" + created_at: "2024-09-20T10:13:23+05:30" + id: 4542375952441 + line_items: + - + variant_title: "Black" + fulfillment_status: "fulfilled" + total_discount: "0.00" + gift_card: false + requires_shipping: true + total_discount_set: + shop_money: + amount: "0.00" + currency_code: "INR" + presentment_money: + amount: "0.00" + currency_code: "INR" + title: "Shoes" + product_exists: true + variant_id: 43744593936441 + tax_lines: + - + channel_liable: false + rate: 0.18 + price: "233.82" + price_set: + shop_money: + amount: "233.82" + currency_code: "INR" + presentment_money: + amount: "233.82" + currency_code: "INR" + title: "IGST" + price: "1299.00" + vendor: "Dummy Vendor" + product_id: 7688312913977 + id: 12778730618937 + grams: 500 + sku: "SHOES-1" + fulfillable_quantity: 0 + quantity: 1 + fulfillment_service: "manual" + taxable: true + variant_inventory_management: "shopify" + current_quantity: 1 + admin_graphql_api_id: "gid://shopify/LineItem/12778730618937" + name: "Shoes - Black" + price_set: + shop_money: + amount: "1299.00" + currency_code: "INR" + presentment_money: + amount: "1299.00" + currency_code: "INR" + - + variant_title: "L" + fulfillment_status: "fulfilled" + total_discount: "0.00" + gift_card: false + requires_shipping: true + total_discount_set: + shop_money: + amount: "0.00" + currency_code: "INR" + presentment_money: + amount: "0.00" + currency_code: "INR" + title: "Cotton tshirt" + product_exists: true + variant_id: 43741030744121 + tax_lines: + - + channel_liable: false + rate: 0.18 + price: "53.82" + price_set: + shop_money: + amount: "53.82" + currency_code: "INR" + presentment_money: + amount: "53.82" + currency_code: "INR" + title: "IGST" + price: "299.00" + vendor: "My Store" + product_id: 7687579762745 + id: 12801614413881 + grams: 100 + sku: "" + fulfillable_quantity: 0 + quantity: 1 + fulfillment_service: "manual" + taxable: true + variant_inventory_management: "shopify" + current_quantity: 1 + admin_graphql_api_id: "gid://shopify/LineItem/12801614413881" + name: "Cotton tshirt - L" + price_set: + shop_money: + amount: "299.00" + currency_code: "INR" + presentment_money: + amount: "299.00" + currency_code: "INR" + - + fulfillable_quantity: 0 + fulfillment_status: "fulfilled" + quantity: 1 + total_discount: "0.00" + fulfillment_service: "manual" + gift_card: false + taxable: true + requires_shipping: true + total_discount_set: + shop_money: + amount: "0.00" + currency_code: "INR" + presentment_money: + amount: "0.00" + currency_code: "INR" + title: "Desk Lamp" + current_quantity: 1 + product_exists: true + variant_id: 43744917815353 + tax_lines: + - + channel_liable: false + rate: 0.18 + price: "144.00" + price_set: + shop_money: + amount: "144.00" + currency_code: "INR" + presentment_money: + amount: "144.00" + currency_code: "INR" + title: "IGST" + price: "800.00" + vendor: "Dummy Vendor" + admin_graphql_api_id: "gid://shopify/LineItem/12801628569657" + product_id: 7688576860217 + name: "Desk Lamp" + id: 12801628569657 + grams: 0 + price_set: + shop_money: + amount: "800.00" + currency_code: "INR" + presentment_money: + amount: "800.00" + currency_code: "INR" + sku: "DL789" + order_id: 5030430111111 + location_id: 75274649657 + status: "success" + http: + useragent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" + useragent_details: + browser: + family: "Chrome" + major: "128" + minor: "0" + patch: "0" + patch_minor: "0" + device: + category: "Desktop" + family: "Other" + os: + family: "Windows" + major: "10" + id: 5030430111111 + line_items: + - + variant_title: "Black" + fulfillment_status: "fulfilled" + total_discount: "0.00" + gift_card: false + requires_shipping: true + total_discount_set: + shop_money: + amount: "0.00" + currency_code: "INR" + presentment_money: + amount: "0.00" + currency_code: "INR" + title: "Shoes" + product_exists: true + variant_id: 43744593936441 + tax_lines: + - + channel_liable: false + rate: 0.18 + price: "233.82" + price_set: + shop_money: + amount: "233.82" + currency_code: "INR" + presentment_money: + amount: "233.82" + currency_code: "INR" + title: "IGST" + price: "1299.00" + vendor: "Dummy Vendor" + product_id: 7688312913977 + id: 12778730618937 + grams: 500 + sku: "SHOES-1" + fulfillable_quantity: 0 + quantity: 1 + fulfillment_service: "manual" + taxable: true + variant_inventory_management: "shopify" + current_quantity: 1 + admin_graphql_api_id: "gid://shopify/LineItem/12778730618937" + name: "Shoes - Black" + price_set: + shop_money: + amount: "1299.00" + currency_code: "INR" + presentment_money: + amount: "1299.00" + currency_code: "INR" + - + variant_title: "L" + fulfillment_status: "fulfilled" + total_discount: "0.00" + gift_card: false + requires_shipping: true + total_discount_set: + shop_money: + amount: "0.00" + currency_code: "INR" + presentment_money: + amount: "0.00" + currency_code: "INR" + title: "Cotton tshirt" + product_exists: true + variant_id: 43741030744121 + tax_lines: + - + channel_liable: false + rate: 0.18 + price: "53.82" + price_set: + shop_money: + amount: "53.82" + currency_code: "INR" + presentment_money: + amount: "53.82" + currency_code: "INR" + title: "IGST" + price: "299.00" + vendor: "My Store" + product_id: 7687579762745 + id: 12801614413881 + grams: 100 + sku: "" + fulfillable_quantity: 0 + quantity: 1 + fulfillment_service: "manual" + taxable: true + variant_inventory_management: "shopify" + current_quantity: 1 + admin_graphql_api_id: "gid://shopify/LineItem/12801614413881" + name: "Cotton tshirt - L" + price_set: + shop_money: + amount: "299.00" + currency_code: "INR" + presentment_money: + amount: "299.00" + currency_code: "INR" + - + fulfillable_quantity: 0 + fulfillment_status: "fulfilled" + quantity: 1 + total_discount: "0.00" + fulfillment_service: "manual" + gift_card: false + taxable: true + requires_shipping: true + total_discount_set: + shop_money: + amount: "0.00" + currency_code: "INR" + presentment_money: + amount: "0.00" + currency_code: "INR" + title: "Desk Lamp" + current_quantity: 1 + product_exists: true + variant_id: 43744917815353 + tax_lines: + - + channel_liable: false + rate: 0.18 + price: "144.00" + price_set: + shop_money: + amount: "144.00" + currency_code: "INR" + presentment_money: + amount: "144.00" + currency_code: "INR" + title: "IGST" + price: "800.00" + vendor: "Dummy Vendor" + admin_graphql_api_id: "gid://shopify/LineItem/12801628569657" + product_id: 7688576860217 + name: "Desk Lamp" + id: 12801628569657 + grams: 0 + price_set: + shop_money: + amount: "800.00" + currency_code: "INR" + presentment_money: + amount: "800.00" + currency_code: "INR" + sku: "DL789" + name: "#1002" + network: + client: + geoip: {} + ip: "10.0.0.0" + order_number: 1002 + presentment_currency: "INR" + processed_at: "2024-08-28T14:48:43+05:30" + subtotal_price: "2398.00" + taxes_included: false + total_discounts: "0.00" + total_line_items_price: "2398.00" + total_outstanding: "1296.82" + total_price: "2829.64" + total_tax: "431.64" + total_tip_received: "0.00" + total_weight: 600 + updated_at: "2024-09-20T10:13:23+05:30" + usr: + email: "example@gmail.com" + id: 7597194181111 + name: "John Doe" + message: |- + { + "confirmation_number" : "L5MIX0PUW", + "fulfillment_status" : "fulfilled", + "total_outstanding" : "1296.82", + "order_number" : 1002, + "created_at" : "2024-08-28T14:48:43+05:30", + "taxes_included" : false, + "line_items" : [ { + "variant_title" : "Black", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Shoes", + "product_exists" : true, + "variant_id" : 43744593936441, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "233.82", + "price_set" : { + "shop_money" : { + "amount" : "233.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "233.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "1299.00", + "vendor" : "Dummy Vendor", + "product_id" : 7688312913977, + "id" : 12778730618937, + "grams" : 500, + "sku" : "SHOES-1", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12778730618937", + "name" : "Shoes - Black", + "price_set" : { + "shop_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + } + } + }, { + "variant_title" : "L", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Cotton tshirt", + "product_exists" : true, + "variant_id" : 43741030744121, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "53.82", + "price_set" : { + "shop_money" : { + "amount" : "53.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "53.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "299.00", + "vendor" : "My Store", + "product_id" : 7687579762745, + "id" : 12801614413881, + "grams" : 100, + "sku" : "", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12801614413881", + "name" : "Cotton tshirt - L", + "price_set" : { + "shop_money" : { + "amount" : "299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "299.00", + "currency_code" : "INR" + } + } + }, { + "fulfillable_quantity" : 0, + "fulfillment_status" : "fulfilled", + "quantity" : 1, + "total_discount" : "0.00", + "fulfillment_service" : "manual", + "gift_card" : false, + "taxable" : true, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Desk Lamp", + "current_quantity" : 1, + "product_exists" : true, + "variant_id" : 43744917815353, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "144.00", + "price_set" : { + "shop_money" : { + "amount" : "144.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "144.00", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "800.00", + "vendor" : "Dummy Vendor", + "admin_graphql_api_id" : "gid://shopify/LineItem/12801628569657", + "product_id" : 7688576860217, + "name" : "Desk Lamp", + "id" : 12801628569657, + "grams" : 0, + "price_set" : { + "shop_money" : { + "amount" : "800.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "800.00", + "currency_code" : "INR" + } + }, + "sku" : "DL789" + } ], + "buyer_accepts_marketing" : false, + "presentment_currency" : "INR", + "confirmed" : true, + "total_weight" : 600, + "total_discounts" : "0.00", + "fulfillments" : [ { + "updated_at" : "2024-09-20T10:13:23+05:30", + "service" : "manual", + "admin_graphql_api_id" : "gid://shopify/Fulfillment/4542375952441", + "name" : "#1002.1", + "created_at" : "2024-09-20T10:13:23+05:30", + "id" : 4542375952441, + "line_items" : [ { + "variant_title" : "Black", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Shoes", + "product_exists" : true, + "variant_id" : 43744593936441, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "233.82", + "price_set" : { + "shop_money" : { + "amount" : "233.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "233.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "1299.00", + "vendor" : "Dummy Vendor", + "product_id" : 7688312913977, + "id" : 12778730618937, + "grams" : 500, + "sku" : "SHOES-1", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12778730618937", + "name" : "Shoes - Black", + "price_set" : { + "shop_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "1299.00", + "currency_code" : "INR" + } + } + }, { + "variant_title" : "L", + "fulfillment_status" : "fulfilled", + "total_discount" : "0.00", + "gift_card" : false, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Cotton tshirt", + "product_exists" : true, + "variant_id" : 43741030744121, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "53.82", + "price_set" : { + "shop_money" : { + "amount" : "53.82", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "53.82", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "299.00", + "vendor" : "My Store", + "product_id" : 7687579762745, + "id" : 12801614413881, + "grams" : 100, + "sku" : "", + "fulfillable_quantity" : 0, + "quantity" : 1, + "fulfillment_service" : "manual", + "taxable" : true, + "variant_inventory_management" : "shopify", + "current_quantity" : 1, + "admin_graphql_api_id" : "gid://shopify/LineItem/12801614413881", + "name" : "Cotton tshirt - L", + "price_set" : { + "shop_money" : { + "amount" : "299.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "299.00", + "currency_code" : "INR" + } + } + }, { + "fulfillable_quantity" : 0, + "fulfillment_status" : "fulfilled", + "quantity" : 1, + "total_discount" : "0.00", + "fulfillment_service" : "manual", + "gift_card" : false, + "taxable" : true, + "requires_shipping" : true, + "total_discount_set" : { + "shop_money" : { + "amount" : "0.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "0.00", + "currency_code" : "INR" + } + }, + "title" : "Desk Lamp", + "current_quantity" : 1, + "product_exists" : true, + "variant_id" : 43744917815353, + "tax_lines" : [ { + "channel_liable" : false, + "rate" : 0.18, + "price" : "144.00", + "price_set" : { + "shop_money" : { + "amount" : "144.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "144.00", + "currency_code" : "INR" + } + }, + "title" : "IGST" + } ], + "price" : "800.00", + "vendor" : "Dummy Vendor", + "admin_graphql_api_id" : "gid://shopify/LineItem/12801628569657", + "product_id" : 7688576860217, + "name" : "Desk Lamp", + "id" : 12801628569657, + "grams" : 0, + "price_set" : { + "shop_money" : { + "amount" : "800.00", + "currency_code" : "INR" + }, + "presentment_money" : { + "amount" : "800.00", + "currency_code" : "INR" + } + }, + "sku" : "DL789" + } ], + "order_id" : 5030430111111, + "location_id" : 75274649657, + "status" : "success" + } ], + "client_details" : { + "browser_ip" : "10.0.0.0", + "user_agent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" + }, + "updated_at" : "2024-09-20T10:13:23+05:30", + "customer_locale" : "en", + "processed_at" : "2024-08-28T14:48:43+05:30", + "currency" : "INR", + "id" : 5030430111111, + "subtotal_price" : "2398.00", + "total_price" : "2829.64", + "total_line_items_price" : "2398.00", + "total_tax" : "431.64", + "total_tip_received" : "0.00", + "financial_status" : "partially_paid", + "name" : "#1002", + "customer" : { + "note" : "", + "tax_exempt" : false, + "email_marketing_consent" : { + "state" : "not_subscribed", + "opt_in_level" : "single_opt_in" + }, + "created_at" : "2024-08-28T15:50:36+05:30", + "last_name" : "Doe", + "verified_email" : true, + "tags" : "", + "default_address" : { + "zip" : "", + "country" : "India", + "address2" : "", + "city" : "Ahmedabad", + "address1" : "", + "last_name" : "Doe", + "province_code" : "GJ", + "country_code" : "IN", + "default" : true, + "province" : "Gujarat", + "name" : "John Doe", + "country_name" : "India", + "company" : "", + "id" : 8518800900153, + "customer_id" : 7597194181111, + "first_name" : "John" + }, + "updated_at" : "2024-09-23T12:22:38+05:30", + "admin_graphql_api_id" : "gid://shopify/Customer/7597194181111", + "currency" : "INR", + "id" : 7597194181111, + "state" : "disabled", + "first_name" : "John", + "email" : "example@gmail.com" + } + } + service: "order" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726807403000 + - + sample: |- + { + "note" : "Note", + "taxExempt" : false, + "productSubscriberStatus" : "NEVER_SUBSCRIBED", + "lastOrder" : { + "totalPriceSet" : { + "shopMoney" : { + "amount" : "3065.64", + "currencyCode" : "INR" + } + } + }, + "displayName" : "John Doe", + "smsMarketingConsent" : { + "marketingOptInLevel" : "SINGLE_OPT_IN", + "consentCollectedFrom" : "SHOPIFY", + "marketingState" : "NOT_SUBSCRIBED" + }, + "validEmailAddress" : true, + "numberOfOrders" : "1", + "emailMarketingConsent" : { + "marketingOptInLevel" : "SINGLE_OPT_IN", + "marketingState" : "SUBSCRIBED", + "consentUpdatedAt" : "2024-09-03T09:31:52Z" + }, + "createdAt" : "2024-09-03T09:31:52Z", + "legacyResourceId" : "123", + "canDelete" : false, + "lifetimeDuration" : "22 days", + "id" : "gid://shopify/Customer/123", + "state" : "DISABLED", + "dataSaleOptOut" : false, + "amountSpent" : { + "amount" : "3065.64", + "currencyCode" : "INR" + }, + "updatedAt" : "2024-09-18T12:23:20Z", + "defaultAddress" : { + "country" : "India", + "city" : "Ahmedabad", + "countryCodeV2" : "IN" + }, + "verifiedEmail" : true + } + service: "customer" + result: + custom: + amountSpent: + amount: "3065.64" + currencyCode: "INR" + canDelete: false + createdAt: "2024-09-03T09:31:52Z" + dataSaleOptOut: false + defaultAddress: + city: "Ahmedabad" + country: "India" + countryCodeV2: "IN" + emailMarketingConsent: + consentUpdatedAt: "2024-09-03T09:31:52Z" + marketingOptInLevel: "SINGLE_OPT_IN" + marketingState: "SUBSCRIBED" + id: "gid://shopify/Customer/123" + lastOrder: + totalPriceSet: + shopMoney: + amount: "3065.64" + currencyCode: "INR" + lifetimeDuration: "22 days" + note: "Note" + numberOfOrders: "1" + productSubscriberStatus: "NEVER_SUBSCRIBED" + smsMarketingConsent: + consentCollectedFrom: "SHOPIFY" + marketingOptInLevel: "SINGLE_OPT_IN" + marketingState: "NOT_SUBSCRIBED" + state: "DISABLED" + taxExempt: false + updatedAt: "2024-09-18T12:23:20Z" + usr: + id: "123" + name: "John Doe" + validEmailAddress: true + verifiedEmail: true + message: |- + { + "note" : "Note", + "taxExempt" : false, + "productSubscriberStatus" : "NEVER_SUBSCRIBED", + "lastOrder" : { + "totalPriceSet" : { + "shopMoney" : { + "amount" : "3065.64", + "currencyCode" : "INR" + } + } + }, + "displayName" : "John Doe", + "smsMarketingConsent" : { + "marketingOptInLevel" : "SINGLE_OPT_IN", + "consentCollectedFrom" : "SHOPIFY", + "marketingState" : "NOT_SUBSCRIBED" + }, + "validEmailAddress" : true, + "numberOfOrders" : "1", + "emailMarketingConsent" : { + "marketingOptInLevel" : "SINGLE_OPT_IN", + "marketingState" : "SUBSCRIBED", + "consentUpdatedAt" : "2024-09-03T09:31:52Z" + }, + "createdAt" : "2024-09-03T09:31:52Z", + "legacyResourceId" : "123", + "canDelete" : false, + "lifetimeDuration" : "22 days", + "id" : "gid://shopify/Customer/123", + "state" : "DISABLED", + "dataSaleOptOut" : false, + "amountSpent" : { + "amount" : "3065.64", + "currencyCode" : "INR" + }, + "updatedAt" : "2024-09-18T12:23:20Z", + "defaultAddress" : { + "country" : "India", + "city" : "Ahmedabad", + "countryCodeV2" : "IN" + }, + "verifiedEmail" : true + } + service: "customer" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726662200000 + - + sample: |- + { + "sellingPlanGroupsCount" : { + "count" : 0 + }, + "isGiftCard" : false, + "publishedAt" : "2024-09-25T05:37:35Z", + "description" : "zx xvb", + "handle" : "black-pama-shoes", + "totalInventory" : 0, + "tracksInventory" : true, + "title" : "Black Pama Shoes", + "requiresSellingPlan" : false, + "hasOutOfStockVariants" : true, + "variantsCount" : { + "count" : 1 + }, + "priceRangeV2" : { + "maxVariantPrice" : { + "amount" : "0.0", + "currencyCode" : "INR" + }, + "minVariantPrice" : { + "amount" : "0.0", + "currencyCode" : "INR" + } + }, + "createdAt" : "2024-09-25T05:37:35Z", + "hasOnlyDefaultVariant" : true, + "legacyResourceId" : "7715954491449", + "vendor" : "Dummy Vendor", + "mediaCount" : { + "count" : 0 + }, + "onlineStoreUrl" : "https://8856f0-0b.myshopify.com/products/black-pama-shoes", + "id" : "gid://shopify/Product/7715954491449", + "category" : { + "isArchived" : false, + "name" : "Apparel & Accessories", + "fullName" : "Apparel & Accessories", + "id" : "gid://shopify/TaxonomyCategory/aa" + }, + "hasVariantsThatRequiresComponents" : false, + "productType" : "", + "status" : "ACTIVE", + "updatedAt" : "2024-09-25T10:56:37Z" + } + service: "product" + result: + custom: + category: + fullName: "Apparel & Accessories" + id: "gid://shopify/TaxonomyCategory/aa" + isArchived: false + name: "Apparel & Accessories" + createdAt: "2024-09-25T05:37:35Z" + description: "zx xvb" + handle: "black-pama-shoes" + hasOnlyDefaultVariant: true + hasOutOfStockVariants: true + hasVariantsThatRequiresComponents: false + id: "gid://shopify/Product/7715954491449" + isGiftCard: false + legacyResourceId: "7715954491449" + mediaCount: + count: 0 + onlineStoreUrl: "https://8856f0-0b.myshopify.com/products/black-pama-shoes" + priceRangeV2: + maxVariantPrice: + amount: "0.0" + currencyCode: "INR" + minVariantPrice: + amount: "0.0" + currencyCode: "INR" + productType: "" + product_status: "ACTIVE" + publishedAt: "2024-09-25T05:37:35Z" + requiresSellingPlan: false + sellingPlanGroupsCount: + count: 0 + status: "info" + title: "Black Pama Shoes" + totalInventory: 0 + tracksInventory: true + updatedAt: "2024-09-25T10:56:37Z" + variantsCount: + count: 1 + vendor: "Dummy Vendor" + message: |- + { + "sellingPlanGroupsCount" : { + "count" : 0 + }, + "isGiftCard" : false, + "publishedAt" : "2024-09-25T05:37:35Z", + "description" : "zx xvb", + "handle" : "black-pama-shoes", + "totalInventory" : 0, + "tracksInventory" : true, + "title" : "Black Pama Shoes", + "requiresSellingPlan" : false, + "hasOutOfStockVariants" : true, + "variantsCount" : { + "count" : 1 + }, + "priceRangeV2" : { + "maxVariantPrice" : { + "amount" : "0.0", + "currencyCode" : "INR" + }, + "minVariantPrice" : { + "amount" : "0.0", + "currencyCode" : "INR" + } + }, + "createdAt" : "2024-09-25T05:37:35Z", + "hasOnlyDefaultVariant" : true, + "legacyResourceId" : "7715954491449", + "vendor" : "Dummy Vendor", + "mediaCount" : { + "count" : 0 + }, + "onlineStoreUrl" : "https://8856f0-0b.myshopify.com/products/black-pama-shoes", + "id" : "gid://shopify/Product/7715954491449", + "category" : { + "isArchived" : false, + "name" : "Apparel & Accessories", + "fullName" : "Apparel & Accessories", + "id" : "gid://shopify/TaxonomyCategory/aa" + }, + "hasVariantsThatRequiresComponents" : false, + "productType" : "", + "status" : "ACTIVE", + "updatedAt" : "2024-09-25T10:56:37Z" + } + service: "product" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1727261797000 diff --git a/shopify/assets/monitors/order_cancellation_rate.json b/shopify/assets/monitors/order_cancellation_rate.json new file mode 100644 index 0000000000000..bbce19a316d3a --- /dev/null +++ b/shopify/assets/monitors/order_cancellation_rate.json @@ -0,0 +1,74 @@ +{ + "version": 2, + "created_at": "2024-10-01", + "last_updated_at": "2024-10-01", + "title": "Order Cancellation Rate is High", + "description": "The order cancellation rate is the percentage of orders that are canceled, compared to the total number of orders placed within a time interval. This monitor tracks the order cancellations to help identify issues, improve the shopping experience, and reduce lost sales.", + "definition": { + "id": 155142683, + "name": "Order Cancellation Rate is High", + "type": "log alert", + "query": "formula(\"query * 100 / query1\").last(\"4h\") >= 5", + "message": "{{#is_warning}}\nThe order cancellation rate has exceeded the defined threshold. \nCurrent Cancellation Rate: {{value}}% \nThreshold: {{warn_threshold}}% \n{{/is_warning}}\n\n{{#is_alert}}\nThe order cancellation rate has exceeded the defined threshold. \nCurrent Cancellation Rate: {{value}}% \nThreshold: {{threshold}}% \n{{/is_alert}}\n\n@abc@example.com", + "tags": [ + "shopify" + ], + "options": { + "thresholds": { + "critical": 5, + "warning": 2 + }, + "enable_logs_sample": false, + "notify_audit": false, + "on_missing_data": "resolve", + "include_tags": false, + "variables": [ + { + "data_source": "logs", + "name": "query", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order @cancelled_at:*" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@id" + }, + "group_by": [], + "search": { + "query": "source:shopify service:order" + }, + "storage": "hot" + } + ], + "renotify_interval": 0, + "escalation_message": "", + "notification_preset_name": "hide_query", + "new_host_delay": 300, + "groupby_simple_monitor": false, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:shopify" + ] +} \ No newline at end of file diff --git a/shopify/assets/monitors/product_inventory_out_of_stock.json b/shopify/assets/monitors/product_inventory_out_of_stock.json new file mode 100644 index 0000000000000..40aca03d25750 --- /dev/null +++ b/shopify/assets/monitors/product_inventory_out_of_stock.json @@ -0,0 +1,39 @@ +{ + "version": 2, + "created_at": "2024-10-01", + "last_updated_at": "2024-10-01", + "title": "Product Inventory is Out of Stock", + "description": "Out-of-stock inventory refers to products that are sold out and unavailable for purchase. This monitor tracks product inventory to help manage stock levels, prevent overselling, and ensure timely restocking.", + "definition": { + "id": 155142623, + "name": "Product Inventory is Out of Stock", + "type": "log alert", + "query": "logs(\"source:shopify service:product @tracksInventory:true @totalInventory:<=0\").index(\"*\").rollup(\"count\").by(\"@legacyResourceId,@title\").last(\"4h\") > 0", + "message": "{{#is_alert}}\nProduct {{@title.name}} (ID: {{@legacyResourceId.name}}) is currently out of stock. Please restock to ensure it's availability.\n{{/is_alert}}\n\n@abc@example.com", + "tags": [ + "shopify" + ], + "options": { + "thresholds": { + "critical": 0 + }, + "enable_logs_sample": false, + "notify_audit": false, + "on_missing_data": "resolve", + "include_tags": false, + "new_group_delay": 60, + "renotify_interval": 0, + "escalation_message": "", + "notification_preset_name": "hide_query", + "groupby_simple_monitor": false, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:shopify" + ] +} \ No newline at end of file diff --git a/shopify/assets/service_checks.json b/shopify/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/shopify/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/shopify/assets/shopify_dark_theme.svg b/shopify/assets/shopify_dark_theme.svg new file mode 100644 index 0000000000000..abc7797f9c2cb --- /dev/null +++ b/shopify/assets/shopify_dark_theme.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/shopify/assets/shopify_white_them.svg b/shopify/assets/shopify_white_them.svg new file mode 100644 index 0000000000000..55cde5746ce75 --- /dev/null +++ b/shopify/assets/shopify_white_them.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/shopify/images/shopify_customer_overview.png b/shopify/images/shopify_customer_overview.png new file mode 100644 index 0000000000000..26d117353e64b Binary files /dev/null and b/shopify/images/shopify_customer_overview.png differ diff --git a/shopify/images/shopify_event_overview.png b/shopify/images/shopify_event_overview.png new file mode 100644 index 0000000000000..bc597771a9141 Binary files /dev/null and b/shopify/images/shopify_event_overview.png differ diff --git a/shopify/images/shopify_order_overview.png b/shopify/images/shopify_order_overview.png new file mode 100644 index 0000000000000..7edf836c115f9 Binary files /dev/null and b/shopify/images/shopify_order_overview.png differ diff --git a/shopify/images/shopify_product_overview.png b/shopify/images/shopify_product_overview.png new file mode 100644 index 0000000000000..9cdd3ba4e56f1 Binary files /dev/null and b/shopify/images/shopify_product_overview.png differ diff --git a/shopify/manifest.json b/shopify/manifest.json new file mode 100644 index 0000000000000..9043670e922c9 --- /dev/null +++ b/shopify/manifest.json @@ -0,0 +1,73 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "81c0f478-e722-454a-83d3-5e3f45e11ca8", + "app_id": "shopify", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into Shopify Event, Product, Customer and Order logs.", + "title": "Shopify", + "media": [ + { + "caption": "Shopify - Event Overview", + "image_url": "images/shopify_event_overview.png", + "media_type": "image" + }, + { + "caption": "Shopify - Product Overview", + "image_url": "images/shopify_product_overview.png", + "media_type": "image" + }, + { + "caption": "Shopify - Customer Overview", + "image_url": "images/shopify_customer_overview.png", + "media_type": "image" + }, + { + "caption": "Shopify - Order Overview", + "image_url": "images/shopify_order_overview.png", + "media_type": "image" + } + ], + "classifier_tags": [ + "Category::Log Collection", + "Submitted Data Type::Logs", + "Offering::Integration" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 622, + "source_type_name": "Shopify", + "events": { + "creates_events": false + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "dashboards": { + "Shopify - Event Overview" : "assets/dashboards/shopify_event_overview.json", + "Shopify - Product Overview" : "assets/dashboards/shopify_product_overview.json", + "Shopify - Customer Overview" : "assets/dashboards/shopify_customer_overview.json", + "Shopify - Order Overview" : "assets/dashboards/shopify_order_overview.json" + }, + "monitors" : { + "Product Inventory is Out of Stock" : "assets/monitors/product_inventory_out_of_stock.json", + "Order Cancellation Rate is High" : "assets/monitors/order_cancellation_rate.json" + }, + "logs": { + "source": "shopify" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/sidekiq/CHANGELOG.md b/sidekiq/CHANGELOG.md index 1c220c5a4d26b..6f0eb4ff9750e 100644 --- a/sidekiq/CHANGELOG.md +++ b/sidekiq/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.4.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/silk/CHANGELOG.md b/silk/CHANGELOG.md index f971e63aa65f2..28b33834c7b8d 100644 --- a/silk/CHANGELOG.md +++ b/silk/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/singlestore/CHANGELOG.md b/singlestore/CHANGELOG.md index 7dc941dd26c79..f971b53bf7f1b 100644 --- a/singlestore/CHANGELOG.md +++ b/singlestore/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.1 / 2024-06-11 / Agent 7.54.1 ***Fixed***: diff --git a/slurm/CHANGELOG.md b/slurm/CHANGELOG.md index 63d0291de381b..93fbb1fcc2497 100644 --- a/slurm/CHANGELOG.md +++ b/slurm/CHANGELOG.md @@ -2,6 +2,24 @@ +## 1.0.3 / 2024-12-06 + +***Fixed***: + +* Add all user query param to the different queries ([#19182](https://github.com/DataDog/integrations-core/pull/19182)) + +## 1.0.2 / 2024-11-28 + +***Fixed***: + +* Bump base package dependency to get fixed pyyaml. ([#19156](https://github.com/DataDog/integrations-core/pull/19156)) + +## 1.0.1 / 2024-11-25 + +***Fixed***: + +* Fix issue in which the sacct params kept growing with each iteration ([#19117](https://github.com/DataDog/integrations-core/pull/19117)) + ## 1.0.0 / 2024-11-06 ***Added***: diff --git a/slurm/assets/configuration/spec.yaml b/slurm/assets/configuration/spec.yaml index 79f3f71210b9f..92ca32b435325 100644 --- a/slurm/assets/configuration/spec.yaml +++ b/slurm/assets/configuration/spec.yaml @@ -127,7 +127,21 @@ files: Most Slurm metrics are collected from calling the different binaries. Depending on the size of the Slurm cluster, this can be a very expensive operation. It is recommended to set this to a higher value than the default 15 seconds, but this can be adjusted based on the size of the cluster and the desired granularity of the metrics. - min_collection_interval.value.display_default: 15 + min_collection_interval.value.display_default: 60 min_collection_interval.value.default: 60 min_collection_interval.value.example: 60 - min_collection_interval.enabled: true \ No newline at end of file + min_collection_interval.enabled: true + - template: logs + example: + - type: file + path: /var/log/slurm/slurmd.log + source: slurm + service: slurm + - type: file + path: /var/log/slurm/slurmdbd.log + source: slurm + service: slurm + - type: file + path: /var/log/slurm/slurmctld.log + source: slurm + service: slurm \ No newline at end of file diff --git a/slurm/assets/logs/slurm.yaml b/slurm/assets/logs/slurm.yaml new file mode 100644 index 0000000000000..5ba1f09ed5c25 --- /dev/null +++ b/slurm/assets/logs/slurm.yaml @@ -0,0 +1,48 @@ +id: slurm +metric_id: slurm +backend_only: false +facets: +pipeline: + type: pipeline + name: Slurm + enabled: true + filter: + query: source:slurm + processors: + - type: grok-parser + name: Slurm Parser + enabled: true + source: message + samples: + - "[2024-10-22T23:16:26.830] debug: REQUEST_PERSIST_INIT: CLUSTER:linux VERSION:9472 UID:0 IP:172.22.0.4 CONN:9" + - "[2024-10-28T04:52:56.841] debug2: Finish processing RPC: REQUEST_PING" + - "[2024-10-28T04:53:03.731] debug2: Processing RPC: REQUEST_SHARE_INFO from UID=0" + - "[2024-10-29T04:28:12.937] [63.batch] debug2: _set_limit: RLIMIT_NOFILE : max:1048576 cur:4096 req:1048576" + grok: + matchRules: | + slurm_job \[%{_timestamp}\] \[%{regex("\\d+"):slurm.job_id}.%{regex("\\w+"):slurm.job_name}] %{_level}: %{_msg} + slurm_general \[%{_timestamp}\] %{_level}: %{_msg} + supportRules: | + _timestamp %{date("yyyy-MM-dd'T'HH:mm:ss.SSS"):timestamp} + _level %{regex("[A-Za-z]+"):level}%{regex("\\d*"):debug.level} + _msg %{data:msg} + - type: date-remapper + name: Define `timestamp` as the official date of the log + enabled: true + sources: + - timestamp + - type: service-remapper + name: Define `service` as the official service of the log + enabled: true + sources: + - service + - type: status-remapper + name: Define `level` as the official status of the log + enabled: true + sources: + - level + - type: message-remapper + name: Define `msg` as the official message of the log + enabled: true + sources: + - msg \ No newline at end of file diff --git a/slurm/assets/logs/slurm_tests.yaml b/slurm/assets/logs/slurm_tests.yaml new file mode 100644 index 0000000000000..9a38ed69665ad --- /dev/null +++ b/slurm/assets/logs/slurm_tests.yaml @@ -0,0 +1,42 @@ +id: "slurm" +tests: + - + sample: "[2024-10-22T23:16:26.830] debug: REQUEST_PERSIST_INIT: CLUSTER:linux VERSION:9472 UID:0 IP:172.22.0.4 CONN:9" + result: + custom: + timestamp: 1729638986830 + level: "debug" + message: " REQUEST_PERSIST_INIT: CLUSTER:linux VERSION:9472 UID:0 IP:172.22.0.4 CONN:9" + status: "debug" + tags: + - "source:LOGS_SOURCE" + timestamp: 1729638986830 + - + sample: "[2024-10-29T04:28:12.937] [63.batch] debug2: _set_limit: RLIMIT_NOFILE : max:1048576 cur:4096 req:1048576" + result: + custom: + level: "debug" + timestamp: 1730176092937 + slurm: + job_id: "63" + job_name: "batch" + debug: + level: "2" + message: "_set_limit: RLIMIT_NOFILE : max:1048576 cur:4096 req:1048576" + status: "debug" + tags: + - "source:LOGS_SOURCE" + timestamp: 1730176092937 + - + sample: "[2024-10-28T04:52:56.841] debug2: Finish processing RPC: REQUEST_PING" + result: + custom: + debug: + level: "2" + level: "debug" + timestamp: 1730091176841 + message: "Finish processing RPC: REQUEST_PING" + status: "debug" + tags: + - "source:LOGS_SOURCE" + timestamp: 1730091176841 diff --git a/slurm/assets/saved_views/slurm_overview.json b/slurm/assets/saved_views/slurm_overview.json new file mode 100644 index 0000000000000..0a38a1616ccdd --- /dev/null +++ b/slurm/assets/saved_views/slurm_overview.json @@ -0,0 +1,14 @@ +{ + "name": "Slurm Logs Overview", + "query": "source:slurm", + "visible_facets": [ + "status", + "service", + "host" + ], + "type": "logs", + "timerange": { + "interval_ms": 3600000 + }, + "page": "patterns" +} diff --git a/slurm/datadog_checks/slurm/__about__.py b/slurm/datadog_checks/slurm/__about__.py index acbfd1c866b84..bfba3d18c9577 100644 --- a/slurm/datadog_checks/slurm/__about__.py +++ b/slurm/datadog_checks/slurm/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2024-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '1.0.0' +__version__ = '1.0.3' diff --git a/slurm/datadog_checks/slurm/check.py b/slurm/datadog_checks/slurm/check.py index f06b2b9cca423..f5f1e0a7b94e0 100644 --- a/slurm/datadog_checks/slurm/check.py +++ b/slurm/datadog_checks/slurm/check.py @@ -316,18 +316,20 @@ def process_sdiag(self, output): self.gauge('sdiag.enabled', 1) def _update_sacct_params(self): + sacct_params = SACCT_PARAMS.copy() if self.last_run_time is not None: now = get_timestamp() delta = now - self.last_run_time start_time_param = f"--starttime=now-{int(delta)}seconds" - SACCT_PARAMS.append(start_time_param) + sacct_params = [param for param in sacct_params if not param.startswith('--starttime')] + sacct_params.append(start_time_param) + self.log.debug("Updating sacct command with new timestamp: %s", start_time_param) self.last_run_time = get_timestamp() # Update the sacct command with the dynamic SACCT_PARAMS - self.log.debug("Updating sacct command with new timestamp: %s", start_time_param) - self.sacct_cmd = self.get_slurm_command('sacct', SACCT_PARAMS) + self.sacct_cmd = self.get_slurm_command('sacct', sacct_params) def _process_sinfo_cpu_state(self, cpus_state, namespace, tags): # "0/2/0/2" diff --git a/slurm/datadog_checks/slurm/constants.py b/slurm/datadog_checks/slurm/constants.py index ce66074dfd5bf..f16453e7e9ae1 100644 --- a/slurm/datadog_checks/slurm/constants.py +++ b/slurm/datadog_checks/slurm/constants.py @@ -2,16 +2,16 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) SINFO_PARTITION_PARAMS = [ - "-hO", + "-ahO", "Partition:|,NodeList:|,CPUs:|,Available:|,Memory:|,Cluster:|,NodeAIOT:|,StateLong:|,Nodes:", ] -SINFO_NODE_PARAMS = ["-hNO", "PartitionName:|,Available:|,NodeList:|,NodeAIOT:|,Memory:|,Cluster:"] +SINFO_NODE_PARAMS = ["-haNO", "PartitionName:|,Available:|,NodeList:|,NodeAIOT:|,Memory:|,Cluster:"] SINFO_ADDITIONAL_NODE_PARAMS = "|,CPUsLoad:|,FreeMem:|,Disk:|,StateLong:|,Reason:|,features_act:|,Threads:" GPU_PARAMS = "|,Gres:|,GresUsed:" -SQUEUE_PARAMS = ["-ho", "%A|%u|%j|%T|%N|%C|%R|%m"] -SSHARE_PARAMS = ["-lnPU"] +SQUEUE_PARAMS = ["-aho", "%A|%u|%j|%T|%N|%C|%R|%m"] +SSHARE_PARAMS = ["-alnPU"] SACCT_PARAMS = [ - "-npo", + "-anpo", "JobID,JobName%40,Partition,Account,AllocCPUs,AllocTRES%40,Elapsed,CPUTimeRAW,MaxRSS,MaxVMSize,AveCPU,AveRSS,State,ExitCode,Start,End,NodeList", "--units=M", ] diff --git a/slurm/datadog_checks/slurm/data/conf.yaml.example b/slurm/datadog_checks/slurm/data/conf.yaml.example index ba70392dc413b..4dca4deafa818 100644 --- a/slurm/datadog_checks/slurm/data/conf.yaml.example +++ b/slurm/datadog_checks/slurm/data/conf.yaml.example @@ -99,7 +99,7 @@ instances: # # service: - ## @param min_collection_interval - number - optional - default: 15 + ## @param min_collection_interval - number - optional - default: 60 ## This changes the collection interval of the check. For more information, see: ## https://docs.datadoghq.com/developers/write_agent_check/#collection-interval ## @@ -126,3 +126,32 @@ instances: # - # exclude: # - + +## Log Section +## +## type - required - Type of log input source (tcp / udp / file / windows_event). +## port / path / channel_path - required - Set port if type is tcp or udp. +## Set path if type is file. +## Set channel_path if type is windows_event. +## source - required - Attribute that defines which integration sent the logs. +## encoding - optional - For file specifies the file encoding. Default is utf-8. Other +## possible values are utf-16-le and utf-16-be. +## service - optional - The name of the service that generates the log. +## Overrides any `service` defined in the `init_config` section. +## tags - optional - Add tags to the collected logs. +## +## Discover Datadog log collection: https://docs.datadoghq.com/logs/log_collection/ +# +# logs: +# - type: file +# path: /var/log/slurm/slurmd.log +# source: slurm +# service: slurm +# - type: file +# path: /var/log/slurm/slurmdbd.log +# source: slurm +# service: slurm +# - type: file +# path: /var/log/slurm/slurmctld.log +# source: slurm +# service: slurm diff --git a/slurm/manifest.json b/slurm/manifest.json index 937e87529c1a7..932d85ef4b6ef 100644 --- a/slurm/manifest.json +++ b/slurm/manifest.json @@ -15,6 +15,7 @@ "Supported OS::Linux", "Category::Automation", "Category::Metrics", + "Category::Log Collection", "Offering::Integration", "Submitted Data Type::Metrics" ] @@ -39,6 +40,9 @@ ], "metadata_path": "metadata.csv" }, + "process_signatures": [ + "slurmctld" + ], "service_checks": { "metadata_path": "assets/service_checks.json" } @@ -49,6 +53,9 @@ }, "dashboards": { "Slurm Overview": "assets/dashboards/slurm_overview.json" + }, + "saved_views": { + "Slurm Logs Overview": "assets/saved_views/slurm_overview.json" } }, "author": { diff --git a/slurm/pyproject.toml b/slurm/pyproject.toml index e1dc5880863bf..d24d3459029ae 100644 --- a/slurm/pyproject.toml +++ b/slurm/pyproject.toml @@ -29,7 +29,7 @@ classifiers = [ "Topic :: System :: Monitoring", ] dependencies = [ - "datadog-checks-base>=32.6.0", + "datadog-checks-base>=33.0.0", ] dynamic = [ "version", diff --git a/slurm/tests/test_unit.py b/slurm/tests/test_unit.py index 4c56ffcf0cd73..5562b4540db63 100644 --- a/slurm/tests/test_unit.py +++ b/slurm/tests/test_unit.py @@ -1,11 +1,13 @@ # (C) Datadog, Inc. 2024-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) +import time from unittest.mock import patch import pytest from datadog_checks.slurm import SlurmCheck +from datadog_checks.slurm.constants import SACCT_PARAMS from .common import ( DEFAULT_SINFO_PATH, @@ -50,6 +52,23 @@ def test_sinfo_command_params(collection_level, gpu_stats, expected_params, inst assert check.sinfo_partition_cmd == expected_params +def test_acct_command_params(instance): + # Mock the instance configuration + instance['collect_sacct_stats'] = True + + check = SlurmCheck('slurm', {}, [instance]) + base_cmd = ['/usr/bin/sacct'] + SACCT_PARAMS + + # Test to ensure that the sacct is being constructed correctly + loops = [0, 1, 2] + for loop in loops: + if loop > 0: + time.sleep(loop) + check._update_sacct_params() + expected_cmd = base_cmd + ([f'--starttime=now-{loop}seconds'] if loop > 0 else []) + assert check.sacct_cmd == expected_cmd + + @pytest.mark.parametrize( "expected_metrics, binary", [ diff --git a/snmp/CHANGELOG.md b/snmp/CHANGELOG.md index 518b1fc3a0ec3..9c4c2edd8dd7d 100644 --- a/snmp/CHANGELOG.md +++ b/snmp/CHANGELOG.md @@ -2,16 +2,18 @@ +## 9.1.0 / 2024-11-28 + +***Added***: + +* [NDMII-3147] update Cisco IP SLA metric tags and description. ([#19079](https://github.com/DataDog/integrations-core/pull/19079)) + ## 9.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 7.5.0 / 2024-09-05 ***Added***: @@ -37,7 +43,7 @@ ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 7.3.1 / 2024-06-05 / Agent 7.55.0 diff --git a/snmp/assets/dashboards/interface_performance.json b/snmp/assets/dashboards/interface_performance.json index e7228088ae2b8..138f85b5a2d5a 100644 --- a/snmp/assets/dashboards/interface_performance.json +++ b/snmp/assets/dashboards/interface_performance.json @@ -587,9 +587,9 @@ "cell_display_mode": ["bar"], "conditional_formats": [ { - "comparator": ">", - "palette": "white_on_yellow", - "value": 2 + "comparator": "<=", + "palette": "white_on_green", + "value": 1 }, { "comparator": "<=", @@ -598,8 +598,8 @@ }, { "comparator": "<=", - "palette": "white_on_green", - "value": 1 + "palette": "white_on_yellow", + "value": 3 } ], "q": "avg:snmp.ifAdminStatus{$snmp_host,$interface,$snmp_device} by {snmp_device,snmp_host,interface}", diff --git a/snmp/assets/service_checks.json b/snmp/assets/service_checks.json index 7611d3f115ed1..9a6b400cfbced 100644 --- a/snmp/assets/service_checks.json +++ b/snmp/assets/service_checks.json @@ -13,6 +13,6 @@ "snmp_device" ], "name": "Can check", - "description": "Returns `CRITICAL` if the Agent check is unable to collect metrics from SNMP, and `WARNING` if it partially works but metrics configuration is incorrect. Returns `OK` otherwise." + "description": "Returns `CRITICAL` if the Agent check is unable to collect SNMP metrics from the SNMP Agent, and `WARNING` if it partially works but metrics configuration is incorrect. Returns `OK` otherwise." } ] diff --git a/snmp/changelog.d/19079.added b/snmp/changelog.d/19079.added deleted file mode 100644 index 74814808c1f37..0000000000000 --- a/snmp/changelog.d/19079.added +++ /dev/null @@ -1 +0,0 @@ -[NDMII-3147] update Cisco IP SLA metric tags and description. diff --git a/snmp/datadog_checks/snmp/__about__.py b/snmp/datadog_checks/snmp/__about__.py index d028d71da95d0..29b2032fbf67a 100644 --- a/snmp/datadog_checks/snmp/__about__.py +++ b/snmp/datadog_checks/snmp/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '9.0.0' +__version__ = '9.1.0' diff --git a/snmp/datadog_checks/snmp/data/default_profiles/citrix-netscaler-sdx.yaml b/snmp/datadog_checks/snmp/data/default_profiles/citrix-netscaler-sdx.yaml index 6ad6d08b851d6..3c07be1426600 100644 --- a/snmp/datadog_checks/snmp/data/default_profiles/citrix-netscaler-sdx.yaml +++ b/snmp/datadog_checks/snmp/data/default_profiles/citrix-netscaler-sdx.yaml @@ -302,7 +302,8 @@ metric_tags: 25: l2vpn - OID: 1.3.6.1.4.1.5951.6.2.5.0 symbol: systemSvmIPAddress - format: ip_address + # TODO update this to the modern syntax that supports format + # format: ip_address tag: netscaler_sdx_system_svm_ip_address - OID: 1.3.6.1.4.1.5951.6.2.6.0 symbol: systemXenIPAddressType @@ -317,7 +318,7 @@ metric_tags: 25: l2vpn - OID: 1.3.6.1.4.1.5951.6.2.7.0 symbol: systemXenIPAddress - format: ip_address + # format: ip_address tag: netscaler_sdx_system_xen_ip_address - OID: 1.3.6.1.4.1.5951.6.2.8.0 symbol: systemNetmaskType @@ -332,7 +333,7 @@ metric_tags: 25: l2vpn - OID: 1.3.6.1.4.1.5951.6.2.9.0 symbol: systemNetmask - format: ip_address + # format: ip_address tag: netscaler_sdx_system_netmask - OID: 1.3.6.1.4.1.5951.6.2.10.0 symbol: systemGatewayType @@ -347,7 +348,7 @@ metric_tags: 25: l2vpn - OID: 1.3.6.1.4.1.5951.6.2.11.0 symbol: systemGateway - format: ip_address + # format: ip_address tag: netscaler_sdx_system_gateway - OID: 1.3.6.1.4.1.5951.6.2.12.0 symbol: systemNetworkInterface diff --git a/snmp/metadata.csv b/snmp/metadata.csv index d8d924476d837..1931558493c59 100644 --- a/snmp/metadata.csv +++ b/snmp/metadata.csv @@ -988,35 +988,35 @@ snmp.ibm.imm.systemHealthSummary,gauge,,,,"[IMM-MIB] Table of System Health summ snmp.ibm.imm.systemMemoryVpd,gauge,,,,"[IMM-MIB] Table of the system Memory VPD information. View as a table and not as individual entries for consistent results. (Make 'sum by {X}' queries to count elements with the tag X.)",0,snmp,, snmp.ibm.imm.tempReading,gauge,,,,"[IMM-MIB] The measured temperature.",0,snmp,, snmp.ibm.imm.voltReading,gauge,,,,"[IMM-MIB] The measured voltage.",0,snmp,, -snmp.ifAdminStatus,gauge,,,,[Generic router] [F5 BIG-IP] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The desired state of the interface.,0,snmp,, +snmp.ifAdminStatus,gauge,,,,[Generic router] [F5 BIG-IP] The desired state of the interface.,0,snmp,, snmp.ifBandwidthInUsage.rate,gauge,,percent,,"[Generic router] The percent rate of used received bandwidth.",0,snmp,, snmp.ifBandwidthOutUsage.rate,gauge,,percent,,"[Generic router] The percent rate of used sent bandwidth.",0,snmp,, -snmp.ifHCInBroadcastPkts,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of packets delivered by this sub-layer to a higher (sub-)layer that were addressed to a broadcast address at this sub-layer.,0,snmp,, -snmp.ifHCInMulticastPkts,count,,packet,,[Generic router] [F5 BIG-IP] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of packets delivered by this sub-layer to a higher (sub-)layer which were addressed to a multicast address at this sub-layer.,0,snmp,, -snmp.ifHCInOctets,count,,byte,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of octets received on the interface including framing characters.,0,snmp,, -snmp.ifHCInOctets.rate,gauge,,byte,second,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of octets received on the interface including framing characters.,0,snmp,, -snmp.ifHCInUcastPkts,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of packets delivered by this sub-layer to a higher (sub-)layer that were not addressed to a multicast or broadcast address at this sub-layer.,0,snmp,, -snmp.ifHCOutBroadcastPkts,count,,packet,,"[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of packets that higher-level protocols requested be transmitted that were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent.",0,snmp,, -snmp.ifHCOutMulticastPkts,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of packets that higher-level protocols requested be transmitted that were addressed to a multicast address at this sub-layer including those that were discarded or not sent.,0,snmp,, -snmp.ifHCOutOctets,count,,byte,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of octets transmitted out of the interface including framing characters.,0,snmp,, -snmp.ifHCOutOctets.rate,gauge,,byte,second,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of octets transmitted out of the interface including framing characters.,0,snmp,, -snmp.ifHCOutUcastPkts,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The total number of packets higher-level protocols requested be transmitted that were not addressed to a multicast or broadcast address at this sub-layer including those that were discarded or not sent.,0,snmp,, +snmp.ifHCInBroadcastPkts,count,,packet,,[Generic router] The number of packets delivered by this sub-layer to a higher (sub-)layer that were addressed to a broadcast address at this sub-layer.,0,snmp,, +snmp.ifHCInMulticastPkts,count,,packet,,[Generic router] [F5 BIG-IP] The number of packets delivered by this sub-layer to a higher (sub-)layer which were addressed to a multicast address at this sub-layer.,0,snmp,, +snmp.ifHCInOctets,count,,byte,,[Generic router] The total number of octets received on the interface including framing characters.,0,snmp,, +snmp.ifHCInOctets.rate,gauge,,byte_in_bits_family,second,[Generic router] The inbound data rate on the interface including framing characters.,0,snmp,, +snmp.ifHCInUcastPkts,count,,packet,,[Generic router] The number of packets delivered by this sub-layer to a higher (sub-)layer that were not addressed to a multicast or broadcast address at this sub-layer.,0,snmp,, +snmp.ifHCOutBroadcastPkts,count,,packet,,"[Generic device] The total number of packets that higher-level protocols requested be transmitted that were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent.",0,snmp,, +snmp.ifHCOutMulticastPkts,count,,packet,,[Generic device] The total number of packets that higher-level protocols requested be transmitted that were addressed to a multicast address at this sub-layer including those that were discarded or not sent.,0,snmp,, +snmp.ifHCOutOctets,count,,byte,,[Generic device] The total number of octets transmitted out of the interface including framing characters.,0,snmp,, +snmp.ifHCOutOctets.rate,gauge,,byte_in_bits_family,second,[Generic device] The outbound data rate on the interface including framing characters.,0,snmp,, +snmp.ifHCOutUcastPkts,count,,packet,,[Generic device] The total number of packets higher-level protocols requested be transmitted that were not addressed to a multicast or broadcast address at this sub-layer including those that were discarded or not sent.,0,snmp,, snmp.ifHighInOctets,count,,byte,,"[NetApp] The total number of bytes received on the interface, including framing characters.",0,snmp,, -snmp.ifHighInOctets.rate,gauge,,byte,second,"[NetApp] The number bytes per second received on the interface, including framing characters.",0,snmp,, -snmp.ifHighSpeed,gauge,,,,"[Generic router] An estimate of the interface's current bandwidth in units of 1,000,000 bits per second, or the nominal bandwidth.",0,snmp,, -snmp.ifInDiscards,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of inbound packets chosen to be discarded even though no errors had been detected to prevent them being deliverable to a higher-layer protocol.,0,snmp,, -snmp.ifInDiscards.rate,gauge,,packet,second,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of inbound packets chosen to be discarded even though no errors had been detected to prevent them being deliverable to a higher-layer protocol.,0,snmp,, -snmp.ifInErrors,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus][Cisco ASA 5525] [F5 BIG-IP] The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.,0,snmp,, -snmp.ifInErrors.rate,gauge,,packet,second,[Generic router] [Cisco c3850] [Cisco Nexus][Cisco ASA 5525] [F5 BIG-IP] The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.,0,snmp,, -snmp.ifInSpeed,gauge,,,,"[Generic router] An estimate of the interface's current inbound bandwidth in bits per second.",0,snmp,, +snmp.ifHighInOctets.rate,gauge,,byte_in_bits_family,second,"[Generic device] The inbound data rate on the interface, including framing characters.",0,snmp,, +snmp.ifHighSpeed,gauge,,megabit,,"[Generic device] An estimate of the interface's current bandwidth in units of 1,000,000 bits per second, or the nominal bandwidth.",0,snmp,, +snmp.ifInDiscards,count,,packet,,[Generic device] The number of inbound packets chosen to be discarded even though no errors had been detected to prevent them being deliverable to a higher-layer protocol.,0,snmp,, +snmp.ifInDiscards.rate,gauge,,packet,second,[Generic device] The number of inbound packets chosen to be discarded even though no errors had been detected to prevent them being deliverable to a higher-layer protocol.,0,snmp,, +snmp.ifInErrors,count,,packet,,[Generic router] The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.,0,snmp,, +snmp.ifInErrors.rate,gauge,,packet,second,[Generic router] The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.,0,snmp,, +snmp.ifInSpeed,gauge,,bit_in_bits_family,,"[Generic router] An estimate of the interface's current inbound bandwidth in bits per second.",0,snmp,, snmp.ifNumber,gauge,,,,[Generic router] The number of network interfaces (regardless of their current state) present on this system.,0,snmp,, -snmp.ifOperStatus,gauge,,,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The current operational state of the interface.,0,snmp,, -snmp.ifOutDiscards,count,,packet,,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of outbound packets chosen to be discarded even though no errors had been detected to prevent them being transmitted.,0,snmp,, -snmp.ifOutDiscards.rate,gauge,,packet,second,[Generic router] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of outbound packets chosen to be discarded even though no errors had been detected to prevent them being transmitted.,0,snmp,, -snmp.ifOutErrors,count,,packet,,[Generic router] [F5 BIG-IP] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of outbound packets that could not be transmitted because of errors.,0,snmp,, -snmp.ifOutErrors.rate,gauge,,packet,second,[Generic router] [F5 BIG-IP] [Cisco c3850] [Cisco Nexus] [Cisco ASA 5525] The number of outbound packets that could not be transmitted because of errors.,0,snmp,, -snmp.ifOutSpeed,gauge,,,,"[Generic router] An estimate of the interface's current outbound bandwidth in bits per second.",0,snmp,, -snmp.ifSpeed,gauge,,,,"[Generic router] An estimate of the interface's current bandwidth in bits per second, or the nominal bandwidth.",0,snmp,, +snmp.ifOperStatus,gauge,,,,[Generic router] The current operational state of the interface.,0,snmp,, +snmp.ifOutDiscards,count,,packet,,[Generic router] The number of outbound packets chosen to be discarded even though no errors had been detected to prevent them being transmitted.,0,snmp,, +snmp.ifOutDiscards.rate,gauge,,packet,second,[Generic router] The number of outbound packets chosen to be discarded even though no errors had been detected to prevent them being transmitted.,0,snmp,, +snmp.ifOutErrors,count,,packet,,[Generic router] The number of outbound packets that could not be transmitted because of errors.,0,snmp,, +snmp.ifOutErrors.rate,gauge,,packet,second,[Generic router] The number of outbound packets that could not be transmitted because of errors.,0,snmp,, +snmp.ifOutSpeed,gauge,,bit_in_bits_family,,"[Generic router] An estimate of the interface's current outbound bandwidth in bits per second.",0,snmp,, +snmp.ifSpeed,gauge,,bit_in_bits_family,,"[Generic router] An estimate of the interface's current bandwidth in bits per second, or the nominal bandwidth.",0,snmp,, snmp.ifsTotalBytes,gauge,,byte,,[Isilon] The total cluster capacity of the /ifs filesystem in bytes.,0,snmp,, snmp.ifsUsedBytes,gauge,,byte,,[Isilon] The number of bytes used in the /ifs filesystem.,0,snmp,, snmp.interface.status,gauge,,,,"For each interface of each monitored network device, this metric reports always 1 with the admin_status and oper_status as tags, as long as a 'combined' status that can be used for monitors.",0,snmp,, diff --git a/snowflake/CHANGELOG.md b/snowflake/CHANGELOG.md index 8aa76fe5925a0..def3fc861a5a8 100644 --- a/snowflake/CHANGELOG.md +++ b/snowflake/CHANGELOG.md @@ -2,16 +2,18 @@ +## 7.1.0 / 2024-11-28 + +***Added***: + +* Upgrade `snowflake-connector-python` to 3.12.3 ([#19010](https://github.com/DataDog/integrations-core/pull/19010)) + ## 7.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.9.0 / 2024-09-05 ***Added***: @@ -32,7 +38,7 @@ ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 5.7.0 / 2024-07-05 / Agent 7.56.0 diff --git a/snowflake/changelog.d/19010.added b/snowflake/changelog.d/19010.added deleted file mode 100644 index dc4809c026413..0000000000000 --- a/snowflake/changelog.d/19010.added +++ /dev/null @@ -1 +0,0 @@ -Upgrade `snowflake-connector-python` to 3.12.3 \ No newline at end of file diff --git a/snowflake/datadog_checks/snowflake/__about__.py b/snowflake/datadog_checks/snowflake/__about__.py index 7d1ab144cf5b2..1440196a477c0 100644 --- a/snowflake/datadog_checks/snowflake/__about__.py +++ b/snowflake/datadog_checks/snowflake/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2020-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '7.0.0' +__version__ = '7.1.0' diff --git a/solr/CHANGELOG.md b/solr/CHANGELOG.md index ff2ae7a629cde..cc506ca03655c 100644 --- a/solr/CHANGELOG.md +++ b/solr/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.13.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/solr/tests/docker/docker-compose.yml b/solr/tests/docker/docker-compose.yml index 2e6707f467daa..6847945b5faae 100644 --- a/solr/tests/docker/docker-compose.yml +++ b/solr/tests/docker/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3' services: solr: build: diff --git a/sonarqube/CHANGELOG.md b/sonarqube/CHANGELOG.md index af1606963c974..6ac541b49131e 100644 --- a/sonarqube/CHANGELOG.md +++ b/sonarqube/CHANGELOG.md @@ -2,16 +2,18 @@ +## 5.1.0 / 2024-11-28 + +***Added***: + +* Add `MAX_PAGES` to Sonarqube API request ([#19149](https://github.com/DataDog/integrations-core/pull/19149)) + ## 5.0.0 / 2024-10-04 / Agent 7.59.0 ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.2 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/sonarqube/datadog_checks/sonarqube/__about__.py b/sonarqube/datadog_checks/sonarqube/__about__.py index 1fda5ed1ca206..591962e51d2ac 100644 --- a/sonarqube/datadog_checks/sonarqube/__about__.py +++ b/sonarqube/datadog_checks/sonarqube/__about__.py @@ -1,4 +1,4 @@ # (C) Datadog, Inc. 2020-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '5.0.0' +__version__ = '5.1.0' diff --git a/sonarqube/datadog_checks/sonarqube/check.py b/sonarqube/datadog_checks/sonarqube/check.py index 1249d2bed7af2..77c4cc665bda2 100644 --- a/sonarqube/datadog_checks/sonarqube/check.py +++ b/sonarqube/datadog_checks/sonarqube/check.py @@ -7,7 +7,7 @@ from datadog_checks.base import AgentCheck, ConfigurationError -from .constants import CATEGORIES, NUMERIC_TYPES +from .constants import CATEGORIES, MAX_PAGES, NUMERIC_TYPES class SonarqubeCheck(AgentCheck): @@ -111,7 +111,7 @@ def discover_available_metrics(self): page = 1 seen = 0 total = -1 - while seen != total: + while seen != total and page <= MAX_PAGES: response = self.http.get('{}/api/metrics/search'.format(self._web_endpoint), params={'p': page}) response.raise_for_status() self.log.debug('/api/metrics/search response: %s', response.json()) @@ -136,7 +136,7 @@ def discover_available_components(self): page = 1 seen = 0 total = -1 - while seen != total: + while seen != total and page <= MAX_PAGES: response = self.http.get( '{}/api/components/search'.format(self._web_endpoint), params={'qualifiers': 'TRK', 'p': page} ) diff --git a/sonarqube/datadog_checks/sonarqube/constants.py b/sonarqube/datadog_checks/sonarqube/constants.py index 7d6fa0bacbc27..b142694889808 100644 --- a/sonarqube/datadog_checks/sonarqube/constants.py +++ b/sonarqube/datadog_checks/sonarqube/constants.py @@ -5,6 +5,8 @@ # /api/metrics/types NUMERIC_TYPES = {'BOOL', 'FLOAT', 'INT', 'PERCENT', 'RATING'} +MAX_PAGES = 100 + # All `domain` attributes found in: /api/metrics/search CATEGORIES = { 'Complexity': 'complexity', diff --git a/sonarqube/tests/docker/docker-compose.yaml b/sonarqube/tests/docker/docker-compose.yaml index b99a66e7d4e16..f608b1847be5a 100644 --- a/sonarqube/tests/docker/docker-compose.yaml +++ b/sonarqube/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.8' - services: sonarqube: container_name: sonarqube diff --git a/sonicwall_firewall/CHANGELOG.md b/sonicwall_firewall/CHANGELOG.md new file mode 100644 index 0000000000000..2720565e415a1 --- /dev/null +++ b/sonicwall_firewall/CHANGELOG.md @@ -0,0 +1,9 @@ +# CHANGELOG - sonicwall_firewall + + + +## 1.0.0 / 2024-11-28 + +***Added***: + +* Initial Release ([#18667](https://github.com/DataDog/integrations-core/pull/18667)) diff --git a/sonicwall_firewall/README.md b/sonicwall_firewall/README.md new file mode 100644 index 0000000000000..69db0a1146b14 --- /dev/null +++ b/sonicwall_firewall/README.md @@ -0,0 +1,144 @@ +## Overview + +[SonicWall Firewall][1] is a network security solution designed to protect organizations from a wide range of cyber threats. It offers advanced security features, high performance, and scalability, making it suitable for businesses of all sizes. SonicWall Firewall is known for its ability to provide real-time protection against emerging threats, while ensuring secure and efficient network traffic management. + +This integration provides enrichment and visualization for all log types shared by SonicWall Firewall over syslog. Detailed insights into the logs received by syslog are visualized in out-of-the-box dashboards and detection rules. + + +## Setup + +### Installation + +To install the SonicWall Firewall integration, run the following Linux command to install the Agent. + +**Note**: This step is not necessary for Agent version >= 7.58.0. + + ```shell + sudo -u dd-agent -- datadog-agent integration install datadog-sonicwall-firewall==1.0.0 + ``` + +For more information, see the [Integration Management][2] documentation. + +### Configuration + +#### Log Collection + +1. Logs collection is disabled by default in the Datadog Agent. Enable it in the `datadog.yaml` file: + ```yaml + logs_enabled: true + ``` + +2. Add this configuration block to your `sonicwall_firewall.d/conf.yaml` file to start collecting your SonicWall Firewall logs: + + ```yaml + logs: + - type: udp + port: + source: sonicwall-firewall + ``` + + See the [sample sonicwall_firewall.d/conf.yaml][3] for available configuration options. + + **NOTE**: Configure a [syslog server][8] on a SonicWall Firewall with ``. + + Configure a Syslog Server in your firewall using the following options: + + - **Name or IP Address**: The address of the Datadog Agent running this integration. + - **Port**: The Syslog port (UDP) configured in this integration. + - **Server Type**: Syslog Server. + - **Syslog Format**: Enhanced Syslog. + - **Syslog ID**: Change this default (firewall) if you need to differentiate between multiple firewalls. + + Set the default time as UTC: + + - In **Device** > **Log** > **Syslog**, select the **Syslog Settings** tab, and then enable **Display Syslog Timestamp in UTC**. Click **Accept** to set the time to UTC. + + Additional Configuration: + + - In **Device** > **Log** > **Settings**, you can select the **Logging Level** and **Alert Level** to get different kind of logs. + +3. [Restart the Agent][4]. + +#### Specify a time zone other than UTC in the SonicWall Firewall and Datadog log pipeline +Datadog expects all logs to be in UTC time zone by default. If the time zone of your SonicWall Firewall logs is not in UTC, specify the correct time zone in the SonicWall Firewall Datadog pipeline. + +To change the time zone for the SonicWall Firewall pipeline: + +1. Navigate to the [**Pipelines** page][10] in the Datadog app. + +2. Enter `SonicWall Firewall` in the **Filter Pipelines** search box. + +3. Hover over the SonicWall Firewall pipeline and click **clone**. This creates an editable clone of the SonicWall Firewall pipeline. + +4. Edit the Grok Parser using the below steps: + + - In the cloned pipeline, find the processor with the name **Grok Parser: Parsing Sonicwall FireWall time**. Hover over the pipelines and click **Edit**. + - Under **Define parsing rules**: + - Modify the rule and provide the [TZ identifier][9] of the time zone of your SonicWall Firewall server. For example, if your time zone is IST, replace `' z'` with `Asia/Calcutta`. + - For example, if this is the existing rule: + + ```shell + rule %{date("yyyy-MM-dd HH:mm:ss z"):timestamp} + ``` + + The modified rule for IST timezone is: + + ```shell + rule %{date("yyyy-MM-dd HH:mm:ss", "Asia/Calcutta"):timestamp} + ``` + + - To update the existing log sample, under **log samples**: + - Remove UTC from the existing value. + - For example, if the existing value is: + + ```shell + 2024-09-11 06:30:00 UTC + ``` + + The updated value is: + ```shell + 2024-09-11 06:30:00 + ``` + + - Click **Update**. + +### Validation + +[Run the Agent's status subcommand][5] and look for `sonicwall_firewall` under the Checks section. + +## Data Collected + +### Logs + +| Format | Log Types | +| -------------------- | -------------- | +| CEF (Enhanced Syslog) | All | + +### Metrics + +The SonicWall Firewall integration does not include any metrics. + +### Events + +The SonicWall Firewall integration does not include any events. + +### Service Checks + +The SonicWall Firewall integration does not include any service checks. + +See [service_checks.json][6] for a list of service checks provided by this integration. + +## Troubleshooting + +Need help? Contact [Datadog support][7]. + +[1]: https://www.sonicwall.com/ +[2]: https://docs.datadoghq.com/agent/guide/integration-management/?tab=linux#install +[3]: https://github.com/DataDog/integrations-core/blob/master/sonicwall_firewall/datadog_checks/sonicwall_firewall/data/conf.yaml.example +[4]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent +[5]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information +[6]: https://github.com/DataDog/integrations-core/blob/master/sonicwall_firewall/assets/service_checks.json +[7]: https://docs.datadoghq.com/help/ +[8]: https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-syslog-server-on-a-sonicwall-firewall/170505984096810 +[9]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +[10]: https://app.datadoghq.com/logs/pipelines \ No newline at end of file diff --git a/sonicwall_firewall/assets/configuration/spec.yaml b/sonicwall_firewall/assets/configuration/spec.yaml new file mode 100644 index 0000000000000..3d856595ae176 --- /dev/null +++ b/sonicwall_firewall/assets/configuration/spec.yaml @@ -0,0 +1,9 @@ +name: Sonicwall Firewall +files: +- name: sonicwall_firewall.yaml + options: + - template: logs + example: + - type: udp + port: + source: sonicwall-firewall \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_and_firewall_settings.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_and_firewall_settings.json new file mode 100644 index 0000000000000..f06c67710f896 --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_and_firewall_settings.json @@ -0,0 +1,2267 @@ +{ + "title": "SonicWall Firewall - Firewall and Firewall Settings", + "description": "This dashboard provides information about the Firewall and Firewall Settings logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 4833912692213916, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "fill", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 6474031660100888, + "definition": { + "type": "note", + "content": "## Overview\n- This dashboard provides insights on Firewall and Firewall Setting logs.\n- Firewall logs include logs related to the application firewall and security policies.\n- Firewall Settings include logs for flood attacks, FTP, multicast, and so on.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 5434029847646360, + "definition": { + "title": "Total Firewall and Firewall Setting Events", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1 + query2" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 7934632057937744, + "definition": { + "title": "Firewall", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1167223602419404, + "definition": { + "title": "Total Firewall Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 6611262893718014, + "definition": { + "title": "Total Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 2297698014849254, + "definition": { + "title": "Total Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.name" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 7533191783518090, + "definition": { + "title": "Total Packets sent", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@packets.sent" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 @packets.sent:* $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 7198148959714938, + "definition": { + "title": "Total Packets Received", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@packets.received" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 @packets.received:* $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 8754231207549794, + "definition": { + "title": "Total Number of Access Rules Added", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 @message_id:440 $Priority" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 3, + "width": 3, + "height": 2 + } + }, + { + "id": 3419154176130290, + "definition": { + "title": "Total Number of Access Rules Deleted", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:10 @message_id:442 $Priority" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 3, + "width": 3, + "height": 2 + } + }, + { + "id": 1606249805344334, + "definition": { + "title": "Top Source IP: Packet Drops Due to Connection Limit", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 @message_id:646 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 5 + } + }, + { + "id": 235694157862864, + "definition": { + "title": "Top Destination IP: Packet Drops Due to Connection Limit", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.destination.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 @message_id:647 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 5 + } + }, + { + "id": 2062049705340546, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 4, + "height": 5 + } + }, + { + "id": 8686701834292638, + "definition": { + "title": "Top Source IP Address", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 10, + "width": 4, + "height": 5 + } + }, + { + "id": 3372186675592498, + "definition": { + "title": "Top Destination IP Address", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.destination.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 10, + "width": 4, + "height": 5 + } + }, + { + "id": 3714085291657584, + "definition": { + "title": "Most Frequent Firewall Events", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 6, + "height": 5 + } + }, + { + "id": 2261673629320976, + "definition": { + "title": "Least Frequent Firewall Events", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:10 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 5 + } + }, + { + "id": 485548115769722, + "definition": { + "title": "Firewall Event Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:10 $Priority", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 25, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 26 + } + }, + { + "id": 7397744810214092, + "definition": { + "title": "Firewall Settings", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7876237395425272, + "definition": { + "title": "Total Firewall Setting Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 6680829159388702, + "definition": { + "title": "Total Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 7321033156261620, + "definition": { + "title": "Total Bytes Sent", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@bytes.sent" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @bytes.sent:* @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 4161990616712864, + "definition": { + "title": "Events by Firewall Action", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@firewall.action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @firewall.action:* $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 2, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 2760824977893310, + "definition": { + "title": "Events by Protocol", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@protocol", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 7, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 3343853043498544, + "definition": { + "title": "Total Bytes Received", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@bytes.received" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @bytes.received:* @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 5, + "width": 2, + "height": 2 + } + }, + { + "id": 8046482038914724, + "definition": { + "title": "Flood Attack Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Possible SYN Flood", + "style": { + "palette": "classic", + "palette_index": 0 + }, + "formula": "query1" + }, + { + "alias": "UDP Flood Detected", + "style": { + "palette": "green", + "palette_index": 0 + }, + "formula": "query2" + }, + { + "alias": "ICMP Flood Detected", + "style": { + "palette": "warm", + "palette_index": 0 + }, + "formula": "query3" + }, + { + "alias": "UDPv6 Flood Detected", + "style": { + "palette": "dd20", + "palette_index": 17 + }, + "formula": "query4" + }, + { + "alias": " ICMPv6 Flood Detected", + "style": { + "palette": "dd20", + "palette_index": 8 + }, + "formula": "query5" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:25 $Priority" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:1213 $Priority" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query3", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:1214 $Priority" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query4", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:1450 $Priority" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query5", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:1451 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 3904888047203856, + "definition": { + "title": "Multicast UDP Packets Dropped Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "style": { + "palette": "dd20", + "palette_index": 8 + }, + "alias": "UDP Packet Drop", + "formula": "query5" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query5", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:690 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 7482341609960826, + "definition": { + "title": "Top Blacklisted Machines from SYN Flood", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_value", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:864 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ec5555" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7954420214642426, + "definition": { + "title": "Top Blacklisted Machines from TCP Flood", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_value", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:1366 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ec5555" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 575735788407754, + "definition": { + "title": "Top Blacklisted Machines from RST Flood", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_value", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:898 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ec5555" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 6, + "height": 4 + } + }, + { + "id": 7543246436641174, + "definition": { + "title": "Top Blacklisted Machines from FIN Flood", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_value", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:901 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ec5555" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 4 + } + }, + { + "id": 763526985321184, + "definition": { + "title": "Top FTP Port Bounce Attack", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.port", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:527 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ec5555" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 19, + "width": 6, + "height": 4 + } + }, + { + "id": 8072286388351558, + "definition": { + "title": "Failed Login By FTP Client User", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 @message_id:1115 $Priority" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 19, + "width": 6, + "height": 4 + } + }, + { + "id": 3060590714012642, + "definition": { + "title": "Most Frequent Firewall Setting Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 23, + "width": 6, + "height": 5 + } + }, + { + "id": 4792726739355370, + "definition": { + "title": "Least Frequent Firewall Setting Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:5 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 23, + "width": 6, + "height": 5 + } + }, + { + "id": 3726871121306290, + "definition": { + "title": "Firewall Setting Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:5 $Priority", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@bytes.sent", + "width": "auto" + }, + { + "field": "@bytes.received", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 28, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 29, + "width": 12, + "height": 34 + } + } + ], + "template_variables": [ + { + "name": "Priority", + "prefix": "@priority", + "available_values": [ + "Alert", + "Info", + "Notice", + "normal" + ], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_anti_spam.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_anti_spam.json new file mode 100644 index 0000000000000..83fcdd704faac --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_anti_spam.json @@ -0,0 +1,638 @@ +{ + "title": "SonicWall Firewall - Anti-Spam", + "description": "This dashboard provides information about the Firewall Anti-Spam logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 580203364676372, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 25814084312524, + "definition": { + "type": "note", + "content": "## Overview\n- This dashboard provides insights on Anti-Spam logs.\n- SonicWall's logs for Anti-Spam categories include information on emails flagged as spam, actions taken (such as blocking or quarantining), source and destination IPs, email addresses, and the categories of spam identified.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 6404712839745130, + "definition": { + "title": "Total Anti-Spam Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:14 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 8315856489152810, + "definition": { + "title": "Total Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:14 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 7192538660853662, + "definition": { + "title": "Total Disabled Anti-Spam Services", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:14 @message_id:1085 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#9e9a9a" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 2 + } + }, + { + "id": 8979897882829710, + "definition": { + "title": "Total Enabled Anti-Spam Services", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:14 @message_id:1084 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#cfefaf" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 5, + "width": 4, + "height": 2 + } + }, + { + "id": 8503888150541206, + "definition": { + "title": "Top Client IP for SHLO Replay Attack", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_value", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:14 @message_id:1378 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 5 + } + }, + { + "id": 2593064471869400, + "definition": { + "title": "Dropped Inbound vs Outbound Server Connections Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Dropped Outbound Connections", + "style": { + "palette": "dd20", + "palette_index": 4 + }, + "formula": "query1" + }, + { + "alias": "Dropped Inbound Connections", + "style": { + "palette": "dd20", + "palette_index": 0 + }, + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:14 @message_id:1091 $Priority" + }, + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:14 @message_id:1092 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 7, + "width": 8, + "height": 5 + } + }, + { + "id": 502696036174550, + "definition": { + "title": "Most Frequent Anti-Spam Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:14 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 6, + "height": 6 + } + }, + { + "id": 1685160324932570, + "definition": { + "title": "Least Frequent Anti-Spam Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:14 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 12, + "width": 6, + "height": 6 + } + }, + { + "id": 5727857748797350, + "definition": { + "title": "Anti-Spam Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:14 $Priority", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 18, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Priority", + "prefix": "@priority", + "available_values": [ + "Alert", + "Info", + "Notice", + "normal" + ], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_network.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_network.json new file mode 100644 index 0000000000000..6be7e1a187645 --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_network.json @@ -0,0 +1,3033 @@ +{ + "title": "SonicWall Firewall - Network", + "description": "This dashboard provides information about the Firewall Network logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 233156474771030, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 8907054059342398, + "definition": { + "type": "note", + "content": "## Overview\n- This dashboard provides insights on network logs.\n- Network logs displays network traffic details, threat detection, and system events related to network security.\n- The DHCP group tracks DHCP logs, including lease IP information and the total discovered, acknowledged and non-acknowledged packets.\n- L2TP tracks logs related to VPN connection attempts, successes, and failures. This group allows for detailed tracking of remote access activity.\n- The DNS group provides detailed monitoring of DNS traffic, helping to identify potential issues or malicious activity within the network.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 7908093788665670, + "definition": { + "title": "Network Log Overview", + "background_color": "pink", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2706021262645598, + "definition": { + "title": "Total Network Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Priority $Username" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 4701794583316034, + "definition": { + "title": "Network Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 3740196857749336, + "definition": { + "title": "Total Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.name" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 3 + } + }, + { + "id": 8501494248010598, + "definition": { + "title": "Total Connections Opened", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:98 $Priority $Username" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 3 + } + }, + { + "id": 7749815108871318, + "definition": { + "title": "Total Connections Closed", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:537 $Priority $Username" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 4, + "width": 3, + "height": 3 + } + }, + { + "id": 6454531767644170, + "definition": { + "title": "Total DNS Rebind Attacks Blocked", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1099 $Priority $Username" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 4, + "width": 3, + "height": 3 + } + }, + { + "id": 4508796143622880, + "definition": { + "title": "Total Bytes Sent", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@bytes.sent" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @bytes.sent:* @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 3, + "height": 3 + } + }, + { + "id": 1918310777919940, + "definition": { + "title": "Total Bytes Received", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@bytes.received" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @bytes.received:* @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 7, + "width": 3, + "height": 3 + } + }, + { + "id": 5577041863156784, + "definition": { + "title": "Events by Firewall Action", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@firewall.action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 -@firewall.action:NA $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 6 + } + }, + { + "id": 1290096158760532, + "definition": { + "title": "Total Packets sent", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@packets.sent" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @packets.sent:* $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 3, + "height": 3 + } + }, + { + "id": 7859779484604406, + "definition": { + "title": "Total Packets Received", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "sum", + "metric": "@packets.received" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @packets.received:* $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 10, + "width": 3, + "height": 3 + } + }, + { + "id": 7864063519032976, + "definition": { + "title": "Events by Protocol", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@protocol", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 13, + "width": 6, + "height": 5 + } + }, + { + "id": 1680082379305158, + "definition": { + "title": "Events by Session Type", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@session_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 13, + "width": 6, + "height": 5 + } + }, + { + "id": 268660645109168, + "definition": { + "title": "Top Blacklisted Devices that Triggered MAC-IP for Anti-Spoofing Event", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@source.mac", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1212 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 18, + "width": 6, + "height": 5 + } + }, + { + "id": 7540245450763978, + "definition": { + "title": "Top ARP Attack from MAC", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_value", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1316 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 18, + "width": 6, + "height": 5 + } + }, + { + "id": 3406745748182530, + "definition": { + "title": "Top Users ", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 23, + "width": 4, + "height": 5 + } + }, + { + "id": 7724091211756186, + "definition": { + "title": "Top 10 Source IP Address", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 23, + "width": 4, + "height": 5 + } + }, + { + "id": 1887341996462938, + "definition": { + "title": "Top 10 Destination IP Address", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.destination.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 23, + "width": 4, + "height": 5 + } + }, + { + "id": 1390972747299480, + "definition": { + "title": "Top Dropped ICMP Packets from LAN IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:175 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 28, + "width": 4, + "height": 5 + } + }, + { + "id": 709984537787234, + "definition": { + "title": "Top Dropped UDP Packets from LAN IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:174 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 4, + "y": 28, + "width": 4, + "height": 5 + } + }, + { + "id": 3690691549989920, + "definition": { + "title": "Top Denied TCP Connection from LAN IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:173 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 8, + "y": 28, + "width": 4, + "height": 5 + } + }, + { + "id": 8917181428320976, + "definition": { + "title": "Most Frequent Network Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 33, + "width": 6, + "height": 5 + } + }, + { + "id": 4948838090119164, + "definition": { + "title": "Least Frequent Network Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 33, + "width": 6, + "height": 5 + } + }, + { + "id": 1158656457152486, + "definition": { + "title": "Network Traffic Flow between Source and Destination IPs", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.client.port", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.destination.ip", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.destination.port", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 16, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 38, + "width": 12, + "height": 6 + } + }, + { + "id": 5831588153103046, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:6 $Priority $Username ", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@bytes.sent", + "width": "auto" + }, + { + "field": "@bytes.received", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 44, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 50 + } + }, + { + "id": 2287152769680994, + "definition": { + "title": "DHCP Details", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8070488988005900, + "definition": { + "title": "Total ACK Packets", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:111 $Priority $Username" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 6991554804843548, + "definition": { + "title": "Total NACK Packets", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:110 $Priority $Username" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 878841411040882, + "definition": { + "title": "Total Discover Packets", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:105 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 4802767918194872, + "definition": { + "title": "Offer Received Packets", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:107 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 1752421561809124, + "definition": { + "title": "Total Decline Packets", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:112 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 3079610861471568, + "definition": { + "title": "Total Release Packets", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:122 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 4347287429778440, + "definition": { + "title": "Total Request Packets", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:108 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 3554848821235848, + "definition": { + "title": "Total Request Failed Packets", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:109 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 5196385749415732, + "definition": { + "title": "Distribution of Event by MAC Address and Lease IPs", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@ip_address", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@MacAddress", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1110 $Priority $Username" + }, + "storage": "hot" + } + ], + "style": { + "palette": "classic" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + }, + { + "id": 53077950496442, + "definition": { + "title": "Network Events by DHCP Retrasmissions Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:[99 TO 104] $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + }, + { + "id": 8540651053931370, + "definition": { + "title": "DHCP Error Rate Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "style": { + "palette": "red" + }, + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Priority @message_id:(106 OR 109 OR 110 OR 588 OR 589) $Username" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + }, + { + "id": 1350983716353982, + "definition": { + "title": "Distribution of DHCP Client by Message Type", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@message_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Priority @message_type:* $Username" + }, + "storage": "hot" + } + ], + "style": { + "palette": "semantic" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 4 + } + }, + { + "id": 2574388351787808, + "definition": { + "title": "DHCP Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:6 @message_id:([99 TO 122] OR 588 OR 589) $Priority $Username", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "@source.mac", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 20, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 53, + "width": 12, + "height": 26 + } + }, + { + "id": 6611095338551036, + "definition": { + "title": "L2TP Details", + "background_color": "yellow", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7899992087466518, + "definition": { + "title": "Total L2TP Tunnel Start", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:201 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 535824004447916, + "definition": { + "title": "Total L2TP Tunnel Disconnect", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:205 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 3323288934917084, + "definition": { + "title": "Total L2TP PPP Up", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:210 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 7237355559651612, + "definition": { + "title": "Total L2TP PPP Down", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:211 $Username $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 8875454651292446, + "definition": { + "title": "L2TP Client Error Rate Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:(205 OR 207 OR 211 OR 212 OR 215 OR 217) $Username $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 2, + "width": 12, + "height": 4 + } + }, + { + "id": 7408790227359070, + "definition": { + "title": "L2TP Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:6 @message_id:(201 OR 202 (([204 TO 208] OR [210 TO 212] OR 215 OR 217))) $Priority $Username", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 79, + "width": 12, + "height": 12 + } + }, + { + "id": 5285226377982570, + "definition": { + "title": "DNS Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 280717929203222, + "definition": { + "title": "Total DNS Proxy Packet Send", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1481 $Priority $Username" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 2 + } + }, + { + "id": 4946151417278448, + "definition": { + "title": "Total DNS Proxy Packet Received", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1482 $Priority $Username" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 2 + } + }, + { + "id": 770812064818576, + "definition": { + "title": "Total DNS Proxy Request Packet Dropped", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1486 $Priority $Username" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 2 + } + }, + { + "id": 1210075182246724, + "definition": { + "title": "Send DNS Query Over TCP", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1536 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 4 + } + }, + { + "id": 1512530842469714, + "definition": { + "title": "Receive DNS Response Over TCP", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 @message_id:1537 $Priority $Username" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 2, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 91, + "width": 12, + "height": 7 + } + } + ], + "template_variables": [ + { + "name": "Priority", + "prefix": "@priority", + "available_values": [ + "Alert", + "Info", + "Notice", + "normal" + ], + "default": "*" + }, + { + "name": "Username", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_overview.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_overview.json new file mode 100644 index 0000000000000..3fab729dcb504 --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_overview.json @@ -0,0 +1,2773 @@ +{ + "title": "SonicWall Firewall - Overview", + "description": "This dashboard provides information about the Firewall Event logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 8458527877532824, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 5284002653708730, + "definition": { + "title": "Events Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 18076238485316, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "style": { + "palette": "classic", + "palette_index": 1 + }, + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 5377043751621836, + "definition": { + "title": "Total Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 3 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 1107075380441772, + "definition": { + "type": "note", + "content": "Gain comprehensive visibility into your organization's security and access activities by monitoring SonicWall Firewall Syslog Event logs with this dashboard. \n\nSonicWall Firewall Event logs consolidate all relevant details, actions, and outcomes into a single view, offering a detailed overview of security and access activities. They include information about each event, related systems and users, IP addresses, user activities, and authentication details. This helps security teams manage and track events from initiation to completion.\n\nFor more information, see the [SonicWall Firewall Integration Documentation](https://docs.datadoghq.com/integrations/https://docs.datadoghq.com/integrations/sonicwall_firewall)\n \n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 6567520681434358, + "definition": { + "title": "Total Network Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:6 $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 4325707377153974, + "definition": { + "title": "Total Firewall Settings Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:5 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 3628155683438958, + "definition": { + "title": "Total Firewall Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:10 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 2, + "height": 2 + } + }, + { + "id": 8860502955301880, + "definition": { + "title": "Total VPN Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:7 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 2, + "height": 2 + } + }, + { + "id": 8426220812978594, + "definition": { + "title": "Total System Events", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:1 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 10, + "y": 0, + "width": 2, + "height": 2 + } + }, + { + "id": 337389018476806, + "definition": { + "title": "Total SSL VPN Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:13 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 2688935062647582, + "definition": { + "title": "Total Anti-Spam Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:14 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 3, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 4953720279946734, + "definition": { + "title": "Total Security Services Events", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:3 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 7758889585753310, + "definition": { + "title": "Total User Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:4 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 2, + "width": 3, + "height": 2 + } + }, + { + "id": 1099190138910904, + "definition": { + "title": "Total Log Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:2 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 2, + "height": 2 + } + }, + { + "id": 5915465834761882, + "definition": { + "title": "Total High Availability Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:8 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 4, + "width": 3, + "height": 2 + } + }, + { + "id": 8831062421707048, + "definition": { + "title": "Total 3G/4G, Modem, and Module Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:9 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 5, + "y": 4, + "width": 4, + "height": 2 + } + }, + { + "id": 3602404895436472, + "definition": { + "title": "Total Multi-Tenancy Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:17 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 4, + "width": 3, + "height": 2 + } + }, + { + "id": 5543510326961556, + "definition": { + "title": "Total Wireless Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:11 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 2, + "height": 2 + } + }, + { + "id": 2931728886881966, + "definition": { + "title": "Total VoIP Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:12 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 4, + "y": 6, + "width": 2, + "height": 2 + } + }, + { + "id": 3052533428606714, + "definition": { + "title": "Total SD-WAN Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:16 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 6, + "width": 3, + "height": 2 + } + }, + { + "id": 7548131585296892, + "definition": { + "title": "Total WAN Acceleration Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category @gcat:15 $Protocol $Policy" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#dbdef5" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 9, + "y": 6, + "width": 3, + "height": 2 + } + }, + { + "id": 6014196362750106, + "definition": { + "title": "Event Details", + "background_color": "vivid_yellow", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5859274040535360, + "definition": { + "title": "Events by Group Category", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@group_category", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "datadog16", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + }, + { + "id": 3541796060443396, + "definition": { + "title": "Total Events by Priority Over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall $group_category $Protocol $Policy $Status_Code" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "datadog16", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 5 + } + }, + { + "id": 2124555786730858, + "definition": { + "title": "Top Reasons for Emergency Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @priority_level:0 $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#64040a" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 6 + } + }, + { + "id": 7452966560472968, + "definition": { + "title": "Top Reasons for Critical Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @priority_level:2 $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ca080a" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 6 + } + }, + { + "id": 1559914883608310, + "definition": { + "title": "Top Reasons for Error Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @priority_level:3 $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e3554c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "scaling": "absolute" + } + }, + "layout": { + "x": 0, + "y": 21, + "width": 12, + "height": 6 + } + }, + { + "id": 1485464074974592, + "definition": { + "title": "Events by Client GeoIP Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 27, + "width": 12, + "height": 5 + } + }, + { + "id": 8079259708855500, + "definition": { + "title": "Events by Destination GeoIP Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.destination.geoip.country.iso_code", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 32, + "width": 12, + "height": 5 + } + }, + { + "id": 8821394315910158, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:6 $Protocol $Policy $Status_Code $group_category", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 37, + "width": 12, + "height": 5 + } + }, + { + "id": 2583978706078884, + "definition": { + "title": "Firewall and Firewall Settings Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:(10 OR 5) $Protocol $Policy $Status_Code $group_category", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "@firewall.action", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 42, + "width": 12, + "height": 5 + } + }, + { + "id": 4622633524253352, + "definition": { + "title": "Security Services Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:3 $Protocol $Policy $Status_Code $group_category", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "@source.mac", + "width": "auto" + }, + { + "field": "@destination.mac", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 47, + "width": 12, + "height": 5 + } + }, + { + "id": 62591403664038, + "definition": { + "title": "User Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:4 $Protocol $Policy $Status_Code $group_category", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 52, + "width": 12, + "height": 5 + } + }, + { + "id": 5783820728004990, + "definition": { + "title": "VPN Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:7 $Protocol $Policy $Status_Code $group_category", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 57, + "width": 12, + "height": 5 + } + }, + { + "id": 7879620531460770, + "definition": { + "title": "Anti-Spam Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:14 $Protocol $Policy $Status_Code $group_category", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 62, + "width": 12, + "height": 5 + } + }, + { + "id": 5854774752792234, + "definition": { + "title": "Other Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall -@gcat:(6 OR 7 OR 4 OR 3 OR 10 OR 14 OR 5 OR 10) $Protocol $Policy $Status_Code $group_category ", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 67, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 73 + } + }, + { + "id": 709709392822540, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2830819343474136, + "definition": { + "type": "note", + "content": "\nDatadog Cloud SIEM analyzes and correlates SonicWall Firewall Event logs to detect threats to your environment in real time. If you don't see any signals, make sure you've enabled [Datadog Cloud SIEM](/security?query=source%3Asonicwall-firewall). ", + "background_color": "vivid_blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 5058159142468256, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "status:critical source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 5137012693538520, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "status:medium source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 2608076811338498, + "definition": { + "title": "Critical Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "status:critical source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [], + "style": {} + }, + "layout": { + "x": 4, + "y": 1, + "width": 8, + "height": 4 + } + }, + { + "id": 1596600360112748, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "status:high source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 2042937019218648, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#ffb52b", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "status:low source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 8748609943471182, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#84c1e0", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "status:info source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 7820565410491022, + "definition": { + "title": "High Severity Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "status:high source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [], + "style": {} + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 3620809096696840, + "definition": { + "title": "Medium Severity Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "status:medium source:sonicwall-firewall $Status_Code $group_category $Protocol $Policy" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [], + "style": {} + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 89, + "width": 12, + "height": 10 + } + } + ], + "template_variables": [ + { + "name": "Status_Code", + "prefix": "@http.status_code", + "available_values": [], + "default": "*" + }, + { + "name": "Protocol", + "prefix": "@protocol", + "available_values": [ + "tcp", + "udp", + "igmp", + "icmp" + ], + "default": "*" + }, + { + "name": "group_category", + "prefix": "@group_category", + "available_values": [], + "default": "*" + }, + { + "name": "Policy", + "prefix": "@app.policy.type", + "available_values": [ + "CFS", + "IPS Content", + "POP3", + "PolicyType2" + ], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_security_services.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_security_services.json new file mode 100644 index 0000000000000..217d734769289 --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_security_services.json @@ -0,0 +1,1079 @@ +{ + "title": "SonicWall Firewall - Security Service", + "description": "This dashboard provides information about the Firewall Security Services logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 6535504050876004, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 4284048486660124, + "definition": { + "type": "note", + "content": "## Overview\n- This dashboard provides insights on Security Services logs, including the various attacks detected and their source and destination IP addresses. It also includes information such as allowed and blocked websites.\n- SonicWall Security Services logs capture information about traffic that is monitored and controlled by various security services, such as content filtering, intrusion prevention, anti-virus scanning, and anti-spyware\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 1381691027019962, + "definition": { + "title": "Total Security Service Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:3 $Priority $Firewall_Action" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 6527945236762030, + "definition": { + "title": "Total Possible Ports Scan Detected", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:82 $Priority $Firewall_Action" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 8993557729932950, + "definition": { + "title": "Total Probable Port Scan Detected", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:83 $Priority $Firewall_Action" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 6644767187007360, + "definition": { + "title": "Security Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 $Priority $Firewall_Action" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 4 + } + }, + { + "id": 7566162362439994, + "definition": { + "title": "Events by Security Attacks Detected", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:(22 OR 23 OR 27 OR [81 TO 83] OR [177 TO 179] OR 267 OR 606 OR [1373 TO 1376] OR 1387 OR 1471) $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 12, + "height": 5 + } + }, + { + "id": 6881099796807290, + "definition": { + "title": "Top Blocked Websites", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@destination.hostname", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:14 $Priority $Firewall_Action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 6, + "height": 5 + } + }, + { + "id": 4729043920270580, + "definition": { + "title": "Top Allowed Websites", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@destination.hostname", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:16 $Priority $Firewall_Action" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 5 + } + }, + { + "id": 1750795858930068, + "definition": { + "title": "Most Frequent Security Services Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 20, + "width": 6, + "height": 5 + } + }, + { + "id": 1904536955186708, + "definition": { + "title": "Least Frequent Security Services Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 20, + "width": 6, + "height": 5 + } + }, + { + "id": 7281899269899724, + "definition": { + "title": "Top List of Source MAC", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@source.mac", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 25, + "width": 6, + "height": 5 + } + }, + { + "id": 1296984643058316, + "definition": { + "title": "Top List of Destination MAC", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@destination.mac", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 25, + "width": 6, + "height": 5 + } + }, + { + "id": 5792870228854154, + "definition": { + "title": "Security Service Attack Table between Source and Destination IP Addresses", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.client.port", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.destination.ip", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.destination.port", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "message", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:(22 OR 23 OR 27 OR [81 TO 83] OR [177 TO 179] OR 267 OR 606 OR [1373 TO 1376] OR 1387 OR 1471) $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 3125, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 30, + "width": 12, + "height": 6 + } + }, + { + "id": 2361358190460388, + "definition": { + "title": "Security Service Attack by Client Geo Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:(22 OR 23 OR 27 OR [81 TO 83] OR [177 TO 179] OR 267 OR 606 OR [1373 TO 1376] OR 1387 OR 1471) $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 36, + "width": 12, + "height": 5 + } + }, + { + "id": 3429842839231692, + "definition": { + "title": "Security Service Attack by Destination Geo Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.destination.geoip.country.iso_code", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:3 @message_id:(22 OR 23 OR 27 OR [81 TO 83] OR [177 TO 179] OR 267 OR 606 OR [1373 TO 1376] OR 1387 OR 1471) $Firewall_Action $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 41, + "width": 12, + "height": 5 + } + }, + { + "id": 3875683809058674, + "definition": { + "title": "Security Service Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:3 $Priority $Firewall_Action", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "@source.mac", + "width": "auto" + }, + { + "field": "@destination.mac", + "width": "auto" + }, + { + "field": "@Category", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 46, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Priority", + "prefix": "@priority", + "available_values": [ + "Alert", + "Info", + "Notice", + "normal" + ], + "default": "*" + }, + { + "name": "Firewall_Action", + "prefix": "@firewall.action", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_user.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_user.json new file mode 100644 index 0000000000000..8db9097fe811a --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_user.json @@ -0,0 +1,1019 @@ +{ + "title": "SonicWall Firewall - User", + "description": "This dashboard provides information about user logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 4833912692213916, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 6474031660100888, + "definition": { + "type": "note", + "content": "## Overview\n- The Users Dashboard provides insights into user authentication activities across various access methods and monitoring of login attempts, failures, and overall authentication performance. \n- This dashboard helps administrators track and analyze user authentication patterns, troubleshoot authentication issues, and enhance security measures.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 296455408136298, + "definition": { + "title": "Total User Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:4 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 6611262893718014, + "definition": { + "title": "Total User Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 4 + } + }, + { + "id": 7934632057937744, + "definition": { + "title": "User Authentication Details", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5434029847646360, + "definition": { + "title": "Total Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@usr.name" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:4 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": { + "include_zero": true + }, + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 1167223602419404, + "definition": { + "title": "Top Failed Login Reasons", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:(30 OR 32 OR 33 OR 35 OR 200 OR 246 OR 329 OR 486 OR 549 OR 759 OR 986 OR 987 OR 1035 OR 1048 OR 1117 OR 1120 OR 1121 OR 1122 OR 1123 OR 1157 OR 1243 OR 1585 OR 1655 OR 1672) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 6 + } + }, + { + "id": 3364273300884596, + "definition": { + "title": "Total Login Attempts", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:(29 OR 30 OR 31 OR 32 OR 33 OR 200 OR 235 OR 236 OR 237 OR 238 OR 199 OR 984 OR 246 OR 220 OR 239 OR 243 OR 244 OR 245 OR 988 OR 989 OR 990 OR 1552 OR 439 OR 1572 OR 1585 OR 1655 OR 1672) $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 6478808256326480, + "definition": { + "title": "Top Users with Failed Login Attempts", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:(30 OR 32 OR 33 OR 35 OR 200 OR 246 OR 329 OR 486 OR 549 OR 759 OR 986 OR 987 OR 1035 OR 1048 OR 1117 OR 1120 OR 1121 OR 1122 OR 1123 OR 1157 OR 1243 OR 1585 OR 1655 OR 1672) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 6, + "height": 5 + } + }, + { + "id": 333364453274582, + "definition": { + "title": "Top Locked Out Users", + "title_size": "16", + "title_align": "left", + "time": {}, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:(1572 OR 1655) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 6, + "width": 6, + "height": 5 + } + }, + { + "id": 6099976367838722, + "definition": { + "title": "Most Frequent User Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 5 + } + }, + { + "id": 5395689473209424, + "definition": { + "title": "Least Frequent User Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 17 + } + }, + { + "id": 8894234632720262, + "definition": { + "title": "Total SSO Login Attempts", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:([988 TO 993] OR 1073 OR 1075 OR 1076 OR 1150 OR 1151 OR 1178 OR 1179) $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4329566253449940, + "definition": { + "title": "Top Users SSO Agent Authentication Failed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:([988 TO 993] OR 1073 OR 1075) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 4 + } + }, + { + "id": 2836986789988814, + "definition": { + "title": "Top Reasons for SSO Agent Authentication Failure", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:([988 TO 993] OR 1073 OR 1075) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 6 + } + }, + { + "id": 2954186385177282, + "definition": { + "title": "Top Reasons for Radius Authentication Failure", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:([243 TO 245] OR [744 TO 758] OR [1009 TO 1011]) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 12, + "height": 5 + } + }, + { + "id": 6790501955668312, + "definition": { + "title": "Top Reasons for Tacacs Authentication Failure", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:4 @message_id:[1552 TO 1556] $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 5, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 5 + } + }, + { + "id": 3726871121306290, + "definition": { + "title": "User Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @usr.name:* @gcat:4 $Priority", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@usr.name", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 20, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Priority", + "prefix": "@priority", + "available_values": [ + "Alert", + "Info", + "Notice", + "normal" + ], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/dashboards/sonicwall_firewall_vpn.json b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_vpn.json new file mode 100644 index 0000000000000..78756a2d4d323 --- /dev/null +++ b/sonicwall_firewall/assets/dashboards/sonicwall_firewall_vpn.json @@ -0,0 +1,1093 @@ +{ + "title": "SonicWall Firewall - VPN", + "description": "This dashboard provides information about the VPN logs generated in SonicWall Firewall.", + "widgets": [ + { + "id": 4833912692213916, + "definition": { + "type": "image", + "url": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "url_dark_theme": "https://securityaffairs.com/wp-content/uploads/2020/10/SonicWall.png", + "sizing": "cover", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 6474031660100888, + "definition": { + "type": "note", + "content": "## Overview\n- The VPN Dashboard monitors overall VPN performance.\n- VPN Overview tracks total connections, IPsec policy changes, event severity, and authentication failures.\n- L2TP Server Details tracks tunnel starts, disconnections, and server error rates for remote access stability.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 2985095693053746, + "definition": { + "title": "VPN Log Overview", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 6113681483422478, + "definition": { + "title": "Total VPN Events", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:7 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 2 + } + }, + { + "id": 1046027077028574, + "definition": { + "title": "Total VPN IPsec Policies Deleted", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:1051 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 2 + } + }, + { + "id": 4655808502561004, + "definition": { + "title": "Total VPN IPsec Policies Added", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:1050 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 2 + } + }, + { + "id": 6611262893718014, + "definition": { + "title": "Total VPN Events by Priority Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@priority", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 2, + "width": 12, + "height": 4 + } + }, + { + "id": 5916014420414256, + "definition": { + "title": "IPsec Connection Interrupted by Source IP Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:(43 OR [533 TO 535] OR 1547) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 4 + } + }, + { + "id": 2245880922339514, + "definition": { + "title": "Top Users with XAUTH Authentication Failed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:140 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 6, + "height": 5 + } + }, + { + "id": 6330382513792454, + "definition": { + "title": "Top Users with IKEv2 Negotiation Failures", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:[954 TO 957] $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 10, + "width": 6, + "height": 5 + } + }, + { + "id": 249584189317896, + "definition": { + "title": "Most Frequent VPN Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 6, + "height": 5 + } + }, + { + "id": 6811723457689232, + "definition": { + "title": "Least Frequent VPN Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "asc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "asc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 5 + } + }, + { + "id": 5999607765988672, + "definition": { + "title": "Top Reasons for PKI Failure", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:[448 TO 469] $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 20, + "width": 6, + "height": 5 + } + }, + { + "id": 785914654510624, + "definition": { + "title": "Top IPs from Unauthorized Host", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:247 $Priority" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 20, + "width": 6, + "height": 5 + } + }, + { + "id": 3726871121306290, + "definition": { + "title": "VPN Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:7 -@message_id:(308 OR 309 OR 311 OR 312 OR 318 OR 319 OR [335 TO 338] OR 344 OR 603) $Priority", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@usr.name", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 25, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 31 + } + }, + { + "id": 6317232468087208, + "definition": { + "title": "L2TP Server Details", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 260108450993976, + "definition": { + "title": "Total L2TP Tunnel Start", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:308 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 7509307204563718, + "definition": { + "title": "Total L2TP Tunnel Disconnect", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:335 $Priority" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 8833216552737796, + "definition": { + "title": "L2TP Server Error Rate Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "message", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:sonicwall-firewall @gcat:7 @message_id:(311 OR 312 OR 335 OR 338 OR 344 OR 603) $Priority" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 2, + "width": 12, + "height": 4 + } + }, + { + "id": 774993204945540, + "definition": { + "title": "L2TP Server Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:sonicwall-firewall @gcat:7 @message_id:(308 OR 309 OR 311 OR 312 OR 318 OR 319 OR [335 TO 338] OR 344 OR 603) $Priority", + "indexes": [], + "storage": "hot", + "sort": { + "column": "host", + "order": "asc" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@usr.name", + "width": "auto" + }, + { + "field": "@group_category", + "width": "auto" + }, + { + "field": "@message_id", + "width": "auto" + }, + { + "field": "@priority", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@network.destination.ip", + "width": "auto" + }, + { + "field": "message", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 34, + "width": 12, + "height": 12 + } + } + ], + "template_variables": [ + { + "name": "Priority", + "prefix": "@priority", + "available_values": [ + "Alert", + "Info", + "Notice", + "normal" + ], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/sonicwall_firewall/assets/logs/sonicwall-firewall.yaml b/sonicwall_firewall/assets/logs/sonicwall-firewall.yaml new file mode 100644 index 0000000000000..32efb3427b6ee --- /dev/null +++ b/sonicwall_firewall/assets/logs/sonicwall-firewall.yaml @@ -0,0 +1,1090 @@ +id: sonicwall-firewall +metric_id: sonicwall-firewall +backend_only: false +facets: + - groups: + - Web Access + name: Status Code + path: http.status_code + source: log + - groups: + - Web Access + name: URL Path + path: http.url_details.path + source: log + - groups: + - Geoip + name: City Name + path: network.client.geoip.city.name + source: log + - groups: + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name + source: log + - groups: + - Geoip + name: Destination City Name + path: network.destination.geoip.city.name + source: log + - groups: + - Geoip + name: Destination Continent Code + path: network.destination.geoip.continent.code + source: log + - groups: + - Geoip + name: Destination Continent Name + path: network.destination.geoip.continent.name + source: log + - groups: + - Geoip + name: Destination Country ISO Code + path: network.destination.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Destination Country Name + path: network.destination.geoip.country.name + source: log + - groups: + - Geoip + name: Destination Subdivision ISO Code + path: network.destination.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Destination Subdivision Name + path: network.destination.geoip.subdivision.name + source: log + - groups: + - User + name: User Name + path: usr.name + source: log +pipeline: + type: pipeline + name: Sonicwall Firewall + enabled: true + filter: + query: "source:sonicwall-firewall" + processors: + - type: grok-parser + name: Parsing Sonicwall Firewall Logs + enabled: true + source: message + samples: + - Apr 27 19:29:07 10.10.10.10 id=firewall sn=0000A0AAAA00 + time="2022-04-27 19:29:40" fw=10.10.10.10 pri=1 c=32 m=267 msg="TCP + Xmas Tree dropped" n=56 src=10.10.10.10:16345:X1 dst=10.10.10.10:81 + srcMac=00:53:2a:7d:1d:35 dstMac=00:53:c5:ca:be:01 proto=tcp/81 + - > + 10.0.0.1 id=firewall sn=12345678 time="2022-03-09 05:29:32 UTC" + fw=10.10.10.10 pri=6 c=1024 gcat=2 m=97 msg="Web site hit" + srcMac=12:34:56:78:90:ab src=10.10.10.10:56502:X0 srcZone=Trusted + natSrc=10.10.10.10:15926 dstMac=ab:09:87:65:43:21 dst=10.10.10.10:80:X1 + dstZone=Untrusted natDst=10.10.10.10:80 usr="Unknown (SSO failed)" + proto=tcp/http sent=510 rcvd=955 app=5147 op=1 + dstname=ocsp.digicert.com arg=/abcd code=27 Category="Information + Technology/Computers" note="Policy: cfsZonePolicy0, Info: 6147 " + n=367895985 fw_action="NA" dpi=1 + - > + <129> id=firewall sn=ZZZZZZZZZ time="2022-02-24 03:29:07" + fw=10.10.10.10 pri=1 c=32 m=609 msg="IPS Prevention Alert: + WEB-ATTACKS Apache Log4j2 JNDI Log Messages Remote Code Execution" + sid=2307 ipscat="WEB-ATTACKS Apache Log4j2 JNDI Log Messages Remote + Code Execution" ipspri=2 n=8158 src=10.10.10.10:54192:X20-V60 + dst=:8080:X20-V68 dstV6=2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 + fw_action="drop" + - > + id=YYYYYY sn=XXXX time="2019-03-19 06:44:01 UTC" fw=10.10.10.10 pri=3 c=4 + m=14 msg="Web site access denied" app=49177 appName="General HTTPS" + n=856789 src=10.10.10.10:59668:X0:nb020.example.com + dst=10.10.10.10:443:X1:example.com srcMac=00:53:ff:ff:99:c5 + dstMac=00:53:66:66:99:99 proto=tcp/https dstname=example.com arg=/ + code=49 Category="Freeware/Software Downloads" + - <134> id=firewall sn=0040103D66B5 time="2024-09-23 05:38:11 UTC" + fw=10.10.10.10 pri=6 c=16 gcat=4 m=1334 usr="admin" msg="User "kavan" + is added into Group "SonicWALL Administrators"" n=30 fw_action="NA" + grok: + supportRules: _space %{regex("[\\s]*")} + matchRules: sonicwall_rule (<%{number:message_priority}> )?%{_space}(%{date("MMM + d HH:mm:ss"):date} )?(%{date("MMM d HH:mm:ss"):date} )?(%{ip:ip} + )?%{greedyData::keyvalue("=","`~!#$%^&*()+{}\\[\\]|;'?<>:/\" ")} + - type: grok-parser + name: Parsing Sonicwall Firewall destination + enabled: true + source: dst + samples: + - 10.10.10.10:80:X1:esdu.com + - 10.10.10.10:80:X1 + - 10.10.10.10 + - 10.10.10.10::X1:esdu.com + - :80:X1:esdu.com + grok: + supportRules: "" + matchRules: >- + destination_parser_rule_1 + :(%{number:network.destination.port})?(:)?(%{word:destination.network_interface})?(:)?(%{hostname:destination.resolved_name})? + + destination_parser_rule_2 (%{ip:network.destination.ip})?(:)?(%{number:network.destination.port})?(:)?(%{word:destination.network_interface})?(:)?(%{hostname:destination.resolved_name})? + - type: grok-parser + name: Parsing Sonicwall Firewall source + enabled: true + source: src + samples: + - 10.10.10.10:80:X1:esdu.com + - 10.10.10.10:80:X1 + - 10.10.10.10:80 + - 10.10.10.10::X1:esdu.com + - ::X1:esdu.com + grok: + supportRules: "" + matchRules: >- + source_parser_rule_1 + :(%{number:network.client.port})?(:)?(%{word:source.network_interface})?(:)?(%{hostname:source.resolved_name})? + + source_parser_rule_2 (%{ip:network.client.ip})?(:)?(%{number:network.client.port})?(:)?(%{word:source.network_interface})?(:)?(%{hostname:source.resolved_name})? + - type: grok-parser + name: Parsing Sonicwall Firewall nat source + enabled: true + source: natSrc + samples: + - 10.10.10.10:48245 + - 10.10.10.10 + grok: + supportRules: "" + matchRules: natscr_parser_rule %{ip:source.nat.ip}(:%{number:source.nat.port})? + - type: grok-parser + name: Parsing Sonicwall Firewall nat destination + enabled: true + source: natDst + samples: + - 10.10.10.10 + - 10.10.10.10:320 + grok: + supportRules: "" + matchRules: natdst_parser_rule + %{ip:destination.nat.ip}(:%{number:destination.nat.port})? + - type: grok-parser + name: Parsing Sonicwall Firewall protocol and service + enabled: true + source: proto + samples: + - tcp/http + - icmp + - ipv6-icmp + - udp/netbios-ns + grok: + supportRules: protocol_service_parser %{regex("[a-zA-Z0-9-]*")} + matchRules: proto_parser_rule + %{protocol_service_parser:protocol}(/%{protocol_service_parser:service})? + - type: grok-parser + name: Parsing Sonicwall Firewall time + enabled: true + source: time + samples: + - 2024-09-11 06:30:00 UTC + grok: + supportRules: "" + matchRules: time_parser_rule %{date("yyyy-MM-dd HH:mm:ss z"):timestamp} + - type: date-remapper + name: Define `timestamp` as the official date of the log + enabled: true + sources: + - timestamp + - type: grok-parser + name: Parsing Sonicwall Firewall message + enabled: true + source: msg + samples: + - Assigned IP address 0.0.0.0 to MAC address 00:00:00:00:0C:0E + - SYN-Flooding machine %s blacklisted + - TCP-Flooding machine %s blacklisted + - Possible ARP attack from MAC address %s + - RST-Flooding machine %s blacklisted + grok: + supportRules: "" + matchRules: >- + message_parser_rule_1 Assigned IP address %{ip:ip_address} to MAC + address %{mac:MacAddress} + + message_parser_rule_2 (TCP|SYN|RST|FIN)-Flooding machine %{greedyData:message_value} blacklisted + + message_parser_rule_3 Possible ARP attack from MAC address %{greedyData:message_value} + + message_parser_rule_4 Possible replay attack with this client IP - %{greedyData:message_value} + - type: attribute-remapper + name: Map `app` to `syslog_appid` + enabled: true + sources: + - app + sourceType: attribute + target: syslog_appid + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `af_polid` to `app.policy.id` + enabled: true + sources: + - af_polid + sourceType: attribute + target: app.policy.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `af_policy` to `app.policy.name` + enabled: true + sources: + - af_policy + sourceType: attribute + target: app.policy.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `af_type` to `app.policy.type` + enabled: true + sources: + - af_type + sourceType: attribute + target: app.policy.type + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `af_service` to `app.policy.service_name` + enabled: true + sources: + - af_service + sourceType: attribute + target: app.policy.service_name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `af_action` to `app.policy.action` + enabled: true + sources: + - af_action + sourceType: attribute + target: app.policy.action + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `af_object` to `app.policy.object_name` + enabled: true + sources: + - af_object + sourceType: attribute + target: app.policy.object_name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ai` to `active_interface` + enabled: true + sources: + - ai + sourceType: attribute + target: active_interface + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `appcat` to `app.category` + enabled: true + sources: + - appcat + sourceType: attribute + target: app.category + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `bcastRx` to `broadcast.packet_recieved` + enabled: true + sources: + - bcastRx + sourceType: attribute + target: broadcast.packet_recieved + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `bcastTx` to `broadcast.packet_transmitted` + enabled: true + sources: + - bcastTx + sourceType: attribute + target: broadcast.packet_transmitted + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `bid` to `blade_id` + enabled: true + sources: + - bid + sourceType: attribute + target: blade_id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `bytesRx` to `interface_bytes.received` + enabled: true + sources: + - bytesRx + sourceType: attribute + target: interface_bytes.received + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `bytesTx` to `interface_bytes.transmitted` + enabled: true + sources: + - bytesTx + sourceType: attribute + target: interface_bytes.transmitted + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `c` to `message_category` + enabled: true + sources: + - c + sourceType: attribute + target: message_category + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: category-processor + name: Categorise Group Category + enabled: true + categories: + - filter: + query: "@gcat:1" + name: System + - filter: + query: "@gcat:2" + name: Log + - filter: + query: "@gcat:3" + name: Security Services + - filter: + query: "@gcat:4" + name: Users + - filter: + query: "@gcat:5" + name: Firewall Settings + - filter: + query: "@gcat:6" + name: Network + - filter: + query: "@gcat:7" + name: VPN + - filter: + query: "@gcat:8" + name: High Availability + - filter: + query: "@gcat:9" + name: 3G/4G, Modem, and Module + - filter: + query: "@gcat:10" + name: Firewall + - filter: + query: "@gcat:11" + name: Wireless + - filter: + query: "@gcat:12" + name: VoIP + - filter: + query: "@gcat:13" + name: SSL VPN + - filter: + query: "@gcat:14" + name: Anti-Spam + - filter: + query: "@gcat:15" + name: WAN Acceleration + - filter: + query: "@gcat:16" + name: SD-WAN + - filter: + query: "@gcat:17" + name: Multi-Tenancy + target: group_category + - type: category-processor + name: Categorise Priority + enabled: true + categories: + - filter: + query: "@pri:0" + name: Emergency + - filter: + query: "@pri:1" + name: Alert + - filter: + query: "@pri:2" + name: Critical + - filter: + query: "@pri:3" + name: Error + - filter: + query: "@pri:4" + name: Warning + - filter: + query: "@pri:5" + name: Notice + - filter: + query: "@pri:6" + name: Info + - filter: + query: "@pri:7" + name: Debug + target: priority + - type: status-remapper + name: Define `priority` as the official status of the log + enabled: true + sources: + - priority + - type: attribute-remapper + name: Map `pri` to `priority_level` + enabled: true + sources: + - pri + sourceType: attribute + target: priority_level + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `arg` to `http.url_details.path` + enabled: true + sources: + - arg + sourceType: attribute + target: http.url_details.path + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `result` to `http.status_code` + enabled: true + sources: + - result + sourceType: attribute + target: http.status_code + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `usr` to `usr.name` + enabled: true + sources: + - usr + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: geo-ip-parser + name: Extracting Geo Location from Source IP Address + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: geo-ip-parser + name: Extracting Geo Location from Destination IP Address + enabled: true + sources: + - network.destination.ip + target: network.destination.geoip + ip_processing_behavior: do-nothing + - type: attribute-remapper + name: Map `catid` to `rule_category_id` + enabled: true + sources: + - catid + sourceType: attribute + target: rule_category_id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `cdur` to `connection_duration` + enabled: true + sources: + - cdur + sourceType: attribute + target: connection_duration + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `change` to `firewall.last_config_change` + enabled: true + sources: + - change + sourceType: attribute + target: firewall.last_config_change + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `conns` to `connections` + enabled: true + sources: + - conns + sourceType: attribute + target: connections + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `contentObject` to `app.rule` + enabled: true + sources: + - contentObject + sourceType: attribute + target: app.rule + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dstMac` to `destination.mac` + enabled: true + sources: + - dstMac + sourceType: attribute + target: destination.mac + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dstV6` to `destination.ipv6` + enabled: true + sources: + - dstV6 + sourceType: attribute + target: destination.ipv6 + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dstZone` to `destination.zone` + enabled: true + sources: + - dstZone + sourceType: attribute + target: destination.zone + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dur` to `session_duration` + enabled: true + sources: + - dur + sourceType: attribute + target: session_duration + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dyn` to `dynamic` + enabled: true + sources: + - dyn + sourceType: attribute + target: dynamic + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `f` to `flow_type` + enabled: true + sources: + - f + sourceType: attribute + target: flow_type + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `filetxstatus` to `file_transmission_status` + enabled: true + sources: + - filetxstatus + sourceType: attribute + target: file_transmission_status + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `fw` to `firewall.WAN` + enabled: true + sources: + - fw + sourceType: attribute + target: firewall.WAN + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `fw_action` to `firewall.action` + enabled: true + sources: + - fw_action + sourceType: attribute + target: firewall.action + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `fwlan` to `firewall.LAN` + enabled: true + sources: + - fwlan + sourceType: attribute + target: firewall.LAN + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `goodRxBytes` to `sonicpoint.bytes_received` + enabled: true + sources: + - goodRxBytes + sourceType: attribute + target: sonicpoint.bytes_received + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `goodTxBytes` to `sonicpoint.bytes_transmitted` + enabled: true + sources: + - goodTxBytes + sourceType: attribute + target: sonicpoint.bytes_transmitted + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `i` to `firewall.gms_message_interval` + enabled: true + sources: + - i + sourceType: attribute + target: firewall.gms_message_interval + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `if` to `interface` + enabled: true + sources: + - if + sourceType: attribute + target: interface + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ipscat` to `ips.category` + enabled: true + sources: + - ipscat + sourceType: attribute + target: ips.category + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ipspri` to `ips.priority` + enabled: true + sources: + - ipspri + sourceType: attribute + target: ips.priority + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `lic` to `firewall.license_count` + enabled: true + sources: + - lic + sourceType: attribute + target: firewall.license_count + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `m` to `message_id` + enabled: true + sources: + - m + sourceType: attribute + target: message_id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `msg` to `message` + enabled: true + sources: + - msg + sourceType: attribute + target: message + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `n` to `event.count` + enabled: true + sources: + - n + sourceType: attribute + target: event.count + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `natDstV6` to `destination.nat.ipv6` + enabled: true + sources: + - natDstV6 + sourceType: attribute + target: destination.nat.ipv6 + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `natSrcV6` to `source.nat.ipv6` + enabled: true + sources: + - natSrcV6 + sourceType: attribute + target: source.nat.ipv6 + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `op` to `http_operation_code` + enabled: true + sources: + - op + sourceType: attribute + target: http_operation_code + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `pt` to `firewall.port` + enabled: true + sources: + - pt + sourceType: attribute + target: firewall.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `rcptTo` to `mailTo` + enabled: true + sources: + - rcptTo + sourceType: attribute + target: mailTo + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `rcvd` to `bytes.received` + enabled: true + sources: + - rcvd + sourceType: attribute + target: bytes.received + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `rpkt` to `packets.received` + enabled: true + sources: + - rpkt + sourceType: attribute + target: packets.received + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `sent` to `bytes.sent` + enabled: true + sources: + - sent + sourceType: attribute + target: bytes.sent + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `sess` to `session_type` + enabled: true + sources: + - sess + sourceType: attribute + target: session_type + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `sid` to `signature_id` + enabled: true + sources: + - sid + sourceType: attribute + target: signature_id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `sn` to `device_serial_number` + enabled: true + sources: + - sn + sourceType: attribute + target: device_serial_number + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `spkt` to `packets.sent` + enabled: true + sources: + - spkt + sourceType: attribute + target: packets.sent + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `spycat` to `antispyware.category` + enabled: true + sources: + - spycat + sourceType: attribute + target: antispyware.category + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `spypri` to `antispyware.priority` + enabled: true + sources: + - spypri + sourceType: attribute + target: antispyware.priority + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `srcMac` to `source.mac` + enabled: true + sources: + - srcMac + sourceType: attribute + target: source.mac + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `srcZone` to `source.zone` + enabled: true + sources: + - srcZone + sourceType: attribute + target: source.zone + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `type` to `icmp_type` + enabled: true + sources: + - type + sourceType: attribute + target: icmp_type + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ucastRx` to `unicast.packets_received` + enabled: true + sources: + - ucastRx + sourceType: attribute + target: unicast.packets_received + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ucastTx` to `unicast.packets_transmitted` + enabled: true + sources: + - ucastTx + sourceType: attribute + target: unicast.packets_transmitted + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `vpnpolicy` to `source.vpn_policy` + enabled: true + sources: + - vpnpolicy + sourceType: attribute + target: source.vpn_policy + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `vpnpolicyDst` to `destination.vpn_policy` + enabled: true + sources: + - vpnpolicyDst + sourceType: attribute + target: destination.vpn_policy + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dstname` to `destination.hostname` + enabled: true + sources: + - dstname + sourceType: attribute + target: destination.hostname + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: category-processor + name: Categorise DHCP message + enabled: true + categories: + - filter: + query: "@message_id:99" + name: DHCPC Retransmit Discover + - filter: + query: "@message_id:100" + name: DHCPC Retransmit Request + - filter: + query: "@message_id:101" + name: DHCPC Retransmit Request Renew + - filter: + query: "@message_id:102" + name: DHCPC Retransmit Request Rebind + - filter: + query: "@message_id:103" + name: DHCPC Retransmit Request Reboot + - filter: + query: "@message_id:104" + name: DHCPC Retransmit Request Verify + - filter: + query: "@message_id:105" + name: DHCPC Discover + - filter: + query: "@message_id:106" + name: DHCPC No Offer + - filter: + query: "@message_id:107" + name: DHCPC Offer Receive + - filter: + query: "@message_id:108" + name: DHCPC Selecting + - filter: + query: "@message_id:109" + name: DHCPC Request Failed + - filter: + query: "@message_id:110" + name: DHCPC Request NAK + - filter: + query: "@message_id:111" + name: DHCPC Request ACK + - filter: + query: "@message_id:112" + name: DHCPC Request Decline + - filter: + query: "@message_id:113" + name: DHCPC Bound Rebind + - filter: + query: "@message_id:114" + name: DHCPC Bound Renew + - filter: + query: "@message_id:115" + name: DHCPC Request Renew + - filter: + query: "@message_id:116" + name: DHCPC Request Rebind + - filter: + query: "@message_id:117" + name: DHCPC Request Reboot + - filter: + query: "@message_id:118" + name: DHCPC Request Verify + - filter: + query: "@message_id:119" + name: DHCPC Verify Initiation Failed + - filter: + query: "@message_id:121" + name: DHCPC Get New IP + - filter: + query: "@message_id:122" + name: DHCPC Send Release + - filter: + query: "@message_id:588" + name: Offer Error + - filter: + query: "@message_id:589" + name: Request Response Error + target: message_type + - type: message-remapper + name: Define `message` as the official message of the log + enabled: true + sources: + - message diff --git a/sonicwall_firewall/assets/logs/sonicwall-firewall_tests.yaml b/sonicwall_firewall/assets/logs/sonicwall-firewall_tests.yaml new file mode 100644 index 0000000000000..e71e99993bfab --- /dev/null +++ b/sonicwall_firewall/assets/logs/sonicwall-firewall_tests.yaml @@ -0,0 +1,623 @@ +id: "sonicwall-firewall" +tests: + - + sample: "<134> id=firewall sn=0040103060B5 time=\"2024-09-02 13:11:35 UTC\" + fw=10.10.10.10 pri=6 c=16 gcat=2 m=1382 src=10.10.10.10:51692 + dst=10.10.10.10:443:X1 usr=\"admin\" sess=\"API\" msg=\"Configuration + succeeded: 'peActObjLogCustomRPObj' , User_Test, changed to [Global]\" + n=207 fw_action=\"NA\" uuid=\"00000000-0000-0002-3200-0040103d66b5\" + auditId=185 tranxId=29 userMode=\"Full\" auditTime=\"06:11:35 Sep 02 + 2024\" grpName=\"groupPeActionObject\" grpIndex=\"User_Test\" + oldValue=\"\" newValue=\"Global\"" + result: + custom: + auditId: 185 + auditTime: "06:11:35 Sep 02 2024" + destination: + network_interface: "X1" + device_serial_number: "0040103060B5" + dst: "10.10.10.10:443:X1" + event: + count: 207 + firewall: + WAN: "10.10.10.10" + action: "NA" + gcat: 2 + group_category: "Log" + grpIndex: "User_Test" + grpName: "groupPeActionObject" + id: "firewall" + message_category: 16 + message_id: 1382 + message_priority: 134.0 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 51692.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 443.0 + newValue: "Global" + priority: "Info" + priority_level: 6 + session_type: "API" + src: "10.10.10.10:51692" + time: "2024-09-02 13:11:35 UTC" + timestamp: 1725282695000 + tranxId: 29 + userMode: "Full" + usr: + name: "admin" + uuid: "00000000-0000-0002-3200-0040103d66b5" + message: "Configuration succeeded: 'peActObjLogCustomRPObj' , User_Test, changed to [Global]" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1725282695000 + - + sample: '<133> id=firewall sn=0019206645 time="2024-09-03 10:42:36 UTC" + fw=10.10.10.10 pri=5 c=4 gcat=3 m=16 srcMac=00:50:56:81:3c:9e + src=10.40.1.245:65025:X0 natSrc=10.10.10.10:62448 dstMac=a8:46:9d:23:d2:7a + dst=10.10.10.10:443:X1 natDst=10.10.10.10:443 proto=tcp/https sent=354 + rcvd=52 rule="User_Securtiy_Profile" app=11 + dstname=settings-win.data.microsoft.com arg=/ code=15 Category="Business + and Economy" msg="Web site access allowed" note="Host: + settings-win.data.microsoft.com, Command: Other HTTP Command Policy: N/A, + Info: 6404 " n=40199 fw_action="forward" dpi=0' + result: + custom: + Category: "Business and Economy" + bytes: + received: 52 + sent: 354 + code: 15 + destination: + hostname: "settings-win.data.microsoft.com" + mac: "a8:46:9d:23:d2:7a" + nat: + ip: "10.10.10.10" + port: 443.0 + network_interface: "X1" + device_serial_number: "0019206645" + dpi: 0 + dst: "10.10.10.10:443:X1" + event: + count: 40199 + firewall: + WAN: "10.10.10.10" + action: "forward" + gcat: 3 + group_category: "Security Services" + http: + url_details: + path: "/" + id: "firewall" + message_category: 4 + message_id: 16 + message_priority: 133.0 + natDst: "10.10.10.10:443" + natSrc: "10.10.10.10:62448" + network: + client: + geoip: {} + ip: "10.40.1.245" + port: 65025.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 443.0 + note: "Host: settings-win.data.microsoft.com, Command: Other HTTP Command Policy: N/A, Info: 6404" + priority: "Notice" + priority_level: 5 + proto: "tcp/https" + protocol: "tcp" + rule: "User_Securtiy_Profile" + service: "https" + source: + mac: "00:50:56:81:3c:9e" + nat: + ip: "10.10.10.10" + port: 62448.0 + network_interface: "X0" + src: "10.40.1.245:65025:X0" + syslog_appid: 11 + time: "2024-09-03 10:42:36 UTC" + timestamp: 1725360156000 + message: "Web site access allowed" + status: "notice" + tags: + - "source:LOGS_SOURCE" + timestamp: 1725360156000 + - + sample: "10.10.10.10 id=firewall sn=12345678 time=\"2022-03-11 14:17:52 UTC\" fw=10.10.10.10 pri=6 c=1024 gcat=2 m=97 srcMac=12:34:56:78:90:ab src=10.10.10.10:41856:X0 srcZone=Trusted natSrc=10.10.10.10:8689 dstMac=ab:09:87:65:43:21 dst=10.10.10.10:443:X1 dstZone=Untrusted natDst=10.10.10.10:443 usr=\"Unknown (SSO failed)\" proto=tcp/https sent=104 rcvd=230 rule=\"15 (LAN->WAN)\" app=5 af_polid=4 ipscat=N/A appcat=\"PROXY-ACCESS\" appid=2900 dstname=10.10.10.10 arg=/ code=64 Category=\"Not Rated\" note=\"Policy: cfsZonePolicy0, Info: 6148 \" n=2520325 fw_action=\"NA\" dpi=1 op=0 msg=\"Web site hit\"" + result: + custom: + Category: "Not Rated" + app: + category: "PROXY-ACCESS" + policy: + id: 4 + appid: 2900 + bytes: + received: 230 + sent: 104 + code: 64 + destination: + hostname: "10.10.10.10" + mac: "ab:09:87:65:43:21" + nat: + ip: "10.10.10.10" + port: 443.0 + network_interface: "X1" + zone: "Untrusted" + device_serial_number: 12345678 + dpi: 1 + dst: "10.10.10.10:443:X1" + event: + count: 2520325 + firewall: + WAN: "10.10.10.10" + action: "NA" + gcat: 2 + group_category: "Log" + http: + url_details: + path: "/" + http_operation_code: 0 + id: "firewall" + ip: "10.10.10.10" + ips: + category: "N/A" + message_category: 1024 + message_id: 97 + natDst: "10.10.10.10:443" + natSrc: "10.10.10.10:8689" + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 41856.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 443.0 + note: "Policy: cfsZonePolicy0, Info: 6148" + priority: "Info" + priority_level: 6 + proto: "tcp/https" + protocol: "tcp" + rule: "15 (LAN->WAN)" + service: "https" + source: + mac: "12:34:56:78:90:ab" + nat: + ip: "10.10.10.10" + port: 8689.0 + network_interface: "X0" + zone: "Trusted" + src: "10.10.10.10:41856:X0" + syslog_appid: 5 + time: "2022-03-11 14:17:52 UTC" + timestamp: 1647008272000 + usr: + name: "Unknown (SSO failed)" + message: "Web site hit" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1647008272000 + - + sample: <134> id=firewall sn=004018281E114 time="2022-05-16 15:22:26 UTC" + fw=10.10.10.10 pri=6 c=1024 m=537 msg="Connection Closed" app=12 + sess="Web" n=795 usr="admin" src=10.10.10.10:65055:X1 + dst=10.10.10.10:443:X1 srcMac=16:20:55:81:11:30 proto=tcp/https sent=1930 + rcvd=1545 spkt=11 rpkt=7 dpi=0 cdur=2133 rule="Default Access Rule" + fw_action="NA" + result: + custom: + bytes: + received: 1545 + sent: 1930 + connection_duration: 2133 + destination: + network_interface: "X1" + device_serial_number: "004018281E114" + dpi: 0 + dst: "10.10.10.10:443:X1" + event: + count: 795 + firewall: + WAN: "10.10.10.10" + action: "NA" + id: "firewall" + message_category: 1024 + message_id: 537 + message_priority: 134.0 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 65055.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 443.0 + packets: + received: 7 + sent: 11 + priority: "Info" + priority_level: 6 + proto: "tcp/https" + protocol: "tcp" + rule: "Default Access Rule" + service: "https" + session_type: "Web" + source: + mac: "16:20:55:81:11:30" + network_interface: "X1" + src: "10.10.10.10:65055:X1" + syslog_appid: 12 + time: "2022-05-16 15:22:26 UTC" + timestamp: 1652714546000 + usr: + name: "admin" + message: "Connection Closed" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1652714546000 + - + sample: "Jan 3 13:45:51 10.10.10.10 id=firewall sn=000SERIAL time=\"2007-01-03 14:48:22\" fw=10.10.10.10 pri=6 c=262144 m=98 msg=\"Connection Opened\" n=23427 src=:28503:WAN:SOURCEHOST srcV6=2a52:cf50:add:4002:91f2:a9b2:e09a:6fc6 dst=::LAN:DSTHOST proto=tcp/dns dstV6=::1" + result: + custom: + date: 31758351000 + destination: + ipv6: "::1" + network_interface: "LAN" + resolved_name: "DSTHOST" + device_serial_number: "000SERIAL" + dst: "::LAN:DSTHOST" + event: + count: 23427 + firewall: + WAN: "10.10.10.10" + id: "firewall" + ip: "10.10.10.10" + message_category: 262144 + message_id: 98 + network: + client: + port: 28503.0 + priority: "Info" + priority_level: 6 + proto: "tcp/dns" + protocol: "tcp" + service: "dns" + source: + network_interface: "WAN" + resolved_name: "SOURCEHOST" + src: ":28503:WAN:SOURCEHOST" + srcV6: "2a52:cf50:add:4002:91f2:a9b2:e09a:6fc6" + time: "2007-01-03 14:48:22" + message: "Connection Opened" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 + - + sample: Apr 27 10:32:18 10.10.10.10 id=firewall sn=0000TSAA00 time="2022-04-27 + 10:32:51" fw=10.10.10.10 pri=6 c=16 m=998 msg="GUI administration session + ended" sess="Web" dur=510 n=11 usr="admin" src=10.10.10.10::X0 + dst=10.10.10.10:4444:X0 proto=tcp/4444 note="admin" + result: + custom: + date: 41596338000 + destination: + network_interface: "X0" + device_serial_number: "0000TSAA00" + dst: "10.10.10.10:4444:X0" + event: + count: 11 + firewall: + WAN: "10.10.10.10" + id: "firewall" + ip: "10.10.10.10" + message_category: 16 + message_id: 998 + network: + client: + geoip: {} + ip: "10.10.10.10" + destination: + geoip: {} + ip: "10.10.10.10" + port: 4444.0 + note: "admin" + priority: "Info" + priority_level: 6 + proto: "tcp/4444" + protocol: "tcp" + service: "4444" + session_duration: 510 + session_type: "Web" + source: + network_interface: "X0" + src: "10.10.10.10::X0" + time: "2022-04-27 10:32:51" + usr: + name: "admin" + message: "GUI administration session ended" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 + - + sample: <134> id=firewall sn=02003DE21 time="2022-05-16 08:19:21" + fw=10.10.10.10 pri=6 c=0 gcat=6 m=1235 srcMac=00:09:c1:dd:4f:d4 + src=10.10.10.10:54606:X1 srcZone=Untrusted natSrcV6=not_an_IP + dstMac=00:20:d5:30:f9:d9 dst=10.10.10.10:80:X1 dstZone=Untrusted + natDstV6=not_an_IP proto=tcp/http sent=52 app=9 msg="Web site hit" note="stack traffic + always trusted" n=153 fw_action="forward" + result: + custom: + bytes: + sent: 52 + destination: + mac: "00:20:d5:30:f9:d9" + nat: + ipv6: "not_an_IP" + network_interface: "X1" + zone: "Untrusted" + device_serial_number: "02003DE21" + dst: "10.10.10.10:80:X1" + event: + count: 153 + firewall: + WAN: "10.10.10.10" + action: "forward" + gcat: 6 + group_category: "Network" + id: "firewall" + message_category: 0 + message_id: 1235 + message_priority: 134.0 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 54606.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 80.0 + note: "stack traffic always trusted" + priority: "Info" + priority_level: 6 + proto: "tcp/http" + protocol: "tcp" + service: "http" + source: + mac: "00:09:c1:dd:4f:d4" + nat: + ipv6: "not_an_IP" + network_interface: "X1" + zone: "Untrusted" + src: "10.10.10.10:54606:X1" + syslog_appid: 9 + time: "2022-05-16 08:19:21" + message: "Web site hit" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 + - + sample: '<129> id=firewall sn=ZZZZZZZZZ time="2022-02-24 03:29:07" + fw=10.10.10.10 pri=1 c=32 m=609 msg="IPS Prevention Alert: WEB-ATTACKS + Apache Log4j2 JNDI Log Messages Remote Code Execution" sid=2307 + ipscat="WEB-ATTACKS Apache Log4j2 JNDI Log Messages Remote Code Execution" + ipspri=2 n=8158 src=10.10.10.10:54192:X20-V60 dst=:8080:X20-V68 + dstV6=2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 fw_action="drop"' + result: + custom: + destination: + ipv6: "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + resolved_name: "X20-V68" + device_serial_number: "ZZZZZZZZZ" + dst: ":8080:X20-V68" + event: + count: 8158 + firewall: + WAN: "10.10.10.10" + action: "drop" + id: "firewall" + ips: + category: "WEB-ATTACKS Apache Log4j2 JNDI Log Messages Remote Code Execution" + priority: 2 + message_category: 32 + message_id: 609 + message_priority: 129.0 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 54192.0 + destination: + port: 8080.0 + priority: "Alert" + priority_level: 1 + signature_id: 2307 + source: + resolved_name: "X20-V60" + src: "10.10.10.10:54192:X20-V60" + time: "2022-02-24 03:29:07" + message: "IPS Prevention Alert: WEB-ATTACKS Apache Log4j2 JNDI Log Messages Remote Code Execution" + status: "alert" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 + - + sample: "Jan 3 13:45:43 10.10.10.10 id=firewall sn=000SERIAL time=\"2007-01-03 14:48:14\" fw=10.10.10.10 pri=5 c=256 m=38 msg=\"ICMP packet dropped\" n=22070 src=10.10.10.10:1026:WAN dst=10.10.10.10:6822:WAN type=3 code=3" + result: + custom: + code: 3 + date: 31758343000 + destination: + network_interface: "WAN" + device_serial_number: "000SERIAL" + dst: "10.10.10.10:6822:WAN" + event: + count: 22070 + firewall: + WAN: "10.10.10.10" + icmp_type: 3 + id: "firewall" + ip: "10.10.10.10" + message_category: 256 + message_id: 38 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 1026.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 6822.0 + priority: "Notice" + priority_level: 5 + source: + network_interface: "WAN" + src: "10.10.10.10:1026:WAN" + time: "2007-01-03 14:48:14" + message: "ICMP packet dropped" + status: "notice" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 + - + sample: "Jan 3 13:45:39 10.10.10.10 id=firewall sn=000SERIAL time=\"2007-01-03 14:48:10\" fw=10.10.10.10 pri=6 c=1024 m=537 msg=\"Connection Closed\"n=567999 src=10.10.10.10:4280:LAN dst=10.10.10.10:41850:WAN proto=tcp/41850 sent=386026 rcvd=454118 vpnpolicy=\"name\"" + result: + custom: + Closed"n: 567999 + bytes: + received: 454118 + sent: 386026 + date: 31758339000 + destination: + network_interface: "WAN" + device_serial_number: "000SERIAL" + dst: "10.10.10.10:41850:WAN" + firewall: + WAN: "10.10.10.10" + id: "firewall" + ip: "10.10.10.10" + message_category: 1024 + message_id: 537 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 4280.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 41850.0 + priority: "Info" + priority_level: 6 + proto: "tcp/41850" + protocol: "tcp" + service: "41850" + source: + network_interface: "LAN" + vpn_policy: "name" + src: "10.10.10.10:4280:LAN" + time: "2007-01-03 14:48:10" + message: "\"Connection" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 + - + sample: "Jan 3 13:45:39 10.10.10.10 id=firewall sn=000SERIAL time=\"2007-01-03 14:48:10\" fw=10.10.10.10 pri=6 c=1024 m=537 msg=\"Connection Closed\" n=567999 src=10.10.10.10:4280:LAN dst=10.10.10.10:41850:WAN proto=tcp/41850 sent=386026 rcvd=454118 vpnpolicy=\"name\" af_policy=0 af_type=0 af_service=0 af_action=\"NA\" af_object=0 ai=0 bcastRx=0 bcastTx=0 bid=0 bytesRx=0 bytesTx=0 catid=0 change=0 conns=0 contentObject=0 dyn=0 f=0 filetxstatus=0 fwlan=0 goodRxBytes=0 goodTxBytes=0 i=0 if=0 lic=0 pt=0 rcptTo=\"NA\" spycat=0 spypri=0 ucastRx=0 ucastTx=0 vpnpolicyDst=0" + result: + custom: + active_interface: 0 + antispyware: + category: 0 + priority: 0 + app: + policy: + action: "NA" + name: 0 + object_name: 0 + service_name: 0 + type: 0 + rule: 0 + blade_id: 0 + broadcast: + packet_recieved: 0 + packet_transmitted: 0 + bytes: + received: 454118 + sent: 386026 + connections: 0 + date: 31758339000 + destination: + network_interface: "WAN" + vpn_policy: 0 + device_serial_number: "000SERIAL" + dst: "10.10.10.10:41850:WAN" + dynamic: 0 + event: + count: 567999 + file_transmission_status: 0 + firewall: + LAN: 0 + WAN: "10.10.10.10" + gms_message_interval: 0 + last_config_change: 0 + license_count: 0 + port: 0 + flow_type: 0 + id: "firewall" + interface: 0 + interface_bytes: + received: 0 + transmitted: 0 + ip: "10.10.10.10" + mailTo: "NA" + message_category: 1024 + message_id: 537 + network: + client: + geoip: {} + ip: "10.10.10.10" + port: 4280.0 + destination: + geoip: {} + ip: "10.10.10.10" + port: 41850.0 + priority: "Info" + priority_level: 6 + proto: "tcp/41850" + protocol: "tcp" + rule_category_id: 0 + service: "41850" + sonicpoint: + bytes_received: 0 + bytes_transmitted: 0 + source: + network_interface: "LAN" + vpn_policy: "name" + src: "10.10.10.10:4280:LAN" + time: "2007-01-03 14:48:10" + unicast: + packets_received: 0 + packets_transmitted: 0 + message: "Connection Closed" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1 diff --git a/sonicwall_firewall/assets/service_checks.json b/sonicwall_firewall/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/sonicwall_firewall/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/sonicwall_firewall/assets/sonicwall_firewall.svg b/sonicwall_firewall/assets/sonicwall_firewall.svg new file mode 100644 index 0000000000000..ef5093a5b0d40 --- /dev/null +++ b/sonicwall_firewall/assets/sonicwall_firewall.svg @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/sonicwall_firewall/datadog_checks/__init__.py b/sonicwall_firewall/datadog_checks/__init__.py new file mode 100644 index 0000000000000..1517d901c0aae --- /dev/null +++ b/sonicwall_firewall/datadog_checks/__init__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__path__ = __import__('pkgutil').extend_path(__path__, __name__) # type: ignore diff --git a/sonicwall_firewall/datadog_checks/sonicwall_firewall/__about__.py b/sonicwall_firewall/datadog_checks/sonicwall_firewall/__about__.py new file mode 100644 index 0000000000000..acbfd1c866b84 --- /dev/null +++ b/sonicwall_firewall/datadog_checks/sonicwall_firewall/__about__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__version__ = '1.0.0' diff --git a/sonicwall_firewall/datadog_checks/sonicwall_firewall/__init__.py b/sonicwall_firewall/datadog_checks/sonicwall_firewall/__init__.py new file mode 100644 index 0000000000000..e3e1909cdf383 --- /dev/null +++ b/sonicwall_firewall/datadog_checks/sonicwall_firewall/__init__.py @@ -0,0 +1,6 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +from .__about__ import __version__ + +__all__ = ['__version__'] diff --git a/sonicwall_firewall/datadog_checks/sonicwall_firewall/data/conf.yaml.example b/sonicwall_firewall/datadog_checks/sonicwall_firewall/data/conf.yaml.example new file mode 100644 index 0000000000000..1b7c476a4b1a2 --- /dev/null +++ b/sonicwall_firewall/datadog_checks/sonicwall_firewall/data/conf.yaml.example @@ -0,0 +1,19 @@ +## Log Section +## +## type - required - Type of log input source (tcp / udp / file / windows_event). +## port / path / channel_path - required - Set port if type is tcp or udp. +## Set path if type is file. +## Set channel_path if type is windows_event. +## source - required - Attribute that defines which integration sent the logs. +## encoding - optional - For file specifies the file encoding. Default is utf-8. Other +## possible values are utf-16-le and utf-16-be. +## service - optional - The name of the service that generates the log. +## Overrides any `service` defined in the `init_config` section. +## tags - optional - Add tags to the collected logs. +## +## Discover Datadog log collection: https://docs.datadoghq.com/logs/log_collection/ +# +# logs: +# - type: udp +# port: +# source: sonicwall-firewall diff --git a/sonicwall_firewall/images/sonicwall_firewall_and_firewall_settings.png b/sonicwall_firewall/images/sonicwall_firewall_and_firewall_settings.png new file mode 100644 index 0000000000000..e1043a4a4e4e5 Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_and_firewall_settings.png differ diff --git a/sonicwall_firewall/images/sonicwall_firewall_anti_spam.png b/sonicwall_firewall/images/sonicwall_firewall_anti_spam.png new file mode 100644 index 0000000000000..f17b48e7bd642 Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_anti_spam.png differ diff --git a/sonicwall_firewall/images/sonicwall_firewall_network.png b/sonicwall_firewall/images/sonicwall_firewall_network.png new file mode 100644 index 0000000000000..c2e38179d05f5 Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_network.png differ diff --git a/sonicwall_firewall/images/sonicwall_firewall_overview.png b/sonicwall_firewall/images/sonicwall_firewall_overview.png new file mode 100644 index 0000000000000..95ba477e841a7 Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_overview.png differ diff --git a/sonicwall_firewall/images/sonicwall_firewall_security_services.png b/sonicwall_firewall/images/sonicwall_firewall_security_services.png new file mode 100644 index 0000000000000..9860dac49571e Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_security_services.png differ diff --git a/sonicwall_firewall/images/sonicwall_firewall_user.png b/sonicwall_firewall/images/sonicwall_firewall_user.png new file mode 100644 index 0000000000000..b67ca38453ff9 Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_user.png differ diff --git a/sonicwall_firewall/images/sonicwall_firewall_vpn.png b/sonicwall_firewall/images/sonicwall_firewall_vpn.png new file mode 100644 index 0000000000000..de001a11c6e0e Binary files /dev/null and b/sonicwall_firewall/images/sonicwall_firewall_vpn.png differ diff --git a/sonicwall_firewall/manifest.json b/sonicwall_firewall/manifest.json new file mode 100644 index 0000000000000..c1de99c242afc --- /dev/null +++ b/sonicwall_firewall/manifest.json @@ -0,0 +1,94 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "f29dd27d-2c3b-46f0-a872-7e0d861aff54", + "app_id": "sonicwall-firewall", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain Insights into Sonicwall Firewall logs.", + "title": "Sonicwall Firewall", + "media": [ + { + "caption": "Sonicwall Firewall - Overview", + "image_url": "images/sonicwall_firewall_overview.png", + "media_type": "image" + }, + { + "caption": "Sonicwall Firewall - Network", + "image_url": "images/sonicwall_firewall_network.png", + "media_type": "image" + }, + { + "caption": "Sonicwall Firewall - Security Services", + "image_url": "images/sonicwall_firewall_security_services.png", + "media_type": "image" + }, + { + "caption": "Sonicwall Firewall - User", + "image_url": "images/sonicwall_firewall_user.png", + "media_type": "image" + }, + { + "caption": "Sonicwall Firewall - VPN", + "image_url": "images/sonicwall_firewall_vpn.png", + "media_type": "image" + }, + { + "caption": "Sonicwall Firewall - Anti-Spam", + "image_url": "images/sonicwall_firewall_anti_spam.png", + "media_type": "image" + }, + { + "caption": "Sonicwall Firewall - Firewall & Firewall Settings", + "image_url": "images/sonicwall_firewall_and_firewall_settings.png", + "media_type": "image" + } + ], + "classifier_tags": [ + "Supported OS::Linux", + "Supported OS::Windows", + "Supported OS::macOS", + "Category::Log Collection", + "Category::Security", + "Offering::Integration", + "Submitted Data Type::Logs" + ] + }, + "assets": { + "integration": { + "auto_install": true, + "source_type_id": 27315184, + "source_type_name": "Sonicwall Firewall", + "configuration": { + "spec": "assets/configuration/spec.yaml" + }, + "events": { + "creates_events": false + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "dashboards": { + "Sonicwall Firewall - Overview": "assets/dashboards/sonicwall_firewall_overview.json", + "Sonicwall Firewall - Network": "assets/dashboards/sonicwall_firewall_network.json", + "Sonicwall Firewall - Security Services": "assets/dashboards/sonicwall_firewall_security_services.json", + "Sonicwall Firewall - Anti Spam": "assets/dashboards/sonicwall_firewall_anti_spam.json", + "Sonicwall Firewall - User": "assets/dashboards/sonicwall_firewall_user.json", + "Sonicwall Firewall - VPN": "assets/dashboards/sonicwall_firewall_vpn.json", + "Sonicwall Firewall and Firewall Settings": "assets/dashboards/sonicwall_firewall_and_firewall_settings.json" + }, + "logs": { + "source":"sonicwall-firewall" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/sonicwall_firewall/pyproject.toml b/sonicwall_firewall/pyproject.toml new file mode 100644 index 0000000000000..d07ece4e422e9 --- /dev/null +++ b/sonicwall_firewall/pyproject.toml @@ -0,0 +1,59 @@ +[build-system] +requires = [ + "hatchling>=0.13.0", +] +build-backend = "hatchling.build" + +[project] +name = "datadog-sonicwall-firewall" +description = "The sonicwall_firewall check" +readme = "README.md" +license = "BSD-3-Clause" +keywords = [ + "datadog", + "datadog agent", + "datadog check", + "sonicwall_firewall", +] +authors = [ + { name = "Datadog", email = "packages@datadoghq.com" }, +] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Intended Audience :: System Administrators", + "License :: OSI Approved :: BSD License", + "Private :: Do Not Upload", + "Programming Language :: Python :: 3.11", + "Topic :: System :: Monitoring", +] +dependencies = [ + "datadog-checks-base>=4.2.0", +] +dynamic = [ + "version", +] + +[project.optional-dependencies] +deps = [] + +[project.urls] +Source = "https://github.com/DataDog/integrations-core" + +[tool.hatch.version] +path = "datadog_checks/sonicwall_firewall/__about__.py" + +[tool.hatch.build.targets.sdist] +include = [ + "/datadog_checks", + "/tests", + "/manifest.json", +] + +[tool.hatch.build.targets.wheel] +include = [ + "/datadog_checks/sonicwall_firewall", +] +dev-mode-dirs = [ + ".", +] diff --git a/spark/CHANGELOG.md b/spark/CHANGELOG.md index b83f5dcda3502..bb19a1f1f438e 100644 --- a/spark/CHANGELOG.md +++ b/spark/CHANGELOG.md @@ -14,10 +14,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -28,6 +24,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/spark/tests/docker/docker-compose.yaml b/spark/tests/docker/docker-compose.yaml index c3a5a4ae4af9b..ec26dbbbbc6b8 100644 --- a/spark/tests/docker/docker-compose.yaml +++ b/spark/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - # Adapted from https://github.com/big-data-europe/docker-spark/tree/master/template services: spark-master: @@ -65,4 +63,4 @@ services: ports: - "9999:9999" environment: - - PYTHONUNBUFFERED=1 \ No newline at end of file + - PYTHONUNBUFFERED=1 diff --git a/sqlserver/CHANGELOG.md b/sqlserver/CHANGELOG.md index 6958ccddfd01e..58032c651ecc2 100644 --- a/sqlserver/CHANGELOG.md +++ b/sqlserver/CHANGELOG.md @@ -2,6 +2,34 @@ +## 20.2.0 / 2024-11-28 + +***Added***: + +* Submit database_hostname with database instance and metrics for MySQL, Postgres, and SQLServer ([#18969](https://github.com/DataDog/integrations-core/pull/18969)) +* Add lookback_window config parameter to query_metrics. + + The current lookback window defaults to 2 times the collection interval, and is not able to be overridden. + This means that infrequently-run queries are unlikely to have metrics captured for them. One common + use case that falls into this bucket is ETL queries which can run hourly or even daily. These have + a very small chance of having metrics captured for them. In that case, we will support setting a lookback + window that will include such queries. ([#18979](https://github.com/DataDog/integrations-core/pull/18979)) +* Add config option `azure.aggregate_sql_databases` to report multiple azure sql databases as one database host. This is an opted in feature and is disabled by default. ([#19032](https://github.com/DataDog/integrations-core/pull/19032)) + +***Fixed***: + +* Fix missing appended SQL comments. ([#18958](https://github.com/DataDog/integrations-core/pull/18958)) +* Fix `azure_sql_server_database` resource tag to use Azure SQL Database `{fully_qualified_doman_name}/{database_name}`. ([#19014](https://github.com/DataDog/integrations-core/pull/19014)) +* Update SQLServer agent jobs metrics to be DBM only. ([#19033](https://github.com/DataDog/integrations-core/pull/19033)) +* Fix duplicate deadlock events ([#19139](https://github.com/DataDog/integrations-core/pull/19139)) +* Fix poor query signature correlation for deadlocks. ([#19142](https://github.com/DataDog/integrations-core/pull/19142)) + +## 20.1.1 / 2024-11-25 + +***Fixed***: + +* Use alternative schema collection query for sqlserver 2016 and older due to STRING_AGG not being supported until SQLServer 2017 ([#19110](https://github.com/DataDog/integrations-core/pull/19110)) + ## 20.1.0 / 2024-10-31 ***Added***: @@ -70,6 +98,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Bump lxml version for py3.12 E2E tests ([#18637](https://github.com/DataDog/integrations-core/pull/18637)) ***Fixed***: diff --git a/sqlserver/assets/configuration/spec.yaml b/sqlserver/assets/configuration/spec.yaml index 4fde7367ce475..9497f4ef208be 100644 --- a/sqlserver/assets/configuration/spec.yaml +++ b/sqlserver/assets/configuration/spec.yaml @@ -129,12 +129,230 @@ files: type: boolean example: false display_default: true - - name: include_ao_metrics + - name: database_metrics description: | - Include AlwaysOn availability group metrics. - value: - type: boolean - example: false + Configure the collection of database metrics + options: + - name: ao_metrics + description: | + Configure collection of AlwaysOn availability group metrics. + + When the `ao_metrics.enabled` is True, use `ao_metrics.availability_group` to specify the + resource group id of a specific availability group that you would like to monitor. + If no availability group is specified, then we will collect AlwaysOn metrics for all + availability groups on the current replica. + + Primary replicas may emit metrics for remote secondary replicas + in the same availability group. If `ao_metrics.only_emit_local` is set to true, + the primary replica will only emit information local to itself. + + If `ao_metrics.ao_database` is set, AlwaysOn metrics are only emitted for the selected `ao_database`. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: availability_group + type: string + - name: only_emit_local + type: boolean + example: false + - name: ao_database + type: string + - name: db_backup_metrics + description: | + Configure collection of database backup metrics. + Use `db_backup_metrics.collection_interval` to set the interval (in seconds) for the collection of + database backup metrics. Defaults to 300 seconds (5 minutes). If you intend on updating this value, + it is strongly recommended to use a consistent value throughout all SQL Server agent deployments. + hidden: true + value: + type: object + properties: + - name: enabled + type: boolean + example: true + - name: collection_interval + type: integer + example: 300 + display_default: 300 + - name: db_files_metrics + description: | + Configure collection of database files metrics. + hidden: true + value: + type: object + properties: + - name: enabled + type: boolean + example: true + - name: db_stats_metrics + description: | + Configure collection of database stats metrics + hidden: true + value: + type: object + properties: + - name: enabled + type: boolean + example: true + - name: db_fragmentation_metrics + description: | + Configure collection of database fragmentation metrics. + Note these queries can be resource intensive on large datasets. Recommend to limit these via + autodiscovery or specific database instances. + + Use `db_fragmentation_metrics.enabled_tempdb` to enable collection of database index fragmentation statistics + in tempdb database from the `sys.dm_db_index_physical_stats` DMF. + By default, we do not collect index fragmentation statistics in the tempdb database, as those queries + might cause blocking. This configuration parameter allows enabling the collection of this metric. + This parameter is ignored if the 'enabled' option for 'db_fragmentation_metrics' is set to false. + + Use `db_fragmentation_metrics.collection_interval` to set the interval (in seconds) for the collection of + database fragmentation metrics from the `sys.dm_db_index_physical_stats` DMF. + Defaults to 300 seconds (5 minutes). If you intend on updating this value, it is strongly recommended + to use a consistent value throughout all SQL Server agent deployments. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: enabled_tempdb + type: boolean + example: false + - name: collection_interval + type: integer + example: 300 + display_default: 300 + - name: fci_metrics + description: | + Configure collection of failover Cluster Instance metrics. Note that these metrics + requires a SQLServer set up with Failover Clustering enabled. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: file_stats_metrics + description: | + Configure collection of file stats metrics. + hidden: true + value: + type: object + properties: + - name: enabled + type: boolean + example: true + - name: index_usage_metrics + description: | + Configure collection of user table index usage statistics from the `sys.dm_db_index_usage_stats` DMV. + Because the `sys.dm_db_index_usage_stats` view is scoped to the current database, enable + `database_autodiscovery` or set `database`. + + Use `index_usage_metrics.enabled_tempdb` to enable collection of user table index usage statistics in tempdb + database from the `sys.dm_db_index_usage_stats` DMV. + By default, we do not collect index usage statistics in the tempdb database, as those queries + might cause blocking. This configuration parameter allows enabling the collection of this metric. + This parameter is ignored if 'index_usage_metrics.enabled' is set to false. + + Use `index_usage_metrics.collection_interval` to set the interval (in seconds) for the collection of index + usage statistics from the `sys.dm_db_index_usage_stats` DMV. + Defaults to 300 seconds (5 minutes). If you intend on updating this value, it is strongly recommended + to use a consistent value throughout all SQL Server agent deployments. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: enabled_tempdb + type: boolean + example: false + - name: collection_interval + type: integer + example: 300 + display_default: 300 + - name: instance_metrics + description: | + Configure collection of server-level instance metrics. When setting up multiple instances for + different databases on the same host these metrics will be duplicated unless this option is turned off. + value: + type: object + properties: + - name: enabled + type: boolean + example: true + - name: master_files_metrics + description: | + Configure collection of database file size and state from `sys.master_files` + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: primary_log_shipping_metrics + description: | + Configure collection of metrics for a log shipping setup. Required to run against the + primary instance in a transaction log shipping configuration. Note that + the Datadog user needs to be present in msdb and must be added to the db_datareader role. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: secondary_log_shipping_metrics + description: | + Configure collection of metrics for a log shipping setup. Required to run against the + secondary instance in a transaction log shipping configuration. Note that + the Datadog user needs to be present in msdb and must be added to the db_datareader role. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: server_state_metrics + description: | + Configure collection of server state metrics + hidden: true + value: + type: object + properties: + - name: enabled + type: boolean + example: true + - name: task_scheduler_metrics + description: | + Configure collection of additional Task and Scheduler metrics. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: tempdb_file_space_usage_metrics + description: | + Configure collection of tempdb file space usage metrics for how space is used in tempdb data files. + value: + type: object + properties: + - name: enabled + type: boolean + example: false + - name: xe_metrics + description: | + Configure collection of extended events (XE) metrics. + value: + type: object + properties: + - name: enabled + type: boolean + example: false - name: agent_jobs description: Configure collection of agent jobs events and metrics options: @@ -157,116 +375,6 @@ files: value: type: integer example: 10000 - - name: availability_group - description: | - When `include_ao_metrics` is enabled, you can provide the resource - group id of a specific availability group that you would like to monitor. - If no availability group is specified, then we will collect AlwaysOn metrics - for all availability groups on the current replica. - value: - type: string - - name: only_emit_local - description: | - Primary replicas may emit metrics for remote secondary replicas - in the same availability group. If this option is set to true, - the primary replica will only emit information local to itself. - value: - type: boolean - example: false - - name: ao_database - description: | - AlwaysOn metrics are only emitted for the selected `ao_database` if not empty. - value: - type: string - - name: include_master_files_metrics - description: | - Include database file size and state from `sys.master_files`. - value: - type: boolean - example: false - - name: include_fci_metrics - description: | - Include Failover Cluster Instance metrics. Note that these metrics - requires a SQLServer set up with Failover Clustering enabled. - value: - type: boolean - example: false - - name: include_primary_log_shipping_metrics - description: | - Include log_shipping_primary metrics for a log shipping setup. Required to run - against the primary instance in a transaction log shipping configuration. Note that - the Datadog user needs to be present in msdb and must be added to the db_datareader role. - value: - type: boolean - example: false - - name: include_secondary_log_shipping_metrics - description: | - Include log_shipping_secondary metrics for a log shipping setup. Required to run - against a secondary instance in a transaction log shipping configuration. Note that - the Datadog user needs to be present in msdb and must be added to the db_datareader role. - value: - type: boolean - example: false - - name: include_instance_metrics - description: | - Include server-level instance metrics. When setting up multiple instances for - different databases on the same host these metrics will be duplicated unless this option is turned off. - value: - type: boolean - example: true - - name: include_task_scheduler_metrics - description: Include additional Task and Scheduler metrics. - value: - type: boolean - example: false - - name: include_db_fragmentation_metrics - description: | - Include database fragmentation metrics. Note these queries can be resource intensive on large datasets. - Recommend to limit these via autodiscovery or specific database instances. - value: - type: boolean - example: false - - name: include_db_fragmentation_metrics_tempdb - description: | - Configure the collection of database index fragmentation statistics in tempdb database from the - `sys.dm_db_index_physical_stats` DMF. - - By default, we do not collect index fragmentation statistics in the tempdb database, as those queries - might cause blocking. This configuration parameter allows enabling the collection of this metric. - This parameter is ignored if 'include_db_fragmentation_metrics' is set to false. - value: - type: boolean - example: false - - name: include_index_usage_metrics - description: | - Configure the collection of user table index usage statistics from the `sys.dm_db_index_usage_stats` DMV. - - Because the `sys.dm_db_index_usage_stats` view is scoped to the current database, enable - `database_autodiscovery` or set `database`. - value: - type: boolean - example: true - - name: include_index_usage_metrics_tempdb - description: | - Configure the collection of user table index usage statistics in tempdb database from the - `sys.dm_db_index_usage_stats` DMV. - - By default, we do not collect index usage statistics in the tempdb database, as those queries - might cause blocking. This configuration parameter allows enabling the collection of this metric. - This parameter is ignored if 'include_index_usage_metrics' is set to false. - value: - type: boolean - example: false - - name: index_usage_metrics_interval - description: | - Configure the interval (in seconds) for the collection of index usage statistics from the - `sys.dm_db_index_usage_stats` DMV. - Defaults to 300 seconds (5 minutes). If you intend on updating this value, it is strongly recommended - to use a consistent value throughout all SQL Server agent deployments. - value: - type: integer - example: 300 - display_default: 300 - name: db_fragmentation_object_names description: | Fragmentation metrics normally emit metrics for all objects within a database. @@ -276,19 +384,6 @@ files: type: array items: type: string - - name: include_tempdb_file_space_usage_metrics - description: | - Include tempdb file space usage metrics for how space is used in tempdb data files. - value: - type: boolean - example: true - - name: include_xe_metrics - description: | - Include extended events (XE) metrics. The collection of XE metrics is automatically enabled - when `deadlocks_collection` is enabled. - value: - type: boolean - example: true - name: adoprovider description: | Choose the ADO provider. Note that the (default) provider @@ -649,6 +744,8 @@ files: description: | Set to `false` to disable the collection of comments in your SQL statements. Requires `collect_metadata: true`. + Note: This option must be `true` in order to correlate Database Monitoring samples and APM traces. + See https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm value: type: boolean example: true @@ -764,7 +861,7 @@ files: value: type: number example: 1800 - display_default: false + display_default: 300 - name: schemas_collection description: | Available for Agent 7.56 and newer. diff --git a/sqlserver/changelog.d/18958.fixed b/sqlserver/changelog.d/18958.fixed deleted file mode 100644 index 0ba896b9a6e49..0000000000000 --- a/sqlserver/changelog.d/18958.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix missing appended SQL comments. diff --git a/sqlserver/changelog.d/18979.added b/sqlserver/changelog.d/18979.added deleted file mode 100644 index 5edd40d1e74fb..0000000000000 --- a/sqlserver/changelog.d/18979.added +++ /dev/null @@ -1,7 +0,0 @@ -Add lookback_window config parameter to query_metrics. - -The current lookback window defaults to 2 times the collection interval, and is not able to be overridden. -This means that infrequently-run queries are unlikely to have metrics captured for them. One common -use case that falls into this bucket is ETL queries which can run hourly or even daily. These have -a very small chance of having metrics captured for them. In that case, we will support setting a lookback -window that will include such queries. diff --git a/sqlserver/changelog.d/19014.fixed b/sqlserver/changelog.d/19014.fixed deleted file mode 100644 index 1a3ee8c5f1408..0000000000000 --- a/sqlserver/changelog.d/19014.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix `azure_sql_server_database` resource tag to use Azure SQL Database `{fully_qualified_doman_name}/{database_name}`. diff --git a/sqlserver/changelog.d/19032.added b/sqlserver/changelog.d/19032.added deleted file mode 100644 index 4a64ae6d50354..0000000000000 --- a/sqlserver/changelog.d/19032.added +++ /dev/null @@ -1 +0,0 @@ -Add config option `azure.aggregate_sql_databases` to report multiple azure sql databases as one database host. This is an opted in feature and is disabled by default. diff --git a/sqlserver/changelog.d/19033.fixed b/sqlserver/changelog.d/19033.fixed deleted file mode 100644 index 14d0c87a667da..0000000000000 --- a/sqlserver/changelog.d/19033.fixed +++ /dev/null @@ -1 +0,0 @@ -Update SQLServer agent jobs metrics to be DBM only. diff --git a/sqlserver/changelog.d/19111.added b/sqlserver/changelog.d/19111.added new file mode 100644 index 0000000000000..c3ae6706f8277 --- /dev/null +++ b/sqlserver/changelog.d/19111.added @@ -0,0 +1 @@ +Update configuration structure and allow configuration of all database metrics \ No newline at end of file diff --git a/sqlserver/changelog.d/19189.changed b/sqlserver/changelog.d/19189.changed new file mode 100644 index 0000000000000..c79730c4307db --- /dev/null +++ b/sqlserver/changelog.d/19189.changed @@ -0,0 +1 @@ +Fall back to ``system_health/event_file`` when querying deadlocks if `datadog` XE session wasn't created. diff --git a/sqlserver/datadog_checks/sqlserver/__about__.py b/sqlserver/datadog_checks/sqlserver/__about__.py index 9d60babc50b9c..cc600abdac80d 100644 --- a/sqlserver/datadog_checks/sqlserver/__about__.py +++ b/sqlserver/datadog_checks/sqlserver/__about__.py @@ -2,4 +2,4 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -__version__ = '20.1.0' +__version__ = '20.2.0' diff --git a/sqlserver/datadog_checks/sqlserver/config.py b/sqlserver/datadog_checks/sqlserver/config.py index 92508a44e5721..bcbbb9be07b66 100644 --- a/sqlserver/datadog_checks/sqlserver/config.py +++ b/sqlserver/datadog_checks/sqlserver/config.py @@ -10,6 +10,7 @@ from datadog_checks.base.utils.db.utils import get_agent_host_tags from datadog_checks.sqlserver.const import ( DEFAULT_AUTODISCOVERY_INTERVAL, + DEFAULT_LONG_METRICS_COLLECTION_INTERVAL, PROC_CHAR_LIMIT, ) @@ -28,17 +29,14 @@ def __init__(self, init_config, instance, log): self.autodiscovery_db_service_check: bool = is_affirmative(instance.get('autodiscovery_db_service_check', True)) self.min_collection_interval: int = instance.get('min_collection_interval', 15) self.autodiscovery_interval: int = instance.get('autodiscovery_interval', DEFAULT_AUTODISCOVERY_INTERVAL) + self.database_instance_collection_interval: int = instance.get( + 'database_instance_collection_interval', DEFAULT_LONG_METRICS_COLLECTION_INTERVAL + ) self._include_patterns = self._compile_valid_patterns(self.autodiscovery_include) self._exclude_patterns = self._compile_valid_patterns(self.autodiscovery_exclude) self.proc: str = instance.get('stored_procedure') self.custom_metrics: list[dict] = init_config.get('custom_metrics', []) or [] - self.include_index_usage_metrics_tempdb: bool = is_affirmative( - instance.get('include_index_usage_metrics_tempdb', False) - ) - self.include_db_fragmentation_metrics_tempdb: bool = is_affirmative( - instance.get('include_db_fragmentation_metrics_tempdb', False) - ) self.ignore_missing_database = is_affirmative(instance.get("ignore_missing_database", False)) if self.ignore_missing_database: self.log.warning( @@ -48,6 +46,7 @@ def __init__(self, init_config, instance, log): # DBM self.dbm_enabled: bool = is_affirmative(instance.get('dbm', False)) + self.database_metrics_config: dict = self._build_database_metrics_configs(instance) self.statement_metrics_config: dict = instance.get('query_metrics', {}) or {} self.agent_jobs_config: dict = instance.get('agent_jobs', {}) or {} self.procedure_metrics_config: dict = instance.get('procedure_metrics', {}) or {} @@ -110,10 +109,10 @@ def __init__(self, init_config, instance, log): ) self.log_unobfuscated_queries: bool = is_affirmative(instance.get('log_unobfuscated_queries', False)) self.log_unobfuscated_plans: bool = is_affirmative(instance.get('log_unobfuscated_plans', False)) - self.database_instance_collection_interval: int = instance.get('database_instance_collection_interval', 300) self.stored_procedure_characters_limit: int = instance.get('stored_procedure_characters_limit', PROC_CHAR_LIMIT) self.connection_host: str = instance['host'] self.service = instance.get('service') or init_config.get('service') or '' + self.db_fragmentation_object_names = instance.get('db_fragmentation_object_names', []) or [] def _compile_valid_patterns(self, patterns: list[str]) -> re.Pattern: valid_patterns = [] @@ -170,3 +169,83 @@ def _should_propagate_agent_tags(instance, init_config) -> bool: return init_config_propagate_agent_tags # if neither the instance nor the init_config has set the value, return False return False + + def _build_database_metrics_configs(self, instance): + # Set defaults for database metrics + configurable_metrics = { + "ao_metrics": {'enabled': False, 'availability_group': None, 'ao_database': None, 'only_emit_local': False}, + "db_backup_metrics": {'enabled': True, 'collection_interval': DEFAULT_LONG_METRICS_COLLECTION_INTERVAL}, + "db_files_metrics": {'enabled': True}, + "db_stats_metrics": {'enabled': True}, + "db_fragmentation_metrics": { + 'enabled': False, + 'enabled_tempdb': False, + 'collection_interval': DEFAULT_LONG_METRICS_COLLECTION_INTERVAL, + }, + "fci_metrics": {'enabled': False}, + "file_stats_metrics": {'enabled': True}, + "index_usage_metrics": { + 'enabled': True, + 'collection_interval': DEFAULT_LONG_METRICS_COLLECTION_INTERVAL, + 'enabled_tempdb': False, + }, + "instance_metrics": {'enabled': True}, + "master_files_metrics": {'enabled': False}, + "primary_log_shipping_metrics": {'enabled': False}, + "secondary_log_shipping_metrics": {'enabled': False}, + "server_state_metrics": {'enabled': True}, + "task_scheduler_metrics": {'enabled': False}, + "tempdb_file_space_usage_metrics": {'enabled': True}, + "xe_metrics": {'enabled': False}, + } + # Check if the instance has any configuration for the metrics in legacy structure + legacy_configuration_metrics = { + "include_ao_metrics": "ao_metrics", + "include_master_files_metrics": "master_files_metrics", + "include_fci_metrics": "fci_metrics", + "include_primary_log_shipping_metrics": "primary_log_shipping_metrics", + "include_secondary_log_shipping_metrics": "secondary_log_shipping_metrics", + "include_instance_metrics": "instance_metrics", + "include_task_scheduler_metrics": "task_scheduler_metrics", + "include_db_fragmentation_metrics": "db_fragmentation_metrics", + "include_index_usage_metrics": "index_usage_metrics", + "include_tempdb_file_space_usage_metrics": "tempdb_file_space_usage_metrics", + "include_xe_metrics": "xe_metrics", + } + for metric, config_key in legacy_configuration_metrics.items(): + if instance.get(metric) is not None: + configurable_metrics[config_key]['enabled'] = instance[metric] + # Manual look ups for legacy configuration structure + configurable_metrics['ao_metrics']['availability_group'] = instance.get( + 'availability_group', configurable_metrics['ao_metrics']['availability_group'] + ) + configurable_metrics['ao_metrics']['ao_database'] = instance.get( + 'ao_database', configurable_metrics['ao_metrics']['ao_database'] + ) + configurable_metrics['ao_metrics']['only_emit_local'] = instance.get( + 'only_emit_local', configurable_metrics['ao_metrics']['only_emit_local'] + ) + configurable_metrics['db_backup_metrics']['collection_interval'] = instance.get( + 'database_backup_metrics_interval', configurable_metrics['db_backup_metrics']['collection_interval'] + ) + configurable_metrics['db_fragmentation_metrics']['enabled_tempdb'] = instance.get( + 'include_db_fragmentation_metrics_tempdb', + configurable_metrics['db_fragmentation_metrics']['enabled_tempdb'], + ) + configurable_metrics['db_fragmentation_metrics']['collection_interval'] = instance.get( + 'db_fragmentation_metrics_interval', configurable_metrics['db_fragmentation_metrics']['collection_interval'] + ) + configurable_metrics['index_usage_metrics']['enabled_tempdb'] = instance.get( + 'include_index_usage_metrics_tempdb', configurable_metrics['index_usage_metrics']['enabled_tempdb'] + ) + configurable_metrics['index_usage_metrics']['collection_interval'] = instance.get( + 'index_usage_stats_interval', configurable_metrics['index_usage_metrics']['collection_interval'] + ) + # Check if the instance has any configuration for the metrics + database_metrics = instance.get('database_metrics', {}) + for metric, config in configurable_metrics.items(): + metric_config = database_metrics.get(metric, {}) + for key, value in metric_config.items(): + if value is not None: + config[key] = value + return configurable_metrics diff --git a/sqlserver/datadog_checks/sqlserver/config_models/defaults.py b/sqlserver/datadog_checks/sqlserver/config_models/defaults.py index 8dfc29b5ddfa7..1c6fcda461355 100644 --- a/sqlserver/datadog_checks/sqlserver/config_models/defaults.py +++ b/sqlserver/datadog_checks/sqlserver/config_models/defaults.py @@ -41,7 +41,7 @@ def instance_database_autodiscovery_interval(): def instance_database_instance_collection_interval(): - return False + return 300 def instance_dbm(): @@ -64,62 +64,6 @@ def instance_ignore_missing_database(): return False -def instance_include_ao_metrics(): - return False - - -def instance_include_db_fragmentation_metrics(): - return False - - -def instance_include_db_fragmentation_metrics_tempdb(): - return False - - -def instance_include_fci_metrics(): - return False - - -def instance_include_index_usage_metrics(): - return True - - -def instance_include_index_usage_metrics_tempdb(): - return False - - -def instance_include_instance_metrics(): - return True - - -def instance_include_master_files_metrics(): - return False - - -def instance_include_primary_log_shipping_metrics(): - return False - - -def instance_include_secondary_log_shipping_metrics(): - return False - - -def instance_include_task_scheduler_metrics(): - return False - - -def instance_include_tempdb_file_space_usage_metrics(): - return True - - -def instance_include_xe_metrics(): - return True - - -def instance_index_usage_metrics_interval(): - return 300 - - def instance_log_unobfuscated_plans(): return False @@ -136,10 +80,6 @@ def instance_only_custom_queries(): return False -def instance_only_emit_local(): - return False - - def instance_proc_only_if_database(): return 'master' diff --git a/sqlserver/datadog_checks/sqlserver/config_models/instance.py b/sqlserver/datadog_checks/sqlserver/config_models/instance.py index ad93d2bdb6f48..1f83cbd0ccc1d 100644 --- a/sqlserver/datadog_checks/sqlserver/config_models/instance.py +++ b/sqlserver/datadog_checks/sqlserver/config_models/instance.py @@ -12,7 +12,7 @@ from types import MappingProxyType from typing import Any, Optional -from pydantic import BaseModel, ConfigDict, field_validator, model_validator +from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator from datadog_checks.base.utils.functions import identity from datadog_checks.base.utils.models import validation @@ -69,6 +69,165 @@ class CustomQuery(BaseModel): tags: Optional[tuple[str, ...]] = None +class AoMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + ao_database: Optional[str] = None + availability_group: Optional[str] = None + enabled: Optional[bool] = Field(None, examples=[False]) + only_emit_local: Optional[bool] = Field(None, examples=[False]) + + +class DbBackupMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + collection_interval: Optional[int] = Field(None, examples=[300]) + enabled: Optional[bool] = Field(None, examples=[True]) + + +class DbFilesMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[True]) + + +class DbFragmentationMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + collection_interval: Optional[int] = Field(None, examples=[300]) + enabled: Optional[bool] = Field(None, examples=[False]) + enabled_tempdb: Optional[bool] = Field(None, examples=[False]) + + +class DbStatsMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[True]) + + +class FciMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class FileStatsMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[True]) + + +class IndexUsageMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + collection_interval: Optional[int] = Field(None, examples=[300]) + enabled: Optional[bool] = Field(None, examples=[False]) + enabled_tempdb: Optional[bool] = Field(None, examples=[False]) + + +class InstanceMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[True]) + + +class MasterFilesMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class PrimaryLogShippingMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class SecondaryLogShippingMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class ServerStateMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[True]) + + +class TaskSchedulerMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class TempdbFileSpaceUsageMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class XeMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + enabled: Optional[bool] = Field(None, examples=[False]) + + +class DatabaseMetrics(BaseModel): + model_config = ConfigDict( + arbitrary_types_allowed=True, + frozen=True, + ) + ao_metrics: Optional[AoMetrics] = None + db_backup_metrics: Optional[DbBackupMetrics] = None + db_files_metrics: Optional[DbFilesMetrics] = None + db_fragmentation_metrics: Optional[DbFragmentationMetrics] = None + db_stats_metrics: Optional[DbStatsMetrics] = None + fci_metrics: Optional[FciMetrics] = None + file_stats_metrics: Optional[FileStatsMetrics] = None + index_usage_metrics: Optional[IndexUsageMetrics] = None + instance_metrics: Optional[InstanceMetrics] = None + master_files_metrics: Optional[MasterFilesMetrics] = None + primary_log_shipping_metrics: Optional[PrimaryLogShippingMetrics] = None + secondary_log_shipping_metrics: Optional[SecondaryLogShippingMetrics] = None + server_state_metrics: Optional[ServerStateMetrics] = None + task_scheduler_metrics: Optional[TaskSchedulerMetrics] = None + tempdb_file_space_usage_metrics: Optional[TempdbFileSpaceUsageMetrics] = None + xe_metrics: Optional[XeMetrics] = None + + class DeadlocksCollection(BaseModel): model_config = ConfigDict( arbitrary_types_allowed=True, @@ -179,11 +338,9 @@ class InstanceConfig(BaseModel): ) adoprovider: Optional[str] = None agent_jobs: Optional[AgentJobs] = None - ao_database: Optional[str] = None autodiscovery_db_service_check: Optional[bool] = None autodiscovery_exclude: Optional[tuple[str, ...]] = None autodiscovery_include: Optional[tuple[str, ...]] = None - availability_group: Optional[str] = None aws: Optional[Aws] = None azure: Optional[Azure] = None collect_settings: Optional[CollectSettings] = None @@ -195,6 +352,7 @@ class InstanceConfig(BaseModel): database_autodiscovery: Optional[bool] = None database_autodiscovery_interval: Optional[int] = None database_instance_collection_interval: Optional[float] = None + database_metrics: Optional[DatabaseMetrics] = None db_fragmentation_object_names: Optional[tuple[str, ...]] = None dbm: Optional[bool] = None deadlocks_collection: Optional[DeadlocksCollection] = None @@ -205,20 +363,6 @@ class InstanceConfig(BaseModel): gcp: Optional[Gcp] = None host: str ignore_missing_database: Optional[bool] = None - include_ao_metrics: Optional[bool] = None - include_db_fragmentation_metrics: Optional[bool] = None - include_db_fragmentation_metrics_tempdb: Optional[bool] = None - include_fci_metrics: Optional[bool] = None - include_index_usage_metrics: Optional[bool] = None - include_index_usage_metrics_tempdb: Optional[bool] = None - include_instance_metrics: Optional[bool] = None - include_master_files_metrics: Optional[bool] = None - include_primary_log_shipping_metrics: Optional[bool] = None - include_secondary_log_shipping_metrics: Optional[bool] = None - include_task_scheduler_metrics: Optional[bool] = None - include_tempdb_file_space_usage_metrics: Optional[bool] = None - include_xe_metrics: Optional[bool] = None - index_usage_metrics_interval: Optional[int] = None log_unobfuscated_plans: Optional[bool] = None log_unobfuscated_queries: Optional[bool] = None managed_identity: Optional[ManagedIdentity] = None @@ -226,7 +370,6 @@ class InstanceConfig(BaseModel): min_collection_interval: Optional[float] = None obfuscator_options: Optional[ObfuscatorOptions] = None only_custom_queries: Optional[bool] = None - only_emit_local: Optional[bool] = None password: Optional[str] = None proc_only_if: Optional[str] = None proc_only_if_database: Optional[str] = None diff --git a/sqlserver/datadog_checks/sqlserver/const.py b/sqlserver/datadog_checks/sqlserver/const.py index 7fc1cf86a659e..5d29c54041040 100644 --- a/sqlserver/datadog_checks/sqlserver/const.py +++ b/sqlserver/datadog_checks/sqlserver/const.py @@ -271,3 +271,5 @@ PROC_CHAR_LIMIT = 500 DEFAULT_SCHEMAS_COLLECTION_INTERVAL = 600 + +DEFAULT_LONG_METRICS_COLLECTION_INTERVAL = 300 diff --git a/sqlserver/datadog_checks/sqlserver/data/conf.yaml.example b/sqlserver/datadog_checks/sqlserver/data/conf.yaml.example index 5418c1b76b220..7ea10e54d507d 100644 --- a/sqlserver/datadog_checks/sqlserver/data/conf.yaml.example +++ b/sqlserver/datadog_checks/sqlserver/data/conf.yaml.example @@ -127,10 +127,107 @@ instances: # autodiscovery_db_service_check: false - ## @param include_ao_metrics - boolean - optional - default: false - ## Include AlwaysOn availability group metrics. + ## Configure the collection of database metrics # - # include_ao_metrics: false + # database_metrics: + + ## @param ao_metrics - mapping - optional + ## Configure collection of AlwaysOn availability group metrics. + ## + ## When the `ao_metrics.enabled` is True, use `ao_metrics.availability_group` to specify the + ## resource group id of a specific availability group that you would like to monitor. + ## If no availability group is specified, then we will collect AlwaysOn metrics for all + ## availability groups on the current replica. + ## + ## Primary replicas may emit metrics for remote secondary replicas + ## in the same availability group. If `ao_metrics.only_emit_local` is set to true, + ## the primary replica will only emit information local to itself. + ## + ## If `ao_metrics.ao_database` is set, AlwaysOn metrics are only emitted for the selected `ao_database`. + # + # ao_metrics: {} + + ## @param db_fragmentation_metrics - mapping - optional + ## Configure collection of database fragmentation metrics. + ## Note these queries can be resource intensive on large datasets. Recommend to limit these via + ## autodiscovery or specific database instances. + ## + ## Use `db_fragmentation_metrics.enabled_tempdb` to enable collection of database index fragmentation statistics + ## in tempdb database from the `sys.dm_db_index_physical_stats` DMF. + ## By default, we do not collect index fragmentation statistics in the tempdb database, as those queries + ## might cause blocking. This configuration parameter allows enabling the collection of this metric. + ## This parameter is ignored if the 'enabled' option for 'db_fragmentation_metrics' is set to false. + ## + ## Use `db_fragmentation_metrics.collection_interval` to set the interval (in seconds) for the collection of + ## database fragmentation metrics from the `sys.dm_db_index_physical_stats` DMF. + ## Defaults to 300 seconds (5 minutes). If you intend on updating this value, it is strongly recommended + ## to use a consistent value throughout all SQL Server agent deployments. + # + # db_fragmentation_metrics: {} + + ## @param fci_metrics - mapping - optional + ## Configure collection of failover Cluster Instance metrics. Note that these metrics + ## requires a SQLServer set up with Failover Clustering enabled. + # + # fci_metrics: {} + + ## @param index_usage_metrics - mapping - optional + ## Configure collection of user table index usage statistics from the `sys.dm_db_index_usage_stats` DMV. + ## Because the `sys.dm_db_index_usage_stats` view is scoped to the current database, enable + ## `database_autodiscovery` or set `database`. + ## + ## Use `index_usage_metrics.enabled_tempdb` to enable collection of user table index usage statistics in tempdb + ## database from the `sys.dm_db_index_usage_stats` DMV. + ## By default, we do not collect index usage statistics in the tempdb database, as those queries + ## might cause blocking. This configuration parameter allows enabling the collection of this metric. + ## This parameter is ignored if 'index_usage_metrics.enabled' is set to false. + ## + ## Use `index_usage_metrics.collection_interval` to set the interval (in seconds) for the collection of index + ## usage statistics from the `sys.dm_db_index_usage_stats` DMV. + ## Defaults to 300 seconds (5 minutes). If you intend on updating this value, it is strongly recommended + ## to use a consistent value throughout all SQL Server agent deployments. + # + # index_usage_metrics: {} + + ## @param instance_metrics - mapping - optional + ## Configure collection of server-level instance metrics. When setting up multiple instances for + ## different databases on the same host these metrics will be duplicated unless this option is turned off. + # + # instance_metrics: {} + + ## @param master_files_metrics - mapping - optional + ## Configure collection of database file size and state from `sys.master_files` + # + # master_files_metrics: {} + + ## @param primary_log_shipping_metrics - mapping - optional + ## Configure collection of metrics for a log shipping setup. Required to run against the + ## primary instance in a transaction log shipping configuration. Note that + ## the Datadog user needs to be present in msdb and must be added to the db_datareader role. + # + # primary_log_shipping_metrics: {} + + ## @param secondary_log_shipping_metrics - mapping - optional + ## Configure collection of metrics for a log shipping setup. Required to run against the + ## secondary instance in a transaction log shipping configuration. Note that + ## the Datadog user needs to be present in msdb and must be added to the db_datareader role. + # + # secondary_log_shipping_metrics: {} + + ## @param task_scheduler_metrics - mapping - optional + ## Configure collection of additional Task and Scheduler metrics. + # + # task_scheduler_metrics: {} + + ## @param tempdb_file_space_usage_metrics - mapping - optional + ## Configure collection of tempdb file space usage metrics for how space is used in tempdb data files. + # + # tempdb_file_space_usage_metrics: {} + + ## @param xe_metrics - mapping - optional + ## Configure collection of extended events (XE) metrics. + # + # xe_metrics: {} ## Configure collection of agent jobs events and metrics # @@ -152,104 +249,6 @@ instances: # # history_row_limit: 10000 - ## @param availability_group - string - optional - ## When `include_ao_metrics` is enabled, you can provide the resource - ## group id of a specific availability group that you would like to monitor. - ## If no availability group is specified, then we will collect AlwaysOn metrics - ## for all availability groups on the current replica. - # - # availability_group: - - ## @param only_emit_local - boolean - optional - default: false - ## Primary replicas may emit metrics for remote secondary replicas - ## in the same availability group. If this option is set to true, - ## the primary replica will only emit information local to itself. - # - # only_emit_local: false - - ## @param ao_database - string - optional - ## AlwaysOn metrics are only emitted for the selected `ao_database` if not empty. - # - # ao_database: - - ## @param include_master_files_metrics - boolean - optional - default: false - ## Include database file size and state from `sys.master_files`. - # - # include_master_files_metrics: false - - ## @param include_fci_metrics - boolean - optional - default: false - ## Include Failover Cluster Instance metrics. Note that these metrics - ## requires a SQLServer set up with Failover Clustering enabled. - # - # include_fci_metrics: false - - ## @param include_primary_log_shipping_metrics - boolean - optional - default: false - ## Include log_shipping_primary metrics for a log shipping setup. Required to run - ## against the primary instance in a transaction log shipping configuration. Note that - ## the Datadog user needs to be present in msdb and must be added to the db_datareader role. - # - # include_primary_log_shipping_metrics: false - - ## @param include_secondary_log_shipping_metrics - boolean - optional - default: false - ## Include log_shipping_secondary metrics for a log shipping setup. Required to run - ## against a secondary instance in a transaction log shipping configuration. Note that - ## the Datadog user needs to be present in msdb and must be added to the db_datareader role. - # - # include_secondary_log_shipping_metrics: false - - ## @param include_instance_metrics - boolean - optional - default: true - ## Include server-level instance metrics. When setting up multiple instances for - ## different databases on the same host these metrics will be duplicated unless this option is turned off. - # - # include_instance_metrics: true - - ## @param include_task_scheduler_metrics - boolean - optional - default: false - ## Include additional Task and Scheduler metrics. - # - # include_task_scheduler_metrics: false - - ## @param include_db_fragmentation_metrics - boolean - optional - default: false - ## Include database fragmentation metrics. Note these queries can be resource intensive on large datasets. - ## Recommend to limit these via autodiscovery or specific database instances. - # - # include_db_fragmentation_metrics: false - - ## @param include_db_fragmentation_metrics_tempdb - boolean - optional - default: false - ## Configure the collection of database index fragmentation statistics in tempdb database from the - ## `sys.dm_db_index_physical_stats` DMF. - ## - ## By default, we do not collect index fragmentation statistics in the tempdb database, as those queries - ## might cause blocking. This configuration parameter allows enabling the collection of this metric. - ## This parameter is ignored if 'include_db_fragmentation_metrics' is set to false. - # - # include_db_fragmentation_metrics_tempdb: false - - ## @param include_index_usage_metrics - boolean - optional - default: true - ## Configure the collection of user table index usage statistics from the `sys.dm_db_index_usage_stats` DMV. - ## - ## Because the `sys.dm_db_index_usage_stats` view is scoped to the current database, enable - ## `database_autodiscovery` or set `database`. - # - # include_index_usage_metrics: true - - ## @param include_index_usage_metrics_tempdb - boolean - optional - default: false - ## Configure the collection of user table index usage statistics in tempdb database from the - ## `sys.dm_db_index_usage_stats` DMV. - ## - ## By default, we do not collect index usage statistics in the tempdb database, as those queries - ## might cause blocking. This configuration parameter allows enabling the collection of this metric. - ## This parameter is ignored if 'include_index_usage_metrics' is set to false. - # - # include_index_usage_metrics_tempdb: false - - ## @param index_usage_metrics_interval - integer - optional - default: 300 - ## Configure the interval (in seconds) for the collection of index usage statistics from the - ## `sys.dm_db_index_usage_stats` DMV. - ## Defaults to 300 seconds (5 minutes). If you intend on updating this value, it is strongly recommended - ## to use a consistent value throughout all SQL Server agent deployments. - # - # index_usage_metrics_interval: 300 - ## @param db_fragmentation_object_names - list of strings - optional ## Fragmentation metrics normally emit metrics for all objects within a database. ## This option allows you to specify database object names to query for fragmentation metrics. @@ -257,17 +256,6 @@ instances: # # db_fragmentation_object_names: [] - ## @param include_tempdb_file_space_usage_metrics - boolean - optional - default: true - ## Include tempdb file space usage metrics for how space is used in tempdb data files. - # - # include_tempdb_file_space_usage_metrics: true - - ## @param include_xe_metrics - boolean - optional - default: true - ## Include extended events (XE) metrics. The collection of XE metrics is automatically enabled - ## when `deadlocks_collection` is enabled. - # - # include_xe_metrics: true - ## @param adoprovider - string - optional - default: SQLOLEDB ## Choose the ADO provider. Note that the (default) provider ## SQLOLEDB is being deprecated. To use the newer MSOLEDBSQL @@ -556,6 +544,8 @@ instances: ## @param collect_comments - boolean - optional - default: true ## Set to `false` to disable the collection of comments in your SQL statements. ## Requires `collect_metadata: true`. + ## Note: This option must be `true` in order to correlate Database Monitoring samples and APM traces. + ## See https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm # # collect_comments: true diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/ao_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/ao_metrics.py index 31b3238ba8752..8e83034bda518 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/ao_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/ao_metrics.py @@ -4,7 +4,6 @@ from typing import List -from datadog_checks.base.config import is_affirmative from datadog_checks.sqlserver.utils import is_azure_database from .base import SqlserverDatabaseMetricsBase @@ -61,7 +60,7 @@ class SqlserverAoMetrics(SqlserverDatabaseMetricsBase): @property def include_ao_metrics(self) -> bool: - return is_affirmative(self.instance_config.get('include_ao_metrics', False)) + return self.config.database_metrics_config["ao_metrics"]["enabled"] @property def enabled(self) -> bool: diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/availability_groups_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/availability_groups_metrics.py index c3c7937f65c2b..ed3558c3d3a1c 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/availability_groups_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/availability_groups_metrics.py @@ -2,8 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase AVAILABILITY_GROUPS_METRICS_QUERY = { @@ -38,11 +36,11 @@ class SqlserverAvailabilityGroupsMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-hadr-availability-group-states-transact-sql?view=sql-server-ver15 @property def include_ao_metrics(self) -> bool: - return is_affirmative(self.instance_config.get('include_ao_metrics', False)) + return self.config.database_metrics_config["ao_metrics"]["enabled"] @property def availability_group(self): - return self.instance_config.get('availability_group') + return self.config.database_metrics_config["ao_metrics"]["availability_group"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/availability_replicas_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/availability_replicas_metrics.py index 95b0c9041108c..69bccb89af457 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/availability_replicas_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/availability_replicas_metrics.py @@ -2,8 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase AVAILABILITY_REPLICAS_METRICS_QUERY = { @@ -49,19 +47,19 @@ class SqlserverAvailabilityReplicasMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-availability-replicas-transact-sql?view=sql-server-ver15 @property def include_ao_metrics(self) -> bool: - return is_affirmative(self.instance_config.get('include_ao_metrics', False)) + return self.config.database_metrics_config["ao_metrics"]["enabled"] @property def availability_group(self): - return self.instance_config.get('availability_group') + return self.config.database_metrics_config["ao_metrics"]["availability_group"] @property def only_emit_local(self): - return is_affirmative(self.instance_config.get('only_emit_local', False)) + return self.config.database_metrics_config["ao_metrics"]["only_emit_local"] @property def ao_database(self): - return self.instance_config.get('ao_database') + return self.config.database_metrics_config["ao_metrics"]["ao_database"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/base.py b/sqlserver/datadog_checks/sqlserver/database_metrics/base.py index bc61f01c71491..013c68d9703e7 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/base.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/base.py @@ -15,7 +15,6 @@ class SqlserverDatabaseMetricsBase: def __init__( self, config, - instance_config, new_query_executor, server_static_info, execute_query_handler, @@ -23,7 +22,6 @@ def __init__( databases=None, ): self.config: SQLServerConfig = config - self.instance_config: dict = instance_config # TODO: Remove instance_config and use self.config self.server_static_info: dict = server_static_info self.new_query_executor: Callable[ [List[dict], Callable, Optional[List[str]], Optional[bool]], QueryExecutor diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/database_agent_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/database_agent_metrics.py index 6d99655392eaf..0c2491b0b056f 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/database_agent_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/database_agent_metrics.py @@ -110,7 +110,7 @@ class SqlserverAgentMetrics(SqlserverDatabaseMetricsBase): def include_agent_metrics(self) -> bool: if not self.config.dbm_enabled: return False - agent_jobs_config = self.instance_config.get('agent_jobs', {}) + agent_jobs_config = self.config.agent_jobs_config if agent_jobs_config: return is_affirmative(agent_jobs_config.get('enabled', False)) return False @@ -128,7 +128,7 @@ def collection_interval(self) -> int: Returns the interval in seconds at which to collect index usage metrics. Note: The index usage metrics query can be expensive, so it is recommended to set a higher interval. ''' - agent_jobs_config = self.instance_config.get('agent_jobs', {}) + agent_jobs_config = self.config.agent_jobs_config if agent_jobs_config: return int(agent_jobs_config.get('collection_interval', 15)) return 15 # 15 seconds diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/database_backup_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/database_backup_metrics.py index e82cd65963204..21be687d112b1 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/database_backup_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/database_backup_metrics.py @@ -30,26 +30,23 @@ class SqlserverDatabaseBackupMetrics(SqlserverDatabaseMetricsBase): # Contains a row for each backup set. A backup set # contains the backup from a single, successful backup operation. # https://docs.microsoft.com/en-us/sql/relational-databases/system-tables/backupset-transact-sql?view=sql-server-ver15 + @property + def include_database_backup_metrics(self) -> bool: + return self.config.database_metrics_config["db_backup_metrics"]["enabled"] + @property def enabled(self): - if is_azure_sql_database(self.engine_edition): + if not self.include_database_backup_metrics or is_azure_sql_database(self.engine_edition): return False return True - @property - def _default_collection_interval(self) -> int: - ''' - Returns the default interval in seconds at which to collect database backup metrics. - ''' - return 5 * 60 # 5 minutes - @property def collection_interval(self) -> int: ''' Returns the interval in seconds at which to collect database backup metrics. Note: The database backup metrics query can be expensive, so it is recommended to set a higher interval. ''' - return int(self.instance_config.get('database_backup_metrics_interval', self._default_collection_interval)) + return self.config.database_metrics_config["db_backup_metrics"]["collection_interval"] @property def queries(self): @@ -63,6 +60,7 @@ def __repr__(self) -> str: return ( f"{self.__class__.__name__}(" f"enabled={self.enabled}, " + f"include_database_backup_metrics={self.include_database_backup_metrics}), " f"engine_edition={self.engine_edition}, " f"collection_interval={self.collection_interval})" ) diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/database_files_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/database_files_metrics.py index 0786ebd5e999c..5dd458bfd6005 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/database_files_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/database_files_metrics.py @@ -46,8 +46,14 @@ class SqlserverDatabaseFilesMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-database-files-transact-sql + @property + def include_database_files_metrics(self) -> bool: + return self.config.database_metrics_config["db_files_metrics"]["enabled"] + @property def enabled(self): + if not self.include_database_files_metrics: + return False return True @property @@ -55,7 +61,11 @@ def queries(self): return [DATABASE_FILES_METRICS_QUERY] def __repr__(self) -> str: - return f"{self.__class__.__name__}(" f"enabled={self.enabled})" + return ( + f"{self.__class__.__name__}(" + f"enabled={self.enabled}, " + f"include_database_files_metrics={self.include_database_files_metrics})" + ) def _build_query_executors(self): executors = [] diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/database_replication_stats_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/database_replication_stats_metrics.py index e1233e353cf83..cbc5503855c80 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/database_replication_stats_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/database_replication_stats_metrics.py @@ -2,8 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase DATABASE_REPLICATION_STATS_METRICS_QUERY = { @@ -34,15 +32,15 @@ class SqlserverDatabaseReplicationStatsMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-hadr-database-replica-states-transact-sql?view=sql-server-ver15 @property def include_ao_metrics(self) -> bool: - return is_affirmative(self.instance_config.get('include_ao_metrics', False)) + return self.config.database_metrics_config["ao_metrics"]["enabled"] @property def availability_group(self): - return self.instance_config.get('availability_group') + return self.config.database_metrics_config["ao_metrics"]["availability_group"] @property def only_emit_local(self): - return is_affirmative(self.instance_config.get('only_emit_local', False)) + return self.config.database_metrics_config["ao_metrics"]["only_emit_local"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/database_stats_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/database_stats_metrics.py index d8024f4deb929..3c34a16004f81 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/database_stats_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/database_stats_metrics.py @@ -33,8 +33,14 @@ class SqlserverDatabaseStatsMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-databases-transact-sql?view=sql-server-ver15 + @property + def include_database_stats_metrics(self) -> bool: + return self.config.database_metrics_config["db_stats_metrics"]["enabled"] + @property def enabled(self): + if not self.include_database_stats_metrics: + return False return True @property @@ -42,4 +48,8 @@ def queries(self): return [DATABASE_STATS_METRICS_QUERY] def __repr__(self) -> str: - return f"{self.__class__.__name__}(" f"enabled={self.enabled}" + return ( + f"{self.__class__.__name__}(" + f"enabled={self.enabled}, " + f"include_database_stats_metrics={self.include_database_stats_metrics})" + ) diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/db_fragmentation_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/db_fragmentation_metrics.py index 2b05f9378d37c..1411449ac5e21 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/db_fragmentation_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/db_fragmentation_metrics.py @@ -5,7 +5,6 @@ import copy import functools -from datadog_checks.base.config import is_affirmative from datadog_checks.base.errors import ConfigurationError from .base import SqlserverDatabaseMetricsBase @@ -52,15 +51,15 @@ class SqlserverDBFragmentationMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-db-index-physical-stats-transact-sql?view=sql-server-ver15 @property def include_db_fragmentation_metrics(self): - return is_affirmative(self.instance_config.get('include_db_fragmentation_metrics', False)) + return self.config.database_metrics_config["db_fragmentation_metrics"]["enabled"] @property def include_db_fragmentation_metrics_tempdb(self): - return is_affirmative(self.instance_config.get('include_db_fragmentation_metrics_tempdb', False)) + return self.config.database_metrics_config["db_fragmentation_metrics"]["enabled_tempdb"] @property def db_fragmentation_object_names(self): - return self.instance_config.get('db_fragmentation_object_names', []) or [] + return self.config.db_fragmentation_object_names @property def enabled(self): @@ -68,20 +67,13 @@ def enabled(self): return False return True - @property - def _default_collection_interval(self) -> int: - ''' - Returns the default interval in seconds at which to collect database index fragmentation metrics. - ''' - return 5 * 60 # 5 minutes - @property def collection_interval(self) -> int: ''' Returns the interval in seconds at which to collect database index fragmentation metrics. Note: The index fragmentation metrics query can be expensive, so it is recommended to set a higher interval. ''' - return int(self.instance_config.get('db_fragmentation_metrics_interval', self._default_collection_interval)) + return self.config.database_metrics_config["db_fragmentation_metrics"]["collection_interval"] @property def databases(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/fci_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/fci_metrics.py index 81bbf485509d3..5bd821d07b8de 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/fci_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/fci_metrics.py @@ -2,7 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative from datadog_checks.sqlserver.const import ( ENGINE_EDITION_AZURE_MANAGED_INSTANCE, ) @@ -37,8 +36,8 @@ class SqlserverFciMetrics(SqlserverDatabaseMetricsBase): @property - def include_fci_metrics(self): - return is_affirmative(self.instance_config.get('include_fci_metrics', False)) + def include_fci_metrics(self) -> bool: + return self.config.database_metrics_config["fci_metrics"]["enabled"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/file_stats_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/file_stats_metrics.py index 79e0877769d7a..85b3a0d25c26d 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/file_stats_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/file_stats_metrics.py @@ -9,8 +9,14 @@ class SqlserverFileStatsMetrics(SqlserverDatabaseMetricsBase): + @property + def include_file_stats_metrics(self) -> bool: + return self.config.database_metrics_config["file_stats_metrics"]["enabled"] + @property def enabled(self): + if not self.include_file_stats_metrics: + return False if not self.major_version and not is_azure_database(self.engine_edition): return False return True diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/index_usage_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/index_usage_metrics.py index 34c9b24e8d668..d91a935c19133 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/index_usage_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/index_usage_metrics.py @@ -4,7 +4,6 @@ import functools -from datadog_checks.base.config import is_affirmative from datadog_checks.base.errors import ConfigurationError from .base import SqlserverDatabaseMetricsBase @@ -45,18 +44,11 @@ class SqlserverIndexUsageMetrics(SqlserverDatabaseMetricsBase): @property def include_index_usage_metrics(self) -> bool: - return is_affirmative(self.instance_config.get('include_index_usage_metrics', True)) + return self.config.database_metrics_config["index_usage_metrics"]["enabled"] @property def include_index_usage_metrics_tempdb(self) -> bool: - return is_affirmative(self.instance_config.get('include_index_usage_metrics_tempdb', False)) - - @property - def _default_collection_interval(self) -> int: - ''' - Returns the default interval in seconds at which to collect index usage metrics. - ''' - return 5 * 60 # 5 minutes + return self.config.database_metrics_config["index_usage_metrics"]["enabled_tempdb"] @property def collection_interval(self) -> int: @@ -64,7 +56,7 @@ def collection_interval(self) -> int: Returns the interval in seconds at which to collect index usage metrics. Note: The index usage metrics query can be expensive, so it is recommended to set a higher interval. ''' - return int(self.instance_config.get('index_usage_stats_interval', self._default_collection_interval)) + return self.config.database_metrics_config["index_usage_metrics"]["collection_interval"] @property def databases(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/master_files_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/master_files_metrics.py index a3ebf5edd89ef..2dd429807c0dc 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/master_files_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/master_files_metrics.py @@ -2,8 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase MASTER_FILES_METRICS_QUERY = { @@ -48,7 +46,7 @@ class SqlserverMasterFilesMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-master-files-transact-sql @property def include_master_files_metrics(self): - return is_affirmative(self.instance_config.get('include_master_files_metrics', False)) + return self.config.database_metrics_config["master_files_metrics"]["enabled"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/os_schedulers_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/os_schedulers_metrics.py index c1dcfd8092652..0363040d455f2 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/os_schedulers_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/os_schedulers_metrics.py @@ -2,8 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase OS_SCHEDULERS_METRICS_QUERY = { @@ -34,7 +32,7 @@ class SqlserverOsSchedulersMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-os-schedulers-transact-sql @property def include_task_scheduler_metrics(self): - return is_affirmative(self.instance_config.get('include_task_scheduler_metrics', False)) + return self.config.database_metrics_config["task_scheduler_metrics"]["enabled"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/os_tasks_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/os_tasks_metrics.py index 036ef35e36bd8..2fa631c28e7d7 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/os_tasks_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/os_tasks_metrics.py @@ -2,8 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase OS_TASKS_METRICS_QUERY = { @@ -30,7 +28,7 @@ class SqlserverOsTasksMetrics(SqlserverDatabaseMetricsBase): # https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-os-tasks-transact-sql @property def include_task_scheduler_metrics(self): - return is_affirmative(self.instance_config.get('include_task_scheduler_metrics', False)) + return self.config.database_metrics_config["task_scheduler_metrics"]["enabled"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/primary_log_shipping_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/primary_log_shipping_metrics.py index 66724c1bacb09..709c8e48f2146 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/primary_log_shipping_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/primary_log_shipping_metrics.py @@ -2,9 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) - -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase QUERY_LOG_SHIPPING_PRIMARY = { @@ -29,8 +26,8 @@ class SqlserverPrimaryLogShippingMetrics(SqlserverDatabaseMetricsBase): @property - def include_primary_log_shipping_metrics(self): - return is_affirmative(self.instance_config.get('include_primary_log_shipping_metrics', False)) + def include_primary_log_shipping_metrics(self) -> bool: + return self.config.database_metrics_config["primary_log_shipping_metrics"]["enabled"] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/secondary_log_shipping_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/secondary_log_shipping_metrics.py index daa4476058b2d..4fe6fb3db106d 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/secondary_log_shipping_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/secondary_log_shipping_metrics.py @@ -2,9 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) - -from datadog_checks.base.config import is_affirmative - from .base import SqlserverDatabaseMetricsBase QUERY_LOG_SHIPPING_SECONDARY = { @@ -37,8 +34,8 @@ class SqlserverSecondaryLogShippingMetrics(SqlserverDatabaseMetricsBase): @property - def include_secondary_log_shipping_metrics(self): - return is_affirmative(self.instance_config.get('include_secondary_log_shipping_metrics', False)) + def include_secondary_log_shipping_metrics(self) -> bool: + return self.config.database_metrics_config['secondary_log_shipping_metrics']['enabled'] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/server_state_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/server_state_metrics.py index 536b67f0be4ae..7d437637e3056 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/server_state_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/server_state_metrics.py @@ -30,10 +30,17 @@ class SqlserverServerStateMetrics(SqlserverDatabaseMetricsBase): + @property + def include_server_state_metrics(self) -> bool: + return self.config.database_metrics_config['server_state_metrics']['enabled'] + @property def enabled(self): # Server state queries require VIEW SERVER STATE permissions, which some managed database # versions do not support. + + if not self.include_server_state_metrics: + return False if self.engine_edition in [ENGINE_EDITION_SQL_DATABASE]: return False return True @@ -46,6 +53,7 @@ def __repr__(self) -> str: return ( f"{self.__class__.__name__}(" f"enabled={self.enabled}, " + f"include_server_state_metrics={self.include_server_state_metrics}, " f"major_version={self.major_version}, " f"engine_edition={self.engine_edition})" ) diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/tempdb_file_space_usage_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/tempdb_file_space_usage_metrics.py index 6d926c0c2f74f..5e18c1838679c 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/tempdb_file_space_usage_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/tempdb_file_space_usage_metrics.py @@ -4,7 +4,6 @@ import functools -from datadog_checks.base.config import is_affirmative from datadog_checks.sqlserver.utils import is_azure_sql_database from .base import SqlserverDatabaseMetricsBase @@ -32,8 +31,8 @@ class SqlserverTempDBFileSpaceUsageMetrics(SqlserverDatabaseMetricsBase): @property - def include_tempdb_file_space_usage_metrics(self): - return is_affirmative(self.instance_config.get('include_tempdb_file_space_usage_metrics', True)) + def include_tempdb_file_space_usage_metrics(self) -> bool: + return self.config.database_metrics_config['tempdb_file_space_usage_metrics']['enabled'] @property def enabled(self): diff --git a/sqlserver/datadog_checks/sqlserver/database_metrics/xe_session_metrics.py b/sqlserver/datadog_checks/sqlserver/database_metrics/xe_session_metrics.py index 5f5d57bbe938e..db99837c38b3f 100644 --- a/sqlserver/datadog_checks/sqlserver/database_metrics/xe_session_metrics.py +++ b/sqlserver/datadog_checks/sqlserver/database_metrics/xe_session_metrics.py @@ -6,6 +6,9 @@ from .base import SqlserverDatabaseMetricsBase +XE_RING_BUFFER = "ring_buffer" +XE_EVENT_FILE = "event_file" + XE_SESSION_STATUS_QUERY = { "name": "sys.dm_xe_sessions", "query": """SELECT @@ -44,8 +47,8 @@ class SQLServerXESessionMetrics(SqlserverDatabaseMetricsBase): @property def enabled(self): - self.deadlocks_config: dict = self.instance_config.get('deadlocks_collection', {}) or {} - return is_affirmative(self.instance_config.get("include_xe_metrics", False)) or is_affirmative( + self.deadlocks_config: dict = self.config.deadlocks_config + return self.config.database_metrics_config["xe_metrics"]["enabled"] or is_affirmative( self.deadlocks_config.get('enabled', False) ) diff --git a/sqlserver/datadog_checks/sqlserver/deadlocks.py b/sqlserver/datadog_checks/sqlserver/deadlocks.py index 088ae8f2126e2..06debaa260d4b 100644 --- a/sqlserver/datadog_checks/sqlserver/deadlocks.py +++ b/sqlserver/datadog_checks/sqlserver/deadlocks.py @@ -11,6 +11,7 @@ from datadog_checks.base.utils.tracking import tracked_method from datadog_checks.sqlserver.config import SQLServerConfig from datadog_checks.sqlserver.const import STATIC_INFO_ENGINE_EDITION, STATIC_INFO_VERSION +from datadog_checks.sqlserver.database_metrics.xe_session_metrics import XE_EVENT_FILE, XE_RING_BUFFER from datadog_checks.sqlserver.queries import ( DEADLOCK_TIMESTAMP_ALIAS, DEADLOCK_XML_ALIAS, @@ -34,6 +35,7 @@ PAYLOAD_XML = "xml" NO_XE_SESSION_ERROR = f"No XE session `{XE_SESSION_DATADOG}` found" +OBFUSCATION_ERROR = "ERROR: failed to obfuscate" def agent_check_getter(self): @@ -52,6 +54,7 @@ def __init__(self, check, config: SQLServerConfig): self.collection_interval = config.deadlocks_config.get("collection_interval", DEFAULT_COLLECTION_INTERVAL) self._force_convert_xml_to_str = False self._xe_session_name = None + self._xe_session_target = None super(Deadlocks, self).__init__( check, run_sync=True, @@ -74,7 +77,7 @@ def obfuscate_no_except_wrapper(self, sql_text): sql_text, self._config.obfuscator_options, replace_null_character=True )['query'] except Exception as e: - sql_text = "ERROR: failed to obfuscate" + sql_text = OBFUSCATION_ERROR error_text = "Failed to obfuscate sql text within a deadlock" if self._config.log_unobfuscated_queries: error_text += "=[%s]" % sql_text @@ -88,24 +91,34 @@ def _obfuscate_xml(self, root): raise Exception("process-list element not found. The deadlock XML is in an unexpected format.") query_signatures = [] for process in process_list.findall('process'): + spid = process.get('spid') + if spid is not None: + try: + spid = int(spid) + except ValueError: + self._log.error("spid not an integer. Skipping query signature computation.") + continue + if spid in query_signatures: + continue + else: + self._log.error("spid not found in process element. Skipping query signature computation.") + + # Setting `signature` for the first function on the stack + signature = None + for frame in process.findall('.//frame'): + if frame.text is not None and frame.text != "unknown": + frame.text = self.obfuscate_no_except_wrapper(frame.text) + if signature is not None and frame.text != OBFUSCATION_ERROR: + signature = compute_sql_signature(frame.text) + for inputbuf in process.findall('.//inputbuf'): if inputbuf.text is not None: inputbuf.text = self.obfuscate_no_except_wrapper(inputbuf.text) - spid = process.get('spid') - if spid is not None: - try: - spid = int(spid) - except ValueError: - self._log.error("spid not an integer. Skipping query signature computation.") - continue - if spid in query_signatures: - continue - query_signatures.append({"spid": spid, "signature": compute_sql_signature(inputbuf.text)}) - else: - self._log.error("spid not found in process element. Skipping query signature computation.") - for frame in process.findall('.//frame'): - if frame.text is not None: - frame.text = self.obfuscate_no_except_wrapper(frame.text) + if signature is None and inputbuf.text != OBFUSCATION_ERROR: + signature = compute_sql_signature(inputbuf.text) + + query_signatures.append({"spid": spid, "signature": signature}) + return query_signatures def _get_lookback_seconds(self): @@ -123,14 +136,24 @@ def _set_xe_session_name(self): if not rows: raise NoXESessionError(NO_XE_SESSION_ERROR) xe_system_found = False + xe_system_xe_file_found = False for row in rows: - if (session := row[0]) in (XE_SESSION_DATADOG): + (session, target) = row + if session in (XE_SESSION_DATADOG): self._xe_session_name = session + self._xe_session_target = target return if session == XE_SESSION_SYSTEM: xe_system_found = True + if target == XE_EVENT_FILE: + xe_system_xe_file_found = True + if xe_system_found: self._xe_session_name = XE_SESSION_SYSTEM + if xe_system_xe_file_found: + self._xe_session_target = XE_EVENT_FILE + else: + self._xe_session_target = XE_RING_BUFFER return raise NoXESessionError(NO_XE_SESSION_ERROR) @@ -141,7 +164,9 @@ def _query_deadlocks(self): except NoXESessionError as e: self._log.error(str(e)) return - self._log.info(f'Using XE session {self._xe_session_name} to collect deadlocks') + self._log.info( + f'Using XE session [{self._xe_session_name}], target [{self._xe_session_target}] to collect deadlocks' + ) with self._check.connection.open_managed_default_connection(key_prefix=self._conn_key_prefix): with self._check.connection.get_managed_cursor(key_prefix=self._conn_key_prefix) as cursor: @@ -149,16 +174,19 @@ def _query_deadlocks(self): if self._force_convert_xml_to_str or self._get_connector() == "adodbapi": convert_xml_to_str = True query = get_deadlocks_query( - convert_xml_to_str=convert_xml_to_str, xe_session_name=self._xe_session_name + convert_xml_to_str=convert_xml_to_str, + xe_session_name=self._xe_session_name, + xe_target_name=self._xe_session_target, ) + lookback = self._get_lookback_seconds() self._log.debug( - "Running query [%s] with max deadlocks %s and timestamp %s", + "Running query %s with max deadlocks %s and lookback %s", query, self._max_deadlocks, - self._last_deadlock_timestamp, + lookback, ) try: - cursor.execute(query, (self._max_deadlocks, self._get_lookback_seconds())) + cursor.execute(query, (self._max_deadlocks, lookback)) except Exception as e: if "Data column of Unknown ADO type" in str(e): raise Exception(f"{str(e)} | cursor.description: {cursor.description} | query: {query}") diff --git a/sqlserver/datadog_checks/sqlserver/queries.py b/sqlserver/datadog_checks/sqlserver/queries.py index f479a4cd5ff3c..45d3f2ae0c919 100644 --- a/sqlserver/datadog_checks/sqlserver/queries.py +++ b/sqlserver/datadog_checks/sqlserver/queries.py @@ -2,6 +2,7 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) +from datadog_checks.sqlserver.database_metrics.xe_session_metrics import XE_RING_BUFFER DB_QUERY = """ SELECT @@ -57,6 +58,36 @@ i.is_unique, i.is_primary_key, i.is_unique_constraint, i.is_disabled; """ +INDEX_QUERY_PRE_2017 = """ +SELECT + i.object_id AS id, + i.name, + i.type, + i.is_unique, + i.is_primary_key, + i.is_unique_constraint, + i.is_disabled, + STUFF(( + SELECT ',' + c.name + FROM sys.index_columns ic + JOIN sys.columns c ON ic.object_id = c.object_id AND ic.column_id = c.column_id + WHERE ic.object_id = i.object_id AND ic.index_id = i.index_id + FOR XML PATH(''), TYPE).value('.', 'NVARCHAR(MAX)'), 1, 1, '') AS column_names +FROM + sys.indexes i +WHERE + i.object_id IN ({}) +GROUP BY + i.object_id, + i.name, + i.index_id, + i.type, + i.is_unique, + i.is_primary_key, + i.is_unique_constraint, + i.is_disabled; +""" + FOREIGN_KEY_QUERY = """ SELECT FK.parent_object_id AS id, @@ -74,26 +105,52 @@ FK.name, FK.parent_object_id, FK.referenced_object_id; """ +FOREIGN_KEY_QUERY_PRE_2017 = """ +SELECT + FK.parent_object_id AS id, + FK.name AS foreign_key_name, + OBJECT_NAME(FK.parent_object_id) AS referencing_table, + STUFF(( + SELECT ',' + COL_NAME(FKC.parent_object_id, FKC.parent_column_id) + FROM sys.foreign_key_columns AS FKC + WHERE FKC.constraint_object_id = FK.object_id + FOR XML PATH(''), TYPE).value('.', 'NVARCHAR(MAX)'), 1, 1, '') AS referencing_column, + OBJECT_NAME(FK.referenced_object_id) AS referenced_table, + STUFF(( + SELECT ',' + COL_NAME(FKC.referenced_object_id, FKC.referenced_column_id) + FROM sys.foreign_key_columns AS FKC + WHERE FKC.constraint_object_id = FK.object_id + FOR XML PATH(''), TYPE).value('.', 'NVARCHAR(MAX)'), 1, 1, '') AS referenced_column +FROM + sys.foreign_keys AS FK +WHERE + FK.parent_object_id IN ({}) +GROUP BY + FK.name, + FK.parent_object_id, + FK.object_id, + FK.referenced_object_id; +""" + XE_SESSION_DATADOG = "datadog" XE_SESSION_SYSTEM = "system_health" XE_SESSIONS_QUERY = f""" SELECT - s.name AS session_name + s.name AS session_name, t.target_name AS target_name FROM sys.dm_xe_sessions s JOIN sys.dm_xe_session_targets t ON s.address = t.event_session_address WHERE - t.target_name = 'ring_buffer' - AND s.name IN ('{XE_SESSION_DATADOG}', '{XE_SESSION_SYSTEM}'); + s.name IN ('{XE_SESSION_DATADOG}', '{XE_SESSION_SYSTEM}'); """ DEADLOCK_TIMESTAMP_ALIAS = "timestamp" DEADLOCK_XML_ALIAS = "event_xml" -def get_deadlocks_query(convert_xml_to_str=False, xe_session_name="datadog"): +def get_deadlocks_query(convert_xml_to_str=False, xe_session_name=XE_SESSION_DATADOG, xe_target_name=XE_RING_BUFFER): """ Construct the query to fetch deadlocks from the system_health extended event session :param convert_xml_to_str: Whether to convert the XML to a string. This option is for MSOLEDB drivers @@ -104,15 +161,27 @@ def get_deadlocks_query(convert_xml_to_str=False, xe_session_name="datadog"): if convert_xml_to_str: xml_expression = "CAST(xdr.query('.') AS NVARCHAR(MAX))" - return f""" - SELECT TOP(?) xdr.value('@timestamp', 'datetime') AS [{DEADLOCK_TIMESTAMP_ALIAS}], - {xml_expression} AS [{DEADLOCK_XML_ALIAS}] + if xe_target_name == XE_RING_BUFFER: + return f"""SELECT TOP(?) xdr.value('@timestamp', 'datetime') AS [{DEADLOCK_TIMESTAMP_ALIAS}], + {xml_expression} AS [{DEADLOCK_XML_ALIAS}] FROM (SELECT CAST([target_data] AS XML) AS Target_Data FROM sys.dm_xe_session_targets AS xt INNER JOIN sys.dm_xe_sessions AS xs ON xs.address = xt.event_session_address WHERE xs.name = N'{xe_session_name}' - AND xt.target_name = N'ring_buffer' + AND xt.target_name = N'{XE_RING_BUFFER}' ) AS XML_Data CROSS APPLY Target_Data.nodes('RingBufferTarget/event[@name="xml_deadlock_report"]') AS XEventData(xdr) - WHERE xdr.value('@timestamp', 'datetime') >= DATEADD(SECOND, ?, GETDATE()) + WHERE xdr.value('@timestamp', 'datetime') + >= DATEADD(SECOND, ?, TODATETIMEOFFSET(GETDATE(), DATEPART(TZOFFSET, SYSDATETIMEOFFSET())) AT TIME ZONE 'UTC') ;""" + + return f"""SELECT TOP(?) +event_data AS [{DEADLOCK_XML_ALIAS}], +CONVERT(xml, event_data).value('(event[@name="xml_deadlock_report"]/@timestamp)[1]','datetime') + AS [{DEADLOCK_TIMESTAMP_ALIAS}] +FROM +sys.fn_xe_file_target_read_file +('system_health*.xel', null, null, null) +WHERE object_name like 'xml_deadlock_report' + and CONVERT(xml, event_data).value('(event[@name="xml_deadlock_report"]/@timestamp)[1]','datetime') + >= DATEADD(SECOND, ?, TODATETIMEOFFSET(GETDATE(), DATEPART(TZOFFSET, SYSDATETIMEOFFSET())) AT TIME ZONE 'UTC');""" diff --git a/sqlserver/datadog_checks/sqlserver/schemas.py b/sqlserver/datadog_checks/sqlserver/schemas.py index b40dd59415fa8..ffe6f3adfa43d 100644 --- a/sqlserver/datadog_checks/sqlserver/schemas.py +++ b/sqlserver/datadog_checks/sqlserver/schemas.py @@ -16,6 +16,7 @@ from datadog_checks.sqlserver.const import ( DEFAULT_SCHEMAS_COLLECTION_INTERVAL, STATIC_INFO_ENGINE_EDITION, + STATIC_INFO_MAJOR_VERSION, STATIC_INFO_VERSION, SWITCH_DB_STATEMENT, ) @@ -23,7 +24,9 @@ COLUMN_QUERY, DB_QUERY, FOREIGN_KEY_QUERY, + FOREIGN_KEY_QUERY_PRE_2017, INDEX_QUERY, + INDEX_QUERY_PRE_2017, PARTITIONS_QUERY, SCHEMA_QUERY, TABLES_IN_SCHEMA_QUERY, @@ -395,7 +398,10 @@ def _populate_with_partitions_data(self, table_ids, table_id_to_table_data, curs @tracked_method(agent_check_getter=agent_check_getter) def _populate_with_index_data(self, table_ids, table_id_to_table_data, cursor): - rows = execute_query(INDEX_QUERY.format(table_ids), cursor) + index_query = INDEX_QUERY + if self._check.static_info_cache.get(STATIC_INFO_MAJOR_VERSION) <= 2016: + index_query = INDEX_QUERY_PRE_2017 + rows = execute_query(index_query.format(table_ids), cursor) for row in rows: table_id = row.pop("id", None) table_id_str = str(table_id) @@ -412,7 +418,10 @@ def _populate_with_index_data(self, table_ids, table_id_to_table_data, cursor): @tracked_method(agent_check_getter=agent_check_getter, track_result_length=True) def _populate_with_foreign_keys_data(self, table_ids, table_id_to_table_data, cursor): - rows = execute_query(FOREIGN_KEY_QUERY.format(table_ids), cursor) + foreign_key_query = FOREIGN_KEY_QUERY + if self._check.static_info_cache.get(STATIC_INFO_MAJOR_VERSION) <= 2016: + foreign_key_query = FOREIGN_KEY_QUERY_PRE_2017 + rows = execute_query(foreign_key_query.format(table_ids), cursor) for row in rows: table_id = row.pop("id", None) table_id_str = str(table_id) diff --git a/sqlserver/datadog_checks/sqlserver/sqlserver.py b/sqlserver/datadog_checks/sqlserver/sqlserver.py index c9ba81885363d..67189e3145c4d 100644 --- a/sqlserver/datadog_checks/sqlserver/sqlserver.py +++ b/sqlserver/datadog_checks/sqlserver/sqlserver.py @@ -116,6 +116,7 @@ def __init__(self, name, init_config, instances): self._resolved_hostname = None self._agent_hostname = None + self._database_hostname = None self.connection = None self.failed_connections = {} self.instance_metrics = [] @@ -202,6 +203,8 @@ def set_resolved_hostname_metadata(self): self.set_metadata("resolved_hostname", self.resolved_hostname) def set_resource_tags(self): + self.tags.append("database_hostname:{}".format(self.database_hostname)) + if self._config.cloud_metadata.get("gcp") is not None: self.tags.append( "dd.internal.resource:gcp_sql_database_instance:{}:{}".format( @@ -284,6 +287,14 @@ def set_resolved_hostname(self): def resolved_hostname(self): return self._resolved_hostname + @property + def database_hostname(self): + # type: () -> str + if self._database_hostname is None: + host, _ = split_sqlserver_host_port(self.instance.get("host")) + self._database_hostname = resolve_db_host(host) + return self._database_hostname + def load_static_information(self): engine_edition_reloaded = False expected_keys = {STATIC_INFO_VERSION, STATIC_INFO_MAJOR_VERSION, STATIC_INFO_ENGINE_EDITION, STATIC_INFO_RDS} @@ -746,7 +757,6 @@ def check(self, _): def _new_database_metric_executor(self, database_metric_class, db_names=None): return database_metric_class( config=self._config, - instance_config=self.instance, new_query_executor=self._new_query_executor, server_static_info=self.static_info_cache, execute_query_handler=self.execute_query_raw, @@ -959,6 +969,7 @@ def _send_database_instance_metadata(self): if self.resolved_hostname not in self._database_instance_emitted: event = { "host": self.resolved_hostname, + "database_hostname": self.database_hostname, "agent_version": datadog_agent.get_version(), "dbms": "sqlserver", "kind": "database_instance", diff --git a/sqlserver/hatch.toml b/sqlserver/hatch.toml index 551df01830de2..2a9630b10e673 100644 --- a/sqlserver/hatch.toml +++ b/sqlserver/hatch.toml @@ -7,6 +7,13 @@ os = ["linux"] version = ["2017", "2019", "2022"] setup = ["single", "ha"] +# test the compatibility of sqlserver running on non-utc timezone +[[envs.default.matrix]] +python = ["3.12"] +os = ["linux"] +version = ["2022"] +tz = ["newyork", "tokyo"] + # test the full combination of python-version/driver against a the latest sql server version # ideally we'd test this against all sql server versions but that makes the test take too long and time out. # time out. until we're able to modify and parallelize the work we'll limit the per-driver tests to only a single @@ -32,6 +39,7 @@ setup = ["single"] [envs.default.env-vars] ODBCSYSINI = "{root}{/}tests{/}odbc" COMPOSE_FOLDER = "compose" +TZ="UTC" PIP_EXTRA_INDEX_URL = "https://datadoghq.dev/ci-wheels/bin" [envs.default.overrides] @@ -62,6 +70,10 @@ matrix.version.env-vars = [ matrix.driver.env-vars = [ { key = "WINDOWS_SQLSERVER_DRIVER", platform = ["windows"] }, ] +matrix.tz.env-vars = [ + { key = "TZ", value = "America/New_York", if = ["newyork"] }, + { key = "TZ", value = "Asia/Tokyo", if = ["tokyo"] }, +] name.linux-odbc-2019-high-cardinality.env-vars = "COMPOSE_FOLDER=compose-high-cardinality" name.linux-odbc-2022-high-cardinality.env-vars = "COMPOSE_FOLDER=compose-high-cardinality" name.windows-odbc-2019-high-cardinality.env-vars = "COMPOSE_FOLDER=compose-high-cardinality-windows" diff --git a/sqlserver/tests/compose-ha/docker-compose.yaml b/sqlserver/tests/compose-ha/docker-compose.yaml index 3a992415e4569..6bd049c387500 100644 --- a/sqlserver/tests/compose-ha/docker-compose.yaml +++ b/sqlserver/tests/compose-ha/docker-compose.yaml @@ -1,4 +1,3 @@ -version: "3" services: sqlserver: build: diff --git a/sqlserver/tests/compose-high-cardinality-windows/docker-compose.yaml b/sqlserver/tests/compose-high-cardinality-windows/docker-compose.yaml index 948c3116948ec..155f06e359463 100644 --- a/sqlserver/tests/compose-high-cardinality-windows/docker-compose.yaml +++ b/sqlserver/tests/compose-high-cardinality-windows/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: sqlserver: build: @@ -8,4 +6,4 @@ services: args: - SQLSERVER_BASE_IMAGE=${SQLSERVER_BASE_IMAGE} ports: - - "1433:1433" \ No newline at end of file + - "1433:1433" diff --git a/sqlserver/tests/compose-high-cardinality/docker-compose.yaml b/sqlserver/tests/compose-high-cardinality/docker-compose.yaml index 0c9690a6512d7..a7615708c2c16 100644 --- a/sqlserver/tests/compose-high-cardinality/docker-compose.yaml +++ b/sqlserver/tests/compose-high-cardinality/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: sqlserver: build: diff --git a/sqlserver/tests/compose-windows/docker-compose.yaml b/sqlserver/tests/compose-windows/docker-compose.yaml index 948c3116948ec..155f06e359463 100644 --- a/sqlserver/tests/compose-windows/docker-compose.yaml +++ b/sqlserver/tests/compose-windows/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: sqlserver: build: @@ -8,4 +6,4 @@ services: args: - SQLSERVER_BASE_IMAGE=${SQLSERVER_BASE_IMAGE} ports: - - "1433:1433" \ No newline at end of file + - "1433:1433" diff --git a/sqlserver/tests/compose/docker-compose.yaml b/sqlserver/tests/compose/docker-compose.yaml index 84fe2603ce724..f9d5493a819b9 100644 --- a/sqlserver/tests/compose/docker-compose.yaml +++ b/sqlserver/tests/compose/docker-compose.yaml @@ -11,6 +11,7 @@ services: environment: - ACCEPT_EULA=Y - SA_PASSWORD=Password123 + - TZ=${TZ} ports: - "1433:1433" volumes: diff --git a/sqlserver/tests/conftest.py b/sqlserver/tests/conftest.py index b0985ea6a8414..bfe6dd7fdf71f 100644 --- a/sqlserver/tests/conftest.py +++ b/sqlserver/tests/conftest.py @@ -99,11 +99,23 @@ def instance_minimal_defaults(): def instance_docker(instance_docker_defaults): instance_docker_defaults.update( { - 'include_task_scheduler_metrics': True, - 'include_db_fragmentation_metrics': True, - 'include_fci_metrics': True, - 'include_ao_metrics': False, - 'include_master_files_metrics': True, + 'database_metrics': { + 'ao_metrics': { + 'enabled': False, + }, + 'task_scheduler_metrics': { + 'enabled': True, + }, + 'db_fragmentation_metrics': { + 'enabled': True, + }, + 'fci_metrics': { + 'enabled': True, + }, + 'master_files_metrics': { + 'enabled': True, + }, + }, 'disable_generic_tags': True, } ) @@ -233,21 +245,21 @@ def instance_e2e(instance_docker): @pytest.fixture def instance_ao_docker_primary(instance_docker): - instance_docker['include_ao_metrics'] = True + instance_docker['database_metrics']['ao_metrics']['enabled'] = True return instance_docker @pytest.fixture def instance_ao_docker_primary_local_only(instance_ao_docker_primary): instance = deepcopy(instance_ao_docker_primary) - instance['only_emit_local'] = True + instance['database_metrics']['ao_metrics']['only_emit_local'] = True return instance @pytest.fixture def instance_ao_docker_primary_non_existing_ag(instance_ao_docker_primary): instance = deepcopy(instance_ao_docker_primary) - instance['availability_group'] = 'AG2' + instance['database_metrics']['ao_metrics']['availability_group'] = 'AG2' return instance diff --git a/sqlserver/tests/test_activity.py b/sqlserver/tests/test_activity.py index 8e8084771c7c1..7bf91d8fd7159 100644 --- a/sqlserver/tests/test_activity.py +++ b/sqlserver/tests/test_activity.py @@ -57,6 +57,7 @@ def dbm_instance(instance_docker): return copy(instance_docker) +@pytest.mark.flaky @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') @pytest.mark.parametrize("use_autocommit", [True, False]) @@ -724,6 +725,7 @@ def test_get_estimated_row_size_bytes(dbm_instance, file): assert abs((actual_size - computed_size) / float(actual_size)) <= 0.10 +@pytest.mark.integration def test_activity_collection_rate_limit(aggregator, dd_run_check, dbm_instance): # test the activity collection loop rate limit collection_interval = 0.1 @@ -758,6 +760,7 @@ def _expected_dbm_instance_tags(check): return check._config.tags +@pytest.mark.integration @pytest.mark.parametrize("activity_enabled", [True, False]) def test_async_job_enabled(dd_run_check, dbm_instance, activity_enabled): dbm_instance['query_activity'] = {'enabled': activity_enabled, 'run_sync': False} diff --git a/sqlserver/tests/test_connection.py b/sqlserver/tests/test_connection.py index 0b176c25fd89d..23f5863b0c0ad 100644 --- a/sqlserver/tests/test_connection.py +++ b/sqlserver/tests/test_connection.py @@ -381,7 +381,7 @@ def test_connection_failure(aggregator, dd_run_check, instance_docker): ) -@pytest.mark.unit +@pytest.mark.integration @pytest.mark.parametrize( "test_case_name,instance_overrides,expected_error_patterns,expected_error", [ diff --git a/sqlserver/tests/test_database_metrics.py b/sqlserver/tests/test_database_metrics.py index 0330ebbe36a1e..7203196159b4b 100644 --- a/sqlserver/tests/test_database_metrics.py +++ b/sqlserver/tests/test_database_metrics.py @@ -52,13 +52,18 @@ @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') +@pytest.mark.parametrize('include_file_stats_metrics', [True, False]) def test_sqlserver_file_stats_metrics( aggregator, dd_run_check, init_config, instance_docker_metrics, + include_file_stats_metrics, ): instance_docker_metrics['database_autodiscovery'] = True + instance_docker_metrics['database_metrics'] = { + 'file_stats_metrics': {'enabled': include_file_stats_metrics}, + } mocked_results = [ ('master', 'ONLINE', 'master', '/xx/master.mdf', 89, 0, 0, 73, 16, 3153920, 933888, 59, 98, 4194304), @@ -78,7 +83,6 @@ def execute_query_handler_mocked(query, db=None): file_stats_metrics = SqlserverFileStatsMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -88,18 +92,21 @@ def execute_query_handler_mocked(query, db=None): dd_run_check(sqlserver_check) - tags = sqlserver_check._config.tags - for result in mocked_results: - db, state, logical_name, file_location, *metric_values = result - metrics = zip(file_stats_metrics.metric_names()[0], metric_values) - expected_tags = [ - f'db:{db}', - f'state:{state}', - f'logical_name:{logical_name}', - f'file_location:{file_location}', - ] + tags - for metric_name, metric_value in metrics: - aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) + if not include_file_stats_metrics: + assert file_stats_metrics.enabled is False + else: + tags = sqlserver_check._config.tags + for result in mocked_results: + db, state, logical_name, file_location, *metric_values = result + metrics = zip(file_stats_metrics.metric_names()[0], metric_values) + expected_tags = [ + f'db:{db}', + f'state:{state}', + f'logical_name:{logical_name}', + f'file_location:{file_location}', + ] + tags + for metric_name, metric_value in metrics: + aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) @pytest.mark.integration @@ -113,7 +120,9 @@ def test_sqlserver_ao_metrics( include_ao_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_ao_metrics'] = include_ao_metrics + instance_docker_metrics['database_metrics'] = { + 'ao_metrics': {'enabled': include_ao_metrics}, + } # Mocked results mocked_ao_availability_groups = [ @@ -155,7 +164,6 @@ def test_sqlserver_ao_metrics( ao_metrics = SqlserverAoMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -254,9 +262,11 @@ def test_sqlserver_availability_groups_metrics( mocked_results, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_ao_metrics'] = include_ao_metrics + instance_docker_metrics['database_metrics'] = { + 'ao_metrics': {'enabled': include_ao_metrics}, + } if availability_group: - instance_docker_metrics['availability_group'] = availability_group + instance_docker_metrics['database_metrics']['ao_metrics']['availability_group'] = availability_group sqlserver_check = SQLServer(CHECK_NAME, init_config, [instance_docker_metrics]) @@ -265,7 +275,6 @@ def execute_query_handler_mocked(query, db=None): availability_groups_metrics = SqlserverAvailabilityGroupsMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -342,11 +351,13 @@ def test_sqlserver_database_replication_stats_metrics( mocked_results, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_ao_metrics'] = include_ao_metrics + instance_docker_metrics['database_metrics'] = { + 'ao_metrics': {'enabled': include_ao_metrics}, + } if availability_group: - instance_docker_metrics['availability_group'] = availability_group + instance_docker_metrics['database_metrics']['ao_metrics']['availability_group'] = availability_group if only_emit_local: - instance_docker_metrics['only_emit_local'] = only_emit_local + instance_docker_metrics['database_metrics']['ao_metrics']['only_emit_local'] = only_emit_local sqlserver_check = SQLServer(CHECK_NAME, init_config, [instance_docker_metrics]) @@ -355,7 +366,6 @@ def execute_query_handler_mocked(query, db=None): database_replication_stats_metrics = SqlserverDatabaseReplicationStatsMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -475,13 +485,15 @@ def test_sqlserver_availability_replicas_metrics( mocked_results, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_ao_metrics'] = include_ao_metrics + instance_docker_metrics['database_metrics'] = { + 'ao_metrics': {'enabled': include_ao_metrics}, + } if availability_group: - instance_docker_metrics['availability_group'] = availability_group + instance_docker_metrics['database_metrics']['ao_metrics']['availability_group'] = availability_group if only_emit_local: - instance_docker_metrics['only_emit_local'] = only_emit_local + instance_docker_metrics['database_metrics']['ao_metrics']['only_emit_local'] = only_emit_local if ao_database: - instance_docker_metrics['ao_database'] = ao_database + instance_docker_metrics['database_metrics']['ao_metrics']['ao_database'] = ao_database sqlserver_check = SQLServer(CHECK_NAME, init_config, [instance_docker_metrics]) @@ -490,7 +502,6 @@ def execute_query_handler_mocked(query, db=None): availability_replicas_metrics = SqlserverAvailabilityReplicasMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -548,7 +559,9 @@ def test_sqlserver_fci_metrics( include_fci_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_fci_metrics'] = include_fci_metrics + instance_docker_metrics['database_metrics'] = { + 'fci_metrics': {'enabled': include_fci_metrics}, + } mocked_results = [ ('node1', 'up', 'cluster1', 0, 1), @@ -561,7 +574,6 @@ def execute_query_handler_mocked(query, db=None): fci_metrics = SqlserverFciMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -598,8 +610,9 @@ def test_sqlserver_primary_log_shipping_metrics( include_primary_log_shipping_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_primary_log_shipping_metrics'] = include_primary_log_shipping_metrics - + instance_docker_metrics['database_metrics'] = { + 'primary_log_shipping_metrics': {'enabled': include_primary_log_shipping_metrics}, + } mocked_results = [('97E29D89-2FA0-44FF-9EF7-65DA75FE0E3E', 'EC2AMAZ-Q0NCNV5', 'MyDummyDB', 500, 3600)] sqlserver_check = SQLServer(CHECK_NAME, init_config, [instance_docker_metrics]) @@ -609,7 +622,6 @@ def execute_query_handler_mocked(query, db=None): primary_log_shipping_metrics = SqlserverPrimaryLogShippingMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -646,8 +658,9 @@ def test_sqlserver_secondary_log_shipping_metrics( include_secondary_log_shipping_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_secondary_log_shipping_metrics'] = include_secondary_log_shipping_metrics - + instance_docker_metrics['database_metrics'] = { + 'secondary_log_shipping_metrics': {'enabled': include_secondary_log_shipping_metrics}, + } mocked_results = [ ( r'EC2AMAZ-Q0NCNV5\MYSECONDARY', @@ -669,7 +682,6 @@ def execute_query_handler_mocked(query, db=None): primary_log_shipping_metrics = SqlserverSecondaryLogShippingMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -699,13 +711,14 @@ def execute_query_handler_mocked(query, db=None): @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') +@pytest.mark.parametrize('include_server_state_metrics', [True, False]) def test_sqlserver_server_state_metrics( - aggregator, - dd_run_check, - init_config, - instance_docker_metrics, + aggregator, dd_run_check, init_config, instance_docker_metrics, include_server_state_metrics ): instance_docker_metrics['database_autodiscovery'] = True + instance_docker_metrics['database_metrics'] = { + 'server_state_metrics': {'enabled': include_server_state_metrics}, + } mocked_results = [(1000, 4, 8589934592, 17179869184, 4294967296, 8589934592)] @@ -716,7 +729,6 @@ def execute_query_handler_mocked(query, db=None): server_state_metrics = SqlserverServerStateMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -726,11 +738,14 @@ def execute_query_handler_mocked(query, db=None): dd_run_check(sqlserver_check) - tags = sqlserver_check._config.tags - for result in mocked_results: - metrics = zip(server_state_metrics.metric_names()[0], result) - for metric_name, metric_value in metrics: - aggregator.assert_metric(metric_name, value=metric_value, tags=tags) + if not include_server_state_metrics: + assert server_state_metrics.enabled is False + else: + tags = sqlserver_check._config.tags + for result in mocked_results: + metrics = zip(server_state_metrics.metric_names()[0], result) + for metric_name, metric_value in metrics: + aggregator.assert_metric(metric_name, value=metric_value, tags=tags) @pytest.mark.integration @@ -744,8 +759,9 @@ def test_sqlserver_tempdb_file_space_usage_metrics( include_tempdb_file_space_usage_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_tempdb_file_space_usage_metrics'] = include_tempdb_file_space_usage_metrics - + instance_docker_metrics['database_metrics'] = { + 'tempdb_file_space_usage_metrics': {'enabled': include_tempdb_file_space_usage_metrics} + } mocked_results = [ [(2, Decimal('5.375000'), Decimal('0.000000'), Decimal('0.000000'), Decimal('1.312500'), Decimal('1.312500'))] ] @@ -757,7 +773,6 @@ def execute_query_handler_mocked(query, db=None): tempdb_file_space_usage_metrics = SqlserverTempDBFileSpaceUsageMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -798,10 +813,16 @@ def test_sqlserver_index_usage_metrics( index_usage_stats_interval, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_index_usage_metrics'] = include_index_usage_metrics - instance_docker_metrics['include_index_usage_metrics_tempdb'] = include_index_usage_metrics_tempdb + instance_docker_metrics['database_metrics'] = { + 'index_usage_metrics': { + 'enabled': include_index_usage_metrics, + 'enabled_tempdb': include_index_usage_metrics_tempdb, + }, + } if index_usage_stats_interval: - instance_docker_metrics['index_usage_stats_interval'] = index_usage_stats_interval + instance_docker_metrics['database_metrics']['index_usage_metrics'][ + 'collection_interval' + ] = index_usage_stats_interval mocked_results_non_tempdb = [ [ @@ -830,14 +851,13 @@ def test_sqlserver_index_usage_metrics( index_usage_metrics = SqlserverIndexUsageMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, databases=AUTODISCOVERY_DBS + ['tempdb'], ) - expected_collection_interval = index_usage_stats_interval or index_usage_metrics._default_collection_interval + expected_collection_interval = index_usage_stats_interval or index_usage_metrics.collection_interval assert index_usage_metrics.queries[0]['collection_interval'] == expected_collection_interval sqlserver_check._database_metrics = [index_usage_metrics] @@ -888,11 +908,17 @@ def test_sqlserver_db_fragmentation_metrics( db_fragmentation_metrics_interval, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_db_fragmentation_metrics'] = include_db_fragmentation_metrics - instance_docker_metrics['include_db_fragmentation_metrics_tempdb'] = include_db_fragmentation_metrics_tempdb + instance_docker_metrics['database_metrics'] = { + 'db_fragmentation_metrics': { + 'enabled': include_db_fragmentation_metrics, + 'enabled_tempdb': include_db_fragmentation_metrics_tempdb, + }, + } if db_fragmentation_metrics_interval: - instance_docker_metrics['db_fragmentation_metrics_interval'] = db_fragmentation_metrics_interval - + instance_docker_metrics['database_metrics']['db_fragmentation_metrics'][ + 'collection_interval' + ] = db_fragmentation_metrics_interval + print(instance_docker_metrics) mocked_results = [ [ ('master', 'spt_fallback_db', 0, None, 0, 0.0, 0, 0.0), @@ -934,7 +960,6 @@ def test_sqlserver_db_fragmentation_metrics( db_fragmentation_metrics = SqlserverDBFragmentationMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -944,9 +969,7 @@ def test_sqlserver_db_fragmentation_metrics( if db_fragmentation_object_names: assert db_fragmentation_metrics.db_fragmentation_object_names == db_fragmentation_object_names - expected_collection_interval = ( - db_fragmentation_metrics_interval or db_fragmentation_metrics._default_collection_interval - ) + expected_collection_interval = db_fragmentation_metrics_interval or db_fragmentation_metrics.collection_interval assert db_fragmentation_metrics.queries[0]['collection_interval'] == expected_collection_interval sqlserver_check._database_metrics = [db_fragmentation_metrics] @@ -995,7 +1018,9 @@ def test_sqlserver_os_schedulers_metrics( include_task_scheduler_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_task_scheduler_metrics'] = include_task_scheduler_metrics + instance_docker_metrics['database_metrics'] = { + 'task_scheduler_metrics': {'enabled': include_task_scheduler_metrics}, + } mocked_results = [ (0, 0, 4, 6, 4, 0, 0), @@ -1024,7 +1049,6 @@ def execute_query_handler_mocked(query, db=None): os_schedulers_metrics = SqlserverOsSchedulersMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -1060,8 +1084,9 @@ def test_sqlserver_os_tasks_metrics( include_task_scheduler_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_task_scheduler_metrics'] = include_task_scheduler_metrics - + instance_docker_metrics['database_metrics'] = { + 'task_scheduler_metrics': {'enabled': include_task_scheduler_metrics}, + } mocked_results = [ (0, 40, 0, 0, 0), (9, 46, 0, 0, 0), @@ -1089,7 +1114,6 @@ def execute_query_handler_mocked(query, db=None): os_tasks_metrics = SqlserverOsTasksMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -1124,8 +1148,9 @@ def test_sqlserver_master_files_metrics( include_master_files_metrics, ): instance_docker_metrics['database_autodiscovery'] = True - instance_docker_metrics['include_master_files_metrics'] = include_master_files_metrics - + instance_docker_metrics['database_metrics'] = { + 'master_files_metrics': {'enabled': include_master_files_metrics}, + } mocked_results = [ ('master', 'master', 1, 'data', '/var/opt/mssql/data/master.mdf', 'ONLINE', 4096, 0), ('master', 'master', 2, 'transaction_log', '/var/opt/mssql/data/mastlog.ldf', 'ONLINE', 512, 0), @@ -1155,7 +1180,6 @@ def execute_query_handler_mocked(query, db=None): master_files_metrics = SqlserverMasterFilesMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -1187,13 +1211,18 @@ def execute_query_handler_mocked(query, db=None): @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') +@pytest.mark.parametrize('include_database_files_metrics', [True, False]) def test_sqlserver_database_files_metrics( aggregator, dd_run_check, init_config, instance_docker_metrics, + include_database_files_metrics, ): instance_docker_metrics['database_autodiscovery'] = True + instance_docker_metrics['database_metrics'] = { + 'db_files_metrics': {'enabled': include_database_files_metrics}, + } mocked_results = [ [ @@ -1226,7 +1255,6 @@ def test_sqlserver_database_files_metrics( database_files_metrics = SqlserverDatabaseFilesMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -1237,35 +1265,43 @@ def test_sqlserver_database_files_metrics( dd_run_check(sqlserver_check) - tags = sqlserver_check._config.tags - for db, result in zip(AUTODISCOVERY_DBS, mocked_results): - for row in result: - file_id, file_type, file_location, file_name, database_files_state_desc, size, space_used, state = row - size *= 8 # size is in pages, 1 page = 8 KB - space_used *= 8 # space_used is in pages, 1 page = 8 KB - metrics = zip(database_files_metrics.metric_names()[0], [state, size, space_used]) - expected_tags = [ - f'db:{db}', - f'database:{db}', - f'file_id:{file_id}', - f'file_type:{file_type}', - f'file_location:{file_location}', - f'file_name:{file_name}', - f'database_files_state_desc:{database_files_state_desc}', - ] + tags - for metric_name, metric_value in metrics: - aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) + if not include_database_files_metrics: + assert database_files_metrics.enabled is False + else: + tags = sqlserver_check._config.tags + for db, result in zip(AUTODISCOVERY_DBS, mocked_results): + for row in result: + file_id, file_type, file_location, file_name, database_files_state_desc, size, space_used, state = row + size *= 8 # size is in pages, 1 page = 8 KB + space_used *= 8 # space_used is in pages, 1 page = 8 KB + metrics = zip(database_files_metrics.metric_names()[0], [state, size, space_used]) + expected_tags = [ + f'db:{db}', + f'database:{db}', + f'file_id:{file_id}', + f'file_type:{file_type}', + f'file_location:{file_location}', + f'file_name:{file_name}', + f'database_files_state_desc:{database_files_state_desc}', + ] + tags + for metric_name, metric_value in metrics: + aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') +@pytest.mark.parametrize('include_database_files_metrics', [True, False]) def test_sqlserver_database_stats_metrics( aggregator, dd_run_check, init_config, instance_docker_metrics, + include_database_files_metrics, ): instance_docker_metrics['database_autodiscovery'] = True + instance_docker_metrics['database_metrics'] = { + 'db_stats_metrics': {'enabled': include_database_files_metrics}, + } mocked_results = [ ('master', 'master', 'ONLINE', 'SIMPLE', 0, False, False, False), @@ -1282,7 +1318,6 @@ def execute_query_handler_mocked(query, db=None): database_stats_metrics = SqlserverDatabaseStatsMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, @@ -1292,33 +1327,43 @@ def execute_query_handler_mocked(query, db=None): dd_run_check(sqlserver_check) - tags = sqlserver_check._config.tags - for result in mocked_results: - db, database, database_state_desc, database_recovery_model_desc, *metric_values = result - metrics = zip(database_stats_metrics.metric_names()[0], metric_values) - expected_tags = [ - f'db:{db}', - f'database:{database}', - f'database_state_desc:{database_state_desc}', - f'database_recovery_model_desc:{database_recovery_model_desc}', - ] + tags - for metric_name, metric_value in metrics: - aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) + if not include_database_files_metrics: + assert database_stats_metrics.enabled is False + else: + tags = sqlserver_check._config.tags + for result in mocked_results: + db, database, database_state_desc, database_recovery_model_desc, *metric_values = result + metrics = zip(database_stats_metrics.metric_names()[0], metric_values) + expected_tags = [ + f'db:{db}', + f'database:{database}', + f'database_state_desc:{database_state_desc}', + f'database_recovery_model_desc:{database_recovery_model_desc}', + ] + tags + for metric_name, metric_value in metrics: + aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) @pytest.mark.integration @pytest.mark.usefixtures('dd_environment') @pytest.mark.parametrize('database_backup_metrics_interval', [None, 600]) +@pytest.mark.parametrize('include_database_backup_metrics', [True, False]) def test_sqlserver_database_backup_metrics( aggregator, dd_run_check, init_config, instance_docker_metrics, database_backup_metrics_interval, + include_database_backup_metrics, ): instance_docker_metrics['database_autodiscovery'] = True + instance_docker_metrics['database_metrics'] = { + 'db_backup_metrics': {'enabled': include_database_backup_metrics}, + } if database_backup_metrics_interval: - instance_docker_metrics['database_backup_metrics_interval'] = database_backup_metrics_interval + instance_docker_metrics['database_metrics']['db_backup_metrics'][ + 'collection_interval' + ] = database_backup_metrics_interval mocked_results = [ ('master', 'master', 0), @@ -1335,36 +1380,36 @@ def execute_query_handler_mocked(query, db=None): database_backup_metrics = SqlserverDatabaseBackupMetrics( config=sqlserver_check._config, - instance_config=instance_docker_metrics, new_query_executor=sqlserver_check._new_query_executor, server_static_info=STATIC_SERVER_INFO, execute_query_handler=execute_query_handler_mocked, ) - expected_collection_interval = ( - database_backup_metrics_interval or database_backup_metrics._default_collection_interval - ) + expected_collection_interval = database_backup_metrics_interval or database_backup_metrics.collection_interval assert database_backup_metrics.queries[0]['collection_interval'] == expected_collection_interval sqlserver_check._database_metrics = [database_backup_metrics] dd_run_check(sqlserver_check) - tags = sqlserver_check._config.tags - for result in mocked_results: - db, database, *metric_values = result - metrics = zip(database_backup_metrics.metric_names()[0], metric_values) - expected_tags = [ - f'db:{db}', - f'database:{database}', - ] + tags - for metric_name, metric_value in metrics: - aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) - - # database_backup_metrics should not be collected because the collection interval is not reached - aggregator.reset() - dd_run_check(sqlserver_check) - for metric_name in database_backup_metrics.metric_names()[0]: - aggregator.assert_metric(metric_name, count=0) + if not include_database_backup_metrics: + assert database_backup_metrics.enabled is False + else: + tags = sqlserver_check._config.tags + for result in mocked_results: + db, database, *metric_values = result + metrics = zip(database_backup_metrics.metric_names()[0], metric_values) + expected_tags = [ + f'db:{db}', + f'database:{database}', + ] + tags + for metric_name, metric_value in metrics: + aggregator.assert_metric(metric_name, value=metric_value, tags=expected_tags) + + # database_backup_metrics should not be collected because the collection interval is not reached + aggregator.reset() + dd_run_check(sqlserver_check) + for metric_name in database_backup_metrics.metric_names()[0]: + aggregator.assert_metric(metric_name, count=0) @pytest.mark.integration @@ -1391,3 +1436,46 @@ def test_sqlserver_xe_session_metrics( expected_tags = sqlserver_check._config.tags expected_tags.append('session_name:datadog') aggregator.assert_metric("sqlserver.xe.session_status", value=1, tags=expected_tags) + + +@pytest.mark.integration +@pytest.mark.usefixtures('dd_environment') +def test_sqlserver_database_metrics_defaults( + aggregator, + dd_run_check, + init_config, + instance_docker_metrics, +): + include_defaults = { + SqlserverAoMetrics: False, + SqlserverAvailabilityGroupsMetrics: False, + SqlserverAvailabilityReplicasMetrics: False, + SqlserverDatabaseBackupMetrics: True, + SqlserverDatabaseFilesMetrics: True, + SqlserverDatabaseReplicationStatsMetrics: False, + SqlserverDatabaseStatsMetrics: True, + SqlserverDBFragmentationMetrics: False, + SqlserverFciMetrics: False, + SqlserverFileStatsMetrics: True, + SqlserverIndexUsageMetrics: True, + SqlserverMasterFilesMetrics: False, + SqlserverOsSchedulersMetrics: False, + SqlserverOsTasksMetrics: False, + SqlserverPrimaryLogShippingMetrics: False, + SqlserverSecondaryLogShippingMetrics: False, + SqlserverServerStateMetrics: True, + SqlserverTempDBFileSpaceUsageMetrics: True, + } + instance_docker_metrics['database_autodiscovery'] = True + + sqlserver_check = SQLServer(CHECK_NAME, init_config, [instance_docker_metrics]) + + for metric, enabled in include_defaults.items(): + database_metrics = metric( + config=sqlserver_check._config, + new_query_executor=sqlserver_check._new_query_executor, + server_static_info=STATIC_SERVER_INFO, + execute_query_handler=None, + databases=AUTODISCOVERY_DBS, + ) + assert database_metrics.enabled == enabled diff --git a/sqlserver/tests/test_deadlocks.py b/sqlserver/tests/test_deadlocks.py index ddbcb8fc317e2..1b1bb5b666311 100644 --- a/sqlserver/tests/test_deadlocks.py +++ b/sqlserver/tests/test_deadlocks.py @@ -16,13 +16,18 @@ from mock import patch from datadog_checks.sqlserver import SQLServer +from datadog_checks.sqlserver.database_metrics.xe_session_metrics import XE_EVENT_FILE, XE_RING_BUFFER from datadog_checks.sqlserver.deadlocks import ( PAYLOAD_QUERY_SIGNATURE, PAYLOAD_TIMESTAMP, - XE_SESSION_DATADOG, Deadlocks, ) -from datadog_checks.sqlserver.queries import DEADLOCK_TIMESTAMP_ALIAS, DEADLOCK_XML_ALIAS +from datadog_checks.sqlserver.queries import ( + DEADLOCK_TIMESTAMP_ALIAS, + DEADLOCK_XML_ALIAS, + XE_SESSION_DATADOG, + XE_SESSION_SYSTEM, +) from .common import CHECK_NAME @@ -137,9 +142,18 @@ def _create_deadlock(dd_environment, dbm_instance): @pytest.mark.usefixtures('dd_environment') @pytest.mark.usefixtures('_create_deadlock') @pytest.mark.parametrize("convert_xml_to_str", [False, True]) -def test_deadlocks(aggregator, dd_run_check, dbm_instance, convert_xml_to_str): +@pytest.mark.parametrize( + "xe_session_name, xe_session_target", + [ + [XE_SESSION_DATADOG, XE_RING_BUFFER], + [XE_SESSION_SYSTEM, XE_EVENT_FILE], + ], +) +def test_deadlocks(aggregator, dd_run_check, dbm_instance, convert_xml_to_str, xe_session_name, xe_session_target): check = SQLServer(CHECK_NAME, {}, [dbm_instance]) check.deadlocks._force_convert_xml_to_str = convert_xml_to_str + check.deadlocks._xe_session_name = xe_session_name + check.deadlocks._xe_session_target = xe_session_target dbm_instance['dbm_enabled'] = True deadlock_payloads = _run_check_and_get_deadlock_payloads(dd_run_check, check, aggregator) diff --git a/squid/CHANGELOG.md b/squid/CHANGELOG.md index 76ff4b1ef2b1a..ba4f1a205f1b5 100644 --- a/squid/CHANGELOG.md +++ b/squid/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.5.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: @@ -236,4 +236,4 @@ [1]: https://github.com/DataDog/integrations-core/pull/2788 [2]: https://github.com/DataDog/integrations-core/pull/1727 [3]: https://github.com/DataDog/integrations-core/pull/1643 -[4]: https://github.com/mnussbaum +[4]: https://github.com/mnussbaum \ No newline at end of file diff --git a/squid/README.md b/squid/README.md index fe1c00ce06817..7aeda3a54b0a4 100644 --- a/squid/README.md +++ b/squid/README.md @@ -1,6 +1,17 @@ # Squid Integration ## Overview +[Squid][1] is an open-source caching and forwarding web proxy server that operates as an intermediary between clients and servers on a network. It acts as a gateway, enabling clients to access various internet resources such as websites, files, and other content from servers. + +This integration provides enrichment and visualization for Squid logs. It helps you visualize detailed insights into Squid log analysis through the out-of-the-box dashboards and detection rules, enhancing detection and response capabilities. + +Additionally, it includes pre-configured monitors for proactive notifications on the following: + +1. High rate of server errors +2. CPU usage exceeded +3. High latency requests +4. High rate of client HTTP errors + This check monitors [Squid][1] metrics from the Cache Manager through the Datadog Agent. @@ -87,6 +98,38 @@ Collecting logs is disabled by default in the Datadog Agent. To enable it, see [ ## Data Collected +### Logs +The Squid integration collects access and cache logs. + +#### Supported Access Log Formats +|Name | Format Specification| +|---------------------|------------------------------| +| squid |`%ts.%03tu %6tr %>a %Ss/%03>Hs %a - %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %a - %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %h" "%{User-Agent}>h" %Ss:%Sh`| + +For more information, refer to [Squid log formats][12]. + +**Note**: The default `logformat` type is `squid`. You can update the supported log format in `/etc/squid/squid.conf`, then restart Squid. + +To use the `combined` type for `logformat`, add the following lines to your `/etc/squid/squid.conf` file: + +``` +logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %h" "%{User-Agent}>h" %Ss:%Sh +access_log /var/log/squid/access.log combined +``` +Next, restart the `squid` service using the following command: + +```shell +sudo systemctl restart squid +``` + +**Note**: + +- The `Top Avg Request Duration by URL Host` panel will be loaded only if the default `squid` type of `logformat` is configured. +- The `Top Browsers` and `Top HTTP Referrer` panels will be loaded only if the `combined` type of `logformat` is configured. + + ### Metrics See [metadata.csv][9] for a list of metrics provided by this check. @@ -115,3 +158,4 @@ Need help? Contact [Datadog support][11]. [9]: https://github.com/DataDog/integrations-core/blob/master/squid/metadata.csv [10]: https://github.com/DataDog/integrations-core/blob/master/squid/assets/service_checks.json [11]: https://docs.datadoghq.com/help/ +[12]: https://www.squid-cache.org/Doc/config/logformat/ \ No newline at end of file diff --git a/squid/assets/dashboards/squid.json b/squid/assets/dashboards/squid.json new file mode 100644 index 0000000000000..43f96c9d56629 --- /dev/null +++ b/squid/assets/dashboards/squid.json @@ -0,0 +1,3023 @@ +{ + "description": "This dashboard provides information about the Squid logs generated in Squid Proxy server.", + "layout_type": "ordered", + "notify_list": [ + ], + "reflow_type": "fixed", + "template_variables": [ + { + "available_values": [ + "TCP", + "UDP" + ], + "default": "*", + "name": "Protocol", + "prefix": "@network.protocol" + }, + { + "available_values": [ + ], + "default": "*", + "name": "User", + "prefix": "@usr.name" + }, + { + "available_values": [ + "200", + "400", + "403", + "407", + "500" + ], + "default": "*", + "name": "Status_Code", + "prefix": "@http.status_code" + }, + { + "available_values": [ + "Success", + "Notice", + "Warning", + "Error", + "Critical" + ], + "default": "*", + "name": "Status_Category", + "prefix": "@http.status_category" + }, + { + "available_values": [ + "DENIED", + "MISS", + "HIT" + ], + "default": "*", + "name": "Squid_Status", + "prefix": "@squid.status" + } + ], + "title": "Squid", + "widgets": [ + { + "definition": { + "has_background": true, + "has_border": true, + "horizontal_align": "center", + "sizing": "contain", + "type": "image", + "url": "https://www.squid-cache.org/Artwork/Banner.png", + "url_dark_theme": "https://www.squid-cache.org/Artwork/Banner.png", + "vertical_align": "center" + }, + "id": 993530611301326, + "layout": { + "height": 2, + "width": 6, + "x": 0, + "y": 0 + } + }, + { + "definition": { + "background_color": "vivid_blue", + "layout_type": "ordered", + "show_title": true, + "title": "Squid Monitors Summary", + "type": "group", + "widgets": [ + { + "definition": { + "color_preference": "text", + "count": 50, + "display_format": "countsAndList", + "hide_zero_counts": true, + "last_triggered_format": "relative", + "query": "tag:squid", + "show_last_triggered": false, + "show_priority": false, + "show_status": true, + "sort": "status,asc", + "start": 0, + "summary_type": "monitors", + "title": "Squid Monitors Summary", + "type": "manage_status" + }, + "id": 5292238472737108, + "layout": { + "height": 5, + "width": 6, + "x": 0, + "y": 0 + } + } + ] + }, + "id": 6105759479053774, + "layout": { + "height": 6, + "width": 6, + "x": 6, + "y": 0 + } + }, + { + "definition": { + "background_color": "white", + "content": "Gain a comprehensive view of your network's web and cache activities by monitoring detailed Squid Access logs through this dashboard.\n\nSquid Access Logs provide in-depth insights into web access patterns, such as Total Squid Logs and Logs Over Time. Analyze Top Client IPs and Top Users by Error Status Category to identify which clients and users are experiencing the most issues. \n\nOperational metrics provides a comprehensive overview of server performance, caching effectiveness, and client behavior. This helps you monitor key metrics, identify potential issues, and optimize your caching configuration. The dashboard covers CPU and memory usage, HTTP requests and errors, and FTP traffic.\n\nFor more information, see the [Squid Integration Documentation](https://docs.datadoghq.com/integrations/squid)\n \n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "font_size": "14", + "has_padding": true, + "show_tick": false, + "text_align": "left", + "tick_edge": "left", + "tick_pos": "50%", + "type": "note", + "vertical_align": "top" + }, + "id": 6404359088381374, + "layout": { + "height": 4, + "width": 6, + "x": 0, + "y": 2 + } + }, + { + "definition": { + "background_color": "vivid_orange", + "layout_type": "ordered", + "show_title": true, + "title": "Datadog Cloud SIEM", + "title_align": "center", + "type": "group", + "widgets": [ + { + "definition": { + "background_color": "vivid_blue", + "content": "\nDatadog Cloud SIEM analyzes and correlates Squid logs to detect threats to your environment in real time. If you don't see signals, make sure you've enabled [Datadog Cloud SIEM](/security?query=source%3Asquid). ", + "font_size": "14", + "has_padding": true, + "show_tick": false, + "text_align": "left", + "tick_edge": "left", + "tick_pos": "50%", + "type": "note", + "vertical_align": "center" + }, + "id": 8135504331313588, + "layout": { + "height": 1, + "width": 12, + "x": 0, + "y": 0 + } + }, + { + "definition": { + "autoscale": true, + "custom_links": [ + ], + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:critical source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "CRITICALs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 5242677795523096, + "layout": { + "height": 2, + "width": 2, + "x": 0, + "y": 1 + } + }, + { + "definition": { + "autoscale": true, + "custom_links": [ + ], + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:medium source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "MEDIUMs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 4007960417434418, + "layout": { + "height": 2, + "width": 2, + "x": 2, + "y": 1 + } + }, + { + "definition": { + "custom_links": [ + ], + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:critical source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + }, + "title": "Critical Security Signals", + "type": "toplist" + }, + "id": 8976826436340736, + "layout": { + "height": 4, + "width": 8, + "x": 4, + "y": 1 + } + }, + { + "definition": { + "autoscale": true, + "custom_links": [ + ], + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:high source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "HIGHs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 1502810820524424, + "layout": { + "height": 2, + "width": 2, + "x": 0, + "y": 3 + } + }, + { + "definition": { + "autoscale": true, + "custom_links": [ + ], + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#ffb52b", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:low source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "LOWs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 6966298510286182, + "layout": { + "height": 1, + "width": 2, + "x": 2, + "y": 3 + } + }, + { + "definition": { + "autoscale": true, + "custom_links": [ + ], + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#84c1e0", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:info source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "INFOs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 57798377027784, + "layout": { + "height": 1, + "width": 2, + "x": 2, + "y": 4 + } + }, + { + "definition": { + "custom_links": [ + ], + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:high source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + }, + "title": "High Security Signals", + "type": "toplist" + }, + "id": 8289651080064226, + "layout": { + "height": 4, + "width": 6, + "x": 0, + "y": 5 + } + }, + { + "definition": { + "custom_links": [ + ], + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "security_signals", + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "status:medium source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + } + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + }, + "title": "Medium Security Signals", + "type": "toplist" + }, + "id": 3439516698249068, + "layout": { + "height": 4, + "width": 6, + "x": 6, + "y": 5 + } + } + ] + }, + "id": 3255980586575102, + "layout": { + "height": 1, + "width": 12, + "x": 0, + "y": 6 + } + }, + { + "definition": { + "background_color": "vivid_green", + "layout_type": "ordered", + "show_title": true, + "title": "Squid Log Details", + "type": "group", + "widgets": [ + { + "definition": { + "autoscale": true, + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#dbdef5", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "title": "Total Squid Logs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 2544834834046598, + "layout": { + "height": 3, + "width": 3, + "x": 0, + "y": 0 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "horizontal", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "Access Logs", + "formula": "query1", + "style": { + "palette": "classic", + "palette_index": 1 + } + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "Squid Logs over time", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 6929593419963792, + "layout": { + "height": 4, + "width": 9, + "x": 3, + "y": 0 + } + }, + { + "definition": { + "autoscale": true, + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "palette": "white_on_green", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + }, + "unit_scale": { + "type": "canonical_unit", + "unit_name": "byte" + } + } + } + ], + "queries": [ + { + "compute": { + "aggregation": "sum", + "metric": "@network.bytes_written" + }, + "data_source": "logs", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "Total Bytes Sent to Client", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 4301951353466508, + "layout": { + "height": 3, + "width": 3, + "x": 0, + "y": 3 + } + }, + { + "definition": { + "legend": { + "type": "table" + }, + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.status_category", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "title": "Distribution by Status Category ", + "title_align": "left", + "title_size": "16", + "type": "sunburst" + }, + "id": 5210794857327700, + "layout": { + "height": 4, + "width": 9, + "x": 3, + "y": 4 + } + }, + { + "definition": { + "autoscale": true, + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#db3333", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid @squid.status:DENIED @network.protocol:TCP $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "Total TCP Denied Logs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 1552732595455472, + "layout": { + "height": 3, + "width": 3, + "x": 0, + "y": 6 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "avg", + "metric": "@duration" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.url_details.host", + "limit": 10, + "sort": { + "aggregation": "avg", + "metric": "@duration", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + }, + "palette": "dog_classic" + }, + "title": "Top Avg Request Duration by URL Host", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 1821045533603400, + "layout": { + "height": 4, + "width": 9, + "x": 3, + "y": 8 + } + }, + { + "definition": { + "autoscale": true, + "precision": 2, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#db3333", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid @squid.status:DENIED @network.protocol:UDP $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area" + }, + "title": "Total UDP Denied Logs", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 7196619253169032, + "layout": { + "height": 3, + "width": 3, + "x": 0, + "y": 9 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "auto", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@squid.status", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "Squid Status Over Time", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 4592726907280998, + "layout": { + "height": 4, + "width": 6, + "x": 0, + "y": 12 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "auto", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@squid.peer_status", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "Squid Peer Status Over Time", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 6060795960521114, + "layout": { + "height": 4, + "width": 6, + "x": 6, + "y": 12 + } + }, + { + "definition": { + "legend": { + "type": "table" + }, + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@network.protocol", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "title": "Distribution by Protocol", + "title_align": "left", + "title_size": "16", + "type": "sunburst" + }, + "id": 452983347022802, + "layout": { + "height": 4, + "width": 6, + "x": 0, + "y": 16 + } + }, + { + "definition": { + "legend": { + "type": "table" + }, + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.method", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "title": "Distribution by HTTP Methods", + "title_align": "left", + "title_size": "16", + "type": "sunburst" + }, + "id": 2209657631600598, + "layout": { + "height": 4, + "width": 6, + "x": 6, + "y": 16 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.useragent_details.browser.family", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Browsers", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 6753071570035770, + "layout": { + "height": 5, + "width": 4, + "x": 0, + "y": 20 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Client IPs", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 6865073291942784, + "layout": { + "height": 5, + "width": 4, + "x": 4, + "y": 20 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@network.destination.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Destination IPs", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 8115192646989834, + "layout": { + "height": 5, + "width": 4, + "x": 8, + "y": 20 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@http.status_category", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid @http.status_code:>=400 $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Client IPs by Error Status Category", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 374174089069424, + "layout": { + "height": 5, + "width": 6, + "x": 0, + "y": 25 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.url_details.host", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Sites", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 2144528520612260, + "layout": { + "height": 5, + "width": 6, + "x": 6, + "y": 25 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@http.status_category", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid @http.status_code:>=400 $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Users by Error Status Category", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 2586504510271436, + "layout": { + "height": 5, + "width": 6, + "x": 0, + "y": 30 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Users", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 5832480649610576, + "layout": { + "height": 5, + "width": 6, + "x": 6, + "y": 30 + } + }, + { + "definition": { + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#8c3131", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.url_details.host", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid @squid.status:DENIED $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Denied URL Host ", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 2363694544637748, + "layout": { + "height": 5, + "width": 6, + "x": 0, + "y": 35 + } + }, + { + "definition": { + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e29d3c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.url_details.host", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid @squid.status:MISS $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Missed URL Host ", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 6502090782347636, + "layout": { + "height": 5, + "width": 6, + "x": 6, + "y": 35 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@http.referer", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top HTTP Referrer", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 760898709982526, + "layout": { + "height": 5, + "width": 6, + "x": 0, + "y": 40 + } + }, + { + "definition": { + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#a63f3f", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@error.message", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "display": { + "legend": "automatic", + "type": "stacked" + } + }, + "title": "Top Error Messages", + "title_align": "left", + "title_size": "16", + "type": "toplist" + }, + "id": 4376134812588716, + "layout": { + "height": 5, + "width": 6, + "x": 6, + "y": 40 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 250, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "title": "Traffic Over Client Geoip Location", + "title_align": "left", + "title_size": "16", + "type": "geomap", + "view": { + "focus": "WORLD" + } + }, + "id": 6204659465091390, + "layout": { + "height": 5, + "width": 12, + "x": 0, + "y": 45 + } + }, + { + "definition": { + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "compute": { + "aggregation": "count" + }, + "data_source": "logs", + "group_by": [ + { + "facet": "@network.destination.geoip.country.iso_code", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "indexes": [ + "*" + ], + "name": "query1", + "search": { + "query": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "index": 0, + "order": "desc", + "type": "formula" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "title": "Traffic Over Destination Geoip Location", + "title_align": "left", + "title_size": "16", + "type": "geomap", + "view": { + "focus": "WORLD" + } + }, + "id": 6079251722162984, + "layout": { + "height": 5, + "width": 12, + "x": 0, + "y": 50 + } + }, + { + "definition": { + "requests": [ + { + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "@network.client.ip", + "width": "auto" + }, + { + "field": "@http.status_category", + "width": "auto" + }, + { + "field": "@http.status_code", + "width": "auto" + }, + { + "field": "@network.protocol", + "width": "auto" + }, + { + "field": "@network.bytes_written", + "width": "auto" + }, + { + "field": "http.url_details.host", + "width": "auto" + } + ], + "query": { + "data_source": "logs_stream", + "indexes": [ + ], + "query_string": "source:squid $Protocol $User $Status_Code $Status_Category $Squid_Status ", + "storage": "hot" + }, + "response_format": "event_list" + } + ], + "title": "Squid Log Details", + "title_align": "left", + "title_size": "16", + "type": "list_stream" + }, + "id": 8589078903940764, + "layout": { + "height": 6, + "width": 12, + "x": 0, + "y": 55 + } + } + ] + }, + "id": 2539290368467106, + "layout": { + "height": 62, + "width": 12, + "x": 0, + "y": 7 + } + }, + { + "definition": { + "background_color": "blue", + "layout_type": "ordered", + "show_title": true, + "title": "Squid Metric Details", + "type": "group", + "widgets": [ + { + "definition": { + "autoscale": true, + "precision": 0, + "requests": [ + { + "conditional_formats": [ + { + "comparator": "<", + "palette": "white_on_green", + "value": 80 + }, + { + "comparator": ">=", + "palette": "black_on_light_red", + "value": 80 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.cpu_time{*}" + } + ], + "response_format": "scalar" + } + ], + "title": "CPU Usage ", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 3820300543090186, + "layout": { + "height": 3, + "width": 4, + "x": 0, + "y": 0 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "horizontal", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "CPU Usage", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.cpu_time{*}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "time": { + "hide_incomplete_cost_data": true + }, + "title": "CPU Usage Over Time", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 6415929501862064, + "layout": { + "height": 3, + "width": 8, + "x": 4, + "y": 0 + } + }, + { + "definition": { + "autoscale": true, + "precision": 0, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">=", + "palette": "white_on_green", + "value": 0 + }, + { + "comparator": ">", + "palette": "white_on_yellow", + "value": 750 + }, + { + "comparator": ">=", + "palette": "black_on_light_red", + "value": 1000 + } + ], + "formulas": [ + { + "formula": "query1 + query2" + } + ], + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.cd.memory{*}" + }, + { + "aggregator": "last", + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.cd.local_memory{*}" + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area" + }, + "title": "Memory Usage ", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 4258165939341752, + "layout": { + "height": 3, + "width": 4, + "x": 0, + "y": 3 + } + }, + { + "definition": { + "autoscale": true, + "precision": 0, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#26b0df", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1 + query2", + "number_format": { + "unit": { + "per_unit_name": "second", + "type": "canonical_unit", + "unit_name": "request" + } + } + } + ], + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.client_http.requests{*}" + }, + { + "aggregator": "last", + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.server.all.requests{*}" + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "HTTP Requests Per Second", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 2674308426925946, + "layout": { + "height": 3, + "width": 4, + "x": 4, + "y": 3 + } + }, + { + "definition": { + "autoscale": true, + "precision": 0, + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">=", + "custom_bg_color": "#e66833", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "aggregator": "last", + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.aborted_requests{*}" + } + ], + "response_format": "scalar" + } + ], + "timeseries_background": { + "type": "area", + "yaxis": { + "include_zero": true + } + }, + "title": "Aborted Requests Per Second", + "title_align": "left", + "title_size": "16", + "type": "query_value" + }, + "id": 2786611055040880, + "layout": { + "height": 3, + "width": 4, + "x": 8, + "y": 3 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "horizontal", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "Client HTTP Requests", + "formula": "query1", + "style": { + "palette": "classic", + "palette_index": 1 + } + }, + { + "alias": "Client HTTP Hits", + "formula": "query2" + }, + { + "alias": "Client Hits Rate", + "formula": "query2 / query1 * 100" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.client_http.requests{*}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.client_http.hits{*}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "Client HTTP Requests vs HTTP Hits Over Time", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 2069184515494228, + "layout": { + "height": 3, + "width": 6, + "x": 0, + "y": 6 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "auto", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "Client HTTP Errors", + "formula": "query1", + "style": { + "palette": "warm", + "palette_index": 5 + } + }, + { + "alias": "Server HTTP Errors", + "formula": "query2", + "style": { + "palette": "purple", + "palette_index": 5 + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.client_http.errors{*}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.server.all.errors{*}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "Client Errors vs Server Errors ", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 6482725862183798, + "layout": { + "height": 3, + "width": 6, + "x": 6, + "y": 6 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "horizontal", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "Traffic Read", + "formula": "query1", + "style": { + "palette": "warm", + "palette_index": 3 + } + }, + { + "alias": "Traffic Write", + "formula": "query2", + "style": { + "palette": "classic", + "palette_index": 3 + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.server.all.kbytes_in{*}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.server.all.kbytes_out{*}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "time": { + "hide_incomplete_cost_data": true + }, + "title": "Squid Cache Server Traffic Read Vs Traffic Write", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 3053023205098324, + "layout": { + "height": 3, + "width": 6, + "x": 0, + "y": 9 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "horizontal", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "Server HTTP Requests", + "formula": "query1" + }, + { + "alias": "Traffic Read", + "formula": "query2" + }, + { + "alias": "Traffic Write", + "formula": "query3" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.server.http.requests{*}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.server.http.kbytes_in{*}" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:squid.cachemgr.server.http.kbytes_out{*}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "title": "HTTP Traffic Analysis", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 1805246720143070, + "layout": { + "height": 3, + "width": 6, + "x": 6, + "y": 9 + } + }, + { + "definition": { + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "legend_layout": "auto", + "requests": [ + { + "display_type": "line", + "formulas": [ + { + "alias": "FTP Requests", + "formula": "query1", + "style": { + "palette": "dd20", + "palette_index": 3 + } + }, + { + "alias": "FTP Errors", + "formula": "query2", + "style": { + "palette": "dd20", + "palette_index": 4 + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:squid.cachemgr.server.ftp.requests{*}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:squid.cachemgr.server.ftp.errors{*}" + } + ], + "response_format": "timeseries", + "style": { + "line_type": "solid", + "line_width": "normal", + "order_by": "values", + "palette": "dog_classic" + } + } + ], + "show_legend": true, + "time": { + "hide_incomplete_cost_data": true + }, + "title": "FTP Requests vs FTP Errors Over Time", + "title_align": "left", + "title_size": "16", + "type": "timeseries" + }, + "id": 1932830340289702, + "layout": { + "height": 3, + "width": 12, + "x": 0, + "y": 12 + } + } + ] + }, + "id": 4126822935793754, + "layout": { + "height": 16, + "width": 12, + "x": 0, + "y": 69 + } + } + ] +} \ No newline at end of file diff --git a/squid/assets/logs/squid.yaml b/squid/assets/logs/squid.yaml index a57a2af49647d..50510e2ed3ae4 100644 --- a/squid/assets/logs/squid.yaml +++ b/squid/assets/logs/squid.yaml @@ -32,36 +32,134 @@ facets: name: URL scheme path: http.url_details.scheme source: log + - groups: + - Web Access + name: Browser + path: http.useragent_details.browser.family + source: log + - groups: + - Web Access + name: Device + path: http.useragent_details.device.family + source: log + - groups: + - Web Access + name: OS + path: http.useragent_details.os.family + source: log + - groups: + - Geoip + name: City Name + path: network.client.geoip.city.name + source: log + - groups: + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name + source: log - groups: - Web Access name: Client IP path: network.client.ip source: log + - groups: + - Geoip + name: Destination City Name + path: network.destination.geoip.city.name + source: log + - groups: + - Geoip + name: Destination Continent Code + path: network.destination.geoip.continent.code + source: log + - groups: + - Geoip + name: Destination Continent Name + path: network.destination.geoip.continent.name + source: log + - groups: + - Geoip + name: Destination Country ISO Code + path: network.destination.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Destination Country Name + path: network.destination.geoip.country.name + source: log + - groups: + - Geoip + name: Destination Subdivision ISO Code + path: network.destination.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Destination Subdivision Name + path: network.destination.geoip.subdivision.name + source: log - groups: - Web Access name: Destination IP path: network.destination.ip source: log - groups: + - User + name: User Name + path: usr.name + source: log + - facetType: list + groups: - Network name: Network Protocol path: network.protocol source: log - - groups: + type: string + - facetType: list + groups: - Squid - name: Status - path: squid.status + name: Instance Name + path: squid.instance_name source: log - - groups: + type: string + - facetType: list + groups: - Squid name: Peer Status path: squid.peer_status source: log - - groups: + type: string + - facetType: list + groups: - Squid - name: Instance Name - path: squid.instance_name + name: Status + path: squid.status source: log + type: string pipeline: type: pipeline name: Squid @@ -79,13 +177,44 @@ pipeline: - 1570784722.610 196 127.0.0.1 TCP_MISS/200 12712 GET http://www.google.com/ - HIER_DIRECT/172.217.20.68 text/html - 1570784681.846 12140 127.0.0.1 TCP_MISS_ABORTED/000 0 GET http://8.8.8.8/ - HIER_DIRECT/8.8.8.8 - - 2019/10/11 09:14:49 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9 + - 1725599181.650 0 10.212.128.16 TCP_MISS_ABORTED/000 0 - error:transaction-end-before-headers - HIER_NONE/- - + - 1725599185.240 0 10.212.128.16 TCP_DENIED/407 4660 GET http://clientservices.googleapis.com/chrome-variations/seed? - HIER_NONE/- text/html [http_request_headers] [http_response_headers] + - 10.212.128.16 - - [06/Sep/2024:10:32:43 +0530] "CONNECT fcmconnection.googleapis.com:443 HTTP/1.1" 407 4053 TCP_DENIED:HIER_NONE + - 10.212.128.16 - - [06/Sep/2024:10:34:44 +0530] "CONNECT mobile.events.data.microsoft.com:443 HTTP/1.1" 407 4277 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Code/1.92.2 Chrome/124.0.6367.243 Electron/30.1.2 Safari/537.36" TCP_DENIED:HIER_NONE + - 2019/10/11 09:14:49 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 11 flags=9 grok: - matchRules: | - squid_access_parser %{number:timestamp:scale(1000)}\s+%{number:duration:scale(1000000)} %{ip:network.client.ip} %{regex("[^_]*"):network.protocol}_%{regex("[^/]*"):squid.status}/(000|%{integer:http.status_code}) %{number:network.bytes_written} %{word:http.method} (%{regex("(http|https)://[^\\s]+"):http.url}|%{notSpace:http.url_details.path}) (-|%{notSpace:squid.user_identity}) %{word:squid.peer_status}/(-|%{ip:network.destination.ip}) (:|-|%{notSpace:http.resource.content_type})?( \[%{regex("[^]]*"):http.headers.request}\])?( \[%{regex("[^]]*"):http.headers.response}\])?.* + supportRules: > + parse_prefix_combined_log_rule (-|%{ip:network.client.ip}) - + (-|%{word:squid.user_identity}) \[%{date("dd/MMM/yyyy:HH:mm:ss + Z"):timestamp}\] \"(-|%{word:http.method}) + (-|%{regex("(http|https)://[^\\s]+"):http.url}|error:%{data:error.message}|%{parse_url}) + %{regex("[^\"]*"):http.version}\" (-|%{number:http.status_code}) + %{number:network.bytes_written} + + parse_suffix_combined_log_rule (NONE|%{regex("[^_]*"):network.protocol}_%{regex("[^:]*"):squid.status})\:(-|%{word:squid.peer_status}).* + + parse_url %{hostname:http.url_details.host}(:%{number:http.url_details.port})?(%{regex("[^?|^#]*"):http.url_details.path})?(\?%{regex("[^#]*"):http.url_details.queryString:keyvalue("=","+%","","&")})?(\#%{notSpace:http.url_details.hash})? + matchRules: > + squid_access_parser + %{number:timestamp:scale(1000)}\s+(-|%{number:duration:scale(1000000)}) + (-|%{ip:network.client.ip}) + %{regex("[^_]*"):network.protocol}_%{regex("[^/]*"):squid.status}/(000|%{integer:http.status_code}) + (-|%{number:network.bytes_written}) (-|%{word:http.method}) + (-|%{regex("(http|https)://[^\\s]+"):http.url}|error:%{data:error.message}|%{parse_url}) + (-|%{notSpace:squid.user_identity}) + (-|%{word:squid.peer_status})/(-|%{ip:network.destination.ip}) + (:|-|%{notSpace:http.resource.content_type})( + \[%{regex("[^]]*"):http.headers.request}\])?( + \[%{regex("[^]]*"):http.headers.response}\])?.* + + combined_access_parser %{parse_prefix_combined_log_rule} \"(-|%{regex("[^\"]*"):http.referer})\" \"(-|%{regex("[^\"]*"):http.useragent})\" %{parse_suffix_combined_log_rule}.* + + common_access_parser %{parse_prefix_combined_log_rule} %{parse_suffix_combined_log_rule}.* squid_cache_parser %{date("yyyy/MM/dd HH:mm:ss"):timestamp}( %{word:squid.instance_name})?\| %{data:squid.properties:keyvalue("=","\\[\\]:")} #Extra samples: + #Access.log #1570784659.019 114 127.0.0.1 TCP_MISS/503 4114 GET http://www.data/ - HIER_NONE/- text/html #1570784685.245 62 127.0.0.1 TCP_MISS/403 1380 GET http://99.86.88.128 - HIER_DIRECT/99.86.88.128 text/html @@ -93,23 +222,24 @@ pipeline: #1570796039.630 217 127.0.0.1 TCP_TUNNEL/200 4094 CONNECT 8.8.8.8:443/ - HIER_DIRECT/8.8.8.8 - #1570788669.732 95 127.0.0.1 TCP_MISS/502 4006 GET http://www.google.com:443/ - HIER_DIRECT/172.217.20.68 text/html #1570797241.241 0 127.0.0.1 TCP_DENIED/403 3903 GET http://http:8/ - HIER_NONE/- text/html + #Cache.log #2019/10/14 17:42:41 kid1| Logfile: opening log daemon:/var/log/squid/access.log #2019/10/11 09:14:49| pinger: Initialising ICMP pinger ... #Access, Cache: in Log Samples - supportRules: '' - type: date-remapper name: Define `timestamp` as the official date of the log enabled: true sources: - timestamp - type: url-parser - name: Access logs - URL parser + name: Extract details from `http.url` enabled: true sources: - http.url target: http.url_details + normalizeEndingSlashes: false - type: category-processor name: Access logs - HTTP Status category processor enabled: true @@ -138,3 +268,35 @@ pipeline: enabled: true sources: - http.status_category + - type: attribute-remapper + name: Map `squid.user_identity` to `usr.name` + enabled: true + sources: + - squid.user_identity + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: true + overrideOnConflict: false + - type: user-agent-parser + name: Extract details from `http.useragent` + enabled: true + sources: + - http.useragent + target: http.useragent_details + encoded: false + combineVersionDetails: false + - type: geo-ip-parser + name: Extracting Geo Location from Source IP Address + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: geo-ip-parser + name: Extracting Geo Location from Destination IP Address + enabled: true + sources: + - network.destination.ip + target: network.destination.geoip + ip_processing_behavior: do-nothing diff --git a/squid/assets/logs/squid_tests.yaml b/squid/assets/logs/squid_tests.yaml index b970e88276644..422f1cd8887a4 100644 --- a/squid/assets/logs/squid_tests.yaml +++ b/squid/assets/logs/squid_tests.yaml @@ -20,8 +20,10 @@ tests: network: bytes_written: 491.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "99.86.88.89" protocol: "TCP" squid: @@ -53,8 +55,10 @@ tests: network: bytes_written: 491.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "99.86.88.128" protocol: "TCP" squid: @@ -85,6 +89,7 @@ tests: network: bytes_written: 4114.0 client: + geoip: {} ip: "127.0.0.1" protocol: "TCP" squid: @@ -111,8 +116,10 @@ tests: network: bytes_written: 0.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "8.8.8.8" protocol: "TCP" squid: @@ -142,8 +149,10 @@ tests: network: bytes_written: 1380.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "99.86.88.128" protocol: "TCP" squid: @@ -174,8 +183,10 @@ tests: network: bytes_written: 12712.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "172.217.20.68" protocol: "TCP" squid: @@ -197,12 +208,15 @@ tests: status_category: "Success" status_code: 200 url_details: - path: "www.google.com:443" + host: "www.google.com" + port: 443 network: bytes_written: 15851.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "172.217.20.68" protocol: "TCP" squid: @@ -224,12 +238,16 @@ tests: status_category: "Success" status_code: 200 url_details: - path: "8.8.8.8:443/" + host: "8.8.8.8" + path: "/" + port: 443 network: bytes_written: 4094.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "8.8.8.8" protocol: "TCP" squid: @@ -261,8 +279,10 @@ tests: network: bytes_written: 4006.0 client: + geoip: {} ip: "127.0.0.1" destination: + geoip: {} ip: "172.217.20.68" protocol: "TCP" squid: @@ -294,6 +314,7 @@ tests: network: bytes_written: 3903.0 client: + geoip: {} ip: "127.0.0.1" protocol: "TCP" squid: @@ -340,4 +361,160 @@ tests: tags: - "source:LOGS_SOURCE" timestamp: 1570785289000 - + - + sample: "10.10.10.10 - testuser1 [25/Sep/2024:11:25:20 +0530] \"CONNECT ssl.gstatic.com:443 HTTP/1.1\" 200 3139 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36\" TCP_TUNNEL:HIER_DIRECT" + result: + custom: + http: + method: "CONNECT" + status_category: "Success" + status_code: 200.0 + url_details: + host: "ssl.gstatic.com" + port: 443 + useragent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" + useragent_details: + browser: + family: "Chrome" + major: "129" + minor: "0" + patch: "0" + patch_minor: "0" + device: + category: "Desktop" + family: "Other" + os: + family: "Windows" + major: "10" + version: "HTTP/1.1" + network: + bytes_written: 3139.0 + client: + geoip: {} + ip: "10.10.10.10" + protocol: "TCP" + squid: + peer_status: "HIER_DIRECT" + status: "TUNNEL" + user_identity: "testuser1" + timestamp: 1727243720000 + usr: + name: "testuser1" + message: "10.10.10.10 - testuser1 [25/Sep/2024:11:25:20 +0530] \"CONNECT ssl.gstatic.com:443 HTTP/1.1\" 200 3139 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36\" TCP_TUNNEL:HIER_DIRECT" + status: "ok" + tags: + - "source:LOGS_SOURCE" + timestamp: 1727243720000 + - + sample: "10.10.10.10 - testuser1 [25/Sep/2024:15:20:11 +0530] \"GET http://proxy.squid.local:3128/squid-internal-mgr/counters HTTP/1.1\" 407 4724 TCP_DENIED:HIER_NONE'" + result: + custom: + http: + method: "GET" + status_category: "Warning" + status_code: 407.0 + url: "http://proxy.squid.local:3128/squid-internal-mgr/counters" + url_details: + host: "proxy.squid.local" + path: "/squid-internal-mgr/counters" + port: 3128 + scheme: "http" + version: "HTTP/1.1" + network: + bytes_written: 4724.0 + client: + geoip: {} + ip: "10.10.10.10" + protocol: "TCP" + squid: + peer_status: "HIER_NONE" + status: "DENIED" + user_identity: "testuser1" + timestamp: 1727257811000 + usr: + name: "testuser1" + message: "10.10.10.10 - testuser1 [25/Sep/2024:15:20:11 +0530] \"GET http://proxy.squid.local:3128/squid-internal-mgr/counters HTTP/1.1\" 407 4724 TCP_DENIED:HIER_NONE'" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1727257811000 + - + sample: "10.10.10.10 - testuser1 [25/Sep/2024:15:20:17 +0530] \"CONNECT ssl.gstatic.com:443 HTTP/1.1\" 200 0 NONE_NONE:HIER_DIRECT" + result: + custom: + http: + method: "CONNECT" + status_category: "Success" + status_code: 200.0 + url_details: + host: "ssl.gstatic.com" + port: 443 + version: "HTTP/1.1" + network: + bytes_written: 0.0 + client: + geoip: {} + ip: "10.10.10.10" + protocol: "NONE" + squid: + peer_status: "HIER_DIRECT" + status: "NONE" + user_identity: "testuser1" + timestamp: 1727257817000 + usr: + name: "testuser1" + message: "10.10.10.10 - testuser1 [25/Sep/2024:15:20:17 +0530] \"CONNECT ssl.gstatic.com:443 HTTP/1.1\" 200 0 NONE_NONE:HIER_DIRECT" + status: "ok" + tags: + - "source:LOGS_SOURCE" + timestamp: 1727257817000 + - + sample: "1726124251 0 10.10.10.10 TCP_DENIED/403 3920 CONNECT ts01-gyr-maverick.cloudsink.net:443 - HIER_NONE/- text/html" + result: + custom: + duration: 0.0 + http: + method: "CONNECT" + resource: + content_type: "text/html" + status_category: "Warning" + status_code: 403 + url_details: + host: "ts01-gyr-maverick.cloudsink.net" + port: 443 + network: + bytes_written: 3920.0 + client: + geoip: {} + ip: "10.10.10.10" + protocol: "TCP" + squid: + peer_status: "HIER_NONE" + status: "DENIED" + timestamp: 1.726124251E12 + message: "1726124251 0 10.10.10.10 TCP_DENIED/403 3920 CONNECT ts01-gyr-maverick.cloudsink.net:443 - HIER_NONE/- text/html" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726124251000 + - + sample: "1726124255.221 0 10.10.10.10 NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- -" + result: + custom: + duration: 0.0 + error: + message: "transaction-end-before-headers" + network: + bytes_written: 0.0 + client: + geoip: {} + ip: "10.10.10.10" + protocol: "NONE" + squid: + peer_status: "HIER_NONE" + status: "NONE" + timestamp: 1.726124255221E12 + message: "1726124255.221 0 10.10.10.10 NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- -" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726124255221 \ No newline at end of file diff --git a/squid/assets/monitors/cpu_usage_exceeded.json b/squid/assets/monitors/cpu_usage_exceeded.json new file mode 100644 index 0000000000000..6a215dae9886e --- /dev/null +++ b/squid/assets/monitors/cpu_usage_exceeded.json @@ -0,0 +1,33 @@ +{ + "version": 2, + "created_at": "2024-09-12", + "last_updated_at": "2024-09-12", + "title": "CPU usage exceeded", + "description": "CPU usage monitored.", + "definition": { + "id": 153453104, + "name": "CPU usage exceeded", + "type": "query alert", + "query": "avg(last_5m):sum:squid.cachemgr.cpu_time{*} >= 90", + "message": "{{#is_warning}} \nCPU Usage exceeded the threshold. \nThreshold: {{warn_threshold}} %\n{{/is_warning}}\n\n{{#is_alert}} \nCPU Usage exceeded the threshold. \nCurrent Usage : {{value}} %\nThreshold: {{threshold}} % \n{{/is_alert}}", + "tags": [ "squid" ], + "options": { + "thresholds": { + "critical": 90, + "warning": 50 + }, + "notify_audit": false, + "on_missing_data": "default", + "include_tags": false, + "new_host_delay": 300, + "silenced": { } + }, + "priority": 4, + "restriction_policy": { + "bindings": [ ] + } + }, + "tags": [ + "integration:squid" + ] +} \ No newline at end of file diff --git a/squid/assets/monitors/high_latency_requests.json b/squid/assets/monitors/high_latency_requests.json new file mode 100644 index 0000000000000..282c64d310a02 --- /dev/null +++ b/squid/assets/monitors/high_latency_requests.json @@ -0,0 +1,35 @@ +{ + "version": 2, + "created_at": "2024-09-12", + "last_updated_at": "2024-09-12", + "title": "High latency requests", + "description": "High latency requests monitored.", + "definition": { + "id": 153450604, + "name": "High latency requests", + "type": "log alert", + "query": "logs(\"source:squid @duration:>6000000000\").index(\"*\").rollup(\"count\").last(\"5m\") >= 5", + "message": "{{#is_warning}} \nThe requests with long duration exceeded the threshold. \nThreshold: {{warn_threshold}}\n{{/is_warning}}\n\n{{#is_alert}} \nThe requests with long duration exceeded the threshold. \nCurrent requests: {{value}} \nThreshold: {{threshold}} \n{{/is_alert}}", + "tags": [ "squid" ], + "options": { + "thresholds": { + "critical": 5, + "warning": 2 + }, + "enable_logs_sample": false, + "notify_audit": false, + "on_missing_data": "default", + "include_tags": false, + "new_host_delay": 300, + "groupby_simple_monitor": false, + "silenced": { } + }, + "priority": 4, + "restriction_policy": { + "bindings": [ ] + } + }, + "tags": [ + "integration:squid" + ] +} \ No newline at end of file diff --git a/squid/assets/monitors/high_rate_of_client_http_errors.json b/squid/assets/monitors/high_rate_of_client_http_errors.json new file mode 100644 index 0000000000000..c6334762ceedd --- /dev/null +++ b/squid/assets/monitors/high_rate_of_client_http_errors.json @@ -0,0 +1,33 @@ +{ + "version": 2, + "created_at": "2024-09-12", + "last_updated_at": "2024-09-12", + "title": "High rate of client HTTP errors", + "description": "High rate of client HTTP errors monitored.", + "definition": { + "id": 153452296, + "name": "High rate of client HTTP errors", + "type": "query alert", + "query": "max(last_5m):sum:squid.cachemgr.client_http.errors{*} / sum:squid.cachemgr.client_http.requests{*} * 100 >= 15", + "message": "{{#is_warning}} \nToo many client errors exceeded the threshold. \nThreshold: {{warn_threshold}} % \n{{/is_warning}}\n\n{{#is_alert}} \nToo many client errors exceeded the threshold. \nCurrent errors : {{value}} % \nThreshold: {{threshold}} % \n{{/is_alert}}", + "tags": [ "squid" ], + "options": { + "thresholds": { + "critical": 15, + "warning": 10 + }, + "notify_audit": false, + "on_missing_data": "default", + "include_tags": false, + "new_host_delay": 300, + "silenced": { } + }, + "priority": 4, + "restriction_policy": { + "bindings": [ ] + } + }, + "tags": [ + "integration:squid" + ] +} \ No newline at end of file diff --git a/squid/assets/monitors/high_rate_of_server_errors.json b/squid/assets/monitors/high_rate_of_server_errors.json new file mode 100644 index 0000000000000..cc99cd49a17c7 --- /dev/null +++ b/squid/assets/monitors/high_rate_of_server_errors.json @@ -0,0 +1,33 @@ +{ + "version": 2, + "created_at": "2024-09-12", + "last_updated_at": "2024-09-12", + "title": "High rate of server errors", + "description": "High rate of server errors is monitored.", + "definition": { + "id": 153451847, + "name": "High rate of server errors", + "type": "query alert", + "query": "max(last_5m):sum:squid.cachemgr.server.all.errors{*} / sum:squid.cachemgr.server.all.requests{*} * 100 >= 15", + "message": "{{#is_warning}} \nToo many server errors exceeded the threshold. \nThreshold: {{warn_threshold}} % \n{{/is_warning}}\n\n{{#is_alert}} \nToo many server errors exceeded the threshold. \nCurrent errors : {{value}} % \nThreshold: {{threshold}} % \n{{/is_alert}}", + "tags": [ "squid" ], + "options": { + "thresholds": { + "critical": 15, + "warning": 10 + }, + "notify_audit": false, + "on_missing_data": "default", + "include_tags": false, + "new_host_delay": 300, + "silenced": { } + }, + "priority": 4, + "restriction_policy": { + "bindings": [ ] + } + }, + "tags": [ + "integration:squid" + ] +} \ No newline at end of file diff --git a/squid/images/squid.png b/squid/images/squid.png new file mode 100644 index 0000000000000..393b62e6f4111 Binary files /dev/null and b/squid/images/squid.png differ diff --git a/squid/manifest.json b/squid/manifest.json index f1a26f119a775..d3f50e2680d72 100644 --- a/squid/manifest.json +++ b/squid/manifest.json @@ -1,50 +1,68 @@ { - "manifest_version": "2.0.0", - "app_uuid": "de18c581-69ee-48cf-ba23-7794bfb7a4bd", - "app_id": "squid", - "display_on_public_website": true, - "tile": { - "overview": "README.md#Overview", - "configuration": "README.md#Setup", - "support": "README.md#Support", - "changelog": "CHANGELOG.md", - "description": "Track metrics from your squid-cache servers with Datadog", - "title": "Squid", - "media": [], - "classifier_tags": [ - "Category::Caching", - "Category::Log Collection", - "Supported OS::Linux", - "Supported OS::Windows", - "Supported OS::macOS", - "Offering::Integration" - ] - }, - "author": { - "support_email": "help@datadoghq.com", - "name": "Datadog", - "homepage": "https://www.datadoghq.com", - "sales_email": "info@datadoghq.com" - }, - "assets": { - "integration": { - "source_type_name": "Squid", - "configuration": { - "spec": "assets/configuration/spec.yaml" - }, - "events": { - "creates_events": false - }, - "metrics": { - "prefix": "squid.", - "check": "squid.cachemgr.cpu_time", - "metadata_path": "metadata.csv" - }, - "service_checks": { - "metadata_path": "assets/service_checks.json" - }, - "source_type_id": 10022, - "auto_install": true + "manifest_version": "2.0.0", + "app_uuid": "de18c581-69ee-48cf-ba23-7794bfb7a4bd", + "app_id": "squid", + "display_on_public_website": true, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Track metrics from your squid-cache servers with Datadog", + "title": "Squid", + "media": [ + { + "caption": "Squid", + "image_url": "images/squid.png", + "media_type": "image" + } + ], + "classifier_tags": [ + "Category::Caching", + "Category::Log Collection", + "Supported OS::Linux", + "Supported OS::Windows", + "Supported OS::macOS", + "Offering::Integration" + ] + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + }, + "assets": { + "integration": { + "source_type_name": "Squid", + "configuration": { + "spec": "assets/configuration/spec.yaml" + }, + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "squid.", + "check": "squid.cachemgr.cpu_time", + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + }, + "source_type_id": 10022, + "auto_install": true + }, + "dashboards": { + "Squid": "assets/dashboards/squid.json" + }, + "monitors": { + "CPU usage exceeded": "assets/monitors/cpu_usage_exceeded.json", + "High latency requests": "assets/monitors/high_latency_requests.json", + "High rate of client HTTP errors": "assets/monitors/high_rate_of_client_http_errors.json", + "High rate of server errors": "assets/monitors/high_rate_of_server_errors.json" + }, + "logs": { + "source": "squid" + } } - } } \ No newline at end of file diff --git a/ssh_check/CHANGELOG.md b/ssh_check/CHANGELOG.md index cecce0fa55718..f07d07bb7edc6 100644 --- a/ssh_check/CHANGELOG.md +++ b/ssh_check/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.10.0 / 2024-09-05 ***Added***: diff --git a/statsd/CHANGELOG.md b/statsd/CHANGELOG.md index b6d358402fac4..c69f4fb32790d 100644 --- a/statsd/CHANGELOG.md +++ b/statsd/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.12.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/streamnative/CHANGELOG.md b/streamnative/CHANGELOG.md new file mode 100644 index 0000000000000..acabc5348fcaf --- /dev/null +++ b/streamnative/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - StreamNative + +## 1.0.0 / 2024-10-01 + +***Added***: + +* Initial Release diff --git a/streamnative/README.md b/streamnative/README.md new file mode 100644 index 0000000000000..ab65f9b40ca2b --- /dev/null +++ b/streamnative/README.md @@ -0,0 +1,72 @@ +# StreamNative + +## Overview + +[StreamNative][1] provides an enterprise-grade messaging and event streaming platform built on Apache Pulsar. It offers scalable, real-time data streaming solutions with features like multi-tenancy, geo-replication, and seamless integration with cloud services. + +The StreamNative integration collects the following types of [metrics][2]: + +1. Health +2. Pulsar Resource +3. Source Connector +4. Sink Connector +5. Kafka Connect + +## Setup + +### Configuration + +#### Get StreamNative credentials + +Log into the [StreamNative Cloud Console Account][3]. +##### Get the `Organization ID` and `Instance Name`: + +1. Click the profile icon and select **Organizations**. +2. Choose the **Organization** for which data needs to be collected. +3. From the **Select an Instance** dropdown, note the **Instance Name**. + +##### Get the `Client ID` and `Client Secret`: + +1. Click the profile icon and navigate to the **Accounts & Accesses** tab. +2. Find the Service Account with **Admin** permissions set to **Enabled**. + - If no Service Account exists, select **New -> Service Account** to create one, and make sure to enable the **Super Admin** option. +3. On the right side of the chosen Service Account, click the `...` button. +4. Select **Download OAuth2 Key** to obtain the **Client ID** and **Client Secret**. + + +#### Add StreamNative credentials + +- Organization ID +- Instance Name +- Client ID +- Client Secret + + +## Data Collected + +### Logs + +The StreamNative integration does not include any logs. + +### Metrics + +The StreamNative integration collects and forwards the following metrics to Datadog. + +{{< get-metrics-from-git "streamnative" >}} + +### Service Checks + +The StreamNative integration does not include any service checks. + +### Events + +The StreamNative integration does not include any events. + +## Troubleshooting + +Need help? Contact [Datadog support][4]. + +[1]: https://streamnative.io/ +[2]: https://docs.streamnative.io/docs/cloud-metrics-api#metrics-endpoint +[3]: https://console.streamnative.cloud/ +[4]: https://docs.datadoghq.com/help/ \ No newline at end of file diff --git a/streamnative/assets/dashboards/streamnative_health.json b/streamnative/assets/dashboards/streamnative_health.json new file mode 100644 index 0000000000000..9859e94c4d3b0 --- /dev/null +++ b/streamnative/assets/dashboards/streamnative_health.json @@ -0,0 +1,604 @@ +{ + "title": "StreamNative - Health", + "description": "", + "widgets": [ + { + "id": 5694301138076536, + "definition": { + "type": "image", + "url": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/63926c17a52727a15e13decd_Logo-streamnative-150px.svg", + "url_dark_theme": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/66503b265696d89c26062701_Group%2021.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 4734527193949666, + "definition": { + "title": "Monitor Summary", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "background", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "tag:streamnative", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 7, + "y": 0, + "width": 5, + "height": 5 + } + }, + { + "id": 6669352432630000, + "definition": { + "type": "note", + "content": "**[StreamNative](https://www.streamnative.com/)** provides an enterprise-grade messaging platform built on Apache Pulsar, offering scalable real-time data streaming with multi-tenancy, geo-replication, and cloud integration.\n\nThis Health dashboard tracks messaging latency (end-to-end, publish, cross-cluster) and service availability. \n\nFor more information, see the [StreamNative Integration Documentation](https://docs.datadoghq.com/integrations/streamnative/).", + "background_color": "orange", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 2 + } + }, + { + "id": 5437379294232914, + "definition": { + "type": "note", + "content": "**Note**:\n- The dashboard widgets display the latest metric values captured based on health statistics.\n\n**Tip**:\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 4, + "y": 3, + "width": 3, + "height": 2 + } + }, + { + "id": 1229081970979708, + "definition": { + "title": "End to End Latency over time (Median)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "End To End Latency", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "avg:streamnative.health.pulsar_detector_e2e_latency_ms{$Organization,$Instance,$Namespace,$Cluster,quantile:0.5} by {cloud_streamnative_io_cluster}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 5, + "width": 12, + "height": 3 + } + }, + { + "id": 4014832880981910, + "definition": { + "title": "Publish Latency over time (Median)", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Publish Latency", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.health.pulsar_detector_publish_latency_ms{$Organization,$Cluster,$Instance,$Namespace,quantile:0.5} by {cloud_streamnative_io_cluster}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 3 + } + }, + { + "id": 762054180789370, + "definition": { + "title": "Average End To End Latency by Quantile", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "End To End latency", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.health.pulsar_detector_e2e_latency_ms{$Organization,$Instance,$Namespace,$Cluster} by {quantile}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + }, + { + "id": 8630166971873926, + "definition": { + "title": "Average Publish Latency by Quantile", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Publish Latency", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.health.pulsar_detector_publish_latency_ms{$Organization,$Instance,$Namespace,$Cluster} by {quantile}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4, + "is_column_break": true + } + }, + { + "id": 1445816428377812, + "definition": { + "title": "Service Status", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.health.pulsar_detector_pulsar_sla_webservice_up{$Organization,$Instance,$Namespace,$Cluster} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance,cloud_streamnative_io_cluster}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.health.pulsar_detector_pulsar_sla_messaging_up{$Organization,$Instance,$Namespace,$Cluster} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance,cloud_streamnative_io_cluster}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "conditional_formats": [ + { + "comparator": "=", + "value": 1, + "palette": "white_on_green" + }, + { + "comparator": "<", + "value": 1, + "palette": "black_on_light_red" + } + ], + "cell_display_mode": "number", + "alias": "Webservice Status", + "formula": "query1" + }, + { + "conditional_formats": [ + { + "comparator": "=", + "value": 1, + "palette": "white_on_green" + }, + { + "comparator": "<", + "value": 1, + "palette": "black_on_light_red" + } + ], + "cell_display_mode": "number", + "alias": "Messaging Service Status", + "formula": "query2" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 3 + } + }, + { + "id": 5425815181046796, + "definition": { + "title": "Service Status over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Webservice", + "style": { + "palette": "dd20", + "palette_index": 2 + }, + "formula": "count_nonzero(query1)" + }, + { + "alias": "Messaging Service", + "style": { + "palette": "classic", + "palette_index": 1 + }, + "formula": "count_nonzero(query2)" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.health.pulsar_detector_pulsar_sla_webservice_up{$Organization,$Instance,$Namespace,$Cluster}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.health.pulsar_detector_pulsar_sla_messaging_up{$Organization,$Instance,$Namespace,$Cluster}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 4 + } + }, + { + "id": 1936496724376416, + "definition": { + "title": "Overall Summary", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.health.pulsar_detector_e2e_latency_ms{$Organization,$Cluster,$Instance,$Namespace,quantile:0.5} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.health.pulsar_detector_publish_latency_ms{$Organization,$Cluster,$Instance,$Namespace,quantile:0.5} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:streamnative.health.pulsar_detector_pulsar_sla_webservice_up{$Organization,$Cluster,$Instance,$Namespace} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "avg:streamnative.health.pulsar_detector_pulsar_sla_messaging_up{$Organization,$Cluster,$Instance,$Namespace} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "End to End Latency (Median)", + "formula": "query1" + }, + { + "cell_display_mode": "bar", + "alias": "Publish Latency (Median)", + "formula": "query2" + }, + { + "cell_display_mode": "bar", + "alias": "Webservice Status", + "formula": "query3", + "conditional_formats": [ + { + "comparator": "=", + "value": 1, + "palette": "black_on_light_green" + }, + { + "comparator": "<", + "value": 1, + "palette": "black_on_light_red" + } + ] + }, + { + "cell_display_mode": "bar", + "alias": "Messaging Status", + "formula": "query4", + "conditional_formats": [ + { + "comparator": "=", + "value": 1, + "palette": "black_on_light_green" + }, + { + "comparator": "<", + "value": 1, + "palette": "black_on_light_red" + } + ] + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "Organization", + "prefix": "cloud_streamnative_io_organization_name", + "available_values": [], + "default": "*" + }, + { + "name": "Instance", + "prefix": "cloud_streamnative_io_pulsar_instance", + "available_values": [], + "default": "*" + }, + { + "name": "Cluster", + "prefix": "cloud_streamnative_io_pulsar_cluster", + "available_values": [], + "default": "*" + }, + { + "name": "Namespace", + "prefix": "kubernetes_namespace", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/streamnative/assets/dashboards/streamnative_kafka_connect.json b/streamnative/assets/dashboards/streamnative_kafka_connect.json new file mode 100644 index 0000000000000..0927c21ccf923 --- /dev/null +++ b/streamnative/assets/dashboards/streamnative_kafka_connect.json @@ -0,0 +1,2106 @@ +{ + "title": "StreamNative - Kafka Connect", + "description": "", + "widgets": [ + { + "id": 6881134961056018, + "definition": { + "type": "image", + "url": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/63926c17a52727a15e13decd_Logo-streamnative-150px.svg", + "url_dark_theme": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/66503b265696d89c26062701_Group%2021.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 2417374102724764, + "definition": { + "type": "note", + "content": "**[StreamNative](https://www.streamnative.com/)** provides an enterprise-grade messaging platform built on Apache Pulsar, offering scalable real-time data streaming with multi-tenancy, geo-replication, and cloud integration.\n\nThis Kafka Connect dashboard track records polled/written to Kafka, task offset completions, time for reading/sending records, and JVM resource management for system insights.\n\nFor more information, see the [StreamNative Integration Documentation](https://docs.datadoghq.com/integrations/streamnative/).", + "background_color": "orange", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 7337277095932392, + "definition": { + "type": "note", + "content": "**Note**:\n- The dashboard widgets display the latest metric values captured on Kafka connect statistics.\n\n**Tip**:\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8576227419060516, + "definition": { + "title": "Connector Statistics", + "background_color": "green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2900243942491976, + "definition": { + "title": "Total Source Task Records Polled by Connector", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_source_task_source_record_poll{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + }, + { + "id": 7020351017682740, + "definition": { + "title": "Time Taken To Fetch Batch Records over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "alias": "Avg Time", + "formula": "query1" + }, + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "alias": "Max Time", + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_source_task_poll_batch_avg_time_ms{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.kafka_connect.kafka_connect_source_task_poll_batch_max_time_ms{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + }, + { + "id": 6859350096416348, + "definition": { + "title": "Task Count over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Task Count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_total_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 3 + } + }, + { + "id": 5481643224766836, + "definition": { + "title": "Task Batch Average Size over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Avg Batch Size", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_connector_task_batch_size_avg{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 4078946700674062, + "definition": { + "title": "Task Offset Commit Average Time Overview", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "millisecond" + } + }, + "alias": "Avg Time", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_avg_time_ms{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 8129683079934458, + "definition": { + "title": "Task Offset Commit Attempt over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Success Rate", + "style": { + "palette": "green", + "palette_index": 6 + }, + "formula": "query1" + }, + { + "alias": "Failure Rate", + "style": { + "palette": "warm", + "palette_index": 6 + }, + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_success_percentage{$Instance,$Cluster,$Tenant,$Namespace,$Connector}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_failure_percentage{$Instance,$Cluster,$Tenant,$Namespace,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 3 + } + }, + { + "id": 6055621104791106, + "definition": { + "title": "Task Ratio over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Running Ratio", + "formula": "query1" + }, + { + "alias": "Pause Ratio", + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_connector_task_running_ratio{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.kafka_connect.kafka_connect_connector_task_pause_ratio{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 18, + "width": 12, + "height": 3 + } + }, + { + "id": 1733782152939984, + "definition": { + "title": "Record Poll Rate", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_source_task_source_record_poll_rate{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 21, + "width": 3, + "height": 3 + } + }, + { + "id": 6912818600913508, + "definition": { + "title": "Records Polled over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_source_task_source_record_poll{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 21, + "width": 9, + "height": 3 + } + }, + { + "id": 8975879939332920, + "definition": { + "title": "Record Write Rate", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_source_task_source_record_write_rate{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 24, + "width": 3, + "height": 3 + } + }, + { + "id": 1751252889816062, + "definition": { + "title": "Records Written over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_source_task_source_record_write{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 24, + "width": 9, + "height": 3 + } + }, + { + "id": 6347246414024880, + "definition": { + "title": "Active Source Record Counts", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_source_task_source_record_active_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 27, + "width": 3, + "height": 3 + } + }, + { + "id": 917484482480764, + "definition": { + "title": "Active Source Average Record Count over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Avg Count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_source_task_source_record_active_count_avg{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 27, + "width": 9, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 31 + } + }, + { + "id": 8141984939677466, + "definition": { + "title": "Task Statistics", + "background_color": "yellow", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4937187724533902, + "definition": { + "title": "Total Task count", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_total_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#d3dbfd" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 2 + } + }, + { + "id": 1732765197010766, + "definition": { + "title": "Running Tasks", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_running_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_green", + "custom_bg_color": "#94bee6" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 2, + "width": 4, + "height": 2 + } + }, + { + "id": 5731082836012438, + "definition": { + "title": "Restarted Tasks", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_restarting_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#affdc7" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 4, + "y": 2, + "width": 4, + "height": 2 + } + }, + { + "id": 7579566112672550, + "definition": { + "title": "Paused Tasks", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_paused_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#dbdbdb" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 8, + "y": 2, + "width": 4, + "height": 2 + } + }, + { + "id": 1674575362095614, + "definition": { + "title": "Unassigned Tasks", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_unassigned_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#f6fdbf" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#adc7db" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 2 + } + }, + { + "id": 896751850091798, + "definition": { + "title": "Failed Tasks", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_failed_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 4, + "y": 4, + "width": 4, + "height": 2 + } + }, + { + "id": 4136437594096920, + "definition": { + "title": "Destroyed Tasks", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_destroyed_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 8, + "y": 4, + "width": 4, + "height": 2 + } + }, + { + "id": 952345246794038, + "definition": { + "title": "Overall Task Status", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_running_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector,cloud_streamnative_io_kafka_connector_type}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_paused_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector,cloud_streamnative_io_kafka_connector_type}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_failed_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector,cloud_streamnative_io_kafka_connector_type}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_restarting_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector,cloud_streamnative_io_kafka_connector_type}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query5", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_unassigned_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector,cloud_streamnative_io_kafka_connector_type}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query6", + "query": "sum:streamnative.kafka_connect.kafka_connect_worker_connector_destroyed_task_count{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {connector,cloud_streamnative_io_kafka_connector_type}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_red" + } + ], + "cell_display_mode": "number", + "alias": "Running Tasks", + "formula": "query1" + }, + { + "conditional_formats": [ + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + }, + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ], + "cell_display_mode": "number", + "alias": "Paused Tasks", + "formula": "query2" + }, + { + "conditional_formats": [ + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + }, + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ], + "cell_display_mode": "number", + "alias": "Failed Tasks", + "formula": "query3" + }, + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "cell_display_mode": "number", + "alias": "Restarted Tasks", + "formula": "query4" + }, + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#aaa7a7" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "cell_display_mode": "number", + "alias": "Unassigned Tasks", + "formula": "query5" + }, + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red", + "custom_bg_color": "#aaa7a7" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "cell_display_mode": "number", + "alias": "Destroyed Tasks", + "formula": "query6" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 34, + "width": 12, + "height": 10, + "is_column_break": true + } + }, + { + "id": 1459531063639174, + "definition": { + "title": "Error Statistics", + "background_color": "orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8244539431747950, + "definition": { + "title": "Total Logged Errors", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_total_errors_logged{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 1174588026581614, + "definition": { + "title": "Last Error Occurred", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.kafka_connect.kafka_connect_task_error_last_error_timestamp{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 2 + } + }, + { + "id": 3375082908184278, + "definition": { + "title": "Total Erroneous Records over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Total Count", + "formula": "query4" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query4", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_total_record_errors{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {cloud_streamnative_io_pulsar_component}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 901155958667404, + "definition": { + "title": "Operations Retries Attempted", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_total_retries{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 2 + } + }, + { + "id": 8397701140048364, + "definition": { + "title": "Records by Status over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Skipped Records", + "formula": "query4" + }, + { + "alias": "Failed Records", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query4", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_total_records_skipped{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + }, + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_total_record_failures{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + }, + { + "id": 2134993726896258, + "definition": { + "title": "Dead Letter Queue Writes over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Failed Writes", + "formula": "query1" + }, + { + "alias": "Requested Writes", + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_deadletterqueue_produce_failures{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:streamnative.kafka_connect.kafka_connect_task_error_deadletterqueue_produce_requests{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 44, + "width": 12, + "height": 13 + } + }, + { + "id": 6566116028475434, + "definition": { + "title": "JVM Statistics", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 860199545188632, + "definition": { + "title": "Max Memory Bytes", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.jvm_memory_max_bytes{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4337310144041626, + "definition": { + "title": "Memory Space over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "alias": "Initial Memory Bytes", + "formula": "query1" + }, + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "alias": "Used Memory Bytes", + "formula": "query2" + }, + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "alias": "Committed Memory Bytes", + "formula": "query3" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.jvm_memory_init_bytes{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:streamnative.kafka_connect.jvm_memory_used_bytes{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:streamnative.kafka_connect.jvm_memory_committed_bytes{$Namespace,$Tenant,$Cluster,$Instance,$Connector}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 7417774753206652, + "definition": { + "title": "Committed Memory Bytes", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.jvm_memory_committed_bytes{$Namespace,$Tenant,$Cluster,$Instance,$Connector}", + "aggregator": "last" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 7133220908988536, + "definition": { + "title": "Time Spent In JVM Garbage Collector", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "second" + } + }, + "alias": "GC Time", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.kafka_connect.jvm_gc_collection_seconds_sum{$Namespace,$Tenant,$Cluster,$Instance,$Connector} by {cloud_streamnative_io_kafka_connector_type}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 57, + "width": 12, + "height": 7 + } + } + ], + "template_variables": [ + { + "name": "Instance", + "prefix": "cloud_streamnative_io_pulsar_instance", + "available_values": [], + "default": "*" + }, + { + "name": "Cluster", + "prefix": "cloud_streamnative_io_pulsar_cluster", + "available_values": [], + "default": "*" + }, + { + "name": "Tenant", + "prefix": "cloud_streamnative_io_pulsar_tenant", + "available_values": [], + "default": "*" + }, + { + "name": "Namespace", + "prefix": "kubernetes_namespace", + "available_values": [], + "default": "*" + }, + { + "name": "Connector", + "prefix": "cloud_streamnative_io_pulsar_component", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/streamnative/assets/dashboards/streamnative_pulsar_resource.json b/streamnative/assets/dashboards/streamnative_pulsar_resource.json new file mode 100644 index 0000000000000..4ada84aa4cf0a --- /dev/null +++ b/streamnative/assets/dashboards/streamnative_pulsar_resource.json @@ -0,0 +1,1144 @@ +{ + "title": "StreamNative - Pulsar Resource", + "description": "", + "widgets": [ + { + "id": 1435610181574376, + "definition": { + "type": "image", + "url": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/63926c17a52727a15e13decd_Logo-streamnative-150px.svg", + "url_dark_theme": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/66503b265696d89c26062701_Group%2021.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 6048556896224372, + "definition": { + "title": "Monitor Summary", + "type": "manage_status", + "display_format": "countsAndList", + "color_preference": "background", + "hide_zero_counts": true, + "show_status": true, + "last_triggered_format": "relative", + "query": "tag:streamnative", + "sort": "status,asc", + "count": 50, + "start": 0, + "summary_type": "monitors", + "show_priority": false, + "show_last_triggered": false + }, + "layout": { + "x": 7, + "y": 0, + "width": 5, + "height": 5 + } + }, + { + "id": 8952756529161660, + "definition": { + "type": "note", + "content": "**[StreamNative](https://www.streamnative.com/)** provides an enterprise-grade messaging platform built on Apache Pulsar, offering scalable real-time data streaming with multi-tenancy, geo-replication, and cloud integration.\n\nThis Pulsar Resource dashboard tracks topics, subscriptions, message rates, and throughput, along with storage metrics like size, backlog, and offloaded data. Latency and entry size distributions are also monitored for efficient data flow and storage management.\n\nFor more information, see the [StreamNative Integration Documentation](https://docs.datadoghq.com/integrations/streamnative/).", + "background_color": "orange", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 2 + } + }, + { + "id": 393756623944156, + "definition": { + "type": "note", + "content": "**Note**:\n- The dashboard widgets display the latest metric values captured on Pulsar resource statistics.\n\n**Tip**:\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 4, + "y": 3, + "width": 3, + "height": 2 + } + }, + { + "id": 3401525582219446, + "definition": { + "title": "Topic Statistics", + "background_color": "green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7407785548312006, + "definition": { + "title": "Topics (Partitions)", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_topics_count{$Namespace,$Instance,$Organization,$Cluster}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 449304534867526, + "definition": { + "title": "Producers", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_producers_count{$Instance,$Namespace,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#e1d7a3" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4049965368212942, + "definition": { + "title": "Consumers", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_consumers_count{$Instance,$Namespace,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8787839035935990, + "definition": { + "title": "Subscriptions", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_subscriptions_count{$Namespace,$Instance,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">=", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#d2ecc1" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 6918508884786830, + "definition": { + "title": "Topic Statistics", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query2", + "query": "sum:streamnative.pulsar_resource.pulsar_consumers_count{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,topic,namespace}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:streamnative.pulsar_resource.pulsar_producers_count{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,topic,namespace}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Consumers Count", + "formula": "query2" + }, + { + "cell_display_mode": "number", + "alias": "Producers Count", + "formula": "query3" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 5 + } + }, + { + "id": 1225105301796874, + "definition": { + "title": "Backlog Size", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_storage_backlog_size{$Namespace,$Instance,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#8d8ebf" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 8, + "width": 3, + "height": 3 + } + }, + { + "id": 6387866884258252, + "definition": { + "title": "Backlog Size by Topic", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_storage_backlog_size{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {topic}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "inline" + }, + "palette": "datadog16", + "scaling": "absolute" + } + }, + "layout": { + "x": 3, + "y": 8, + "width": 9, + "height": 3 + } + }, + { + "id": 2251274279995436, + "definition": { + "title": "Backlog Size over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_storage_backlog_size{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "datadog16", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 3 + } + }, + { + "id": 2143008222517982, + "definition": { + "type": "note", + "content": "The total message batches (entries) delayed for dispatching.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "50%", + "tick_edge": "right", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 14, + "width": 2, + "height": 2 + } + }, + { + "id": 8915007273971110, + "definition": { + "title": "Total Subscription Delay", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_subscription_delayed{$Namespace,$Instance,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 2, + "y": 14, + "width": 4, + "height": 2 + } + }, + { + "id": 5855029633521978, + "definition": { + "title": "Total Offloaded Size", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_storage_offloaded_size{$Namespace,$Instance,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#c4b0e8" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 14, + "width": 4, + "height": 2 + } + }, + { + "id": 6171745012404356, + "definition": { + "type": "note", + "content": "The total amount of the data in this topic offloaded to the tiered storage (bytes).", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": true, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 10, + "y": 14, + "width": 2, + "height": 2 + } + }, + { + "id": 2700175861535110, + "definition": { + "title": "Storage ", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_storage_size{$Namespace,$Instance,$Organization,$Cluster,$Topic}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 16, + "width": 3, + "height": 3 + } + }, + { + "id": 713922844627902, + "definition": { + "title": "Storage Size over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.pulsar_resource.pulsar_storage_size{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 3, + "y": 16, + "width": 9, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 5, + "width": 12, + "height": 20 + } + }, + { + "id": 627038884644444, + "definition": { + "title": "Performance Statistics", + "background_color": "yellow", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5643112798519754, + "definition": { + "title": "Rate Flow over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Rate In", + "formula": "query1" + }, + { + "alias": "Rate Out", + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.pulsar_resource.pulsar_rate_in{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.pulsar_resource.pulsar_rate_out{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + }, + { + "id": 7237859763233540, + "definition": { + "title": "Throughput over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Throughput In", + "formula": "query1" + }, + { + "alias": "Throughput Out", + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.pulsar_resource.pulsar_throughput_in{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.pulsar_resource.pulsar_throughput_out{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 7636082687940984, + "definition": { + "title": "Storage I/O over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Read Rate", + "formula": "query1" + }, + { + "alias": "Write Rate", + "formula": "query2" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.pulsar_resource.pulsar_storage_read_rate{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.pulsar_resource.pulsar_storage_write_rate{$Namespace,$Instance,$Organization,$Cluster,$Topic}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 1748232157544970, + "definition": { + "title": "Overall Summary", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:streamnative.pulsar_resource.pulsar_storage_read_rate{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,namespace,topic}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query5", + "query": "avg:streamnative.pulsar_resource.pulsar_storage_write_rate{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,namespace,topic}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:streamnative.pulsar_resource.pulsar_throughput_in{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,namespace,topic}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "avg:streamnative.pulsar_resource.pulsar_throughput_out{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,namespace,topic}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query4", + "query": "avg:streamnative.pulsar_resource.pulsar_rate_in{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,namespace,topic}", + "aggregator": "last" + }, + { + "data_source": "metrics", + "name": "query6", + "query": "avg:streamnative.pulsar_resource.pulsar_rate_out{$Namespace,$Instance,$Organization,$Cluster,$Topic} by {cluster,namespace,topic}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Storage Read Rate", + "formula": "query1" + }, + { + "cell_display_mode": "number", + "alias": "Storage Write Rate", + "formula": "query5" + }, + { + "cell_display_mode": "number", + "alias": "Throughput In", + "formula": "query2" + }, + { + "cell_display_mode": "number", + "alias": "Throughput Out", + "formula": "query3" + }, + { + "cell_display_mode": "number", + "alias": "Rate In", + "formula": "query4" + }, + { + "cell_display_mode": "number", + "alias": "Rate Out", + "formula": "query6" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 25, + "width": 12, + "height": 14, + "is_column_break": true + } + } + ], + "template_variables": [ + { + "name": "Organization", + "prefix": "cloud_streamnative_io_organization_name", + "available_values": [], + "default": "*" + }, + { + "name": "Instance", + "prefix": "cloud_streamnative_io_pulsar_instance", + "available_values": [], + "default": "*" + }, + { + "name": "Cluster", + "prefix": "cluster", + "available_values": [], + "default": "*" + }, + { + "name": "Namespace", + "prefix": "namespace", + "available_values": [], + "default": "*" + }, + { + "name": "Topic", + "prefix": "topic", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/streamnative/assets/dashboards/streamnative_sink_connector.json b/streamnative/assets/dashboards/streamnative_sink_connector.json new file mode 100644 index 0000000000000..3ffc856038fe1 --- /dev/null +++ b/streamnative/assets/dashboards/streamnative_sink_connector.json @@ -0,0 +1,774 @@ +{ + "title": "StreamNative - Sink Connector", + "description": "", + "widgets": [ + { + "id": 4904783609376248, + "definition": { + "type": "image", + "url": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/63926c17a52727a15e13decd_Logo-streamnative-150px.svg", + "url_dark_theme": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/66503b265696d89c26062701_Group%2021.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 8995860272844608, + "definition": { + "type": "note", + "content": "**[StreamNative](https://www.streamnative.com/)** provides an enterprise-grade messaging platform built on Apache Pulsar, offering scalable real-time data streaming with multi-tenancy, geo-replication, and cloud integration.\n\nThis Sink Connector dashboard provides insights into sink operations, data flow, exceptions, and JVM resource management for efficient Pulsar performance.\n\nFor more information, see the [StreamNative Integration Documentation](https://docs.datadoghq.com/integrations/streamnative/).", + "background_color": "orange", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 5920141165566776, + "definition": { + "type": "note", + "content": "**Note**:\n- The dashboard widgets display the latest metric values captured on sink connector statistics.\n\n**Tip**:\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8920403223435398, + "definition": { + "title": "Messages Written", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "queries": [ + { + "name": "query1", + "data_source": "metrics", + "query": "sum:streamnative.sink_connector.pulsar_sink_written_total{$Sink_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#f0d999" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 1093006653689844, + "definition": { + "title": "Messages Written over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Pulsar Sink Written", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.pulsar_sink_written_total{$Sink_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 3 + } + }, + { + "id": 7549091675650990, + "definition": { + "title": "Messages Received", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.pulsar_sink_received_total{$Sink_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#c7dcda" + } + ] + } + ], + "autoscale": true, + "text_align": "center", + "precision": 0 + }, + "layout": { + "x": 0, + "y": 6, + "width": 3, + "height": 3 + } + }, + { + "id": 7401087282347594, + "definition": { + "title": "Messages Received over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Pulsar Sink Received", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.pulsar_sink_received_total{$Sink_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 3, + "y": 6, + "width": 9, + "height": 3 + } + }, + { + "id": 3549300876223298, + "definition": { + "title": "User and System CPU Time", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "second" + } + }, + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.process_cpu_seconds_total{$Sink_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 1, + "palette": "yellow_on_white", + "custom_bg_color": "#e5c7f0" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 9, + "width": 6, + "height": 2 + } + }, + { + "id": 1900009483847726, + "definition": { + "title": "Last Invocation Time", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.pulsar_sink_last_invocation{$Sink_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "yellow_on_white", + "custom_bg_color": "#c9e69e" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 6, + "y": 9, + "width": 6, + "height": 2 + } + }, + { + "id": 7809318879280602, + "definition": { + "title": "Sink Exceptions", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.pulsar_sink_sink_exceptions_total{$Sink_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2, + "is_column_break": true + } + }, + { + "id": 6707352404639228, + "definition": { + "title": "System Exceptions", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.pulsar_sink_system_exceptions_total{$Sink_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red", + "custom_bg_color": "#eedef7" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 8445989619646756, + "definition": { + "title": "JVM Statistics", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8970146552931028, + "definition": { + "title": "Max Memory Bytes", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.jvm_memory_bytes_max{$Organization,$Instance,$Sink_Name}", + "aggregator": "last" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4546078437502932, + "definition": { + "title": "Memory Space over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Committed Memory Bytes Bytes", + "formula": "query1" + }, + { + "alias": "Max Memory Bytes", + "formula": "query2" + }, + { + "alias": "Initial Memory Bytes ", + "formula": "query3" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.jvm_memory_bytes_committed{$Sink_Name,$Organization,$Instance}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:streamnative.sink_connector.jvm_memory_bytes_max{$Sink_Name,$Organization,$Instance}" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:streamnative.sink_connector.jvm_memory_bytes_init{$Sink_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 983596439967046, + "definition": { + "title": "Committed Memory Bytes", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.jvm_memory_bytes_committed{$Organization,$Instance,$Sink_Name}", + "aggregator": "last" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 2285216008395834, + "definition": { + "title": "Time Spent In JVM Garbage Collector", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "GC Time", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.sink_connector.jvm_gc_collection_seconds_sum{$Sink_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 13, + "width": 12, + "height": 7 + } + } + ], + "template_variables": [ + { + "name": "Organization", + "prefix": "kubernetes_namespace", + "available_values": [], + "default": "*" + }, + { + "name": "Instance", + "prefix": "cloud_streamnative_io_pulsar_instance", + "available_values": [], + "default": "*" + }, + { + "name": "Sink_Name", + "prefix": "pulsar_component", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/streamnative/assets/dashboards/streamnative_source_connector.json b/streamnative/assets/dashboards/streamnative_source_connector.json new file mode 100644 index 0000000000000..fb36fd9efadaf --- /dev/null +++ b/streamnative/assets/dashboards/streamnative_source_connector.json @@ -0,0 +1,777 @@ +{ + "title": "StreamNative - Source Connector", + "description": "", + "widgets": [ + { + "id": 2511154829172922, + "definition": { + "type": "image", + "url": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/63926c17a52727a15e13decd_Logo-streamnative-150px.svg", + "url_dark_theme": "https://cdn.prod.website-files.com/638a1dc72083d166ed6e3d76/66503b265696d89c26062701_Group%2021.svg", + "sizing": "contain", + "margin": "md", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 7639788193841362, + "definition": { + "type": "note", + "content": "**[StreamNative](https://www.streamnative.com/)** provides an enterprise-grade messaging platform built on Apache Pulsar, offering scalable real-time data streaming with multi-tenancy, geo-replication, and cloud integration.\n\nThis Source Connector dashboard provides insights into source operations, data flow, exceptions, and JVM resource management for efficient Pulsar performance.\n\nFor more information, see the [StreamNative Integration Documentation](https://docs.datadoghq.com/integrations/streamnative/).", + "background_color": "orange", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 863470997872514, + "definition": { + "type": "note", + "content": "**Note**:\n- The dashboard widgets display the latest metric values captured on source connector statistics.\n\n**Tip**:\n- Clone this dashboard to rearrange, modify, and add widgets and visualizations.", + "background_color": "yellow", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 510982300759208, + "definition": { + "title": "Messages Written", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_written_total{$Source_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green", + "custom_bg_color": "#5db0b1" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 902261882355924, + "definition": { + "title": "Messages Written over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Pulsar Source Written", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_written_total{$Source_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 3 + } + }, + { + "id": 2464648447453060, + "definition": { + "title": "Messages Received", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_received_total{$Source_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#ea80b3" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 6, + "width": 3, + "height": 3 + } + }, + { + "id": 5636435429995700, + "definition": { + "title": "Messages Received over time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Pulsar Source Received", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_received_total{$Source_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 3, + "y": 6, + "width": 9, + "height": 3 + } + }, + { + "id": 3463292503235014, + "definition": { + "title": "User and System CPU Time", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "second" + } + }, + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.process_cpu_seconds_total{$Source_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 1, + "palette": "yellow_on_white" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 9, + "width": 6, + "height": 2 + } + }, + { + "id": 2681497336240052, + "definition": { + "title": "Last Invocation Time", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_last_invocation{$Source_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "yellow_on_white" + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 6, + "y": 9, + "width": 6, + "height": 2 + } + }, + { + "id": 1092066668982220, + "definition": { + "title": "Source Exceptions", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_source_exceptions_total{$Source_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2, + "is_column_break": true + } + }, + { + "id": 2954779705730000, + "definition": { + "title": "System Exceptions", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.pulsar_source_system_exceptions_total{$Source_Name,$Organization,$Instance}", + "aggregator": "last" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red", + "custom_bg_color": "#eedef7" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1", + "number_format": { + "unit": { + "type": "canonical_unit" + } + } + } + ] + } + ], + "autoscale": true, + "precision": 0 + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 7961217489134972, + "definition": { + "title": "JVM Statistics", + "background_color": "purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4247332022096914, + "definition": { + "title": "Max Memory Bytes", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.jvm_memory_bytes_max{$Organization,$Instance,$Source_Name}", + "aggregator": "last" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow", + "custom_bg_color": "#a2d9dd" + }, + { + "comparator": "=", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8539224685744776, + "definition": { + "title": "Memory Space over time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Committed Memory Bytes", + "formula": "query1" + }, + { + "alias": "Max Memory Bytes", + "formula": "query2" + }, + { + "alias": "Initial Memory Bytes", + "formula": "query3" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.jvm_memory_bytes_committed{$Source_Name,$Organization,$Instance}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "sum:streamnative.source_connector.jvm_memory_bytes_max{$Source_Name,$Organization,$Instance}" + }, + { + "data_source": "metrics", + "name": "query3", + "query": "sum:streamnative.source_connector.jvm_memory_bytes_init{$Source_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 7759610259055016, + "definition": { + "title": "Committed Memory Bytes", + "title_size": "16", + "title_align": "left", + "time": { + "type": "live", + "unit": "hour", + "value": 4 + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.jvm_memory_bytes_committed{$Organization,$Instance,$Source_Name}", + "aggregator": "last" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "byte" + } + }, + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 3 + } + }, + { + "id": 8264813475686008, + "definition": { + "title": "Time Spent In JVM Garbage Collector", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "type": "live", + "unit": "month", + "value": 1 + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "GC Time", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "sum:streamnative.source_connector.jvm_gc_collection_seconds_sum{$Source_Name,$Organization,$Instance}" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 3, + "width": 9, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 13, + "width": 12, + "height": 7 + } + } + ], + "template_variables": [ + { + "name": "Organization", + "prefix": "kubernetes_namespace", + "available_values": [], + "default": "*" + }, + { + "name": "Instance", + "prefix": "cloud_streamnative_io_pulsar_instance", + "available_values": [], + "default": "*" + }, + { + "name": "Source_Name", + "prefix": "pulsar_component", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/streamnative/assets/monitors/backlog_size_exceeding_threshold.json b/streamnative/assets/monitors/backlog_size_exceeding_threshold.json new file mode 100644 index 0000000000000..9b1db8b4f58aa --- /dev/null +++ b/streamnative/assets/monitors/backlog_size_exceeding_threshold.json @@ -0,0 +1,34 @@ +{ + "version": 2, + "created_at": "2024-11-07", + "last_updated_at": "2024-11-07", + "title": "Backlog size exceeding threshold", + "description": "Backlog size has exceeded the threshold for the specified organization, instance, and cluster.", + "definition": { + "id": 155337177, + "name": "Backlog size exceeding threshold", + "type": "query alert", + "query": "max(last_5m):avg:streamnative.pulsar_resource.pulsar_storage_backlog_size{*} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance,cloud_streamnative_io_pulsar_cluster} >= 10737418240", + "message": "{{#is_alert}} \nBacklog size has exceeded threshold for Organization: {{cloud_streamnative_io_organization_name.name}}, Instance: {{cloud_streamnative_io_pulsar_instance.name}}, Cluster: {{cloud_streamnative_io_cluster.name}}\nCurrent backlog size: {{eval \"round(value/1073741824, 3)\"}} GiB\nThreshold backlog size: {{eval \"round(threshold/1073741824, 3)\"}} GiB\n{{/is_alert}}\n@email@example.com", + "tags": [ + "streamnative" + ], + "options": { + "thresholds": { + "critical": 10737418240 + }, + "notify_audit": false, + "on_missing_data": "show_no_data", + "include_tags": true, + "new_group_delay": 60, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:streamnative" + ] +} \ No newline at end of file diff --git a/streamnative/assets/monitors/messaging_service_down.json b/streamnative/assets/monitors/messaging_service_down.json new file mode 100644 index 0000000000000..bf378e47b8705 --- /dev/null +++ b/streamnative/assets/monitors/messaging_service_down.json @@ -0,0 +1,34 @@ +{ + "version": 2, + "created_at": "2024-11-07", + "last_updated_at": "2024-11-07", + "title": "Messaging service is down", + "description": "Messaging service is down for the specified organization, instance, and cluster.", + "definition": { + "id": 155399567, + "name": "Messaging service is down", + "type": "query alert", + "query": "avg(last_5m):avg:streamnative.health.pulsar_detector_pulsar_sla_messaging_up{*} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance,cloud_streamnative_io_pulsar_cluster} < 1", + "message": "{{#is_alert}}\nMessaging Service is down for Organization: {{cloud_streamnative_io_organization_name.name}}, Instance: {{cloud_streamnative_io_pulsar_instance.name}}, Cluster: {{cloud_streamnative_io_pulsar_cluster.name}}\n{{/is_alert}}\n@email@example.com", + "tags": [ + "streamnative" + ], + "options": { + "thresholds": { + "critical": 1 + }, + "notify_audit": false, + "on_missing_data": "show_no_data", + "include_tags": false, + "new_group_delay": 0, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:streamnative" + ] +} \ No newline at end of file diff --git a/streamnative/assets/monitors/webservice_down.json b/streamnative/assets/monitors/webservice_down.json new file mode 100644 index 0000000000000..44e8c813a4e52 --- /dev/null +++ b/streamnative/assets/monitors/webservice_down.json @@ -0,0 +1,34 @@ +{ + "version": 2, + "created_at": "2024-11-07", + "last_updated_at": "2024-11-07", + "title": "Webservice is down", + "description": "Webservice is down for the specified organization, instance, and cluster.", + "definition": { + "id": 155033525, + "name": "Webservice is down", + "type": "query alert", + "query": "avg(last_5m):avg:streamnative.health.pulsar_detector_pulsar_sla_webservice_up{*} by {cloud_streamnative_io_organization_name,cloud_streamnative_io_pulsar_instance,cloud_streamnative_io_pulsar_cluster} < 1", + "message": "{{#is_alert}}\nWebservice is down for Organization: {{cloud_streamnative_io_organization_name.name}}, Instance: {{cloud_streamnative_io_pulsar_instance.name}}, Cluster: {{cloud_streamnative_io_pulsar_cluster.name}}\n{{/is_alert}}\n@email@example.com", + "tags": [ + "streamnative" + ], + "options": { + "thresholds": { + "critical": 1 + }, + "notify_audit": false, + "on_missing_data": "show_no_data", + "include_tags": false, + "new_group_delay": 0, + "silenced": {} + }, + "priority": null, + "restriction_policy": { + "bindings": [] + } + }, + "tags": [ + "integration:streamnative" + ] +} \ No newline at end of file diff --git a/streamnative/assets/service_checks.json b/streamnative/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/streamnative/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/streamnative/assets/streamnative.svg b/streamnative/assets/streamnative.svg new file mode 100644 index 0000000000000..2d54b8e55e549 --- /dev/null +++ b/streamnative/assets/streamnative.svg @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/streamnative/images/streamnative_health.png b/streamnative/images/streamnative_health.png new file mode 100644 index 0000000000000..77d6251b969c7 Binary files /dev/null and b/streamnative/images/streamnative_health.png differ diff --git a/streamnative/images/streamnative_kafka_connect.png b/streamnative/images/streamnative_kafka_connect.png new file mode 100644 index 0000000000000..6b71830b70a93 Binary files /dev/null and b/streamnative/images/streamnative_kafka_connect.png differ diff --git a/streamnative/images/streamnative_pulsar_resource.png b/streamnative/images/streamnative_pulsar_resource.png new file mode 100644 index 0000000000000..9233bd8bd7a16 Binary files /dev/null and b/streamnative/images/streamnative_pulsar_resource.png differ diff --git a/streamnative/images/streamnative_sink_connector.png b/streamnative/images/streamnative_sink_connector.png new file mode 100644 index 0000000000000..99ba1c37b083a Binary files /dev/null and b/streamnative/images/streamnative_sink_connector.png differ diff --git a/streamnative/images/streamnative_source_connector.png b/streamnative/images/streamnative_source_connector.png new file mode 100644 index 0000000000000..a811dfed76b77 Binary files /dev/null and b/streamnative/images/streamnative_source_connector.png differ diff --git a/streamnative/manifest.json b/streamnative/manifest.json new file mode 100644 index 0000000000000..4d30758819de1 --- /dev/null +++ b/streamnative/manifest.json @@ -0,0 +1,81 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "e92fa53b-f620-4167-bdaa-31ac3bc6be35", + "app_id": "streamnative", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into StreamNative metrics data.", + "title": "StreamNative", + "media": [ + { + "caption": "StreamNative - Health", + "image_url": "images/streamnative_health.png", + "media_type": "image" + }, + { + "caption": "StreamNative - Kafka Connect", + "image_url": "images/streamnative_kafka_connect.png", + "media_type": "image" + }, + { + "caption": "StreamNative - Pulsar Resource", + "image_url": "images/streamnative_pulsar_resource.png", + "media_type": "image" + }, + { + "caption": "StreamNative - Sink Connector", + "image_url": "images/streamnative_sink_connector.png", + "media_type": "image" + }, + { + "caption": "StreamNative - Source Connector", + "image_url": "images/streamnative_source_connector.png", + "media_type": "image" + }], + "classifier_tags": [ + "Category::Metrics", + "Submitted Data Type::Metrics", + "Offering::Integration" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 27153739, + "source_type_name": "StreamNative", + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "streamnative.", + "check": ["streamnative.pulsar_resource.pulsar_consumers_count"], + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "dashboards": { + "StreamNative - Health" : "assets/dashboards/streamnative_health.json", + "StreamNative - Kafka Connect" : "assets/dashboards/streamnative_kafka_connect.json", + "StreamNative - Pulsar Resource" : "assets/dashboards/streamnative_pulsar_resource.json", + "StreamNative - Sink Connector" : "assets/dashboards/streamnative_sink_connector.json", + "StreamNative - Source Connector" : "assets/dashboards/streamnative_source_connector.json" + }, + "monitors": { + "Backlog size exceeding threshold" : "assets/monitors/backlog_size_exceeding_threshold.json", + "Messaging service is down" : "assets/monitors/messaging_service_down.json", + "Webservice is down" : "assets/monitors/webservice_down.json" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/streamnative/metadata.csv b/streamnative/metadata.csv new file mode 100644 index 0000000000000..1a62208633a75 --- /dev/null +++ b/streamnative/metadata.csv @@ -0,0 +1,126 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags +streamnative.health.pulsar_detector_e2e_latency_ms,gauge,,millisecond,,The latency distribution from message sending to message consumption,0,streamnative,Health Pulsar Detector E2E Latency,, +streamnative.health.pulsar_detector_geo_latency_ms,gauge,,millisecond,,The latency distribution Latency distribution from message sending to message consumption across clusters,0,streamnative,Health Pulsar Detector Geo Latency,, +streamnative.health.pulsar_detector_publish_latency_ms,gauge,,millisecond,,The latency distribution of message sending,0,streamnative,Health Pulsar Detector Publish Latency,, +streamnative.health.pulsar_detector_pulsar_sla_messaging_up,gauge,,,,The gauge for indicating the messaging service up or down,0,streamnative,Health Pulsar Detector Pulsar Sla Messaging Up,, +streamnative.health.pulsar_detector_pulsar_sla_webservice_up,gauge,,,,The gauge for indicating the webservice up or down,0,streamnative,Health Pulsar Detector Pulsar Sla Webservice Up,, +streamnative.kafka_connect.jvm_gc_collection_seconds_sum,gauge,,second,,Time spent in a given JVM garbage collector in seconds.,0,streamnative,Kafka Connect Jvm GC Collection Seconds Sum,, +streamnative.kafka_connect.jvm_memory_committed_bytes,gauge,,byte,,Committed bytes of a given JVM memory area,0,streamnative,Kafka Connect Jvm Memory Committed Bytes,, +streamnative.kafka_connect.jvm_memory_init_bytes,gauge,,byte,,Initial bytes of a given JVM memory area,0,streamnative,Kafka Connect Jvm Memory Init Bytes,, +streamnative.kafka_connect.jvm_memory_max_bytes,gauge,,byte,,Max bytes of a given JVM memory area,0,streamnative,Kafka Connect Jvm Memory Max Bytes,, +streamnative.kafka_connect.jvm_memory_used_bytes,gauge,,byte,,Used bytes of a given JVM memory area,0,streamnative,Kafka Connect Jvm Memory Used Bytes,, +streamnative.kafka_connect.kafka_connect_connector_task_batch_size_avg,gauge,,,,The average size of the batches processed by the connector,0,streamnative,Kafka Connect Connector Task Batch Size Avg,, +streamnative.kafka_connect.kafka_connect_connector_task_batch_size_max,gauge,,,,The maximum size of the batches processed by the connector,0,streamnative,Kafka Connect Connector Task Batch Size Max,, +streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_avg_time_ms,gauge,,millisecond,,The average time in milliseconds taken by this task to commit offsets,0,streamnative,Kafka Connect Connector Task Offset Commit Avg Time,, +streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_failure_percentage,gauge,,fraction,,The average percentage of this task's offset commit attempts that failed,0,streamnative,Kafka Connect Connector Task Offset Commit Failure Percentage,, +streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_max_time_ms,gauge,,millisecond,,The maximum time in milliseconds taken by this task to commit offsets,0,streamnative,Kafka Connect Connector Task Offset Commit Max Time,, +streamnative.kafka_connect.kafka_connect_connector_task_offset_commit_success_percentage,gauge,,fraction,,The average percentage of this task's offset commit attempts that succeeded,0,streamnative,Kafka Connect Connector Task Offset Commit Success Percentage,, +streamnative.kafka_connect.kafka_connect_connector_task_pause_ratio,gauge,,fraction,,The fraction of time this task has spent in the pause state,0,streamnative,Kafka Connect Connector Task Pause Ratio,, +streamnative.kafka_connect.kafka_connect_connector_task_running_ratio,gauge,,fraction,,The fraction of time this task has spent in the running state,0,streamnative,Kafka Connect Connector Task Running Ratio,, +streamnative.kafka_connect.kafka_connect_sink_task_offset_commit_completion,gauge,,offset,,The total number of offset commit completions that were completed successfully,0,streamnative,Kafka Connect Sink Task Offset Commit Completion,, +streamnative.kafka_connect.kafka_connect_sink_task_offset_commit_completion_rate,gauge,,offset,second,The average per-second number of offset commit completions that were completed successfully,0,streamnative,Kafka Connect Sink Task Offset Commit Completion Rate,, +streamnative.kafka_connect.kafka_connect_sink_task_offset_commit_seq_no,gauge,,,,The current sequence number for offset commits,0,streamnative,Kafka Connect Sink Task Offset Commit Seq No,, +streamnative.kafka_connect.kafka_connect_sink_task_offset_commit_skip,gauge,,offset,,The total number of offset commit completions that were received too late and skipped/ignored,0,streamnative,Kafka Connect Sink Task Offset Commit Skip,, +streamnative.kafka_connect.kafka_connect_sink_task_offset_commit_skip_rate,gauge,,offset,second,The average per-second number of offset commit completions that were received too late and skipped/ignored,0,streamnative,Kafka Connect Sink Task Offset Commit Skip Rate,, +streamnative.kafka_connect.kafka_connect_sink_task_partition_count,gauge,,,,The number of topic partitions assigned to this task belonging to the named sink connector in this worker,0,streamnative,Kafka Connect Sink Task Partition Count,, +streamnative.kafka_connect.kafka_connect_sink_task_put_batch_avg_time_ms,gauge,,millisecond,,The average time taken by this task to put a batch of sinks records,0,streamnative,Kafka Connect Sink Task Put Batch Avg Time,, +streamnative.kafka_connect.kafka_connect_sink_task_put_batch_max_time_ms,gauge,,millisecond,,The maximum time taken by this task to put a batch of sinks records,0,streamnative,Kafka Connect Sink Task Put Batch Max Time,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_active_count,gauge,,record,,The number of records that have been read from Kafka but not yet completely committed/flushed/acknowledged by the sink task,0,streamnative,Kafka Connect Sink Task Sink Record Active Count,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_active_count_avg,gauge,,record,,The average number of records that have been read from Kafka but not yet completely committed/flushed/acknowledged by the sink task,0,streamnative,Kafka Connect Sink Task Sink Record Active Count Avg,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_active_count_max,gauge,,record,,The maximum number of records that have been read from Kafka but not yet completely committed/flushed/acknowledged by the sink task,0,streamnative,Kafka Connect Sink Task Sink Record Active Count Max,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_read,gauge,,record,,"The total number of records read from Kafka by this task belonging to the named sink connector in this worker, since the task was last restarted",0,streamnative,Kafka Connect Sink Task Sink Record Read,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_read_rate,gauge,,record,second,The average per-second number of records read from Kafka for this task belonging to the named sink connector in this worker. This is before transformations are applied,0,streamnative,Kafka Connect Sink Task Sink Record Read Rate,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_send,gauge,,record,,"The total number of records output from the transformations and sent/put to this task belonging to the named sink connector in this worker, since the task was last restarted",0,streamnative,Kafka Connect Sink Task Sink Record Send,, +streamnative.kafka_connect.kafka_connect_sink_task_sink_record_send_rate,gauge,,record,second,The average per-second number of records output from the transformations and sent/put to this task belonging to the named sink connector in this worker,0,streamnative,Kafka Connect Sink Task Sink Record Send Rate,, +streamnative.kafka_connect.kafka_connect_source_task_poll_batch_avg_time_ms,gauge,,millisecond,,The average time in milliseconds taken by this task to poll for a batch of source records,0,streamnative,Kafka Connect Source Task Poll Batch Avg Time,, +streamnative.kafka_connect.kafka_connect_source_task_poll_batch_max_time_ms,gauge,,millisecond,,The maximum time in milliseconds taken by this task to poll for a batch of source records,0,streamnative,Kafka Connect Source Task Poll Batch Max Time,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_active_count,gauge,,record,,The number of records that have been produced by this task but not yet completely written to Kafka,0,streamnative,Kafka Connect Source Task Source Record Active Count,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_active_count_avg,gauge,,record,,The average number of records that have been produced by this task but not yet completely written to Kafka,0,streamnative,Kafka Connect Source Task Source Record Active Count Avg,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_active_count_max,gauge,,record,,The maximum number of records that have been produced by this task but not yet completely written to Kafka,0,streamnative,Kafka Connect Source Task Source Record Active Count Max,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_poll,gauge,,record,,The total number of records produced/polled (before transformation) by this task belonging to the named source connector in this worker,0,streamnative,Kafka Connect Source Task Source Record Poll,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_poll_rate,gauge,,record,second,The average per-second number of records produced/polled (before transformation) by this task belonging to the named source connector in this worker,0,streamnative,Kafka Connect Source Task Source Record Poll Rate,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_write,gauge,,record,,"The number of records output from the transformations and written to Kafka for this task belonging to the named source connector in this worker, since the task was last restarted",0,streamnative,Kafka Connect Source Task Source Record Write,, +streamnative.kafka_connect.kafka_connect_source_task_source_record_write_rate,gauge,,record,second,The average per-second number of records output from the transformations and written to Kafka for this task belonging to the named source connector in this worker,0,streamnative,Kafka Connect Source Task Source Record Write Rate,, +streamnative.kafka_connect.kafka_connect_task_error_deadletterqueue_produce_failures,gauge,,,,The number of failed writes to the dead letter queue,0,streamnative,Kafka Connect Task Error Deadletterqueue Produce Failures,, +streamnative.kafka_connect.kafka_connect_task_error_deadletterqueue_produce_requests,gauge,,,,The number of attempted writes to the dead letter queue,0,streamnative,Kafka Connect Task Error Deadletterqueue Produce Requests,, +streamnative.kafka_connect.kafka_connect_task_error_last_error_timestamp,gauge,,millisecond,,The epoch timestamp when this task last encountered an error,0,streamnative,Kafka Connect Task Error Last Error Timestamp,, +streamnative.kafka_connect.kafka_connect_task_error_total_errors_logged,gauge,,error,,The total number of errors that were logged,0,streamnative,Kafka Connect Task Error Total Errors Logged,, +streamnative.kafka_connect.kafka_connect_task_error_total_record_errors,gauge,,record,,The total number of record processing errors in this task,0,streamnative,Kafka Connect Task Error Total Record Errors,, +streamnative.kafka_connect.kafka_connect_task_error_total_record_failures,gauge,,record,,The total number of record processing failures in this task,0,streamnative,Kafka Connect Task Error Total Record Failures,, +streamnative.kafka_connect.kafka_connect_task_error_total_records_skipped,gauge,,record,,The total number of records skipped due to errors,0,streamnative,Kafka Connect Task Error Total Records Skipped,, +streamnative.kafka_connect.kafka_connect_task_error_total_retries,gauge,,operation,,The total number of operations retried,0,streamnative,Kafka Connect Task Error Total Retries,, +streamnative.kafka_connect.kafka_connect_worker_connector_destroyed_task_count,gauge,,task,,The number of destroyed tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Destroyed Task Count,, +streamnative.kafka_connect.kafka_connect_worker_connector_failed_task_count,gauge,,task,,The number of failed tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Failed Task Count,, +streamnative.kafka_connect.kafka_connect_worker_connector_paused_task_count,gauge,,task,,The number of paused tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Paused Task Count,, +streamnative.kafka_connect.kafka_connect_worker_connector_restarting_task_count,gauge,,task,,The number of restarting tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Restarting Task Count,, +streamnative.kafka_connect.kafka_connect_worker_connector_running_task_count,gauge,,task,,The number of running tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Running Task Count,, +streamnative.kafka_connect.kafka_connect_worker_connector_total_task_count,gauge,,task,,The number of tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Total Task Count,, +streamnative.kafka_connect.kafka_connect_worker_connector_unassigned_task_count,gauge,,task,,The number of unassigned tasks of the connector on the worker,0,streamnative,Kafka Connect Worker Connector Unassigned Task Count,, +streamnative.kafka_connect.process_cpu_seconds_total,gauge,,second,,Total user and system CPU time spent in seconds,0,streamnative,Kafka Connect Process Cpu Seconds Total,, +streamnative.pulsar_resource.pulsar_consumers_count,gauge,,,,The number of active consumers of the topic connected to this broker.,0,streamnative,Pulsar Resource Pulsar Consumers Count,, +streamnative.pulsar_resource.pulsar_entry_size_le_100_kb,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 100 kilobytes,0,streamnative,Pulsar Resource Pulsar Entry Size Le_100 KB,, +streamnative.pulsar_resource.pulsar_entry_size_le_128,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 128 bytes,0,streamnative,Pulsar Resource Pulsar Entry Size Le_128,, +streamnative.pulsar_resource.pulsar_entry_size_le_16_kb,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 16 kilobytes,0,streamnative,Pulsar Resource Pulsar Entry Size Le_16 KB,, +streamnative.pulsar_resource.pulsar_entry_size_le_1_kb,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 1 kilobyte,0,streamnative,Pulsar Resource Pulsar Entry Size Le_1 KB,, +streamnative.pulsar_resource.pulsar_entry_size_le_1_mb,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 1 megabyte,0,streamnative,Pulsar Resource Pulsar Entry Size Le_1 MB,, +streamnative.pulsar_resource.pulsar_entry_size_le_2_kb,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 2 kilobytes,0,streamnative,Pulsar Resource Pulsar Entry Size Le_2 KB,, +streamnative.pulsar_resource.pulsar_entry_size_le_4_kb,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 4 kilobytes,0,streamnative,Pulsar Resource Pulsar Entry Size Le_4 KB,, +streamnative.pulsar_resource.pulsar_entry_size_le_512,gauge,,fraction,,The entry rate for a topic with entry size smaller than or equal to 512 bytes,0,streamnative,Pulsar Resource Pulsar Entry Size Le_512,, +streamnative.pulsar_resource.pulsar_entry_size_le_overflow,gauge,,fraction,,The entry rate for a topic with entry size greater than 1 megabyte,0,streamnative,Pulsar Resource Pulsar Entry Size Le_Overflow,, +streamnative.pulsar_resource.pulsar_producers_count,gauge,,,,The number of active producers of the topic connected to this broker,0,streamnative,Pulsar Resource Pulsar Producers Count,, +streamnative.pulsar_resource.pulsar_rate_in,gauge,,message,second,The total message rate of the namespace coming into this broker,0,streamnative,Pulsar Resource Pulsar Rate In,, +streamnative.pulsar_resource.pulsar_rate_out,gauge,,message,second,The total message rate of the namespace going out from this broker,0,streamnative,Pulsar Resource Pulsar Rate Out,, +streamnative.pulsar_resource.pulsar_storage_backlog_size,gauge,,byte,,The total backlog size of the topics of this topic owned by this broker,0,streamnative,Pulsar Resource Pulsar Storage Backlog Size,, +streamnative.pulsar_resource.pulsar_storage_offloaded_size,gauge,,byte,,The total amount of the data in this topic offloaded to the tiered storage,0,streamnative,Pulsar Resource Pulsar Storage Offloaded Size,, +streamnative.pulsar_resource.pulsar_storage_read_rate,gauge,,,,The total message batches (entries) read from the storage for this topic,0,streamnative,Pulsar Resource Pulsar Storage Read Rate,, +streamnative.pulsar_resource.pulsar_storage_size,gauge,,byte,,The total storage size of the topics in this topic owned by this broker,0,streamnative,Pulsar Resource Pulsar Storage Size,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_0_5,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 0.5 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_0_5,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_1,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 1 millisecond,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_1,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_10,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 10 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_10,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_100,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 100 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_100,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_1000,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 1000 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_1000,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_20,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 20 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_20,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_200,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 200 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_200,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_5,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 5 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_5,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_50,gauge,,fraction,,The entry rate for a topic where the storage write latency is less than or equal to 50 milliseconds,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_50,, +streamnative.pulsar_resource.pulsar_storage_write_latency_le_overflow,gauge,,fraction,,The entry rate for a topic where the storage write latency is greater than 1 second,0,streamnative,Pulsar Resource Pulsar Storage Write Latency Le_Overflow,, +streamnative.pulsar_resource.pulsar_storage_write_rate,gauge,,,,The total message batches (entries) written to the storage for this topic,0,streamnative,Pulsar Resource Pulsar Storage Write Rate,, +streamnative.pulsar_resource.pulsar_subscription_delayed,gauge,,,,The total message batches (entries) are delayed for dispatching,0,streamnative,Pulsar Resource Pulsar Subscription Delayed,, +streamnative.pulsar_resource.pulsar_subscriptions_count,gauge,,,,The number of Pulsar subscriptions of the topic served by this broker,0,streamnative,Pulsar Resource Pulsar Subscriptions Count,, +streamnative.pulsar_resource.pulsar_throughput_in,gauge,,byte,second,The total throughput of the topic coming into this broker,0,streamnative,Pulsar Resource Pulsar Throughput In,, +streamnative.pulsar_resource.pulsar_throughput_out,gauge,,byte,second,The total throughput of the topic going out from this broker,0,streamnative,Pulsar Resource Pulsar Throughput Out,, +streamnative.pulsar_resource.pulsar_topics_count,gauge,,,,The number of Pulsar topics of the namespace owned by this broker,0,streamnative,Pulsar Resource Pulsar Topics Count,, +streamnative.sink_connector.jvm_gc_collection_seconds_sum,gauge,,second,,Time spent in a given JVM garbage collector in seconds,0,streamnative,Sink Connector Jvm GC Collection Seconds Sum,, +streamnative.sink_connector.jvm_memory_bytes_committed,gauge,,byte,,Committed bytes of a given JVM memory area,0,streamnative,Sink Connector Jvm Memory Bytes Committed,, +streamnative.sink_connector.jvm_memory_bytes_init,gauge,,byte,,Initial bytes of a given JVM memory area,0,streamnative,Sink Connector Jvm Memory Bytes Init,, +streamnative.sink_connector.jvm_memory_bytes_max,gauge,,byte,,Max bytes of a given JVM memory area,0,streamnative,Sink Connector Jvm Memory Bytes Max,, +streamnative.sink_connector.jvm_memory_direct_bytes_used,gauge,,byte,,Used bytes of a given JVM memory area,0,streamnative,Sink Connector Jvm Memory Bytes Used,, +streamnative.sink_connector.process_cpu_seconds_total,gauge,,second,,Total user and system CPU time spent in seconds,0,streamnative,Sink Connector Process Cpu Seconds Total,, +streamnative.sink_connector.pulsar_sink_last_invocation,gauge,,millisecond,,The timestamp of the last invocation of the sink,0,streamnative,Sink Connector Pulsar Sink Last Invocation,, +streamnative.sink_connector.pulsar_sink_received_1min_total,gauge,,record,,The total number of records received from sink in the last 1 minute,0,streamnative,Sink Connector Pulsar Sink Received 1min Total,, +streamnative.sink_connector.pulsar_sink_received_total,gauge,,record,,The total number of records received from sink,0,streamnative,Sink Connector Pulsar Sink Received Total,, +streamnative.sink_connector.pulsar_sink_sink_exception,gauge,,,,The exception from a sink,0,streamnative,Sink Connector Pulsar Sink Sink Exception,, +streamnative.sink_connector.pulsar_sink_sink_exceptions_1min_total,gauge,,exception,,The total number of sink exceptions in the last 1 minute,0,streamnative,Sink Connector Pulsar Sink Sink Exceptions 1min Total,, +streamnative.sink_connector.pulsar_sink_sink_exceptions_total,gauge,,exception,,The total number of sink exceptions,0,streamnative,Sink Connector Pulsar Sink Sink Exceptions Total,, +streamnative.sink_connector.pulsar_sink_system_exception,gauge,,,,The exception from system code,0,streamnative,Sink Connector Pulsar Sink System Exception,, +streamnative.sink_connector.pulsar_sink_system_exceptions_1min_total,gauge,,exception,,The total number of system exceptions in the last 1 minute,0,streamnative,Sink Connector Pulsar Sink System Exceptions 1min Total,, +streamnative.sink_connector.pulsar_sink_system_exceptions_total,gauge,,exception,,The total number of system exceptions,0,streamnative,Sink Connector Pulsar Sink System Exceptions Total,, +streamnative.sink_connector.pulsar_sink_written_1min_total,gauge,,record,,The total number of records written to a Pulsar topic in the last 1 minute,0,streamnative,Sink Connector Pulsar Sink Written_1min Total,, +streamnative.sink_connector.pulsar_sink_written_total,gauge,,record,,The total number of records written to a Pulsar topic,0,streamnative,Sink Connector Pulsar Sink Written Total,, +streamnative.source_connector.jvm_gc_collection_seconds_sum,gauge,,second,,Time spent in a given JVM garbage collector in seconds,0,streamnative,Source Connector Jvm GC Collection Seconds Sum,, +streamnative.source_connector.jvm_memory_bytes_committed,gauge,,byte,,Committed bytes of a given JVM memory area,0,streamnative,Source Connector Jvm Memory Bytes Committed,, +streamnative.source_connector.jvm_memory_bytes_init,gauge,,byte,,Initial bytes of a given JVM memory area,0,streamnative,Source Connector Jvm Memory Bytes Init,, +streamnative.source_connector.jvm_memory_bytes_max,gauge,,byte,,Max bytes of a given JVM memory area,0,streamnative,Source Connector Jvm Memory Bytes Max,, +streamnative.source_connector.jvm_memory_direct_bytes_used,gauge,,byte,,Used bytes of a given JVM memory area,0,streamnative,Source Connector Jvm Memory Direct Bytes Used,, +streamnative.source_connector.process_cpu_seconds_total,gauge,,second,,Total user and system CPU time spent in seconds,0,streamnative,Source Connector Process Cpu Seconds Total,, +streamnative.source_connector.pulsar_source_last_invocation,gauge,,millisecond,,The timestamp of the last invocation of the source,0,streamnative,Source Connector Pulsar Source Last Invocation,, +streamnative.source_connector.pulsar_source_received_1min_total,gauge,,record,,The total number of records received from source in the last 1 minute,0,streamnative,Source Connector Pulsar Source Received 1min Total,, +streamnative.source_connector.pulsar_source_received_total,gauge,,record,,The total number of records received from source,0,streamnative,Source Connector Pulsar Source Received Total,, +streamnative.source_connector.pulsar_source_source_exception,gauge,,,,The exception from a source,0,streamnative,Source Connector Pulsar Source Source Exception,, +streamnative.source_connector.pulsar_source_source_exceptions_1min_total,gauge,,exception,,The total number of source exceptions in the last 1 minute,0,streamnative,Source Connector Pulsar Source Source Exceptions 1min Total,, +streamnative.source_connector.pulsar_source_source_exceptions_total,gauge,,exception,,The total number of source exceptions,0,streamnative,Source Connector Pulsar Source Source Exceptions Total,, +streamnative.source_connector.pulsar_source_system_exception,gauge,,,,The exception from system code,0,streamnative,Source Connector Pulsar Source System Exception,, +streamnative.source_connector.pulsar_source_system_exceptions_1min_total,gauge,,exception,,The total number of system exceptions in the last 1 minute,0,streamnative,Source Connector Pulsar Source System Exceptions 1min Total,, +streamnative.source_connector.pulsar_source_system_exceptions_total,gauge,,exception,,The total number of system exceptions,0,streamnative,Source Connector Pulsar Source System Exceptions Total,, +streamnative.source_connector.pulsar_source_written_1min_total,gauge,,record,,The total number of records written to a Pulsar topic in the last 1 minute,0,streamnative,Source Connector Pulsar Source Written 1min Total,, +streamnative.source_connector.pulsar_source_written_total,gauge,,record,,The total number of records written to a Pulsar topic,0,streamnative,Source Connector Pulsar Source Written Total,, \ No newline at end of file diff --git a/strimzi/CHANGELOG.md b/strimzi/CHANGELOG.md index a9b0063b2fd9b..4aee9fe954148 100644 --- a/strimzi/CHANGELOG.md +++ b/strimzi/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/supervisord/CHANGELOG.md b/supervisord/CHANGELOG.md index a358c6f42476a..6244150ce1e99 100644 --- a/supervisord/CHANGELOG.md +++ b/supervisord/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.6.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/suricata/CHANGELOG.md b/suricata/CHANGELOG.md index 0066a104dd1ae..bc254b3fd4dc7 100644 --- a/suricata/CHANGELOG.md +++ b/suricata/CHANGELOG.md @@ -8,6 +8,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/symantec_endpoint_protection/CHANGELOG.md b/symantec_endpoint_protection/CHANGELOG.md new file mode 100644 index 0000000000000..058b2807cc86f --- /dev/null +++ b/symantec_endpoint_protection/CHANGELOG.md @@ -0,0 +1,9 @@ +# CHANGELOG - symantec-endpoint-protection + + + +## 1.0.0 / 2024-11-28 + +***Added***: + +* Initial Release ([#18714](https://github.com/DataDog/integrations-core/pull/18714)) diff --git a/symantec_endpoint_protection/README.md b/symantec_endpoint_protection/README.md new file mode 100644 index 0000000000000..99d40f025ed13 --- /dev/null +++ b/symantec_endpoint_protection/README.md @@ -0,0 +1,141 @@ +## Overview + +[Symantec Endpoint Protection][5] is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates. + +This integration enriches and ingests the following logs from Symantec Endpoint Protection: + +- **Audit logs**: Record changes to policies such as policy updates, policy assignments, and more. +- **Risk logs**: Track and record potential security risks detected on endpoints, including malware, vulnerabilities, and suspicious activities. +- **Scan logs**: Record the results of antivirus scans, including detected malware, scan settings, and user information. +- **System logs**: Record all administrative activities, client activities, server activities and `client_server` activities. +- **Security logs**: Record security-related events, including attacks, compliance, and device control. +- **Application control logs**: Record events related to application control, such as blocked or allowed applications. +- **Traffic logs**: Record network traffic events, including incoming and outgoing connections, protocols, and ports. + +You can also visualize detailed insights into the above-mentioned logs with the out-of-the-box dashboards. Once you've installed the integration, you can find the dashboards by searching for "symantec-endpoint-protection" in the dashboards list. + +## Setup + +### Installation + +To install the Symantec Endpoint Protection integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management documentation][6]. + +**Note**: This step is not necessary for Agent version >= 7.52.0. + +Linux command: + + ```shell + sudo -u dd-agent -- datadog-agent integration install datadog-symantec_endpoint_protection==1.0.0 + ``` + +### Configuration + +#### Log collection + +1. Collecting logs is disabled by default in the Datadog Agent. Enable it in `datadog.yaml`: + + ```yaml + logs_enabled: true + ``` + +2. Add this configuration block to your `symantec_endpoint_protection.d/conf.yaml` file to start collecting your Symantec Endpoint Protection logs. + + See the [sample symantec_endpoint_protection.d/conf.yaml][6] for available configuration options. + + ```yaml + logs: + - type: udp + port: + service: symantec-endpoint-protection + source: symantec-endpoint-protection + ``` + +3. [Restart the Agent][1]. + +4. Configure Syslog Message Forwarding from Symantec Endpoint Protection Server: + + 1. Log on to your **Symantec Endpoint Protection Server**. + 2. Click on **Admin**. + 3. Click on **servers** on the **administrative** panel. + 4. Select **sites** for which you want to forward logs. + 5. Click on **Configure external logging**. + 6. Enable Transmission of Logs to a Syslog Server. + 7. Provide your **syslog server IP**. + 8. Select network protocol as **UDP**. + 9. Provide the **PORT** where you want to forward logs. + +### Validation + +[Run the Agent's status subcommand][2] and look for `symantec_endpoint_protection` under the Checks section. + +## Data Collected + +### Logs + +The Symantec Endpoint Protection integration collects audit, risk, scan, security, traffic, application control, and system logs. + +### Metrics + +The Symantec Endpoint Protection integration does not include any metrics. + +### Events + +The Symantec Endpoint Protection integration does not include any events. + +### Service Checks + +The Symantec Endpoint Protection integration does not include any service checks. + +## Troubleshooting + +### Permission denied while port binding + +If you see a **Permission denied** error while port binding in the Agent logs, see the following instructions: + + 1. Binding to a port number under 1024 requires elevated permissions. Grant access to the port using the `setcap` command: + + - Grant access to the port using the `setcap` command: + + ```shell + sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent + ``` + + - Verify the setup is correct by running the `getcap` command: + + ```shell + sudo getcap /opt/datadog-agent/bin/agent/agent + ``` + + With the expected output: + + ```shell + /opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep + ``` + + **Note**: Re-run this `setcap` command every time you upgrade the Agent. + + 2. [Restart the Agent][1]. + +### Data is not being collected + +Make sure that traffic is bypassed from the configured port if the firewall is enabled. + +### Port already in use + +If you see the **Port Already in Use** error, see the following instructions. The example below is for PORT-NO = 514: + +On systems using Syslog, if the Agent listens for Cisco Secure Firewall logs on port 514, the following error can appear in the Agent logs: `Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use`. + +This error occurs because by default, Syslog listens on port 514. To resolve this error, take **one** of the following steps: + +- Disable Syslog. +- Configure the Agent to listen on a different, available port. + +Need help? Contact [Datadog support][3]. + +[1]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent +[2]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information +[3]: https://docs.datadoghq.com/help/ +[4]: https://docs.datadoghq.com/agent/ +[5]: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/what-is-v45096464-d43e1648.html +[6]: https://docs.datadoghq.com/agent/guide/integration-management/?tab=linux#install \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/configuration/spec.yaml b/symantec_endpoint_protection/assets/configuration/spec.yaml new file mode 100644 index 0000000000000..8259437f05d22 --- /dev/null +++ b/symantec_endpoint_protection/assets/configuration/spec.yaml @@ -0,0 +1,10 @@ +name: Symantec Endpoint Protection +files: +- name: symantec_endpoint_protection.yaml + options: + - template: logs + example: + - type: udp + port: + source: symantec-endpoint-protection + service: symantec-endpoint-protection diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_application_control.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_application_control.json new file mode 100644 index 0000000000000..ee906e0cc5305 --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_application_control.json @@ -0,0 +1,927 @@ +{ + "title": "Symantec Endpoint Protection - Application Control", + "description": "This dashboard provides information about the Application Control logs of Application and Device Control generated on Symantec Endpoint Protection.", + "widgets": [ + { + "id": 2804097939643020, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8802738356167996, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides information about the Application Control logs of Application and Device Control generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 6 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 3393191833622812, + "definition": { + "title": "Application Control Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4716857026057656, + "definition": { + "title": "Application Control Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 5551369900400330, + "definition": { + "title": "Total Application Control Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 1450273177268032, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name -@usr.name:None" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 1353300741756738, + "definition": { + "title": "Application Control Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1336589259337004, + "definition": { + "title": "Top Descriptions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@application_event_description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 7435084090457840, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4753255554439116, + "definition": { + "title": "Top APIs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@api_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4210114757743938, + "definition": { + "title": "Top Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 7801682923806184, + "definition": { + "title": "Action Status", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@action_description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@action_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, + { + "id": 5799648343012586, + "definition": { + "title": "Top Actions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@action_description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 4, + "height": 4 + } + }, + { + "id": 5318869640767718, + "definition": { + "title": "Caller Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@caller_process_id", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@called_process_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@caller_return_address", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@caller_return_module_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 8, + "width": 8, + "height": 4 + } + }, + { + "id": 559016614216946, + "definition": { + "title": "Application Control By Country", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + }, + { + "id": 5259382815069934, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:application-control $User $Domain $Action $Api-Name", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "application_event_description", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "api_name", + "width": "auto" + }, + { + "field": "rule_name", + "width": "auto" + }, + { + "field": "action_description", + "width": "auto" + }, + { + "field": "action_type", + "width": "auto" + }, + { + "field": "caller_process_id", + "width": "auto" + }, + { + "field": "called_process_name", + "width": "auto" + }, + { + "field": "caller_return_address", + "width": "auto" + }, + { + "field": "caller_return_module_name", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 21 + } + } + ], + "template_variables": [ + { + "name": "User", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "Domain", + "prefix": "@domain_name", + "available_values": [], + "default": "*" + }, + { + "name": "Action", + "prefix": "@action_description", + "available_values": [], + "default": "*" + }, + { + "name": "Api-Name", + "prefix": "@api_name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_overview.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_overview.json new file mode 100644 index 0000000000000..ff73cc87fb8ba --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_overview.json @@ -0,0 +1,1820 @@ +{ + "title": "Symantec Endpoint Protection - Overview", + "description": "This Dashboard provides a comprehensive summary of Symantec Endpoint Protection logs, allowing quick assess to the each log count by its type and details of those logs.", + "widgets": [ + { + "id": 463772227106378, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3007578271362798, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides overview of the Risk Logs, Scan Logs, Application Control Logs, Traffic Logs, Security Logs, System Logs and Audit Events generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 7552655042854944, + "definition": { + "title": "Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4615525095028922, + "definition": { + "title": "Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 1679476490024906, + "definition": { + "title": "Distribution by Log Types", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@service", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 1835558821317992, + "definition": { + "title": "Total Risk Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:risk" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4045557395351174, + "definition": { + "title": "Risk Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:risk" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 4 + } + }, + { + "id": 5570361096037134, + "definition": { + "title": "Total Scan Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:scan" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 3879534748940514, + "definition": { + "title": "Scan Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:scan" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, + { + "id": 3993411943185414, + "definition": { + "title": "Total Application Control Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:application-control" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#f7dfab" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 8, + "width": 4, + "height": 4 + } + }, + { + "id": 8596788814251738, + "definition": { + "title": "Application Control Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:application-control" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 8, + "width": 8, + "height": 4 + } + }, + { + "id": 7894630450826822, + "definition": { + "title": "Total Traffic Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:traffic" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#d9e8f7" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 2993723138362990, + "definition": { + "title": "Traffic Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:traffic" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 12, + "width": 8, + "height": 4 + } + }, + { + "id": 7220255679263248, + "definition": { + "title": "Total Security Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:security" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 4316709735215242, + "definition": { + "title": "Security Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:security" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 16, + "width": 8, + "height": 4 + } + }, + { + "id": 2604599212783742, + "definition": { + "title": "Total System Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 20, + "width": 4, + "height": 4 + } + }, + { + "id": 4506731229852130, + "definition": { + "title": "System Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 20, + "width": 8, + "height": 4 + } + }, + { + "id": 4185348993152106, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4623916271966642, + "definition": { + "type": "note", + "content": "\nDatadog Cloud SIEM analyzes and correlates Symantec Endpoint Protection logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](https://app.datadoghq.com/security?query=source%3Asymantec-endpoint-protection%20). ", + "background_color": "purple", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 1460345638454502, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection status:critical" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 5476757533653882, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection status:high" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 1379476249905458, + "definition": { + "title": "Critical Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection status:critical" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [ + { + "label": "View related Security Signals", + "link": "/security?query=@workflow.rule.name:{{@workflow.rule.name.value}}&column=time&order=desc&view=signal&start={{timestamp_widget_start}}&end={{timestamp_widget_end}}&paused=false" + } + ], + "style": {} + }, + "layout": { + "x": 4, + "y": 1, + "width": 8, + "height": 4 + } + }, + { + "id": 2880232965900544, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection status:medium" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 3273472547821490, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#ffb52b", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection status:low" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 3890991967630338, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#84c1e0", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection status:info" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 317314577134156, + "definition": { + "title": "High Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection status:high" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [ + { + "label": "View related Security Signals", + "link": "/security?query=@workflow.rule.name:{{@workflow.rule.name.value}}&column=time&order=desc&view=signal&start={{timestamp_widget_start}}&end={{timestamp_widget_end}}&paused=false" + } + ], + "style": {} + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 514638455017102, + "definition": { + "title": "Medium Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection status:medium" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [ + { + "label": "View related Security Signals", + "link": "/security?query=@workflow.rule.name:{{@workflow.rule.name.value}}&column=time&order=desc&view=signal&start={{timestamp_widget_start}}&end={{timestamp_widget_end}}&paused=false" + } + ], + "style": {} + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 32, + "width": 12, + "height": 10 + } + }, + { + "id": 1853977853681626, + "definition": { + "title": "Audit Events Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 546713173439682, + "definition": { + "title": "Total Audit Events Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:audit $Event-Type $Policy-Name" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 7958987691224374, + "definition": { + "title": "Audit Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:audit $Event-Type $Policy-Name" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 3 + } + }, + { + "id": 587442089219928, + "definition": { + "title": "Type of Audit Events", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@event_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:audit $Event-Type $Policy-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 4 + } + }, + { + "id": 8618808784283546, + "definition": { + "title": "Top Audit Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@event_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:audit $Event-Type $Policy-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 5622536135026798, + "definition": { + "title": "Top Policies", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@policy_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:audit $Event-Type $Policy-Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 6156523113227100, + "definition": { + "title": "Audit Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:audit ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "event_type", + "width": "auto" + }, + { + "field": "audit_event_description", + "width": "auto" + }, + { + "field": "audit_admin_name", + "width": "auto" + }, + { + "field": "policy_name", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "server_name", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 42, + "width": 12, + "height": 17 + } + }, + { + "id": 4384564956599440, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Event-Type", + "prefix": "@event_type", + "available_values": [], + "default": "*" + }, + { + "name": "Policy-Name", + "prefix": "@policy_name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_risk.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_risk.json new file mode 100644 index 0000000000000..fbb770a3ec06d --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_risk.json @@ -0,0 +1,2257 @@ +{ + "title": "Symantec Endpoint Protection - Risk", + "description": "This dashboard provides information about the Risk logs generated on Symantec Endpoint Protection.", + "widgets": [ + { + "id": 1304401806386442, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5073780463706508, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides information about the Risk logs generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 4397016275636066, + "definition": { + "title": "Risk Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5275798311074670, + "definition": { + "title": "Risk Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 8815658168302322, + "definition": { + "title": "Total Risk Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 1026009056371212, + "definition": { + "title": "Top Risks", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@risk_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 3, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 4969010212931252, + "definition": { + "title": "Risk Logs Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7818864836062226, + "definition": { + "title": "Top Risk Types", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@risk_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 3066507953223256, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 8515585581461480, + "definition": { + "title": "Top Servers", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@server_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 799540230905220, + "definition": { + "title": "Top Actual Actions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@actual_action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 7732667545019918, + "definition": { + "title": "Action Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@actual_action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@requested_action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@secondary_action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 4002514673868263, + "definition": { + "title": "Top File Paths", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@file_path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + }, + "should_exclude_missing": true + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 0, + "y": 7, + "width": 8, + "height": 4 + } + }, + { + "id": 3938557461477442, + "definition": { + "title": "Top Downloaded by", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@downloaded_by", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 4502208350526758, + "definition": { + "title": "File Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "file_path", + "width": "auto" + }, + { + "field": "first_seen", + "width": "auto" + }, + { + "field": "prevalence", + "width": "auto" + }, + { + "field": "confidence", + "width": "auto" + }, + { + "field": "file_size", + "width": "auto" + }, + { + "field": "location", + "width": "auto" + }, + { + "field": "download_site", + "width": "auto" + }, + { + "field": "downloaded_by", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + }, + { + "id": 7117802683653614, + "definition": { + "title": "Top Applications", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@application_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 4, + "height": 4 + } + }, + { + "id": 7563272505008090, + "definition": { + "title": "Application Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "application_name", + "width": "auto" + }, + { + "field": "application_type", + "width": "auto" + }, + { + "field": "application_version", + "width": "auto" + }, + { + "field": "allowed_application_reason", + "width": "auto" + }, + { + "field": "application_hash", + "width": "auto" + }, + { + "field": "hash_type", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 4, + "y": 15, + "width": 8, + "height": 4 + } + }, + { + "id": 2881096364281662, + "definition": { + "title": "Top Source Computer Names", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@source_computer_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 19, + "width": 4, + "height": 4 + } + }, + { + "id": 5053709589047162, + "definition": { + "title": "Source Computer Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@source_computer_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@source_computer_ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 19, + "width": 4, + "height": 4 + } + }, + { + "id": 8897604333068586, + "definition": { + "title": "Distribution by Scan Source", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@scan_source", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "inline" + } + }, + "layout": { + "x": 8, + "y": 19, + "width": 4, + "height": 4 + } + }, + { + "id": 3396218916858620, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 23, + "width": 4, + "height": 4 + } + }, + { + "id": 4211654939327166, + "definition": { + "title": "Top Web Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@web_domain", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 23, + "width": 4, + "height": 4 + } + }, + { + "id": 4357895160576700, + "definition": { + "title": "Domain Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@web_domain", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 8, + "y": 23, + "width": 4, + "height": 4 + } + }, + { + "id": 1761885876246576, + "definition": { + "title": "Top Category Types", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@category_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 27, + "width": 4, + "height": 4 + } + }, + { + "id": 1771423758767622, + "definition": { + "title": "Distribution by Category", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@category_set", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 27, + "width": 8, + "height": 4 + } + }, + { + "id": 5900205913475106, + "definition": { + "title": "Category Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@category_set", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@category_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 31, + "width": 6, + "height": 4 + } + }, + { + "id": 6731020336257876, + "definition": { + "title": "Top Dispositions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@disposition", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 31, + "width": 6, + "height": 4 + } + }, + { + "id": 6518796311250706, + "definition": { + "title": "Top Companies", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@company_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 35, + "width": 4, + "height": 4 + } + }, + { + "id": 2200502928115948, + "definition": { + "title": "Company Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@risk_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@company_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@group_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 35, + "width": 8, + "height": 4 + } + }, + { + "id": 3824158959538788, + "definition": { + "title": "Top Group Names", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@group_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 39, + "width": 4, + "height": 4 + } + }, + { + "id": 3641820746600130, + "definition": { + "title": "Distribution by URL Tracking Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@url_tracking_status", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 39, + "width": 8, + "height": 4 + } + }, + { + "id": 1721263337224546, + "definition": { + "title": "Certificate Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@certificate_signer", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@certificate_thumbprint", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@certificate_serial_number", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@certificate_issuer", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 43, + "width": 12, + "height": 4 + } + }, + { + "id": 3327602482401020, + "definition": { + "title": "Risks by Location", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 47, + "width": 12, + "height": 4 + } + }, + { + "id": 6847786685135402, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:risk $Risk-Name $User $server_name $Action $Domain", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "risk_name", + "width": "auto" + }, + { + "field": "risk_type", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "server_name", + "width": "auto" + }, + { + "field": "actual_action", + "width": "auto" + }, + { + "field": "requested_action", + "width": "auto" + }, + { + "field": "secondary_action", + "width": "auto" + }, + { + "field": "file_path", + "width": "auto" + }, + { + "field": "downloaded_by", + "width": "auto" + }, + { + "field": "first_seen", + "width": "auto" + }, + { + "field": "prevalence", + "width": "auto" + }, + { + "field": "confidence", + "width": "auto" + }, + { + "field": "file_size", + "width": "auto" + }, + { + "field": "location", + "width": "auto" + }, + { + "field": "download_site", + "width": "auto" + }, + { + "field": "application_name", + "width": "auto" + }, + { + "field": "application_type", + "width": "auto" + }, + { + "field": "application_version", + "width": "auto" + }, + { + "field": "allowed_application_reason", + "width": "auto" + }, + { + "field": "application_hash", + "width": "auto" + }, + { + "field": "hash_type", + "width": "auto" + }, + { + "field": "source_computer_name", + "width": "auto" + }, + { + "field": "source_computer_ip", + "width": "auto" + }, + { + "field": "scan_source", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "web_domain", + "width": "auto" + }, + { + "field": "category_type", + "width": "auto" + }, + { + "field": "category_set", + "width": "auto" + }, + { + "field": "company_name", + "width": "auto" + }, + { + "field": "group_name", + "width": "auto" + }, + { + "field": "disposition", + "width": "auto" + }, + { + "field": "url_tarcking_status", + "width": "auto" + }, + { + "field": "certificate_issuer", + "width": "auto" + }, + { + "field": "certificate_signer", + "width": "auto" + }, + { + "field": "certificate_thumbprint", + "width": "auto" + }, + { + "field": "certificate_serial_number", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 51, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 56 + } + } + ], + "template_variables": [ + { + "name": "Risk-Name", + "prefix": "@risk_name", + "available_values": [], + "default": "*" + }, + { + "name": "User", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "server_name", + "prefix": "@server_name", + "available_values": [], + "default": "*" + }, + { + "name": "Action", + "prefix": "@actual_action", + "available_values": [], + "default": "*" + }, + { + "name": "Domain", + "prefix": "@domain_name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_scan.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_scan.json new file mode 100644 index 0000000000000..b8618e63c4e1b --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_scan.json @@ -0,0 +1,1244 @@ +{ + "title": "Symantec Endpoint Protection - Scan", + "description": "This dashboard provides information about the Scan logs generated on Symantec Endpoint Protection.", + "widgets": [ + { + "id": 1126311756413248, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1669617153014420, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides information about the Scan logs generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 525096340156022, + "definition": { + "title": "Scan Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3199509059263778, + "definition": { + "title": "Scan Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 7395615345245134, + "definition": { + "title": "Total Scan Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 3 + } + }, + { + "id": 8761095194527554, + "definition": { + "title": "Total Scans Completed", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:scan @status:Completed $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 3 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 1270423737635008, + "definition": { + "title": "Scan Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7963348970703650, + "definition": { + "title": "Total Suspended Scans", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:scan @status:Suspended $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 4179092541605904, + "definition": { + "title": "Distribution By Scan Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@status", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 4618431566599192, + "definition": { + "title": "Top Commands", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@command", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 4176649331232632, + "definition": { + "title": "Distribution by Scan Type", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@scan_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, + { + "id": 7969194881131906, + "definition": { + "title": "Tracking Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "scan_id", + "width": "auto" + }, + { + "field": "scan_description", + "width": "auto" + }, + { + "field": "command", + "width": "auto" + }, + { + "field": "scan_type", + "width": "auto" + }, + { + "field": "@status", + "width": "auto" + }, + { + "field": "start_time", + "width": "auto" + }, + { + "field": "end_time", + "width": "auto" + }, + { + "field": "duration", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + }, + { + "id": 6871236695765478, + "definition": { + "title": "Scan Duration over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@duration", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + }, + { + "id": 7715595766945564, + "definition": { + "title": "Top logged-in Users at Scan start", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@user1", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 6004111082547972, + "definition": { + "title": "Top logged-in Users at Scan completion", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@user2", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 4, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 5371824063678992, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@scan_id" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@scan_id" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 8, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 5726222015614920, + "definition": { + "title": "Top IP Addresses", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 20, + "width": 4, + "height": 4 + } + }, + { + "id": 4455945086326040, + "definition": { + "title": "Machine details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@scan_id", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@scan_description", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@computer", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.client.ip", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@user1", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 32, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 20, + "width": 8, + "height": 4 + } + }, + { + "id": 5563699023345214, + "definition": { + "title": "Overall Scan Result", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "scan_id", + "width": "auto" + }, + { + "field": "scan_description", + "width": "auto" + }, + { + "field": "@status", + "width": "auto" + }, + { + "field": "@scan_results.scanned", + "width": "auto" + }, + { + "field": "@scan_results.trusted_files_skipped", + "width": "auto" + }, + { + "field": "@scan_results.risks", + "width": "auto" + }, + { + "field": "threats", + "width": "auto" + }, + { + "field": "@scan_results.omitted", + "width": "auto" + }, + { + "field": "infected", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 24, + "width": 12, + "height": 4 + } + }, + { + "id": 8184800646397916, + "definition": { + "title": "Scan by Country", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:scan -@status:Started $User $Scan-Status $Scan-Type $Domain" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 28, + "width": 12, + "height": 4 + } + }, + { + "id": 8699831555562628, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:scan $User $Scan-Status $Scan-Type $Domain", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "scan_id", + "width": "auto" + }, + { + "field": "scan_description", + "width": "auto" + }, + { + "field": "@status", + "width": "auto" + }, + { + "field": "scan_results", + "width": "auto" + }, + { + "field": "user1", + "width": "auto" + }, + { + "field": "user2", + "width": "auto" + }, + { + "field": "computer", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "server_name", + "width": "auto" + }, + { + "field": "scan_type", + "width": "auto" + }, + { + "field": "command", + "width": "auto" + }, + { + "field": "group_name", + "width": "auto" + }, + { + "field": "start_time", + "width": "auto" + }, + { + "field": "end_time", + "width": "auto" + }, + { + "field": "network.client.ip", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 32, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 37 + } + } + ], + "template_variables": [ + { + "name": "User", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "Scan-Status", + "prefix": "@status", + "available_values": [], + "default": "*" + }, + { + "name": "Scan-Type", + "prefix": "@scan_type", + "available_values": [], + "default": "*" + }, + { + "name": "Domain", + "prefix": "@domain_name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_security.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_security.json new file mode 100644 index 0000000000000..2c551f299e750 --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_security.json @@ -0,0 +1,1555 @@ +{ + "title": "Symantec Endpoint Protection - Security", + "description": "This dashboard provides information about the Security logs generated on Symantec Endpoint Protection.", + "widgets": [ + { + "id": 2679486675865774, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8273320402780222, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides information about the Security logs generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 6 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 5080684621632870, + "definition": { + "title": "Security Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 433305625243124, + "definition": { + "title": "Security Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 3238819703892582, + "definition": { + "title": "Total Security Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 2193016131573224, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security -@usr.name:none $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 1095338535882574, + "definition": { + "title": "Security Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7910522115858106, + "definition": { + "title": "Top Local Host IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@local_host_ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 2069759102640944, + "definition": { + "title": "Top Remote Hosts", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@remote_host_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 8275673360433956, + "definition": { + "title": "Top Remote Host IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 6414016040800626, + "definition": { + "title": "Top Intrusion URLs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@intrusion_url", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 2824190112939962, + "definition": { + "title": "Top Signature Strings", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@cids_signature_string", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 8418445209055494, + "definition": { + "title": "Top Applications", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@application", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 505306528384794, + "definition": { + "title": "Distribution by Network Protocol", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network_protocol", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 5794879375069322, + "definition": { + "title": "Distribution by Traffic Direction", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@traffic_direction", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 6465155376542500, + "definition": { + "title": "Top Event Types", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@event_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 2549875657613342, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 3579906024135768, + "definition": { + "title": "Top Locations", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@location", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 8070353615771716, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@security_event_description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@event_type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 4 + } + }, + { + "id": 2899336755375354, + "definition": { + "title": "Local Host Details with Total Attack", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@local_host_ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@local_port", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 20, + "width": 6, + "height": 4 + } + }, + { + "id": 7642086813923484, + "definition": { + "title": "Remote Host Details with Total Attack", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@remote_host_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@remote_port", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 20, + "width": 6, + "height": 4 + } + }, + { + "id": 1118014643877366, + "definition": { + "title": "Distribution by URL category", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@url_category", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 6, + "height": 4 + } + }, + { + "id": 1726274697865384, + "definition": { + "title": "Distribution by URL Risk", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@url_risk", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 24, + "width": 6, + "height": 4 + } + }, + { + "id": 5103625990047608, + "definition": { + "title": "URL Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "intrusion_url", + "width": "auto" + }, + { + "field": "intrusion_payload_url", + "width": "auto" + }, + { + "field": "url_risk", + "width": "auto" + }, + { + "field": "url_category", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 28, + "width": 12, + "height": 4 + } + }, + { + "id": 5409812970961422, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:security $User $Domain $Location $Application", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "security_event_description", + "width": "auto" + }, + { + "field": "traffic_direction", + "width": "auto" + }, + { + "field": "network_protocol", + "width": "auto" + }, + { + "field": "event_type", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "local_host_ip", + "width": "auto" + }, + { + "field": "local_port", + "width": "auto" + }, + { + "field": "remote_host_ip", + "width": "auto" + }, + { + "field": "remote_host_name", + "width": "auto" + }, + { + "field": "remote_port", + "width": "auto" + }, + { + "field": "application", + "width": "auto" + }, + { + "field": "location", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "intrusion_url", + "width": "auto" + }, + { + "field": "url_category", + "width": "auto" + }, + { + "field": "url_risk", + "width": "auto" + }, + { + "field": "intrusion_payload_url", + "width": "auto" + }, + { + "field": "cids_signature_string", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 32, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 37 + } + } + ], + "template_variables": [ + { + "name": "User", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "Domain", + "prefix": "@domain_name", + "available_values": [], + "default": "*" + }, + { + "name": "Location", + "prefix": "@location", + "available_values": [], + "default": "*" + }, + { + "name": "Application", + "prefix": "@application", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_system.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_system.json new file mode 100644 index 0000000000000..171606ff94f75 --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_system.json @@ -0,0 +1,2022 @@ +{ + "title": "Symantec Endpoint Protection - System", + "description": "This dashboard provides information about the System logs generated on Symantec Endpoint Protection.", + "widgets": [ + { + "id": 933903160011582, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1847169235445084, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides information about the System logs generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 595012929449668, + "definition": { + "title": "System Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8291829446754292, + "definition": { + "title": "System Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 592586001131318, + "definition": { + "title": "Total System Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 3 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 774163749524904, + "definition": { + "title": "Admin Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4601199473145572, + "definition": { + "title": "Total Administrative Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 2263629015804016, + "definition": { + "title": "Administrative Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 6749465013053840, + "definition": { + "title": "Top Admins", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@admin_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 176149809781576, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 2529639281388796, + "definition": { + "title": "Top Event Descriptions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@admin_event_description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 4, + "height": 4 + } + }, + { + "id": 3694769075563202, + "definition": { + "title": "Distribution by Event Description", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@admin_event_description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 8, + "width": 8, + "height": 4 + } + }, + { + "id": 6921067201289542, + "definition": { + "title": "Top Sites", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syslog.symantecServer.site", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 2274166633801294, + "definition": { + "title": "Distribution by Site", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syslog.symantecServer.site", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:admin" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 12, + "width": 8, + "height": 4 + } + }, + { + "id": 3090988810664804, + "definition": { + "title": "Admin Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:system @activity:admin", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "admin_name", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "admin_event_description", + "width": "auto" + }, + { + "field": "syslog.symantecServer.site", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 21 + } + }, + { + "id": 4398587647283984, + "definition": { + "title": "Client Activity Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7635331022909316, + "definition": { + "title": "Total Client Activity Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 3150540949383972, + "definition": { + "title": "Client Activity Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 6745510208037054, + "definition": { + "title": "Top Event Sources", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@event_source", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 7233202541322360, + "definition": { + "title": "Distribution by Event Source", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@event_source", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, + { + "id": 92351914963612, + "definition": { + "title": "Top Groups", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@group_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 4, + "height": 4 + } + }, + { + "id": 3690273113465984, + "definition": { + "title": "Distribution by Group", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@group_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 8, + "width": 8, + "height": 4 + } + }, + { + "id": 7242571304902972, + "definition": { + "title": "Client Activity Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:system @activity:client", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "event_source", + "width": "auto" + }, + { + "field": "group_name", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 29, + "width": 12, + "height": 17 + } + }, + { + "id": 4220428596397248, + "definition": { + "title": "Server Activity Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2461355834681712, + "definition": { + "title": "Total Server Activity Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:server" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 4929274408089964, + "definition": { + "title": "Server Activity Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:server" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 8424329033036236, + "definition": { + "title": "Server Activity Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:system @activity:server", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "server_event_description", + "width": "auto" + }, + { + "field": "server_name", + "width": "auto" + }, + { + "field": "syslog.symantecServer.site", + "width": "auto" + }, + { + "field": "syslog.hostname", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 46, + "width": 12, + "height": 1 + } + }, + { + "id": 5440928071703144, + "definition": { + "title": "Client Server Activity Log Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5164308491767666, + "definition": { + "title": "Total Client Server Logs", + "title_size": "16", + "title_align": "left", + "time": {}, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 4409741892556264, + "definition": { + "title": "Client Server Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 4645684369713962, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 6928669129076596, + "definition": { + "title": "Distribution by User", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, + { + "id": 8402082650691334, + "definition": { + "title": "Distribution by Host", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@host_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 7224187076604966, + "definition": { + "title": "Distribution by Site", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syslog.symantecServer.site", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 6104400031967288, + "definition": { + "title": "Top Hosts", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@host_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 2199201335635236, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 4358203925241938, + "definition": { + "title": "Top Sites", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syslog.symantecServer.site", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:system @activity:client-server" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 6477618790683328, + "definition": { + "title": "Client Server Activity Log Details", + "title_size": "16", + "title_align": "left", + "time": {}, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:system @activity:client-server", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "host_name", + "width": "auto" + }, + { + "field": "syslog.symantecServer.site", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 47, + "width": 12, + "height": 1 + } + } + ], + "template_variables": [], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_traffic.json b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_traffic.json new file mode 100644 index 0000000000000..5c9284127eb7f --- /dev/null +++ b/symantec_endpoint_protection/assets/dashboards/symantec_endpoint_protection_traffic.json @@ -0,0 +1,1412 @@ +{ + "title": "Symantec Endpoint Protection - Traffic", + "description": "This dashboard provides information about the Traffic logs of Network and Host Exploit Mitigation generated on Symantec Endpoint Protection.", + "widgets": [ + { + "id": 6455559313815406, + "definition": { + "title": "", + "banner_img": "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxAPDw8NEBAQFg8PEBUWEA8WFhYVEhYXFxcWFxUWHxUYHSggGBolGxUXITMjJS0rLjEuFx8zODMsQyktLysBCgoKDg0OGxAQGjUlHyAtMjEzMTc3MCs1Nzc1LTUxNTUvLy4tNzIyNTc1NTU3LDUvNy0tLS00Ny0tMjI1NTY3Lf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYBBAcCAwj/xABEEAABAwIEAwUEBQcMAwAAAAABAAIDBBEFBhIhBxMxFCJBUWEycYGRI0KhseEVJDVydILBMzZTYnOSorKztNHwCBZS/8QAGgEBAAIDAQAAAAAAAAAAAAAAAAQFAgMGAf/EACsRAQABBAAEBQIHAAAAAAAAAAABAgMEEQUSITETFEFRgTLwIjNhcZHB0f/aAAwDAQACEQMRAD8A7iiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAi+U87Yxqe4ADxKhqjMTQbRsJ9TsPkouRmWbH5lWm23ZrufTCeRVoZjk8Y2W95W5SY/G42eCw+fVvzWi3xbFuTqK/56NlWJdpjcwmVET4/CJ46WNwfLIC4aTdga0gOu8bA77A7lVjO2aJB2mjpp4GuMIAqGSd+lkvqMk/hFDpsA7c6nAWWzw/wlrIpSKKOCmlcx0LS1zKl7m6g50rDs3fdtibtKnV7mNUo8a9V0BWViyys3giIgIiICIsIMoiICIiAiIgIiICLCygIsIgyiIgIiICIiAiIgIiIC+NVO2Njnu6NC+yr2aZ/YiHT2j9w/iombkeXsVXPbt+7bYt+JXFKJrqx8z9Tun1W+A/Fb9FgL3gOkOkH6vV34L1lujDnGZw2YbN9/iVUqbiu6mxKbDMWphT2lLYqhpJZpJ+jc4H6pFu8NvMDe1Jw7hsZMeYyOvN6J2Rkzbnw7fTS8Oy5HbZ77+e33WXNeK2N/kqMU7JPzmdt4nN6sAd7RBFrGxC6bmbH4qCinr5CCyKPU0AjvuOzGg/1iQPivy9gGFVWYMTe0v+lqHOlnmNiGNuLuDS4XA1NAaD0srWeFYvNFXJrSJ5u7qY2nMq5YkrcSnZOySlpBoFVFG8kG7WERlwdc6vavuAv01G0AADoAAFQzgkVAG0kLbQsF2C5JsSSd3Ek7kq3YDUGSBt+re6fh0+yy04mfVcya7FUa5e3wzvWIpt03Inu+OPZlosPaHVdTHEHeyHG7ne5gu4/AKGoOJ+CzuDGV8QcenMbJEP70jQFxqkoosZzRVQYjK5rOfO1jNWknlOLY4QT02Hh1sfNdLr+CeESACNs8RBG7ZC6/mCH36+llbojpDHhwDgQQRcEbgjzuvSqOO56w3CZYqCoc+MiNhjaI3FgZ7Le8NrDTb4Kx4piMdLBLVSutFDG573AX7rRc2A6oNtFTYOJmGSUk2INkl7NBIyOR/KcO8/oAOp/EJjfE7CqOKCWScuNRE2SOKNpdJocLtJb9Tr42QXJFT8O4mYVPSS1wqQyOEgSNkBbKCRdoDNy69jbTfofJa+XuKuF19S2kikkbK82j5jNLXnwANzufI2QXdFX80Z0oMMA7XUNa9wu2IAvlI6X0N3A26mwVcw/jNg80giMk0eo2EkkdmfEgmw9Sg6IsKMzBj1PQUrq6ocRAzTdzQX+2Q1tgOu5CgsW4mYVSwQVElRftMYkiiY0ulLXdCWfV6Ed624KC4rF1VcrcQcPxNszqeR+qBhfJE9umQNHVwHRw9x8lxTiBninrsaoKyCSTslNyNRLXNPdlL5Dp6na3yQfpZFAZYzfR4nFLUUsjjFC7TI57SwA21fW8LeKrddxmweKUxCWaSxsZI4yY/gSRqHqEHQllRmAY9S4hC2ppZWyRE2uLgg+LXNO7T6FRGbOIOHYW8RVMx5xF+TG0vkA8CbbNv6kILSipuWOJ2F4jK2mhleyd/sRysLC70B3aT6XurkgyiIgIiICIiAiIgIiICquZf5cfqD7yrUoDNFPcMlH1e673Hp9v3qq4zbmvFq16dUrCqim7G/VsZaI5H77r/YqlxnyYMRonVMTfzykaXRkdXsG74/Xa5HqPVTWX64RvMbjZr+h8j+KtKz4TepuY1MR3p6S8y6Jpuzv1fjuuzZVz4fBhUj709PIXs66rWs1hPi1t3W/W9Au8cDMoiioRXSt/Oa0B2/VkPWNvpf2j7x5KpYhwWqXYuXsEX5MkqBITqs5sZdqdHote/Vottay7q5zY2eDWMHwACsZmIjcoyvZoI5kY8dBv89v4rbysPo3/ANp/AKDxKq50rpPDo0eg6KzYRByoBcG9i5wA333tbz6LmsCrx+I13afpjf8Aizvx4eNTRPdzviPwibiE76+jlbFVPsZI335T3Ae1qaLscdr9QbeG6ohx7MeXJI2VRfJTF1mtlPNgeOtmy+0w2vYXHuVppOOYiqJ4a6hmja2VwZpsJmNv3WvjeR3rdSD8FBcUeKVNitIMPpIJvpJWOdJI1oPdOzWtaSSSf+7rplY3+MnKxXCMPx+nBswlkgNrta86S02/+ZG2/eW1nTNvOyjSP1fS1nKgefG8ZPNPx5X+JWfKeTZP/WvyVUN0zTwyktP1HyOc+O/q06SfUFcEwdlRWSUWBOuGNrnd3xaZCxsnwaI3H4lB0TFcG7HkpgIs+plinftY/SPBZ/gDFJcGMi4dV4b22qgbNNNI9l5LlrGsOkBo8D69VYuOcTWYDJG0WaySBrR5AOAA+QXvgL+g4f7ab/Og5BwjyzTV+LvpqlhfDBFJIGXsHFj2NaHW3I73T0W7xXwmDD8dpW0cTYm6KeXQzZofzXC4Hh7AW3wF/TtV+yz/AOrEvXHf9PUn7NB/rSoOn8SKXAw6nq8XLNUIcIWXdqkBsSOWzd4B+Av6rivEjH8Gq44mYZQuhkik703LZG17C07aWk3N7G532KluMrTHmGKasY91GRTkNHR0LSOawHzvr29fVZ4qZvw6vooKHDIHiOnlEsjmwiOJjQ10YFhv1eN7W+aCyY7O6TI0L3Ek8uBtz5NqGtH2AL4cD8k4fWUMldVQNmlMz4wJN2Na0MIs3pfvHc/YveK/zFi/Vi/3QVg/8ev0M79sl/yxoOdcOKZsGa5aSMWgE1bDo6gxtEtmm/Ud0fJeeIeE00OZqalighZTukpA6FrGtjIc5uq7QLG/itjI/wDPKb9trvumXrjI40uY6aska7lAU0oIHtCN/fA8Ce79oQXLjS2HDMGdT0UEUDa2pbHKImNjBbpc519I3voA9xKpmQMZy3T4dyMQja+qmL+e4wOkLQSQwNfbu2aAdvElW3PNfBmbCKg4dzHy4fNHLoLdLnd14c0Dqe6Xe8tVS4eZ4welohSYjQMdNC52mbkRSF7SSQHF1iHC5G/gAg88CMY7PiFZA1xdTvppJADtcwm7HW8DpLvmvjwmwhmN4vVVVeOaGtdM+NxJa573gNB82gE7egXR+HGY8PxaasZTYYynETLMmETA5zHjS8FzG2Y7+rc3HuXMsqYo/K2MVENXHIYnNMbi0DU5moOjmbewcNvPxPiLIO64bkTDaarbX09LHHO1hY3TswX6uDOgda4uPAlWNc2wPjBSV2IwUFPT1BjmuOe4C4f1b9G250dbuPTba1yrjXZmpqeQxSuc12sMHccQXENNgQN9nt+aCZREQEREBERAREQEREBfOeIPaWOFw4WIX0ReTETGpFMxLDnQu33YfZd/A+RX0osZliAbs5o6A9R8VbHsDgQQCD1B6KLqMAicbt1N924+RXO3eE3rNzxMSrX6fff5WNGXRXTy3oajsxm20W/6233KLrsQkm9s90dGjYfipcZbH9If7o/5W7SYNDGb21OHi7f7OiwqxOJZH4btWqfj+mUXsa31ojc/fuisEwkuIlkFmDdrT4nz9ys1kssq7w8OjFt8lHzPug3r1V2rco7FcCpKsAVNNBLbpzI2vI9xIuFr4ZlXD6V/Mp6Kmjk8HtjaHD961wplFLalB4jcRTg8sMDaN07poi8ODy0NOqwBs03vYqn8IMr1NRiU+YKuDlNe6R0EZaWXklJ1Oa07hoaXC/iXe9dtIRBr4hh8NTGYZ4o5YyQTHI0PZcbg6Ttsq3l7MmG3bSUUEzYzK5reXSTMp9YcQ/6QM0DvA3N/BW1cvyVg1VSSxiWkxUOFVMS9tWzsQbJLIQ404l6aXAkab3uUF8w7AKKnkMtPS00crmkGSONjXkE3IuBexIHyWniNJhtRWtgqKenkrOz81rnxNeRGx+n+UI2s93S/iVSsJybVwx0bo4jFVupsRjqZ9YuHSauy6iHbgEgi17eih8RwGanpa2o7A+ljZgLoZHOkjcX1AkY577Me4nVYnWdzbe21w69imFU1Wzl1MEMrAb6ZGteAfPfoVoDCMOpY20jKOEQ1b+W6NkAdG/Yu7+lpGmzTu7boqMctVb2VT4KKSGlkNEZMPMkYdU8p7nVJBa8tGtpaLuIL9O9lt4Vlyra+meymfDSjGOfFRl7CaeDsz4zcNcWtDpDfQ0m2r3oLzUYbRNpTTyQ04o42ajCWN5LWtOq+i1gARdasFXh9BQGshbFFQ6BNeKOzS14bZ+houSQR4XVCwrI9QyCiaaW0kmGV0NcS5p1SP0mna86jqAN7dQPRTUuBzvywcPjpXR1XYxH2YmMEyCwe64cW94guvfx3sglMu1GEVNVJJTU0bK1g5j3PpnQVFpCQZLyMDnAm4JCnMWwmlrGCOpghlYD3WyNa4A+l+h9ypuYsjP7FVGOWrqa6dlPHzJZGa2xsnZI5jS0Ma0DvHz2UfmnKEolnjp6EyRPpY48MfHIyNlDMHSGSQ6nBzbue1+poJOmyC8YBR4fTuqKeiip43ROaKhkTA0hxbqaHEDc6Tf4rxiOU8NqH8+eipHvPWR0bLn3m2/xVDxTKFXzMT5dNqdUT0crpm8q1RExsfaYbOcO857XP0us0+J3XpuWahsNKZaGaejbPVufhbnQBzOaGiBwZr5YY0tfZuo6eZt02C/trKOiElNE1jOzw811NDHdzWEkAiOMbklp2G5svtieE0laxramnhlba7WyMa4i/lqFwuc4plOoLqt7KAiWpwNsMbmytlMczQ8OjMsjg5xLeW3VvfT12X1xXLNY+plIpXuqZKilfSYlzGBlNFG2ISxkF2pu7JO61pDte6DoGEYDR0dxS00ERd7RjY1rj7yNytyWjiebujjcb3uWgm9gL7jyA+S53RZUqGVUVZ2ciYY9Uyvl1N1dje2XT9b2CSw6B4m9uq6UgyEWAsoCIiAiIgIiICIiAiIgIiICIiAiIgwsoiAiIgIiIFl4kja4FrmgtPVpAIPwK9ogAIiICIiAiIgIiIFkREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERB//Z", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4898533862415600, + "definition": { + "type": "note", + "content": "Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities. Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your client computers against known and unknown threats, such as viruses, worms, Trojan horses, and adware. Symantec Endpoint Protection provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates.\n\nThis dashboard provides information about the Traffic logs of Network and Host Exploit Mitigation generated on Symantec Endpoint Protection.\n\nFor more information, see the [Symantec Endpoint Protection Integration Documentation](https://docs.datadoghq.com/integrations/symantec_endpoint_protection/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 5 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 2211969513760712, + "definition": { + "title": "Traffic Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3020213415645458, + "definition": { + "title": "Traffic Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 8558389280424628, + "definition": { + "title": "Total Traffic Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 4689954548542720, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic -@usr.name:none $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 3, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 2242042641087026, + "definition": { + "title": "Traffic", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5422757808597126, + "definition": { + "title": "Top Local Host IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@local_host_ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4866689992301276, + "definition": { + "title": "Top Remote Host IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 8012745767336182, + "definition": { + "title": "Top Remote Hosts", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@remote_host_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 7048068374094152, + "definition": { + "title": "Local Host Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@local_host_ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@local_port", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 3620296361223228, + "definition": { + "title": "Remote Host Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@remote_host_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@remote_port", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 8021042611964752, + "definition": { + "title": "Distribution by Traffic Direction", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@traffic_direction", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 7856975811001250, + "definition": { + "title": "Distribution by Network Protocol", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network_protocol", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 3063629939554200, + "definition": { + "title": "Top Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@traffic_rule", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 5189049338252654, + "definition": { + "title": "Top Domains", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@domain_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 7189970476481122, + "definition": { + "title": "Top Applications", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@application", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 3116561312444992, + "definition": { + "title": "Top Actions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 5328330991566142, + "definition": { + "title": "Distribution by Action", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 4, + "y": 16, + "width": 8, + "height": 4 + } + }, + { + "id": 7316034751515030, + "definition": { + "title": "Traffic Frequency", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@local_host_ip", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@network.client.ip", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@traffic_direction", + "limit": 15, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 3375, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "always" + }, + "layout": { + "x": 0, + "y": 20, + "width": 5, + "height": 4 + } + }, + { + "id": 6416015596981514, + "definition": { + "title": "Traffic over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Traffic", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@traffic_direction", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 5, + "y": 20, + "width": 7, + "height": 4 + } + }, + { + "id": 30009786416144, + "definition": { + "title": "Traffic by Country", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 29 + } + }, + { + "id": 5198505422235674, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:symantec-endpoint-protection service:traffic $Domain $Application $Local_Host_IP $Remote_Host_IP", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "traffic_rule", + "width": "auto" + }, + { + "field": "traffic_direction", + "width": "auto" + }, + { + "field": "application", + "width": "auto" + }, + { + "field": "domain_name", + "width": "auto" + }, + { + "field": "network_protocol", + "width": "auto" + }, + { + "field": "remote_host_name", + "width": "auto" + }, + { + "field": "network.client.ip", + "width": "auto" + }, + { + "field": "remote_port", + "width": "auto" + }, + { + "field": "local_host_ip", + "width": "auto" + }, + { + "field": "local_port", + "width": "auto" + }, + { + "field": "location", + "width": "auto" + }, + { + "field": "start_time", + "width": "auto" + }, + { + "field": "end_time", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "Domain", + "prefix": "@domain_name", + "available_values": [], + "default": "*" + }, + { + "name": "Application", + "prefix": "@application_name", + "available_values": [], + "default": "*" + }, + { + "name": "Local_Host_IP", + "prefix": "@local_host_ip", + "available_values": [], + "default": "*" + }, + { + "name": "Remote_Host_IP", + "prefix": "@network.client.ip", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/symantec_endpoint_protection/assets/logs/symantec-endpoint-protection.yaml b/symantec_endpoint_protection/assets/logs/symantec-endpoint-protection.yaml new file mode 100644 index 0000000000000..f12761db9c08a --- /dev/null +++ b/symantec_endpoint_protection/assets/logs/symantec-endpoint-protection.yaml @@ -0,0 +1,742 @@ +id: symantec-endpoint-protection +metric_id: symantec-endpoint-protection +backend_only: false +facets: + - groups: + - Geoip + name: City Name + path: network.client.geoip.city.name + source: log + - groups: + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name + source: log +pipeline: + type: pipeline + name: Symantec Endpoint Protection + enabled: true + filter: + query: source:symantec-endpoint-protection + processors: + - type: pipeline + name: Processing for Application Control Logs + enabled: true + filter: + query: "Device ID" + processors: + - type: grok-parser + name: Parsing Application Control Logs + enabled: true + source: message + samples: + - "<54>Sep 13 08:21:26 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-CIK30CC,172.50.12.208,Continue,Application and Device + Control is ready,System,Begin: 2024-09-13 08:20:13,End Time: + 2024-09-13 08:20:13,Rule: Built-in + rule,0,SysPlant,0,SysPlant,None,User Name: None,Domain Name: + None,Action Type: ,File size (bytes): 0,Device ID:" + - "<54>Sep 13 08:34:00 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-CIK30CC,198.252.206.17,Continue,Application and Device + Control is ready,System,Begin: 2024-09-13 08:32:44,End Time: + 2024-09-13 08:32:44,Rule: Built-in + rule,0,SysPlant,0,SysPlant,None,User Name: Bob,Domain Name: + example.local,Action Type: Block,File size (bytes): 16385,Device + ID: 890124,IP Address: 104.199.65.125,IP Address1: 203.0.113.1,MAC + Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: + 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.0.0.1,IP + Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: + 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: + 66:77:88:99:00:11,GATEWAY4: 203.0.113.254" + grok: + supportRules: application_helper_rule %{regex("[^,]*")} + matchRules: 'application_rule (<%{integer}>)?(%{date("MMM d + HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? + %{notSpace:syslog.hostname}? SymantecServer:( + )?%{application_helper_rule:syslog.symantecServer}?,( + )?%{ip:network.client.ip}?,( + )?%{application_helper_rule:action_description}?,( + )?%{application_helper_rule:application_event_description}?,( + )?%{application_helper_rule:api_name}?,Begin:( + )?%{date("yyyy-MM-dd HH:mm:ss"):start_time}?,End Time:( + )?%{application_helper_rule:end_time}?,Rule:( + )?%{application_helper_rule:rule_name}?,( + )?%{application_helper_rule:caller_process_id}?,( + )?%{application_helper_rule:called_process_name}?,( + )?%{application_helper_rule:caller_return_address}?,( + )?%{application_helper_rule:caller_return_module_name}?,( + )?%{application_helper_rule:parameters}?,User Name:( + )?%{application_helper_rule:usr.name}?,Domain Name:( + )?%{application_helper_rule:domain_name}?,Action Type:( + )?%{application_helper_rule:action_type}?,File size \(bytes\):( + )?%{integer:file_size}?,Device ID:( )?%{integer:device_id}?(,IP + Address:( )?%{ip:ip_Address}?)?(,IP Address1:( + )?%{ip:ip_address_1}?)?(,MAC Address1:( + )?%{application_helper_rule:mac_address_1})?(,GATEWAY1:( + )?%{application_helper_rule:gateway1})?(,IP Address2:( + )?%{ip:ip_address_2}?)?(,MAC Address2:( + )?%{application_helper_rule:mac_address_2})?(,GATEWAY2:( + )?%{application_helper_rule:gateway2})?(,IP Address3: + %{ip:ip_address_3}?)?(,MAC Address3:( + )?%{application_helper_rule:mac_address_3})?(,GATEWAY3:( + )?%{application_helper_rule:gateway3})?(,IP Address4:( + )?%{ip:ip_address_4})?(,MAC Address4:( + )?%{application_helper_rule:mac_address_4})?(,GATEWAY4:( + )?%{greedyData:gateway4}?)?' + - type: pipeline + name: Processing for Security Logs + enabled: true + filter: + query: "CIDS Signature ID" + processors: + - type: grok-parser + name: Parsing Security Logs + enabled: true + source: message + samples: + - "<54>Sep 16 23:59:55 WIN-RQBT7BNE363 SymantecServer: + WIN-4K914H0NBUP,Event Description: Host Integrity check passed + ,Event Type: ,Local Host IP: 172.50.12.216,Local Host MAC: + 0050569214AF,Remote Host Name: ,Remote Host IP: + 172.50.12.216,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: + 2024-09-16 23:58:20,End Time: 2024-09-16 23:58:20,Occurrences: + 1,Application: ,Location: Default,User Name: none,Domain Name: + ,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature + string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload + URL: ,SHA-256: ,MD-5: ,Intensive Protection Level: N/A,URL Risk: + N/A,URL Category: N/A,Correlation ID:" + - "<51>Sep 12 00:11:39 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-CIK30CC,Event Description: Device Manager Message Disabled + the device. [name]:VMware USB Pointing Device [class]:Mice and + other pointing devices [guid]:4d36e96f-e325-11ce-bfc1-08002be10318 + [deviceID]:HID\\VID_0E0F&PID_0003&MI_01\\8&95BC71C&0&0000,Event + Type: ,Local Host IP: 172.50.12.208,Local Host MAC: + 00505681213E,Remote Host Name: ,Remote Host IP: 0.0.0.0,Remote + Host MAC: 000000000000,Unknown,Unknown,,Begin: 2024-09-12 + 00:10:39,End Time: 2024-09-12 00:10:39,Occurrences: + 1,Application: ,Location: Default,User Name: admin,Domain Name: + DESKTOP-CIK30CC,Local Port: 0,Remote Port: 0,CIDS Signature ID: + 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: + ,Intrusion Payload URL: ,SHA-256: ,MD-5: ,Intensive Protection + Level: N/A,URL Risk: N/A,URL Category: N/A,Correlation ID:" + - "<52>Sep 11 03:17:37 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-GGG3BOO,\"Event Description: Somebody is scanning your + computer. Your computer's TCP ports: 21, 22, 443, 25 and 23 + have been scanned from 172.50.7.24.\",Event Type: ,Local Host IP: + 172.50.11.207,Local Host MAC: 00505681D973,Remote Host Name: + ,Remote Host IP: 172.50.7.24,Remote Host MAC: + 00505681A7C6,Inbound,TCP,,Begin: 2024-09-11 03:15:28,End Time: + 2024-09-11 03:15:29,Occurrences: 1,Application: ,Location: + Default,User Name: Test,Domain Name: DESKTOP-GGG3BOO,Local Port: + 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS + Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: + ,SHA-256: ,MD-5: ,Intensive Protection Level: N/A,URL Risk: + N/A,URL Category: N/A,Correlation ID:\t" + - "<54>Apr 27 00:49:29 C7016238111 SymantecServer: C7332658237,Event + Description: [SID: 24461] Web Attack: EICAR Standard Anti-Virus + Test File Download attack blocked. Traffic has been blocked for + this application: C:\\PROGRAM FILES + (X86)\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE,Event Type: + Intrusion Prevention System Intrusion Detected,Local Host IP: + 172.160.12.56,Local Host MAC: 0050569214B1,Remote Host Name: + test456,Remote Host IP: 93.184.216.100,Remote Host MAC: + 00:11:22:33:44:55,Inbound,TCP,Blocked,Begin: 2022-04-27 + 00:58:20,End Time: 2022-04-27 00:58:20,Occurrences: 1,Application: + C:/PROGRAM FILES + (X86)/GOOGLE/CHROME/APPLICATION/CHROME.EXE,Location: Default,User + Name: Administrator,Domain Name: C7332658237,Local Port: + 53967,Remote Port: 80,CIDS Signature ID: 24461,CIDS Signature + string: Web Attack: EICAR Standard Anti-Virus Test File + Download,CIDS Signature SubID: 65536,Intrusion URL: + http://s3-eu-west-1.amazonaws.com/cp-chk-files/e.txt?static=CPChe\ + ckMe&rand=1651046295517,Intrusion Payload URL: + http://example.com,IP Address1: 203.0.113.1,MAC Address1: + 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: + 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.0.0.1,IP + Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: + 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: + 66:77:88:99:00:11,GATEWAY4: 203.0.113.254,SHA-256: + 45DE9F5A25BF478C6A8D8625A984895C9B3FDEA6EB12A55DDD088DCEBD9DF5AB,\ + MD-5: 9f86d081884c7d659a2feaa0c55ad023,Intensive Protection Level: + N/A,URL Risk: N/A,URL Category: Content Servers,Correlation ID: + 12345" + - "<54>Apr 27 00:49:29 C7016238111 SymantecServer: C7332658237,Event + Description: Active Response that started at 4/27/2022 12:58:20 AM + is disengaged. The traffic from IP address 52.218.40.91 was + blocked for 600 second(s). ,Event Type: Active Response was + disengaged,Local Host IP: 192.0.2.1,Local Host MAC: + 0050569214B0,Remote Host Name: test123,Remote Host IP: + 134.122.45.250,Remote Host MAC: + 000000000000,Unknown,OTHERS,,Begin: 2022-04-27 01:08:20,End Time: + 2022-04-27 01:08:20,Occurrences: 1,Application: + C:/path/testApplication,Location: Default,User Name: + Administrator,Domain Name: C7332658237,Local Port: 80,Remote Port: + 0,CIDS Signature ID: 0,CIDS Signature string: Test Signature,CIDS + Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: + ,SHA-256: ,MD-5: ,Intensive Protection Level: N/A,URL Risk: + N/A,URL Category: N/A" + grok: + supportRules: security_helper_rule %{regex("[^,]*")} + matchRules: security_log_rule1 (<%{integer}>)?%{date("MMM d + HH:mm:ss"):timestamp}? %{notSpace:syslog.hostname} + SymantecServer:( + )?%{security_helper_rule:syslog.symantecServer}?,(Event + Description:( + )?%{security_helper_rule:security_event_description}?|"Event + Description:( + )?%{regex("[^\"]*"):security_event_description}")?,Event Type:( + )?%{security_helper_rule:event_type}?,Local Host IP:( + )?%{ip:local_host_ip}?,Local Host MAC:( + )?%{notSpace:local_host_mac}?,Remote Host Name:( + )?%{security_helper_rule:remote_host_name}?,Remote Host IP:( + )?%{ip:network.client.ip}?,Remote Host MAC:( + )?%{notSpace:remote_host_mac}?,%{word:traffic_direction}?,%{word:network_protocol}?,%{word:hack_type}?,Begin:( + )?%{date("yyyy-MM-dd HH:mm:ss"):start_time},End Time:( + )?%{date("yyyy-MM-dd HH:mm:ss"):end_time}?,Occurrences:( + )?%{integer:occurrences}?,Application:( + )?%{security_helper_rule:application}?,Location:( + )?%{security_helper_rule:location}?,User Name:( + )?%{security_helper_rule:usr.name}?,Domain Name:( + )?%{security_helper_rule:domain_name}?,Local Port:( + )?%{integer:local_port}?,Remote Port:( + )?%{integer:remote_port}?,CIDS Signature ID:( + )?%{integer:cids_signature_id}?,CIDS Signature string:( + )?%{security_helper_rule:cids_signature_string}?,CIDS Signature + SubID:( )?%{integer:cids_signature_subid}?,Intrusion URL:( + )?%{security_helper_rule:intrusion_url}?,Intrusion Payload URL:( + )?%{security_helper_rule:intrusion_payload_url}?(,IP Address1:( + )?%{ip:ip_address_1}?)?(,MAC Address1:( + )?%{security_helper_rule:mac_address_1})?(,GATEWAY1:( + )?%{security_helper_rule:gateway1})?(,IP Address2:( + )?%{ip:ip_address_2}?)?(,MAC Address2:( + )?%{security_helper_rule:mac_address_2})?(,GATEWAY2:( + )?%{security_helper_rule:gateway2})?(,IP Address3:( + )?%{ip:ip_address_3}?)?(,MAC Address3:( + )?%{security_helper_rule:mac_address_3})?(,GATEWAY3:( + )?%{security_helper_rule:gateway3})?(,IP Address4:( + )%{ip:ip_address_4}?)?(,MAC Address4:( + )?%{security_helper_rule:mac_address_4})?(,GATEWAY4:( + )?%{security_helper_rule:gateway4})?,SHA-256:( + )?%{security_helper_rule:sha256}?,MD-5:( + )?%{security_helper_rule:md5}?,Intensive Protection Level:( + )?%{security_helper_rule:intensive_protection_level}?,URL Risk:( + )?%{security_helper_rule:url_risk}?,URL Category:( + )?%{security_helper_rule:url_category}?(,Correlation ID:( + )?%{greedyData:correlation_id}?)? + - type: pipeline + name: Processing for Risk Logs + enabled: true + filter: + query: "Risk name" + processors: + - type: grok-parser + name: Parsing Risk Logs + enabled: true + source: message + samples: + - "<54>Sep 11 02:54:24 WIN-RQBT7BNE363 SymantecServer: Virus + found,IP Address: 172.50.12.207,Computer name: + DESKTOP-GGG3BOO,Source: Auto-Protect scan,Risk name: + Trojan.Gen.NPE.2,Occurrences: 1,File path: + C:\\Users\\Test.DESKTOP-GGG3BOO\\Downloads\\Unconfirmed + 791873.crdownload,Description: ,Actual action: Cleaned by + deletion,Requested action: Cleaned,Secondary action: + Quarantined,Event time: 2024-09-11 02:52:57,Event Insert Time: + 2024-09-11 02:54:24,End Time: 2024-09-11 02:52:58,Last update + time: 2024-09-11 02:54:24,Domain Name: Default,Group Name: My + Company\\Default Group,Server Name: WIN-RQBT7BNE363,User Name: + Test,Source Computer Name: ,Source Computer IP: ,Disposition: + Bad,Download site: ,Web domain: ,Downloaded by: + msedge.exe,Prevalence: This file has been seen by tens of + thousands of Symantec users.,Confidence: This file is + untrustworthy.,URL Tracking Status: On,First Seen: Symantec has + known about this file for more than 1 year.,Sensitivity: ,Allowed + application reason: Not on the allow list,Application hash: + E1105070BA828007508566E28A2B8D4C65D192E9EAF3B7868382B7CAE747B397,\ + Hash type: SHA2,Company name: ,Application name: Unconfirmed + 767397.crdownload,Application version: ,Application type: 127,File + size (bytes): 308,Category set: Malware,Category type: + Virus,Location: Default,Intensive Protection Level: 0,Certificate + issuer: ,Certificate signer: ,Certificate thumbprint: ,Signing + timestamp: 0,Certificate serial number:" + - '<54>Sep 16 08:30:10 WIN-RQBT7BNE367 SymantecServer: Virus + found,IP Address: 192.168.1.104,Computer name: + DESKTOP-GHI789,Source: Auto-Protect scan,Risk name: + Worm.P2P.Gen,Occurrences: 1,File path: + C:\Downloads\infected.zip,Description: Worm detected,Actual + action: Cleaned by deletion,Requested action: Cleaned,Secondary + action: Quarantined,Event time: 2024-09-16 08:28:05,Event Insert + Time: 2024-09-16 08:30:10,End Time: 2024-09-16 08:28:07,Last + update time: 2024-09-16 08:30:10,Domain Name: + MyCompanyDomain,Group Name: My Company\Sales Team,Server Name: + WIN-RQBT7BNE367,User Name: Robert Brown,Source Computer Name: + DESKTOP-GHI789,Source Computer IP: 192.168.1.104,IP Address 1: + 203.0.113.1,MAC Address 1: 00:11:22:33:44:55,GATEWAY IP 1: + 192.168.1.1,IP Address 2: 198.51.100.1,MAC Address 2: + AA:BB:CC:DD:EE:FF,GATEWAY IP 2: 172.0.0.1,IP Address 3: + 192.0.2.1,MAC Address 3: 11:22:33:44:55:66,GATEWAY IP 3: + 172.16.1.1,IP Address 4: 185.245.40.65,MAC Address 4: + 66:77:88:99:00:11,GATEWAY IP 4: 203.0.113.254,Disposition: + Bad,Download site: https://untrustedsource.com,Web domain: + untrustedsource.com,Downloaded by: edge.exe,Prevalence: This file + has been seen by some Symantec users.,Confidence: This file is + untrustworthy.,URL Tracking Status: On,First Seen: Symantec has + known about this file for more than 2 years.,Sensitivity: + Medium,Allowed application reason: Not on the allow + list,Application hash: 67890ABCDEF1234567890ABCDEF1234567890,Hash + type: SHA2,Company name: GHI Corporation,Application name: + infected.zip,Application version: 5.0,Application type: 130,File + size (bytes): 8192,Category set: Worm,Category type: + Virus,Location: Default,Intensive Protection Level: 4,Certificate + issuer: Symantec Corporation,Certificate signer: Symantec SHA256 + Code Signing CA,Certificate thumbprint: + 567890ABCDEF1234567890ABCDEF,Signing timestamp: + 1643723400,Certificate serial number: 567890ABCDEF"' + grok: + supportRules: risk_helper_rule %{regex("[^,]*")} + matchRules: 'risk_rule (<%{integer}>)?(%{date("MMM d + HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? + %{notSpace:syslog.hostname}? SymantecServer:( + )?%{risk_helper_rule:risk_type}?,IP Address:( + )?%{ip:network.client.ip}?,Computer name:( + )?%{risk_helper_rule:computer_name}?,Source:( + )?%{risk_helper_rule:scan_source}?,Risk name:( + )?%{risk_helper_rule:risk_name}?,Occurrences:( + )?%{integer:occurrences}?,File path:( + )?%{risk_helper_rule:file_path}?,Description:( + )?%{risk_helper_rule:risk_event_description}?,Actual action:( + )?%{risk_helper_rule:actual_action}?,Requested action:( + )?%{risk_helper_rule:requested_action}?,Secondary action:( + )?%{risk_helper_rule:secondary_action}?,Event time:( + )?%{risk_helper_rule:event_time}?,Event Insert Time:( + )?%{risk_helper_rule:event_insert_time}?,End Time:( + )?%{risk_helper_rule:end_time}?,Last update time:( + )?%{risk_helper_rule:last_update_time}?,Domain Name:( + )?%{risk_helper_rule:domain_name}?,Group Name:( + )?%{risk_helper_rule:group_name}?,Server Name:( + )?%{risk_helper_rule:server_name}?,User Name:( + )?%{risk_helper_rule:usr.name}?,Source Computer Name:( + )?%{risk_helper_rule:source_computer_name}?,Source Computer IP:( + )?%{risk_helper_rule:source_computer_ip}?(,IP Address 1:( + )?%{ip:ip_address_1}?)?(,MAC Address 1:( + )?%{risk_helper_rule:mac_address_1})?(,GATEWAY IP 1:( + )?%{risk_helper_rule:gateway1})?(,IP Address 2:( + )?%{ip:ip_address_2}?)?(,MAC Address 2:( + )?%{risk_helper_rule:mac_address_2})?(,GATEWAY IP 2:( + )?%{risk_helper_rule:gateway2})?(,IP Address 3: + %{ip:ip_address_3}?)?(,MAC Address 3:( + )?%{risk_helper_rule:mac_address_3})?(,GATEWAY IP 3:( + )?%{risk_helper_rule:gateway3})?(,IP Address 4:( + )?%{ip:ip_address_4})?(,MAC Address 4:( + )?%{risk_helper_rule:mac_address_4})?(,GATEWAY IP 4:( + )?%{risk_helper_rule:gateway4})?,Disposition:( + )?%{risk_helper_rule:disposition}?,Download site:( + )?%{risk_helper_rule:download_site}?,Web domain:( + )?%{risk_helper_rule:web_domain}?,Downloaded by:( + )?%{risk_helper_rule:downloaded_by}?,Prevalence:( + )?%{risk_helper_rule:prevalence}?,Confidence:( + )?%{risk_helper_rule:confidence}?,URL Tracking Status:( + )?%{risk_helper_rule:url_tracking_status}?,First Seen:( + )?%{risk_helper_rule:first_seen}?,Sensitivity:( + )?%{risk_helper_rule:sensitivity}?,Allowed application reason:( + )?%{risk_helper_rule:allowed_application_reason}?,Application + hash:( )?%{risk_helper_rule:application_hash}?,Hash type:( + )?%{risk_helper_rule:hash_type}?,Company name:( + )?%{risk_helper_rule:company_name}?,Application name:( + )?%{risk_helper_rule:application_name}?,Application version:( + )?%{risk_helper_rule:application_version}?,Application type:( + )?%{risk_helper_rule:application_type}?,File size \(bytes\):( + )?%{integer:file_size}?,Category set:( + )?%{risk_helper_rule:category_set}?,Category type:( + )?%{risk_helper_rule:category_type}?,Location:( + )?%{risk_helper_rule:location}?,Intensive Protection Level:( + )?%{risk_helper_rule:intensive_protection_level}?,Certificate + issuer:( )?%{risk_helper_rule:certificate_issuer}?,Certificate + signer:( )?%{risk_helper_rule:certificate_signer}?,Certificate + thumbprint:( )?%{risk_helper_rule:certificate_thumbprint}?,Signing + timestamp:( )?%{risk_helper_rule:signing_timestamp}?,Certificate + serial number:( )?%{greedyData:certificate_serial_number}?' + - type: pipeline + name: Processing for Scan Logs + enabled: true + filter: + query: "Scan ID" + processors: + - type: grok-parser + name: Parsing Scan Logs + enabled: true + source: message + samples: + - "<54>Sep 10 21:54:23 WIN-RQBT7BNE363 SymantecServer: Scan ID: + 1725971909,Begin: 2024-09-10 21:45:57,End Time: 2024-09-10 + 21:48:31,Completed,Duration (seconds): 154,User1: SYSTEM,User2: + SYSTEM,Scan started on selected drives and folders and all + extensions.,Scan Complete: Risks: 0 Scanned: + 732 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: + 338,Command: Not a command scan (),Threats: 0,Infected: 0,Total + files: 732,Omitted: 0,Computer: DESKTOP-GGG3BOO,IP Address: + 172.50.12.207,Domain Name: Default,Group Name: My Company\\Default + Group,Server Name: WIN-RQBT7BNE363,Scan Type: Definition Watch + Scan\t" + - "<54>Sep 17 04:21:09 WIN-RQBT7BNE363 SymantecServer: Scan ID: + 1725972038,Begin: 2024-09-17 04:19:12,End Time: ,Started,Duration + (seconds): 0,User1: SYSTEM,User2: ,Scan started on selected drives + and folders and all extensions.,,Command: Not a command scan + (),Threats: 0,Infected: 0,Total files: 0,Omitted: 0,Computer: + DESKTOP-GGG3BOO,IP Address: 198.51.100.1,Domain Name: + Default,Group Name: My Company\\Default Group,Server Name: + WIN-RQBT7BNE363,Scan Type: Definition Watch Scan" + - "<54>Sep 11 05:01:59 WIN-RQBT7BNE363 SymantecServer: Scan ID: + 1725971915,Begin: 2024-09-11 22:33:48,End Time: ,Started,Duration + (seconds): 0,User1: SYSTEM,User2: ,Scan started on selected drives + and folders and all extensions.,,Command: Not a command scan + (),Threats: 0,Infected: 0,Total files: 0,Omitted: 0,Computer: + DESKTOP-GGG3BOO,IP Address: 203.0.113.123,Domain Name: + Default,Group Name: My Company\\Default Group,Server Name: + WIN-RQBT7BNE363,Scan Type: Definition Watch Scan,IP Address1: + 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: + 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: + AA:BB:CC:DD:EE:FF,GATEWAY2: 172.0.0.1,IP Address3: 192.0.2.1,MAC + Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: + 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: + 203.0.113.254" + - "<54>Sep 10 21:54:23 WIN-RQBT7BNE363 SymantecServer: Scan ID: + 1725971909,Begin: 2024-09-10 21:45:57,End Time: 2024-09-10 + 21:48:31,Completed,Duration (seconds): 154,User1: SYSTEM,User2: + SYSTEM,Scan started on selected drives and folders and all + extensions.,Scan Complete: Risks: 0 Scanned: + 732 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: + 338,Command: Not a command scan (),Threats: 0,Infected: 0,Total + files: 732,Omitted: 0,Computer: DESKTOP-GGG3BOO,IP Address: + 203.0.113.1,Domain Name: Default,Group Name: My Company\\Default + Group,Server Name: WIN-RQBT7BNE363,Scan Type: Definition Watch + Scan,IP Address1: 203.0.113.1,MAC Address1: + 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: + 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.0.0.1,IP + Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: + 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: + 66:77:88:99:00:11,GATEWAY4: 203.0.113.254" + grok: + supportRules: >- + scan_results ?((Scan Complete|Scan + Suspended):?\s+Risks:\s+%{integer:scan_results.risks}\s+Scanned:\s+%{integer:scan_results.scanned}\s+%{notSpace:scan_results.file_path} + Omitted:\s+%{integer:scan_results.omitted}\s+Trusted Files + Skipped:\s+%{integer:scan_results.trusted_files_skipped}) + + + scan_helper_rule %{regex("[^,]*")} + matchRules: scan_rule (<%{integer}>)?(%{date("MMM d + HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp}) + %{notSpace:syslog.hostname} SymantecServer:( )Scan ID:( + )?%{integer:scan_id}?,Begin:( )?%{date("yyyy-MM-dd + HH:mm:ss"):start_time}?,End Time:( )?%{date("yyyy-MM-dd + HH:mm:ss"):end_time}?,%{word:status}?,Duration \(seconds\):( + )?%{integer:duration}?,User1:( + )?%{scan_helper_rule:user1}?,User2:( + )?%{scan_helper_rule:user2}?,%{scan_helper_rule:scan_description}?,%{scan_results}?,Command:( + )?%{scan_helper_rule:command}?,Threats:( + )%{integer:threats}?,Infected:( )?%{integer:infected}?,Total + files:( )?%{integer:total_files}?,Omitted:( + )?%{integer:omitted_files}?,Computer:( + )?%{scan_helper_rule:computer}?,IP Address:( + )?%{ip:network.client.ip}?,Domain Name:( + )?%{scan_helper_rule:domain_name}?,Group Name:( + )?%{scan_helper_rule:group_name}?,Server Name:( + )?%{scan_helper_rule:server_name}?,Scan Type:( + )?%{scan_helper_rule:scan_type}?(,IP Address1:( + )?%{ip:ip_address_1}?)?(,MAC Address1:( + )?%{scan_helper_rule:mac_address_1})?(,GATEWAY1:( + )?%{scan_helper_rule:gateway1})?(,IP Address2:( + )?%{ip:ip_address_2}?)?(,MAC Address2:( + )?%{scan_helper_rule:mac_address_2})?(,GATEWAY2:( + )?%{scan_helper_rule:gateway2})?(,IP Address3:( + )?%{ip:ip_address_3}?)?(,MAC Address3:( + )?%{scan_helper_rule:mac_address_3})?(,GATEWAY3:( + )?%{scan_helper_rule:gateway3})?(,IP Address4:( + )?%{ip:ip_address_4}?)?(,MAC Address4:( + )?%{scan_helper_rule:mac_address_4})?(,GATEWAY4:( + )?%{greedyData:gateway4})? + - type: pipeline + name: Processing for Traffic Logs + enabled: true + filter: + query: "Action" + processors: + - type: grok-parser + name: Parsing Traffic Logs + enabled: true + source: message + samples: + - "<54>Apr 27 00:49:29 C7016238111 SymantecServer: C7332658237,Local + Host IP: 172.160.12.56,Local Port: 3,Local Host MAC: + 00505624157B,Remote Host IP: 172.160.60.184,Remote Host Name: + test,Remote Port: 3,Remote Host MAC: + 00505604B7C5,ICMP,Outbound,Begin: 2022-04-27 02:44:28,End Time: + 2022-04-27 02:44:28,Occurrences: 1,Application: test,Rule: Block + all other IP traffic and log,Location: Default,User Name: + Administrator,Domain Name: C7332658237,Action: Blocked,SHA-256: + test,MD-5:" + - "<54>Sep 11 03:07:36 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-GGG3BOO,Local Host IP: 172.50.12.207,Local Port: 3,Local + Host MAC: 00505681D973,Remote Host IP: 172.50.12.206,Remote Host + Name: ,Remote Port: 3,Remote Host MAC: + 005056816AF5,ICMP,Outbound,Begin: 2024-09-11 03:01:49,End Time: + 2024-09-11 03:01:49,Occurrences: 1,Application: ,Rule: Block all + other IP traffic and log,Location: Default,User Name: Test,Domain + Name: DESKTOP-GGG3BOO,Action: Blocked,SHA-256: ,MD-5:" + - "<54>Sep 11 03:16:36 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-GGG3BOO,Local Host IP: 172.50.12.207,Local Port: 3,Local + Host MAC: 00505681D973,Remote Host IP: 172.50.12.206,Remote Host + Name: ,Remote Port: 3,Remote Host MAC: + 005056816AF5,ICMP,Outbound,Begin: 2024-09-11 03:14:28,End Time: + 2024-09-11 03:14:28,Occurrences: 1,Application: ,Rule: Block all + other IP traffic and log,Location: Default,User Name: Test,Domain + Name: DESKTOP-GGG3BOO,IP Address1: ,Action: Blocked,SHA-256: + ,MD-5:" + - > + <54>Sep 27 10:06:25 WIN-RQBT7BNE363 SymantecServer: + WIN-4K914H0NBUP,Local Host IP: 93.184.216.34,Local Port: 21,Local + Host MAC: 0050569214AF,Remote Host IP: 185.245.40.100,Remote Host + Name: test267,Remote Port: 17000,Remote Host MAC: + 00505681A7C6,TCP,Inbound,Begin: 2024-09-27 10:00:06,End Time: + 2024-09-27 10:00:06,Occurrences: 2,Application: + testApplication,Rule: Block all other IP traffic and log,Location: + Default,User Name: Test user,Domain Name: DESKTOP-GGG3BOO,IP + Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: + 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: + AA:BB:CC:DD:EE:FF,GATEWAY2: 172.0.0.1,IP Address3: 192.0.2.1,MAC + Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: + 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: + 203.0.113.254,Action: Blocked,SHA-256: + 4567890987654321098765432109876543210987654321098765432109876543,MD-5: + 3a4a436a436a436a436a436a436a436a + grok: + supportRules: traffic_helper_rule %{regex("[^,]*")} + matchRules: 'traffic_rule (<%{integer}>)?(%{date("MMM d HH:mm:ss"):timestamp})? + %{notSpace:syslog.hostname} SymantecServer:( + )?%{traffic_helper_rule:syslog.symantecServer}?,Local Host IP:( + )?%{ip:local_host_ip}?,Local Port:( )?%{integer:local_port}?,Local + Host MAC:( )?%{traffic_helper_rule:local_host_mac}?,Remote Host + IP:( )?%{ip:network.client.ip}?,Remote Host Name:( + )?%{traffic_helper_rule:remote_host_name}?,Remote Port:( + )?%{integer:remote_port}?,Remote Host MAC:( + )?%{traffic_helper_rule:remote_host_mac}?,%{word:network_protocol}?,%{word:traffic_direction}?,Begin:( + )?%{date("yyyy-MM-dd HH:mm:ss"):start_time},End Time:( + )?%{date("yyyy-MM-dd HH:mm:ss"):end_time}?,Occurrences:( + )?%{integer:occurrences}?,Application:( + )?%{traffic_helper_rule:application}?,Rule:( + )?%{traffic_helper_rule:traffic_rule}?,Location:( + )?%{traffic_helper_rule:location}?,User Name:( + )?%{traffic_helper_rule:usr.name}?,Domain Name:( + )?%{traffic_helper_rule:domain_name}?(,IP Address1:( + )?%{ip:ip_address_1}?)?(,MAC Address1:( + )?%{traffic_helper_rule:mac_address_1})?(,GATEWAY1:( + )?%{traffic_helper_rule:gateway1})?(,IP Address2:( + )?%{ip:ip_address_2}?)?(,MAC Address2:( + )?%{traffic_helper_rule:mac_address_2})?(,GATEWAY2:( + )?%{traffic_helper_rule:gateway2})?(,IP Address3: + %{ip:ip_address_3}?)?(,MAC Address3:( + )?%{traffic_helper_rule:mac_address_3})?(,GATEWAY3:( + )?%{traffic_helper_rule:gateway3})?(,IP Address4:( + )?%{ip:ip_address_4})?(,MAC Address4:( + )?%{traffic_helper_rule:mac_address_4})?(,GATEWAY4:( + )?%{traffic_helper_rule:gateway4})?,Action:( + )?%{traffic_helper_rule:action}?,SHA-256:( + )?%{traffic_helper_rule:sha_256}?,MD-5:( )?%{greedyData:md5}?' + - type: pipeline + name: Processing for Client Activity Logs + enabled: true + filter: + query: "Category" + processors: + - type: grok-parser + name: Parsing System - Client Actvity Logs + enabled: true + source: message + samples: + - "<54>Sep 11 02:44:55 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-GGG3BOO,Category: 2,SONAR,\"Event Description: [SONAR + heuristic Submission] File submitted to Symantec for analysis. + File : 'c:\\program files + (x86)\\microsoft\\edge\\application\\msedge.exe', Size (bytes): + 5044.\",Event time: 2024-09-11 02:40:35,Group Name: My + Company\\Default Group\t\t\t\t\t\t\t\t\t\t" + - "<54>Sep 10 05:46:31 WIN-RQBT7BNE363 SymantecServer: + DESKTOP-GGG3BOO,Category: 0,CVE,Event Description: Downloaded new + content update from the management server successfully. Remote + file path: + https://WIN-RQBT7BNE363:443/content/{05306A8A-E8C1-4081-BD49-94C8\ + E01AF2C1}/240412011/Full.zip,Event time: 2024-09-10 05:42:28,Group + Name: My Company\\Default Group\t\t\t\t\t\t\t\t\t\t" + grok: + supportRules: client_helper_rule %{regex("[^,]*")} + matchRules: client_rule (<%{integer}>)?(%{date("MMM d + HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? + %{notSpace:syslog.hostname}? SymantecServer:( + )?%{client_helper_rule:syslog.SymantecServer}?,Category:( + )?%{integer:category}?,( + )?%{client_helper_rule:event_source}?,(Event Description:( + )?%{client_helper_rule:client_event_description}?|"Event + Description:( )?%{regex("[^\"]*"):client_event_description}")?(,IP + Address1:( )?%{ip:ip_address_1}?)?(,MAC Address1:( + )?%{client_helper_rule:mac_address_1})?(,GATEWAY1:( + )?%{client_helper_rule:gateway1})?(,IP Address2:( + )?%{ip:ip_address_2}?)?(,MAC Address2:( + )?%{client_helper_rule:mac_address_2})?(,GATEWAY2:( + )?%{client_helper_rule:gateway2})?(,IP Address3:( + )?%{ip:ip_address_3}?)?(,MAC Address3:( + )?%{client_helper_rule:mac_address_3})?(,GATEWAY3:( + )?%{client_helper_rule:gateway3})?(,IP Address4:( + )?%{ip:ip_address_4}?)?(,MAC Address4:( + )?%{client_helper_rule:mac_address_4})?(,GATEWAY4:( + )?%{client_helper_rule:gateway4})?,Event time:( + )?%{client_helper_rule:event_time}?,Group Name:( + )?%{client_helper_rule:group_name}? + - type: category-processor + name: Define `service` for client activity logs + enabled: true + categories: + - filter: + query: "@category:*" + name: system + target: service + - type: service-remapper + name: Define `service` as the official service of the log + enabled: true + sources: + - service + - type: pipeline + name: Processing for System Logs + enabled: true + filter: + query: "Site" + processors: + - type: grok-parser + name: Parsing System Logs + enabled: true + source: message + samples: + - "<54>Sep 16 04:25:05 WIN-RQBT7BNE363 SymantecServer: Site: My + Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,The + management server received the client log + successfully,DESKTOP-GGG3BOO,Test,LocalComputer\t\t\t\t\t\t\t\t\t\ + \t" + - "<51>Sep 11 00:03:41 WIN-RQBT7BNE363 SymantecServer: Site: My + Site,Server Name: WIN-RQBT7BNE363,Event Description: The + administrator's user name or password is incorrect. Type a valid + user name or password.\t\t\t\t\t\t\t\t" + - "<54>Sep 11 03:00:13 WIN-RQBT7BNE363 SymantecServer: Site: My + Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,Admin: + admin,Event Description: Site: My Site\t\t\t\t\t\t\t\t\t\t" + - "<54>Sep 10 03:55:14 WIN-RQBT7BNE363 SymantecServer: Site: My + Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,Admin: + admin,Event Description: Added shared policy upon system install: + Added shared policy upon system install,Daily Scheduled + Scan\t\t\t\t" + grok: + supportRules: system_helper_rule %{regex("[^,]*")} + matchRules: >- + client_server_rule (<%{integer}>)?(%{date("MMM d + HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? + %{notSpace:syslog.hostname}? SymantecServer: Site:( + )?%{system_helper_rule:syslog.symantecServer.site}?,Server Name:( + )?%{system_helper_rule:server_name}?,Domain Name:( + )?%{system_helper_rule:domain_name}?,( + )?%{system_helper_rule:client_server_event_description}?,( + )?%{system_helper_rule:host_name}?,( + )?%{system_helper_rule:usr.name}?,( )?%{greedyData:location}? + + + audit_rule (<%{integer}>)?(%{date("MMM d HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? %{notSpace:syslog.hostname}? SymantecServer: Site: %{system_helper_rule:syslog.symantecServer.site}?,Server Name:( )%{system_helper_rule:server_name}?,Domain Name:( )?%{system_helper_rule:domain_name}?,Admin:( )?%{system_helper_rule:audit_admin_name}?,Event Description:( )?%{regex("[^:]*"):audit_event_description}?:( )?%{system_helper_rule:event_type}?,%{greedyData:policy_name}? + + + admin_rule (<%{integer}>)?(%{date("MMM d HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? %{notSpace:syslog.hostname}? SymantecServer: Site:( )?%{system_helper_rule:syslog.symantecServer.site}?,Server Name:( )?%{system_helper_rule:server_name}?,Domain Name:( )?%{system_helper_rule:domain_name}?,Admin:( )?%{system_helper_rule:admin_name}?,Event Description:( )?%{greedyData:admin_event_description}? + + + server_rule (<%{integer}>)?(%{date("MMM d HH:mm:ss"):timestamp}|%{date("MMM d HH:mm:ss"):timestamp})? %{notSpace:syslog.hostname}? SymantecServer: Site:( )?%{system_helper_rule:syslog.symantecServer.site}?,Server Name:( )?%{system_helper_rule:server_name}?,Event Description:( )?%{greedyData:server_event_description}? + - type: date-remapper + name: Define `timestamp` as the official date of the log + enabled: true + sources: + - timestamp + - type: category-processor + name: Define `service` from unique fields of logs + enabled: true + categories: + - filter: + query: (@device_id:* OR @application_event_description:*) + name: application-control + - filter: + query: (@cids_signature_id:* OR @security_event_description:*) + name: security + - filter: + query: (@risk_name:* OR @risk_event_description:*) + name: risk + - filter: + query: (@scan_id:* OR @scan_type:*) + name: scan + - filter: + query: (@action:* OR @traffic_rule:*) + name: traffic + - filter: + query: "@policy_name:*" + name: audit + - filter: + query: (@syslog.site:* OR @admin_event_description:* OR + @client_server_event_description:* OR @server_event_description:*) + name: system + target: service + - type: category-processor + name: Define `activity` for system logs + enabled: true + categories: + - filter: + query: (@category:* OR @client_event_description:*) + name: client + - filter: + query: "@server_event_description:*" + name: server + - filter: + query: (@admin_name:* OR @admin_event_description:*) + name: admin + - filter: + query: (@client_server_admin_name:* OR @client_server_event_description:*) + name: client-server + target: activity + - type: geo-ip-parser + name: "GeoIp Parser for `network.client.ip`" + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: service-remapper + name: Define `service` as the official service of the log + enabled: true + sources: + - service diff --git a/symantec_endpoint_protection/assets/logs/symantec-endpoint-protection_tests.yaml b/symantec_endpoint_protection/assets/logs/symantec-endpoint-protection_tests.yaml new file mode 100644 index 0000000000000..ecdeeb0552812 --- /dev/null +++ b/symantec_endpoint_protection/assets/logs/symantec-endpoint-protection_tests.yaml @@ -0,0 +1,391 @@ +id: "symantec-endpoint-protection" +tests: + - + sample: "<54>Sep 13 08:34:00 WIN-RQBT7BNE363 SymantecServer: DESKTOP-CIK30CC,198.252.206.17,Continue,Application and Device Control is ready,System,Begin: 2024-09-13 08:32:44,End Time: 2024-09-13 08:32:44,Rule: Built-in rule,0,SysPlant,0,SysPlant,None,User Name: Bob,Domain Name: example.local,Action Type: Block,File size (bytes): 16385,Device ID: 890124,IP Address: 104.199.65.125,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254" + result: + custom: + action_description: "Continue" + action_type: "Block" + api_name: "System" + application_event_description: "Application and Device Control is ready" + called_process_name: "SysPlant" + caller_process_id: "0" + caller_return_address: "0" + caller_return_module_name: "SysPlant" + device_id: 890124 + domain_name: "example.local" + end_time: "2024-09-13 08:32:44" + file_size: 16385 + gateway1: "192.168.1.1" + gateway2: "172.16.1.1" + gateway3: "172.16.1.1" + gateway4: "203.0.113.254" + ip_Address: "104.199.65.125" + ip_address_1: "203.0.113.1" + ip_address_2: "198.51.100.1" + ip_address_3: "192.0.2.1" + ip_address_4: "185.245.40.65" + mac_address_1: "00:11:22:33:44:55" + mac_address_2: "AA:BB:CC:DD:EE:FF" + mac_address_3: "11:22:33:44:55:66" + mac_address_4: "66:77:88:99:00:11" + network: + client: + geoip: {} + ip: "198.252.206.17" + parameters: "None" + rule_name: "Built-in rule" + service: "application-control" + start_time: 1726216364000 + syslog: + hostname: "WIN-RQBT7BNE363" + symantecServer: "DESKTOP-CIK30CC" + timestamp: 22062840000 + usr: + name: "Bob" + message: "<54>Sep 13 08:34:00 WIN-RQBT7BNE363 SymantecServer: DESKTOP-CIK30CC,198.252.206.17,Continue,Application and Device Control is ready,System,Begin: 2024-09-13 08:32:44,End Time: 2024-09-13 08:32:44,Rule: Built-in rule,0,SysPlant,0,SysPlant,None,User Name: Bob,Domain Name: example.local,Action Type: Block,File size (bytes): 16385,Device ID: 890124,IP Address: 104.199.65.125,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254" + service: "application-control" + tags: + - "source:LOGS_SOURCE" + timestamp: 22062840000 + - + sample: "<54>Apr 27 00:49:29 C7016238111 SymantecServer: C7332658237,Event Description: [SID: 24461] Web Attack: EICAR Standard Anti-Virus Test File Download attack blocked. Traffic has been blocked for this application: C:\\PROGRAM FILES (X86)\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE,Event Type: Intrusion Prevention System Intrusion Detected,Local Host IP: 172.16.1.1,Local Host MAC: 0050569214B1,Remote Host Name: test456,Remote Host IP: 93.184.216.100,Remote Host MAC: 00:11:22:33:44:55,Inbound,TCP,Blocked,Begin: 2022-04-27 00:58:20,End Time: 2022-04-27 00:58:20,Occurrences: 1,Application: C:/PROGRAM FILES (X86)/GOOGLE/CHROME/APPLICATION/CHROME.EXE,Location: Default,User Name: Administrator,Domain Name: C7332658237,Local Port: 53967,Remote Port: 80,CIDS Signature ID: 24461,CIDS Signature string: Web Attack: EICAR Standard Anti-Virus Test File Download,CIDS Signature SubID: 65536,Intrusion URL: http://s3-eu-west-1.amazonaws.com/cp-chk-files/e.txt?static=CPCheckMe&rand=1651046295517,Intrusion Payload URL: http://example.com,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254,SHA-256: 45DE9F5A25BF478C6A8D8625A984895C9B3FDEA6EB12A55DDD088DCEBD9DF5AB,MD-5: 9f86d081884c7d659a2feaa0c55ad023,Intensive Protection Level: N/A,URL Risk: N/A,URL Category: Content Servers,Correlation ID: 12345" + result: + custom: + application: "C:/PROGRAM FILES (X86)/GOOGLE/CHROME/APPLICATION/CHROME.EXE" + cids_signature_id: 24461 + cids_signature_string: "Web Attack: EICAR Standard Anti-Virus Test File Download" + cids_signature_subid: 65536 + correlation_id: "12345" + domain_name: "C7332658237" + end_time: 1651021100000 + event_type: "Intrusion Prevention System Intrusion Detected" + gateway1: "192.168.1.1" + gateway2: "172.16.1.1" + gateway3: "172.16.1.1" + gateway4: "203.0.113.254" + hack_type: "Blocked" + intensive_protection_level: "N/A" + intrusion_payload_url: "http://example.com" + intrusion_url: "http://s3-eu-west-1.amazonaws.com/cp-chk-files/e.txt?static=CPCheckMe&rand=1651046295517" + ip_address_1: "203.0.113.1" + ip_address_2: "198.51.100.1" + ip_address_3: "192.0.2.1" + ip_address_4: "185.245.40.65" + local_host_ip: "172.16.1.1" + local_host_mac: "0050569214B1" + local_port: 53967 + location: "Default" + mac_address_1: "00:11:22:33:44:55" + mac_address_2: "AA:BB:CC:DD:EE:FF" + mac_address_3: "11:22:33:44:55:66" + mac_address_4: "66:77:88:99:00:11" + md5: "9f86d081884c7d659a2feaa0c55ad023" + network: + client: + geoip: {} + ip: "93.184.216.100" + network_protocol: "TCP" + occurrences: 1 + remote_host_mac: "00:11:22:33:44:55" + remote_host_name: "test456" + remote_port: 80 + security_event_description: "[SID: 24461] Web Attack: EICAR Standard Anti-Virus Test File Download attack blocked. Traffic has been blocked for this application: C:\\PROGRAM FILES (X86)\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE" + service: "security" + sha256: "45DE9F5A25BF478C6A8D8625A984895C9B3FDEA6EB12A55DDD088DCEBD9DF5AB" + start_time: 1651021100000 + syslog: + hostname: "C7016238111" + symantecServer: "C7332658237" + timestamp: 41561369000 + traffic_direction: "Inbound" + url_category: "Content Servers" + url_risk: "N/A" + usr: + name: "Administrator" + message: "<54>Apr 27 00:49:29 C7016238111 SymantecServer: C7332658237,Event Description: [SID: 24461] Web Attack: EICAR Standard Anti-Virus Test File Download attack blocked. Traffic has been blocked for this application: C:\\PROGRAM FILES (X86)\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE,Event Type: Intrusion Prevention System Intrusion Detected,Local Host IP: 172.16.1.1,Local Host MAC: 0050569214B1,Remote Host Name: test456,Remote Host IP: 93.184.216.100,Remote Host MAC: 00:11:22:33:44:55,Inbound,TCP,Blocked,Begin: 2022-04-27 00:58:20,End Time: 2022-04-27 00:58:20,Occurrences: 1,Application: C:/PROGRAM FILES (X86)/GOOGLE/CHROME/APPLICATION/CHROME.EXE,Location: Default,User Name: Administrator,Domain Name: C7332658237,Local Port: 53967,Remote Port: 80,CIDS Signature ID: 24461,CIDS Signature string: Web Attack: EICAR Standard Anti-Virus Test File Download,CIDS Signature SubID: 65536,Intrusion URL: http://s3-eu-west-1.amazonaws.com/cp-chk-files/e.txt?static=CPCheckMe&rand=1651046295517,Intrusion Payload URL: http://example.com,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254,SHA-256: 45DE9F5A25BF478C6A8D8625A984895C9B3FDEA6EB12A55DDD088DCEBD9DF5AB,MD-5: 9f86d081884c7d659a2feaa0c55ad023,Intensive Protection Level: N/A,URL Risk: N/A,URL Category: Content Servers,Correlation ID: 12345" + service: "security" + tags: + - "source:LOGS_SOURCE" + timestamp: 41561369000 + - + sample: "<54>Sep 16 08:30:10 WIN-RQBT7BNE367 SymantecServer: Virus found,IP Address: 192.168.1.104,Computer name: DESKTOP-GHI789,Source: Auto-Protect scan,Risk name: Worm.P2P.Gen,Occurrences: 1,File path: C:\\Downloads\\infected.zip,Description: Worm detected,Actual action: Cleaned by deletion,Requested action: Cleaned,Secondary action: Quarantined,Event time: 2024-09-16 08:28:05,Event Insert Time: 2024-09-16 08:30:10,End Time: 2024-09-16 08:28:07,Last update time: 2024-09-16 08:30:10,Domain Name: MyCompanyDomain,Group Name: My Company\\Sales Team,Server Name: WIN-RQBT7BNE367,User Name: Robert Brown,Source Computer Name: DESKTOP-GHI789,Source Computer IP: 192.168.1.104,IP Address 1: 203.0.113.1,MAC Address 1: 00:11:22:33:44:55,GATEWAY IP 1: 192.168.1.1,IP Address 2: 198.51.100.1,MAC Address 2: AA:BB:CC:DD:EE:FF,GATEWAY IP 2: 172.16.1.1,IP Address 3: 192.0.2.1,MAC Address 3: 11:22:33:44:55:66,GATEWAY IP 3: 172.16.1.1,IP Address 4: 185.245.40.65,MAC Address 4: 66:77:88:99:00:11,GATEWAY IP 4: 203.0.113.254,Disposition: Bad,Download site: https://untrustedsource.com,Web domain: untrustedsource.com,Downloaded by: edge.exe,Prevalence: This file has been seen by some Symantec users.,Confidence: This file is untrustworthy.,URL Tracking Status: On,First Seen: Symantec has known about this file for more than 2 years.,Sensitivity: Medium,Allowed application reason: Not on the allow list,Application hash: 67890ABCDEF1234567890ABCDEF1234567890,Hash type: SHA2,Company name: GHI Corporation,Application name: infected.zip,Application version: 5.0,Application type: 130,File size (bytes): 8192,Category set: Worm,Category type: Virus,Location: Default,Intensive Protection Level: 4,Certificate issuer: Symantec Corporation,Certificate signer: Symantec SHA256 Code Signing CA,Certificate thumbprint: 567890ABCDEF1234567890ABCDEF,Signing timestamp: 1643723400,Certificate serial number: 567890ABCDEF" + result: + custom: + actual_action: "Cleaned by deletion" + allowed_application_reason: "Not on the allow list" + application_hash: "67890ABCDEF1234567890ABCDEF1234567890" + application_name: "infected.zip" + application_type: "130" + application_version: "5.0" + category_set: "Worm" + category_type: "Virus" + certificate_issuer: "Symantec Corporation" + certificate_serial_number: "567890ABCDEF" + certificate_signer: "Symantec SHA256 Code Signing CA" + certificate_thumbprint: "567890ABCDEF1234567890ABCDEF" + company_name: "GHI Corporation" + computer_name: "DESKTOP-GHI789" + confidence: "This file is untrustworthy." + disposition: "Bad" + domain_name: "MyCompanyDomain" + download_site: "https://untrustedsource.com" + downloaded_by: "edge.exe" + end_time: "2024-09-16 08:28:07" + event_insert_time: "2024-09-16 08:30:10" + event_time: "2024-09-16 08:28:05" + file_path: "C:\\Downloads\\infected.zip" + file_size: 8192 + first_seen: "Symantec has known about this file for more than 2 years." + gateway1: "192.168.1.1" + gateway2: "172.16.1.1" + gateway3: "172.16.1.1" + gateway4: "203.0.113.254" + group_name: "My Company\\Sales Team" + hash_type: "SHA2" + intensive_protection_level: "4" + ip_address_1: "203.0.113.1" + ip_address_2: "198.51.100.1" + ip_address_3: "192.0.2.1" + ip_address_4: "185.245.40.65" + last_update_time: "2024-09-16 08:30:10" + location: "Default" + mac_address_1: "00:11:22:33:44:55" + mac_address_2: "AA:BB:CC:DD:EE:FF" + mac_address_3: "11:22:33:44:55:66" + mac_address_4: "66:77:88:99:00:11" + network: + client: + geoip: {} + ip: "192.168.1.104" + occurrences: 1 + prevalence: "This file has been seen by some Symantec users." + requested_action: "Cleaned" + risk_event_description: "Worm detected" + risk_name: "Worm.P2P.Gen" + risk_type: "Virus found" + scan_source: "Auto-Protect scan" + secondary_action: "Quarantined" + sensitivity: "Medium" + server_name: "WIN-RQBT7BNE367" + service: "risk" + signing_timestamp: "1643723400" + source_computer_ip: "192.168.1.104" + source_computer_name: "DESKTOP-GHI789" + syslog: + hostname: "WIN-RQBT7BNE367" + timestamp: 22321810000 + url_tracking_status: "On" + usr: + name: "Robert Brown" + web_domain: "untrustedsource.com" + message: "<54>Sep 16 08:30:10 WIN-RQBT7BNE367 SymantecServer: Virus found,IP Address: 192.168.1.104,Computer name: DESKTOP-GHI789,Source: Auto-Protect scan,Risk name: Worm.P2P.Gen,Occurrences: 1,File path: C:\\Downloads\\infected.zip,Description: Worm detected,Actual action: Cleaned by deletion,Requested action: Cleaned,Secondary action: Quarantined,Event time: 2024-09-16 08:28:05,Event Insert Time: 2024-09-16 08:30:10,End Time: 2024-09-16 08:28:07,Last update time: 2024-09-16 08:30:10,Domain Name: MyCompanyDomain,Group Name: My Company\\Sales Team,Server Name: WIN-RQBT7BNE367,User Name: Robert Brown,Source Computer Name: DESKTOP-GHI789,Source Computer IP: 192.168.1.104,IP Address 1: 203.0.113.1,MAC Address 1: 00:11:22:33:44:55,GATEWAY IP 1: 192.168.1.1,IP Address 2: 198.51.100.1,MAC Address 2: AA:BB:CC:DD:EE:FF,GATEWAY IP 2: 172.16.1.1,IP Address 3: 192.0.2.1,MAC Address 3: 11:22:33:44:55:66,GATEWAY IP 3: 172.16.1.1,IP Address 4: 185.245.40.65,MAC Address 4: 66:77:88:99:00:11,GATEWAY IP 4: 203.0.113.254,Disposition: Bad,Download site: https://untrustedsource.com,Web domain: untrustedsource.com,Downloaded by: edge.exe,Prevalence: This file has been seen by some Symantec users.,Confidence: This file is untrustworthy.,URL Tracking Status: On,First Seen: Symantec has known about this file for more than 2 years.,Sensitivity: Medium,Allowed application reason: Not on the allow list,Application hash: 67890ABCDEF1234567890ABCDEF1234567890,Hash type: SHA2,Company name: GHI Corporation,Application name: infected.zip,Application version: 5.0,Application type: 130,File size (bytes): 8192,Category set: Worm,Category type: Virus,Location: Default,Intensive Protection Level: 4,Certificate issuer: Symantec Corporation,Certificate signer: Symantec SHA256 Code Signing CA,Certificate thumbprint: 567890ABCDEF1234567890ABCDEF,Signing timestamp: 1643723400,Certificate serial number: 567890ABCDEF" + service: "risk" + tags: + - "source:LOGS_SOURCE" + timestamp: 22321810000 + - + sample: "<54>Sep 10 21:54:23 WIN-RQBT7BNE363 SymantecServer: Scan ID: 1725971909,Begin: 2024-09-10 21:45:57,End Time: 2024-09-10 21:48:31,Completed,Duration (seconds): 154,User1: SYSTEM,User2: SYSTEM,Scan started on selected drives and folders and all extensions.,Scan Complete: Risks: 0 Scanned: 732 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 338,Command: Not a command scan (),Threats: 0,Infected: 0,Total files: 732,Omitted: 0,Computer: DESKTOP-GGG3BOO,IP Address: 203.0.113.1,Domain Name: Default,Group Name: My Company\\Default Group,Server Name: WIN-RQBT7BNE363,Scan Type: Definition Watch Scan,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254" + result: + custom: + command: "Not a command scan ()" + computer: "DESKTOP-GGG3BOO" + domain_name: "Default" + duration: 154 + end_time: 1726004911000 + gateway1: "192.168.1.1" + gateway2: "172.16.1.1" + gateway3: "172.16.1.1" + gateway4: "203.0.113.254" + group_name: "My Company\\Default Group" + infected: 0 + ip_address_1: "203.0.113.1" + ip_address_2: "198.51.100.1" + ip_address_3: "192.0.2.1" + ip_address_4: "185.245.40.65" + mac_address_1: "00:11:22:33:44:55" + mac_address_2: "AA:BB:CC:DD:EE:FF" + mac_address_3: "11:22:33:44:55:66" + mac_address_4: "66:77:88:99:00:11" + network: + client: + geoip: {} + ip: "203.0.113.1" + omitted_files: 0 + scan_description: "Scan started on selected drives and folders and all extensions." + scan_id: 1725971909 + scan_results: + file_path: "Files/Folders/Drives" + omitted: 0 + risks: 0 + scanned: 732 + trusted_files_skipped: 338 + scan_type: "Definition Watch Scan" + server_name: "WIN-RQBT7BNE363" + service: "scan" + start_time: 1726004757000 + status: "Completed" + syslog: + hostname: "WIN-RQBT7BNE363" + threats: 0 + timestamp: 21851663000 + total_files: 732 + user1: "SYSTEM" + user2: "SYSTEM" + message: "<54>Sep 10 21:54:23 WIN-RQBT7BNE363 SymantecServer: Scan ID: 1725971909,Begin: 2024-09-10 21:45:57,End Time: 2024-09-10 21:48:31,Completed,Duration (seconds): 154,User1: SYSTEM,User2: SYSTEM,Scan started on selected drives and folders and all extensions.,Scan Complete: Risks: 0 Scanned: 732 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 338,Command: Not a command scan (),Threats: 0,Infected: 0,Total files: 732,Omitted: 0,Computer: DESKTOP-GGG3BOO,IP Address: 203.0.113.1,Domain Name: Default,Group Name: My Company\\Default Group,Server Name: WIN-RQBT7BNE363,Scan Type: Definition Watch Scan,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254" + service: "scan" + tags: + - "source:LOGS_SOURCE" + timestamp: 21851663000 + - + sample: "<54>Sep 27 10:06:25 WIN-RQBT7BNE363 SymantecServer: WIN-4K914H0NBUP,Local Host IP: 93.184.216.34,Local Port: 21,Local Host MAC: 0050569214AF,Remote Host IP: 185.245.40.100,Remote Host Name: test267,Remote Port: 17000,Remote Host MAC: 00505681A7C6,TCP,Inbound,Begin: 2024-09-27 10:00:06,End Time: 2024-09-27 10:00:06,Occurrences: 2,Application: testApplication,Rule: Block all other IP traffic and log,Location: Default,User Name: Test user,Domain Name: DESKTOP-GGG3BOO,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254,Action: Blocked,SHA-256: 4567890987654321098765432109876543210987654321098765432109876543,MD-5: 3a4a436a436a436a436a436a436a436a" + result: + custom: + action: "Blocked" + application: "testApplication" + domain_name: "DESKTOP-GGG3BOO" + end_time: 1727431206000 + gateway1: "192.168.1.1" + gateway2: "172.16.1.1" + gateway3: "172.16.1.1" + gateway4: "203.0.113.254" + ip_address_1: "203.0.113.1" + ip_address_2: "198.51.100.1" + ip_address_3: "192.0.2.1" + ip_address_4: "185.245.40.65" + local_host_ip: "93.184.216.34" + local_host_mac: "0050569214AF" + local_port: 21 + location: "Default" + mac_address_1: "00:11:22:33:44:55" + mac_address_2: "AA:BB:CC:DD:EE:FF" + mac_address_3: "11:22:33:44:55:66" + mac_address_4: "66:77:88:99:00:11" + md5: "3a4a436a436a436a436a436a436a436a" + network: + client: + geoip: {} + ip: "185.245.40.100" + network_protocol: "TCP" + occurrences: 2 + remote_host_mac: "00505681A7C6" + remote_host_name: "test267" + remote_port: 17000 + service: "traffic" + sha_256: "4567890987654321098765432109876543210987654321098765432109876543" + start_time: 1727431206000 + syslog: + hostname: "WIN-RQBT7BNE363" + symantecServer: "WIN-4K914H0NBUP" + timestamp: 23277985000 + traffic_direction: "Inbound" + traffic_rule: "Block all other IP traffic and log" + usr: + name: "Test user" + message: "<54>Sep 27 10:06:25 WIN-RQBT7BNE363 SymantecServer: WIN-4K914H0NBUP,Local Host IP: 93.184.216.34,Local Port: 21,Local Host MAC: 0050569214AF,Remote Host IP: 185.245.40.100,Remote Host Name: test267,Remote Port: 17000,Remote Host MAC: 00505681A7C6,TCP,Inbound,Begin: 2024-09-27 10:00:06,End Time: 2024-09-27 10:00:06,Occurrences: 2,Application: testApplication,Rule: Block all other IP traffic and log,Location: Default,User Name: Test user,Domain Name: DESKTOP-GGG3BOO,IP Address1: 203.0.113.1,MAC Address1: 00:11:22:33:44:55,GATEWAY1: 192.168.1.1,IP Address2: 198.51.100.1,MAC Address2: AA:BB:CC:DD:EE:FF,GATEWAY2: 172.16.1.1,IP Address3: 192.0.2.1,MAC Address3: 11:22:33:44:55:66,GATEWAY3: 172.16.1.1,IP Address4: 185.245.40.65,MAC Address4: 66:77:88:99:00:11,GATEWAY4: 203.0.113.254,Action: Blocked,SHA-256: 4567890987654321098765432109876543210987654321098765432109876543,MD-5: 3a4a436a436a436a436a436a436a436a" + service: "traffic" + tags: + - "source:LOGS_SOURCE" + timestamp: 23277985000 + - + sample: "<54>Sep 10 05:46:31 WIN-RQBT7BNE363 SymantecServer: DESKTOP-GGG3BOO,Category: 0,CVE,Event Description: Downloaded new content update from the management server successfully. Remote file path: https://WIN-RQBT7BNE363:443/content/{05306A8A-E8C1-4081-BD49-94C8E01AF2C1}/240412011/Full.zip,Event time: 2024-09-10 05:42:28,Group Name: My Company\\Default Group" + result: + custom: + activity: "client" + category: 0 + client_event_description: "Downloaded new content update from the management server successfully. Remote file path: https://WIN-RQBT7BNE363:443/content/{05306A8A-E8C1-4081-BD49-94C8E01AF2C1}/240412011/Full.zip" + event_source: "CVE" + event_time: "2024-09-10 05:42:28" + group_name: "My Company\\Default Group" + service: "system" + syslog: + SymantecServer: "DESKTOP-GGG3BOO" + hostname: "WIN-RQBT7BNE363" + timestamp: 21793591000 + message: "<54>Sep 10 05:46:31 WIN-RQBT7BNE363 SymantecServer: DESKTOP-GGG3BOO,Category: 0,CVE,Event Description: Downloaded new content update from the management server successfully. Remote file path: https://WIN-RQBT7BNE363:443/content/{05306A8A-E8C1-4081-BD49-94C8E01AF2C1}/240412011/Full.zip,Event time: 2024-09-10 05:42:28,Group Name: My Company\\Default Group" + service: "system" + tags: + - "source:LOGS_SOURCE" + timestamp: 21793591000 + - + sample: "<54>Sep 16 04:25:05 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,The management server received the client log successfully,DESKTOP-GGG3BOO,Test,LocalComputer" + result: + custom: + activity: "client-server" + client_server_event_description: "The management server received the client log successfully" + domain_name: "Default" + host_name: "DESKTOP-GGG3BOO" + location: "LocalComputer" + server_name: "WIN-RQBT7BNE363" + service: "system" + syslog: + hostname: "WIN-RQBT7BNE363" + symantecServer: + site: "My Site" + timestamp: 22307105000 + usr: + name: "Test" + message: "<54>Sep 16 04:25:05 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,The management server received the client log successfully,DESKTOP-GGG3BOO,Test,LocalComputer" + service: "system" + tags: + - "source:LOGS_SOURCE" + timestamp: 22307105000 + - + sample: "<51>Sep 11 00:03:41 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Event Description: The administrator's user name or password is incorrect. Type a valid user name or password." + result: + custom: + activity: "server" + server_event_description: "The administrator's user name or password is incorrect. Type a valid user name or password." + server_name: "WIN-RQBT7BNE363" + service: "system" + syslog: + hostname: "WIN-RQBT7BNE363" + symantecServer: + site: "My Site" + timestamp: 21859421000 + message: "<51>Sep 11 00:03:41 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Event Description: The administrator's user name or password is incorrect. Type a valid user name or password." + service: "system" + tags: + - "source:LOGS_SOURCE" + timestamp: 21859421000 + - + sample: "<54>Sep 11 03:00:13 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,Admin: admin,Event Description: Site: My Site\t\t\t\t\t\t\t\t\t\t\t\t\t" + result: + custom: + activity: "admin" + admin_event_description: "Site: My Site" + admin_name: "admin" + domain_name: "Default" + server_name: "WIN-RQBT7BNE363" + service: "system" + syslog: + hostname: "WIN-RQBT7BNE363" + symantecServer: + site: "My Site" + timestamp: 21870013000 + message: "<54>Sep 11 03:00:13 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,Admin: admin,Event Description: Site: My Site\t\t\t\t\t\t\t\t\t\t\t\t\t" + service: "system" + tags: + - "source:LOGS_SOURCE" + timestamp: 21870013000 + - + sample: "<54>Sep 10 03:55:14 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,Admin: admin,Event Description: Added shared policy upon system install: Added shared policy upon system install,Daily Scheduled Scan" + result: + custom: + audit_admin_name: "admin" + audit_event_description: "Added shared policy upon system install" + domain_name: "Default" + event_type: "Added shared policy upon system install" + policy_name: "Daily Scheduled Scan" + server_name: "WIN-RQBT7BNE363" + service: "audit" + syslog: + hostname: "WIN-RQBT7BNE363" + symantecServer: + site: "My Site" + timestamp: 21786914000 + message: "<54>Sep 10 03:55:14 WIN-RQBT7BNE363 SymantecServer: Site: My Site,Server Name: WIN-RQBT7BNE363,Domain Name: Default,Admin: admin,Event Description: Added shared policy upon system install: Added shared policy upon system install,Daily Scheduled Scan" + service: "audit" + tags: + - "source:LOGS_SOURCE" + timestamp: 21786914000 diff --git a/symantec_endpoint_protection/assets/service_checks.json b/symantec_endpoint_protection/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/symantec_endpoint_protection/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/symantec_endpoint_protection/assets/symantec_endpoint_protection.svg b/symantec_endpoint_protection/assets/symantec_endpoint_protection.svg new file mode 100644 index 0000000000000..3c93c31bba6f9 --- /dev/null +++ b/symantec_endpoint_protection/assets/symantec_endpoint_protection.svg @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/symantec_endpoint_protection/datadog_checks/__init__.py b/symantec_endpoint_protection/datadog_checks/__init__.py new file mode 100644 index 0000000000000..1517d901c0aae --- /dev/null +++ b/symantec_endpoint_protection/datadog_checks/__init__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__path__ = __import__('pkgutil').extend_path(__path__, __name__) # type: ignore diff --git a/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/__about__.py b/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/__about__.py new file mode 100644 index 0000000000000..acbfd1c866b84 --- /dev/null +++ b/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/__about__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__version__ = '1.0.0' diff --git a/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/__init__.py b/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/__init__.py new file mode 100644 index 0000000000000..e3e1909cdf383 --- /dev/null +++ b/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/__init__.py @@ -0,0 +1,6 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +from .__about__ import __version__ + +__all__ = ['__version__'] diff --git a/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/data/conf.yaml.example b/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/data/conf.yaml.example new file mode 100644 index 0000000000000..afa5b6a37cbfb --- /dev/null +++ b/symantec_endpoint_protection/datadog_checks/symantec_endpoint_protection/data/conf.yaml.example @@ -0,0 +1,20 @@ +## Log Section +## +## type - required - Type of log input source (tcp / udp / file / windows_event). +## port / path / channel_path - required - Set port if type is tcp or udp. +## Set path if type is file. +## Set channel_path if type is windows_event. +## source - required - Attribute that defines which integration sent the logs. +## encoding - optional - For file specifies the file encoding. Default is utf-8. Other +## possible values are utf-16-le and utf-16-be. +## service - optional - The name of the service that generates the log. +## Overrides any `service` defined in the `init_config` section. +## tags - optional - Add tags to the collected logs. +## +## Discover Datadog log collection: https://docs.datadoghq.com/logs/log_collection/ +# +# logs: +# - type: udp +# port: +# source: symantec-endpoint-protection +# service: symantec-endpoint-protection diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_application_control.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_application_control.png new file mode 100644 index 0000000000000..f55327dad035c Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_application_control.png differ diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_overview.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_overview.png new file mode 100644 index 0000000000000..caf058ee82d24 Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_overview.png differ diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_risk.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_risk.png new file mode 100644 index 0000000000000..330282af86f62 Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_risk.png differ diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_scan.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_scan.png new file mode 100644 index 0000000000000..a59106f7cffa9 Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_scan.png differ diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_security.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_security.png new file mode 100644 index 0000000000000..c76ae694fbe40 Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_security.png differ diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_system.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_system.png new file mode 100644 index 0000000000000..cbf93c7dd87e8 Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_system.png differ diff --git a/symantec_endpoint_protection/images/symantec_endpoint_protection_traffic.png b/symantec_endpoint_protection/images/symantec_endpoint_protection_traffic.png new file mode 100644 index 0000000000000..c92de315aa473 Binary files /dev/null and b/symantec_endpoint_protection/images/symantec_endpoint_protection_traffic.png differ diff --git a/symantec_endpoint_protection/manifest.json b/symantec_endpoint_protection/manifest.json new file mode 100644 index 0000000000000..8fb0fa86fb178 --- /dev/null +++ b/symantec_endpoint_protection/manifest.json @@ -0,0 +1,94 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "e334ac09-0038-408b-8666-cba88c3217e6", + "app_id": "symantec-endpoint-protection", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into Symantec Endpoint Protection Logs.", + "title": "Symantec Endpoint Protection", + "media": [ + { + "caption": "Symantec Endpoint Protection - Overview", + "image_url": "images/symantec_endpoint_protection_overview.png", + "media_type": "image" + }, + { + "caption": "Symantec Endpoint Protection - Scan", + "image_url": "images/symantec_endpoint_protection_scan.png", + "media_type": "image" + }, + { + "caption": "Symantec Endpoint Protection - Risk", + "image_url": "images/symantec_endpoint_protection_risk.png", + "media_type": "image" + }, + { + "caption": "Symantec Endpoint Protection - Application Control", + "image_url": "images/symantec_endpoint_protection_application_control.png", + "media_type": "image" + }, + { + "caption": "Symantec Endpoint Protection - Security", + "image_url": "images/symantec_endpoint_protection_security.png", + "media_type": "image" + }, + { + "caption": "Symantec Endpoint Protection - System", + "image_url": "images/symantec_endpoint_protection_system.png", + "media_type": "image" + }, + { + "caption": "Symantec Endpoint Protection - Traffic", + "image_url": "images/symantec_endpoint_protection_traffic.png", + "media_type": "image" + } + ], + "classifier_tags": [ + "Supported OS::Linux", + "Supported OS::Windows", + "Supported OS::macOS", + "Category::Log Collection", + "Category::Security", + "Offering::Integration", + "Submitted Data Type::Logs" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 26728495, + "source_type_name": "Symantec Endpoint Protection", + "configuration": { + "spec": "assets/configuration/spec.yaml" + }, + "events": { + "creates_events": false + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "dashboards": { + "Symantec Endpoint Protection - Overview": "assets/dashboards/symantec_endpoint_protection_overview.json", + "Symantec Endpoint Protection - Scan": "assets/dashboards/symantec_endpoint_protection_scan.json", + "Symantec Endpoint Protection - Risk": "assets/dashboards/symantec_endpoint_protection_risk.json", + "Symantec Endpoint Protection - Application Control": "assets/dashboards/symantec_endpoint_protection_application_control.json", + "Symantec Endpoint Protection - Security": "assets/dashboards/symantec_endpoint_protection_security.json", + "Symantec Endpoint Protection - System": "assets/dashboards/symantec_endpoint_protection_system.json", + "Symantec Endpoint Protection - Traffic": "assets/dashboards/symantec_endpoint_protection_traffic.json" + }, + "logs":{ + "source": "symantec-endpoint-protection" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/symantec_endpoint_protection/pyproject.toml b/symantec_endpoint_protection/pyproject.toml new file mode 100644 index 0000000000000..716f67c4ce2de --- /dev/null +++ b/symantec_endpoint_protection/pyproject.toml @@ -0,0 +1,59 @@ +[build-system] +requires = [ + "hatchling>=0.13.0", +] +build-backend = "hatchling.build" + +[project] +name = "datadog-symantec-endpoint-protection" +description = "The symantec-endpoint-protection check" +readme = "README.md" +license = "BSD-3-Clause" +keywords = [ + "datadog", + "datadog agent", + "datadog check", + "symantec_endpoint_protection", +] +authors = [ + { name = "Datadog", email = "packages@datadoghq.com" }, +] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Intended Audience :: System Administrators", + "License :: OSI Approved :: BSD License", + "Private :: Do Not Upload", + "Programming Language :: Python :: 3.11", + "Topic :: System :: Monitoring", +] +dependencies = [ + "datadog-checks-base>=4.2.0", +] +dynamic = [ + "version", +] + +[project.optional-dependencies] +deps = [] + +[project.urls] +Source = "https://github.com/DataDog/integrations-core" + +[tool.hatch.version] +path = "datadog_checks/symantec_endpoint_protection/__about__.py" + +[tool.hatch.build.targets.sdist] +include = [ + "/datadog_checks", + "/tests", + "/manifest.json", +] + +[tool.hatch.build.targets.wheel] +include = [ + "/datadog_checks/symantec_endpoint_protection", +] +dev-mode-dirs = [ + ".", +] diff --git a/system_core/CHANGELOG.md b/system_core/CHANGELOG.md index 25893f0a15d5f..3ee414007c1fc 100644 --- a/system_core/CHANGELOG.md +++ b/system_core/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 2.5.0 / 2024-09-05 diff --git a/system_swap/CHANGELOG.md b/system_swap/CHANGELOG.md index b016de5067ffa..6c4d009b17e27 100644 --- a/system_swap/CHANGELOG.md +++ b/system_swap/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -24,6 +20,7 @@ ***Added***: +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) * Upgrade psutil to 6.0.0 to fix performance issues addressed ([#18688](https://github.com/DataDog/integrations-core/pull/18688)) ## 1.19.0 / 2024-09-05 diff --git a/tcp_check/CHANGELOG.md b/tcp_check/CHANGELOG.md index a9520ac53b4ff..761c983251533 100644 --- a/tcp_check/CHANGELOG.md +++ b/tcp_check/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.9.0 / 2024-07-05 / Agent 7.56.0 ***Added***: diff --git a/teamcity/CHANGELOG.md b/teamcity/CHANGELOG.md index a7d1de51e63b7..11da7c0c1da3e 100644 --- a/teamcity/CHANGELOG.md +++ b/teamcity/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.3.1 / 2024-08-09 / Agent 7.57.0 ***Fixed***: diff --git a/teamcity/tests/docker/teamcity_server/docker-compose.yaml b/teamcity/tests/docker/teamcity_server/docker-compose.yaml index 2edcb253a98ba..2e9dc5b6929f8 100644 --- a/teamcity/tests/docker/teamcity_server/docker-compose.yaml +++ b/teamcity/tests/docker/teamcity_server/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' # Adapted from https://github.com/JetBrains/teamcity-docker-samples services: teamcity-server: diff --git a/tekton/CHANGELOG.md b/tekton/CHANGELOG.md index c5d8aa889ca33..33697c33652b0 100644 --- a/tekton/CHANGELOG.md +++ b/tekton/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/teleport/CHANGELOG.md b/teleport/CHANGELOG.md index 9025a8179edd3..d5baad9e1f0ea 100644 --- a/teleport/CHANGELOG.md +++ b/teleport/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.1.0 / 2024-09-05 ***Added***: diff --git a/temporal/CHANGELOG.md b/temporal/CHANGELOG.md index 2ffd38522a8c9..adc1b675ec71d 100644 --- a/temporal/CHANGELOG.md +++ b/temporal/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.3.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/temporal_cloud/CHANGELOG.md b/temporal_cloud/CHANGELOG.md new file mode 100644 index 0000000000000..a64023ed3d344 --- /dev/null +++ b/temporal_cloud/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Temporal_Cloud + +## 1.0.0 / 2024-11-26 + +***Added***: + +* Initial Release diff --git a/temporal_cloud/README.md b/temporal_cloud/README.md new file mode 100644 index 0000000000000..c780d1f397562 --- /dev/null +++ b/temporal_cloud/README.md @@ -0,0 +1,41 @@ +## Overview + +This check monitors [Temporal_Cloud][1]. + +## Setup + +### Installation + +The Temporal_Cloud check is included in the [Datadog Agent][2] package. +No additional installation is needed on your server. + +### Configuration + +!!! Add list of steps to set up this integration !!! + +### Validation + +!!! Add steps to validate integration is functioning as expected !!! + +## Data Collected + +### Metrics + +Temporal_Cloud does not include any metrics. + +### Service Checks + +Temporal_Cloud does not include any service checks. + +### Events + +Temporal_Cloud does not include any events. + +## Troubleshooting + +Need help? Contact [Datadog support][3]. + +[1]: **LINK_TO_INTEGRATION_SITE** +[2]: https://app.datadoghq.com/account/settings/agent/latest +[3]: https://docs.datadoghq.com/help/ + diff --git a/temporal_cloud/assets/service_checks.json b/temporal_cloud/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/temporal_cloud/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/temporal_cloud/manifest.json b/temporal_cloud/manifest.json new file mode 100644 index 0000000000000..6a777edc5ab90 --- /dev/null +++ b/temporal_cloud/manifest.json @@ -0,0 +1,44 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "4fc358f8-ab2d-43ae-86e5-129ef4e4e6a1", + "app_id": "temporal-cloud", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "", + "title": "Temporal Cloud", + "media": [], + "classifier_tags": [ + "Category::Metrics", + "Offering::Integration", + "Submitted Data Type::Metrics" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 32597071, + "source_type_name": "Temporal Cloud", + "events": { + "creates_events": false + }, + "metrics": { + "prefix": "temporal_cloud.", + "check": [], + "metadata_path": "metadata.csv" + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} diff --git a/temporal_cloud/metadata.csv b/temporal_cloud/metadata.csv new file mode 100644 index 0000000000000..02cde5e98381e --- /dev/null +++ b/temporal_cloud/metadata.csv @@ -0,0 +1 @@ +metric_name,metric_type,interval,unit_name,per_unit_name,description,orientation,integration,short_name,curated_metric,sample_tags diff --git a/tenable/CHANGELOG.md b/tenable/CHANGELOG.md index 3f9e02c1af197..383f3e9def02e 100644 --- a/tenable/CHANGELOG.md +++ b/tenable/CHANGELOG.md @@ -8,16 +8,16 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ## 2.0.0 / 2024-10-01 / Agent 7.58.0 ***Changed***: * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.5.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/teradata/CHANGELOG.md b/teradata/CHANGELOG.md index d392d52788352..a12a1d4dca1f4 100644 --- a/teradata/CHANGELOG.md +++ b/teradata/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/tibco_ems/CHANGELOG.md b/tibco_ems/CHANGELOG.md index 1dd626d42d1f3..e994a71ed9f55 100644 --- a/tibco_ems/CHANGELOG.md +++ b/tibco_ems/CHANGELOG.md @@ -20,6 +20,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.0 / 2024-08-09 / Agent 7.57.0 ***Added***: diff --git a/tls/CHANGELOG.md b/tls/CHANGELOG.md index fe70653b1fd5e..b2068b73f2f7f 100644 --- a/tls/CHANGELOG.md +++ b/tls/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -26,6 +22,10 @@ * Bump version of cryptography to 43.0.1 to address vulnerability ([#18656](https://github.com/DataDog/integrations-core/pull/18656)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.20.0 / 2024-09-05 ***Added***: @@ -36,7 +36,7 @@ ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 2.18.0 / 2024-07-05 / Agent 7.56.0 diff --git a/tomcat/CHANGELOG.md b/tomcat/CHANGELOG.md index b9df705ad2e9b..ca494f901cdfe 100644 --- a/tomcat/CHANGELOG.md +++ b/tomcat/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.0.0 / 2024-02-16 / Agent 7.52.0 ***Removed***: diff --git a/torchserve/CHANGELOG.md b/torchserve/CHANGELOG.md index 7de8a7e8f20d3..bc0abe24c4a24 100644 --- a/torchserve/CHANGELOG.md +++ b/torchserve/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.2 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/torchserve/tests/docker/docker-compose.yaml b/torchserve/tests/docker/docker-compose.yaml index 5b34f237a8a88..d2d92aaec4508 100644 --- a/torchserve/tests/docker/docker-compose.yaml +++ b/torchserve/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3.9' - services: torchserve: container_name: torchserve diff --git a/traefik_mesh/CHANGELOG.md b/traefik_mesh/CHANGELOG.md index db227463464e7..da44bfb575f1a 100644 --- a/traefik_mesh/CHANGELOG.md +++ b/traefik_mesh/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/traffic_server/CHANGELOG.md b/traffic_server/CHANGELOG.md index eaf52b3137b3b..a3e1e4ae2635f 100644 --- a/traffic_server/CHANGELOG.md +++ b/traffic_server/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/trend_micro_vision_one_endpoint_security/README.md b/trend_micro_vision_one_endpoint_security/README.md index 9f021643e84ef..beea3996ca03b 100644 --- a/trend_micro_vision_one_endpoint_security/README.md +++ b/trend_micro_vision_one_endpoint_security/README.md @@ -29,37 +29,29 @@ Use out-of-the-box dashboards to gain detailed insights into system events, netw #### Get Credentials of Trend Micro Vision One Endpoint Security 1. Log in to the Trend Micro Vision One console. -2. Go to **Endpoint Security** > **Standard Endpoint Protection** > **Administration** > **Settings** > **Automation API Access Settings**.
The Automation API Access Settings screen appears. +2. Go to **Endpoint Security** (Sidebar) > **Standard Endpoint Protection** > **Administration** > **Settings** > **Automation API Access Settings**. 3. Click **Add**.
The Application Access Settings section appears and displays the following information: - 1. **API URL**: The Host of the Trend Micro Vision One Endpoint Security console. + 1. **API URL**: The API Host of the Trend Micro Vision One Endpoint Security console. 2. **Application ID**: The Application ID of the Trend Micro Vision One Endpoint Security console. 3. **API key**: The API key of the Trend Micro Vision One Endpoint Security console. -4. Copy and store the API host, Application ID, and API key in a secure location. -5. Select **Enable application integration using Apex Central Automation APIs**. -6. Configure the following settings. +4. Tick the **Enable application integration using Apex Central Automation APIs** checkbox. +5. Configure the following settings. 1. **Application name**: Specify an easily identifiable name for the application. 2. **Communication time-out**: Select 120 seconds for a request to reach Apex Central after the application generates the request. -7. Click **Save**.
The Automation API Access Settings screen appears and displays the newly added application in the table. +6. Click **Save**. #### Get Timezone of Trend Micro Vision One console -1. Go to **Administration** (Sidebar) > **Console Settings**. -2. Check the timezone from **Current console time**. -3. Ensure this timezone is selected in the integration configuration. - -#### Configure the Trend Micro Vision One Endpoint Security and Datadog Integration - -Configure the Datadog endpoint to forward Trend Micro Vision One Endpoint Security logs to Datadog. +1. Log in to the Trend Micro Vision One console. +2. Go to **Administration** (Sidebar) > **Console Settings** > **Time Zone**. +3. Check the **Timezone** from **Current console time**. -1. Navigate to `Trend Micro Vision One Endpoint Security`. -2. Add your Trend Micro Vision One Endpoint Security credentials. +#### Add your Trend Micro Vision One Endpoint Security credentials -| Trend Micro Vision One Endpoint Security Parameters | Description | -| --------------------------------------------------- | ----------------------------------------------------------------------- | -| API Host | The API Host of Trend Micro Vision One Endpoint Security console. | -| Application ID | The Application ID of Trend Micro Vision One Endpoint Security console. | -| API Key | The API Key of of Trend Micro Vision One Endpoint Security console. | -| Time Zone | The Time Zone of the Trend Micro Vision One console. | +- API Host +- Application ID +- API Key +- Time Zone (This timezone should be the same as the Trend Vision One console.) ## Data Collected diff --git a/twemproxy/CHANGELOG.md b/twemproxy/CHANGELOG.md index 34696b52e05d7..a0c69524e7c84 100644 --- a/twemproxy/CHANGELOG.md +++ b/twemproxy/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.15.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/twistlock/CHANGELOG.md b/twistlock/CHANGELOG.md index c96352ff47ebe..4df639fe19519 100644 --- a/twistlock/CHANGELOG.md +++ b/twistlock/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.6.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/varnish/CHANGELOG.md b/varnish/CHANGELOG.md index d0f5755d7a2e0..583f75847c90a 100644 --- a/varnish/CHANGELOG.md +++ b/varnish/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/vault/CHANGELOG.md b/vault/CHANGELOG.md index d633038c9d165..a68c45083ef0e 100644 --- a/vault/CHANGELOG.md +++ b/vault/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.2.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/vault/tests/docker/docker-compose.yaml b/vault/tests/docker/docker-compose.yaml index 0dc515a09a93b..12328c6b93c9e 100644 --- a/vault/tests/docker/docker-compose.yaml +++ b/vault/tests/docker/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: vault-leader: container_name: vault-leader diff --git a/vault/tests/test_integration.py b/vault/tests/test_integration.py index 77e2802e46dd3..3097f19d7ffa2 100644 --- a/vault/tests/test_integration.py +++ b/vault/tests/test_integration.py @@ -10,12 +10,24 @@ @auth_required @pytest.mark.usefixtures('dd_environment') -@pytest.mark.flaky @pytest.mark.integration -@pytest.mark.parametrize('use_openmetrics', [False, True], indirect=True) -@pytest.mark.parametrize('use_auth_file', [False, True]) -def test_integration(aggregator, dd_run_check, check, instance, global_tags, use_openmetrics, use_auth_file): - instance = dict(instance(use_auth_file)) +@pytest.mark.parametrize('use_openmetrics', [True, False], indirect=True, ids=['legacy', 'openmetrics']) +def test_integration(aggregator, dd_run_check, check, instance, global_tags, use_openmetrics): + instance = dict(instance(False)) + instance['use_openmetrics'] = use_openmetrics + + check = check(instance) + dd_run_check(check) + + assert_collection(aggregator, global_tags, use_openmetrics) + + +@auth_required +@pytest.mark.usefixtures('dd_environment') +@pytest.mark.integration +@pytest.mark.parametrize('use_openmetrics', [True, False], indirect=True, ids=['legacy', 'openmetrics']) +def test_integration_auth_file(aggregator, dd_run_check, check, instance, global_tags, use_openmetrics): + instance = dict(instance(True)) instance['use_openmetrics'] = use_openmetrics check = check(instance) @@ -26,9 +38,8 @@ def test_integration(aggregator, dd_run_check, check, instance, global_tags, use @noauth_required @pytest.mark.usefixtures('dd_environment') -@pytest.mark.flaky @pytest.mark.integration -@pytest.mark.parametrize('use_openmetrics', [False, True], indirect=True) +@pytest.mark.parametrize('use_openmetrics', [False], indirect=True, ids=['legacy']) def test_integration_noauth(aggregator, dd_run_check, check, no_token_instance, global_tags, use_openmetrics): instance = dict(no_token_instance) instance['use_openmetrics'] = use_openmetrics diff --git a/vertica/CHANGELOG.md b/vertica/CHANGELOG.md index 1043063dd3b65..380420c558321 100644 --- a/vertica/CHANGELOG.md +++ b/vertica/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,11 +18,15 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.6.0 / 2024-08-09 / Agent 7.57.0 ***Added***: -* Update dependencies ([#18185](https://github.com/DataDog/integrations-core/pull/18185)) +* Update dependencies ([#18187](https://github.com/DataDog/integrations-core/pull/18187)) ## 4.5.0 / 2024-03-22 / Agent 7.53.0 diff --git a/vllm/CHANGELOG.md b/vllm/CHANGELOG.md index 60da658c50201..817b86cb971ff 100644 --- a/vllm/CHANGELOG.md +++ b/vllm/CHANGELOG.md @@ -4,10 +4,6 @@ ## 2.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.0.0 / 2024-07-05 / Agent 7.56.0 ***Added***: diff --git a/vllm/README.md b/vllm/README.md index 420aa6cfcf32e..b69854afb0e9a 100644 --- a/vllm/README.md +++ b/vllm/README.md @@ -48,6 +48,10 @@ In either case, make sure that the `source` value for your logs is `vllm`. This Need help? Contact [Datadog support][9]. +## Further Reading +Additional helpful documentation, links, and articles: +- [Optimize LLM application performance with Datadog's vLLM integration][13] + [1]: https://docs.vllm.ai/en/stable/ [2]: https://app.datadoghq.com/account/settings/agent/latest @@ -60,3 +64,4 @@ Need help? Contact [Datadog support][9]. [10]: https://docs.datadoghq.com/containers/docker/log/?tab=containerinstallation#installation [11]: https://docs.datadoghq.com/containers/docker/log/?tab=hostagent#installation [12]: https://docs.datadoghq.com/containers/docker/log/?tab=dockerfile#log-integrations +[13]: https://www.datadoghq.com/blog/vllm-integration/ \ No newline at end of file diff --git a/vllm/assets/dashboards/overview.json b/vllm/assets/dashboards/overview.json index dac7d8cf0f7b5..5df9e28ee5115 100644 --- a/vllm/assets/dashboards/overview.json +++ b/vllm/assets/dashboards/overview.json @@ -448,7 +448,7 @@ "aggregator": "avg", "data_source": "metrics", "name": "query1", - "query": "avg:vllm.avg.generation_throughput.toks_per_s{$model_name}" + "query": "sum:vllm.avg.generation_throughput.toks_per_s{$model_name}" } ], "response_format": "scalar" diff --git a/vllm/manifest.json b/vllm/manifest.json index c81c4669a8f8b..b5d9c61852e7a 100644 --- a/vllm/manifest.json +++ b/vllm/manifest.json @@ -19,6 +19,12 @@ "Category::AI/ML", "Submitted Data Type::Metrics", "Offering::Integration" + ], + "resources": [ + { + "resource_type": "blog", + "url": "https://www.datadoghq.com/blog/vllm-integration/" + } ] }, "assets": { diff --git a/vllm/tests/docker/docker-compose.yaml b/vllm/tests/docker/docker-compose.yaml index 7a41d2c97a358..251148cf66d2c 100644 --- a/vllm/tests/docker/docker-compose.yaml +++ b/vllm/tests/docker/docker-compose.yaml @@ -1,4 +1,3 @@ -version: "3.9" services: caddy: image: caddy:2.7 @@ -8,4 +7,4 @@ services: volumes: - ./Caddyfile:/etc/caddy/Caddyfile - ../fixtures/vllm_metrics.txt:/usr/share/caddy/metrics - - ../fixtures/vllm_version.json:/usr/share/caddy/version \ No newline at end of file + - ../fixtures/vllm_version.json:/usr/share/caddy/version diff --git a/voltdb/CHANGELOG.md b/voltdb/CHANGELOG.md index 98e446d847ac2..bf1ce52e51f1d 100644 --- a/voltdb/CHANGELOG.md +++ b/voltdb/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.2.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/vsphere/CHANGELOG.md b/vsphere/CHANGELOG.md index 43c1ee8ab3afd..a74374232b029 100644 --- a/vsphere/CHANGELOG.md +++ b/vsphere/CHANGELOG.md @@ -19,10 +19,6 @@ ***Removed***: * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) - -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) * Added the hostname_transform config option ([#18652](https://github.com/DataDog/integrations-core/pull/18652)) ***Fixed***: @@ -36,6 +32,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 7.6.0 / 2024-07-05 / Agent 7.56.0 ***Added***: diff --git a/vsphere/README.md b/vsphere/README.md index 2a341391352aa..7296b1cabbcc5 100644 --- a/vsphere/README.md +++ b/vsphere/README.md @@ -97,7 +97,11 @@ See [service_checks.json][12] for a list of service checks provided by this inte You can limit the number of VMs pulled in with the VMWare integration using the `vsphere.d/conf.yaml` file. See the `resource_filters` parameter section in the [sample vsphere.d/conf.yaml][4]. -### Monitoring vSphere Tanzu Kubernetes Grid (TKG) +## Billing + +- [vSphere Integration Billing][17] + +## Monitoring vSphere Tanzu Kubernetes Grid (TKG) The Datadog vSphere integration collects metrics and events from your [TKG][13] VMs and control plane VMs automatically. To collect more granular information about your TKG cluster, including container-, pod-, and node-level metrics, you can install the [Datadog Agent][14] on your cluster. See the [distribution documentation][15] for example configuration files specific to TKG. @@ -121,3 +125,4 @@ The Datadog vSphere integration collects metrics and events from your [TKG][13] [14]: https://docs.datadoghq.com/containers/kubernetes/installation/?tab=operator [15]: https://docs.datadoghq.com/containers/kubernetes/distributions/?tab=operator#TKG [16]: https://www.datadoghq.com/blog/unified-vsphere-app-monitoring-datadog/#auto-discovery-across-vm-and-app-layers +[17]: https://docs.datadoghq.com/account_management/billing/vsphere diff --git a/vsphere/assets/dashboards/vsphere_overview.json b/vsphere/assets/dashboards/vsphere_overview.json index b72633f7d9717..fa8d04af3c98c 100644 --- a/vsphere/assets/dashboards/vsphere_overview.json +++ b/vsphere/assets/dashboards/vsphere_overview.json @@ -9,7 +9,12 @@ "url": "/static/images/logos/vsphere_large.svg", "sizing": "fit" }, - "layout": { "x": 0, "y": 1, "width": 47, "height": 10 } + "layout": { + "x": 0, + "y": 1, + "width": 47, + "height": 10 + } }, { "id": 1, @@ -21,7 +26,12 @@ "title_size": "16", "title_align": "left" }, - "layout": { "x": 0, "y": 32, "width": 47, "height": 62 } + "layout": { + "x": 0, + "y": 32, + "width": 47, + "height": 62 + } }, { "id": 2, @@ -31,11 +41,25 @@ { "q": "top(avg:vsphere.mem.usage.avg{vsphere_type:vm,$vcenter_server,$vcenter_datacenter} by {host}, 25, 'mean', 'desc')", "conditional_formats": [ - { "comparator": "<=", "value": 70, "palette": "white_on_green" }, - { "comparator": "<=", "value": 90, "palette": "white_on_yellow" }, - { "comparator": ">", "value": 90, "palette": "white_on_red" } + { + "comparator": "<=", + "value": 70, + "palette": "white_on_green" + }, + { + "comparator": "<=", + "value": 90, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 90, + "palette": "white_on_red" + } ], - "style": { "palette": "dog_classic" } + "style": { + "palette": "dog_classic" + } } ], "custom_links": [], @@ -43,7 +67,12 @@ "title_size": "16", "title_align": "left" }, - "layout": { "x": 98, "y": 36, "width": 47, "height": 26 } + "layout": { + "x": 98, + "y": 36, + "width": 47, + "height": 26 + } }, { "id": 3, @@ -53,11 +82,25 @@ { "q": "top(avg:vsphere.cpu.usage.avg{$vcenter_datacenter,$vcenter_server,vsphere_type:vm} by {host}, 25, 'mean', 'desc')", "conditional_formats": [ - { "comparator": "<=", "value": 70, "palette": "white_on_green" }, - { "comparator": "<=", "value": 90, "palette": "white_on_yellow" }, - { "comparator": ">", "value": 90, "palette": "white_on_red" } + { + "comparator": "<=", + "value": 70, + "palette": "white_on_green" + }, + { + "comparator": "<=", + "value": 90, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 90, + "palette": "white_on_red" + } ], - "style": { "palette": "dog_classic" } + "style": { + "palette": "dog_classic" + } } ], "custom_links": [], @@ -65,7 +108,12 @@ "title_size": "16", "title_align": "left" }, - "layout": { "x": 98, "y": 9, "width": 47, "height": 26 } + "layout": { + "x": 98, + "y": 9, + "width": 47, + "height": 26 + } }, { "id": 4, @@ -75,11 +123,25 @@ { "q": "top(avg:vsphere.mem.usage.avg{$vcenter_server,$vcenter_datacenter,vsphere_type:host} by {host}, 10, 'mean', 'desc')", "conditional_formats": [ - { "comparator": "<=", "value": 70, "palette": "white_on_green" }, - { "comparator": "<=", "value": 90, "palette": "white_on_yellow" }, - { "comparator": ">", "value": 90, "palette": "white_on_red" } + { + "comparator": "<=", + "value": 70, + "palette": "white_on_green" + }, + { + "comparator": "<=", + "value": 90, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 90, + "palette": "white_on_red" + } ], - "style": { "palette": "dog_classic" } + "style": { + "palette": "dog_classic" + } } ], "custom_links": [], @@ -87,7 +149,12 @@ "title_size": "16", "title_align": "left" }, - "layout": { "x": 49, "y": 36, "width": 47, "height": 26 } + "layout": { + "x": 49, + "y": 36, + "width": 47, + "height": 26 + } }, { "id": 5, @@ -97,9 +164,21 @@ { "q": "top(avg:vsphere.cpu.usage.avg{$vcenter_server,$vcenter_datacenter,vsphere_type:host} by {host}, 10, 'mean', 'desc')", "conditional_formats": [ - { "comparator": "<=", "value": 70, "palette": "white_on_green" }, - { "comparator": "<=", "value": 90, "palette": "white_on_yellow" }, - { "comparator": ">", "value": 90, "palette": "white_on_red" } + { + "comparator": "<=", + "value": 70, + "palette": "white_on_green" + }, + { + "comparator": "<=", + "value": 90, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 90, + "palette": "white_on_red" + } ] } ], @@ -108,7 +187,12 @@ "title_size": "16", "title_align": "left" }, - "layout": { "x": 49, "y": 9, "width": 47, "height": 26 } + "layout": { + "x": 49, + "y": 9, + "width": 47, + "height": 26 + } }, { "id": 6, @@ -132,7 +216,12 @@ "show_legend": false, "legend_size": "0" }, - "layout": { "x": 98, "y": 79, "width": 47, "height": 15 } + "layout": { + "x": 98, + "y": 79, + "width": 47, + "height": 15 + } }, { "id": 7, @@ -163,7 +252,12 @@ "show_legend": false, "legend_size": "0" }, - "layout": { "x": 49, "y": 79, "width": 47, "height": 15 } + "layout": { + "x": 49, + "y": 79, + "width": 47, + "height": 15 + } }, { "id": 8, @@ -194,7 +288,12 @@ "show_legend": false, "legend_size": "0" }, - "layout": { "x": 98, "y": 63, "width": 47, "height": 15 } + "layout": { + "x": 98, + "y": 63, + "width": 47, + "height": 15 + } }, { "id": 9, @@ -225,7 +324,12 @@ "show_legend": false, "legend_size": "0" }, - "layout": { "x": 49, "y": 63, "width": 47, "height": 15 } + "layout": { + "x": 49, + "y": 63, + "width": 47, + "height": 15 + } }, { "id": 10, @@ -239,7 +343,12 @@ "tick_pos": "50%", "tick_edge": "bottom" }, - "layout": { "x": 49, "y": 1, "width": 47, "height": 6 } + "layout": { + "x": 49, + "y": 1, + "width": 47, + "height": 6 + } }, { "id": 11, @@ -258,7 +367,12 @@ "autoscale": true, "precision": 0 }, - "layout": { "x": 32, "y": 12, "width": 15, "height": 9 } + "layout": { + "x": 32, + "y": 12, + "width": 15, + "height": 9 + } }, { "id": 12, @@ -277,7 +391,12 @@ "autoscale": true, "precision": 0 }, - "layout": { "x": 16, "y": 12, "width": 15, "height": 9 } + "layout": { + "x": 16, + "y": 12, + "width": 15, + "height": 9 + } }, { "id": 13, @@ -288,10 +407,19 @@ "title_align": "center", "check": "vsphere.can_connect", "grouping": "cluster", - "group_by": ["vcenter_server"], - "tags": ["*"] + "group_by": [ + "vcenter_server" + ], + "tags": [ + "*" + ] }, - "layout": { "x": 0, "y": 12, "width": 15, "height": 9 } + "layout": { + "x": 0, + "y": 12, + "width": 15, + "height": 9 + } }, { "id": 14, @@ -309,7 +437,12 @@ "title_align": "left", "precision": 0 }, - "layout": { "x": 0, "y": 22, "width": 15, "height": 9 } + "layout": { + "x": 0, + "y": 22, + "width": 15, + "height": 9 + } }, { "id": 15, @@ -328,7 +461,12 @@ "autoscale": true, "precision": 0 }, - "layout": { "x": 16, "y": 22, "width": 15, "height": 9 } + "layout": { + "x": 16, + "y": 22, + "width": 15, + "height": 9 + } }, { "id": 16, @@ -347,7 +485,12 @@ "autoscale": true, "precision": 2 }, - "layout": { "x": 32, "y": 22, "width": 15, "height": 9 } + "layout": { + "x": 32, + "y": 22, + "width": 15, + "height": 9 + } }, { "id": 17, @@ -361,7 +504,12 @@ "tick_pos": "50%", "tick_edge": "bottom" }, - "layout": { "x": 98, "y": 1, "width": 47, "height": 6 } + "layout": { + "x": 98, + "y": 1, + "width": 47, + "height": 6 + } }, { "id": 18, @@ -375,7 +523,12 @@ "tick_pos": "50%", "tick_edge": "bottom" }, - "layout": { "x": 147, "y": 1, "width": 47, "height": 6 } + "layout": { + "x": 147, + "y": 1, + "width": 47, + "height": 6 + } }, { "id": 19, @@ -385,9 +538,21 @@ { "q": "top(avg:vsphere.disk.used.latest{$vcenter_server,$vcenter_datacenter,vsphere_type:datastore} by {vsphere_datastore}/avg:vsphere.disk.capacity.latest{$vcenter_server,$vcenter_datacenter,vsphere_type:datastore} by {vsphere_datastore}*100,10,'mean','desc')", "conditional_formats": [ - { "comparator": "<=", "value": 70, "palette": "white_on_green" }, - { "comparator": "<=", "value": 90, "palette": "white_on_yellow" }, - { "comparator": ">", "value": 90, "palette": "white_on_red" } + { + "comparator": "<=", + "value": 70, + "palette": "white_on_green" + }, + { + "comparator": "<=", + "value": 90, + "palette": "white_on_yellow" + }, + { + "comparator": ">", + "value": 90, + "palette": "white_on_red" + } ] } ], @@ -396,7 +561,12 @@ "title_size": "16", "title_align": "left" }, - "layout": { "x": 147, "y": 9, "width": 47, "height": 26 } + "layout": { + "x": 147, + "y": 9, + "width": 47, + "height": 26 + } }, { "id": 20, @@ -426,7 +596,12 @@ "title_align": "left", "show_legend": false }, - "layout": { "x": 147, "y": 36, "width": 47, "height": 15 } + "layout": { + "x": 147, + "y": 36, + "width": 47, + "height": 15 + } }, { "id": 21, @@ -457,11 +632,163 @@ "show_legend": false, "legend_size": "0" }, - "layout": { "x": 147, "y": 52, "width": 47, "height": 15 } + "layout": { + "x": 147, + "y": 52, + "width": 47, + "height": 15 + } + }, + { + "id": 22, + "definition": { + "type": "note", + "content": "# vSAN", + "background_color": "gray", + "font_size": "14", + "text_align": "center", + "show_tick": true, + "tick_pos": "50%", + "tick_edge": "bottom" + }, + "layout": { + "x": 147, + "y": 68, + "width": 47, + "height": 6 + } + }, + { + "id": 23, + "definition": { + "title": "vSAN Cluster Health Status (Top 25)", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "vsphere.vsan.cluster.health.count{$vcenter_server , status:green} by {vsphere_cluster}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "vsphere.vsan.cluster.health.count{$vcenter_server , status:red} by {vsphere_cluster}" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_green" + } + ], + "cell_display_mode": "number", + "alias": "Is the Cluster Healthy?", + "formula": "query1" + }, + { + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_red" + } + ], + "cell_display_mode": "number", + "alias": "Is the Cluster Unhealthy?", + "formula": "query2" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 147, + "y": 76, + "width": 47, + "height": 15 + } + }, + { + "id": 7507009647195320, + "layout": { + "x": 147, + "y": 93, + "width": 47, + "height": 18 + }, + "definition": { + "title": "vSAN Cluster I/O Rates (Top 25)", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "metrics", + "name": "query1", + "query": "avg:vsphere.vsan.cluster.iopsRead{$vcenter_server} by {vsphere_cluster}" + }, + { + "data_source": "metrics", + "name": "query2", + "query": "avg:vsphere.vsan.cluster.iopsWrite{$vcenter_server} by {vsphere_cluster}" + } + ], + "response_format": "scalar", + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Read IOPS", + "formula": "query1" + }, + { + "cell_display_mode": "number", + "alias": "Write IOPS", + "formula": "query2" + } + ] + } + ], + "has_search_bar": "auto" + } } ], "template_variables": [ - { "name": "vcenter_server", "default": "*", "prefix": "vcenter_server" }, + { + "name": "vcenter_server", + "default": "*", + "prefix": "vcenter_server" + }, { "name": "vcenter_datacenter", "default": "*", @@ -476,4 +803,4 @@ "layout_type": "free", "is_read_only": true, "notify_list": [] -} +} \ No newline at end of file diff --git a/wazuh/CHANGELOG.md b/wazuh/CHANGELOG.md new file mode 100644 index 0000000000000..577348c192531 --- /dev/null +++ b/wazuh/CHANGELOG.md @@ -0,0 +1,9 @@ +# CHANGELOG - wazuh + + + +## 1.0.0 / 2024-11-28 + +***Added***: + +* Initial Release ([#18646](https://github.com/DataDog/integrations-core/pull/18646)) diff --git a/wazuh/README.md b/wazuh/README.md new file mode 100644 index 0000000000000..80817974c1f31 --- /dev/null +++ b/wazuh/README.md @@ -0,0 +1,156 @@ +# Agent Integration: wazuh + +## Overview + +[Wazuh][3] provides a comprehensive security solution that detects, analyzes, and responds to threats across multiple IT infrastructure layers. Wazuh collects telemetry from endpoints, network devices, cloud workloads, third-party APIs, and other sources for unified security monitoring and protection. + +This integration parses the following types of logs: +- **vulnerability-detector** : Vulnerability events generated by Wazuh. +- **malware-detector** : Rootcheck events generated by Wazuh for detecting any malware in the system. +- **file-integrity-monitoring** : Events related to file changes like permission, content, ownership and attributes. +- **docker** : Activity Events of docker container. +- **github** : Events from audit logs from github organizations. +- **google-cloud** : Security events related to google cloud platform services. +- **amazon** : Security events from amazon AWS services. +- **office365** : Security events related to office365. +- **system** : Events from services like FTPD, PAM, SSHD, syslog, Windows, dpkg, yum, sudo, su, wazuh and ossec along with internal events. + +Visualize detailed insights into these logs through the out-of-the-box dashboards. + +## Setup + +### Installation + +To install the Wazuh integration, run the following Agent installation command and the steps below. For more information, see the [Integration Management][4] documentation. + +**Note**: This step is not necessary for Agent version >= 7.58.0. + +Linux command + ```shell + sudo -u dd-agent -- datadog-agent integration install datadog-wazuh==1.0.0 + ``` + +### Configuration + +#### Logs collection + +1. Collecting logs is disabled by default in the Datadog Agent. Enable it in `datadog.yaml`: + + ```yaml + logs_enabled: true + ``` +2. Add this configuration block to your `wazuh.d/conf.yaml` file to start collecting your logs. + + Use the UDP method to collect the Wazuh alerts data. + See the sample [wazuh.d/conf.yaml][6] for available configuration options. + + ```yaml + logs: + - type: udp + port: + source: wazuh + service: wazuh + ``` + **Note**: It is recommended not to change the service and source values, as these parameters are integral to the pipeline's operation. + +3. [Restart the Agent][2]. + +#### Configure syslog message forwarding from Wazuh + + 1. Log in to the Wazuh UI. Navigate to the left side Menu. + 2. Go to **Server management** > **Settings**. + 3. Click on **Edit configuration**. + 4. Add the following configuration block: + + In this example, all alerts are sent to 1.1.1.1 on port 8080 in JSON format. + ```xml + + 1.1.1.1 + 8080 + json + + ``` + + * The `server` tag should contain the IP address where your Datadog Agent is running. + + * The `port` tag should contain the port where your Datadog Agent is listening. + + Note: Using JSON format is required, since Wazuh pipeline parses JSON formatted logs only. + 5. Click the **Save** button. + 6. After saving, click on the **Restart Manager** button. + + +### Validation + +[Run the Agent's status subcommand][5] and look for `wazuh` under the Checks section. + +## Data Collected + +### Log + +| Format | Event Types | +| --------- | -------------- | +| JSON | vulnerability-detector, file-integrity-monitoring, malware-detector, github, docker, amazon, office365, google-cloud, system and other | + +### Metrics + +The Wazuh integration does not include any metrics. + +### Events + +The Wazuh integration does not include any events. + +### Service Checks + +The Wazuh integration does not include any service checks. + +## Troubleshooting + +**Permission denied while port binding:** + +If you see a **Permission denied** error while port binding in the Agent logs: + +1. Binding to a port number under 1024 requires elevated permissions. Grant access to the port using the `setcap` command: + ```shell + sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent + ``` + +2. Verify the setup is correct by running the `getcap` command: + + ```shell + sudo getcap /opt/datadog-agent/bin/agent/agent + ``` + + With the expected output: + + ```shell + /opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep + ``` + + **Note**: Re-run this `setcap` command every time you upgrade the Agent. + +3. [Restart the Agent][2]. + +Here is how to troubleshoot some possible issues. + +**Data is not being collected:** + +Ensure traffic is bypassed from the configured port if the firewall is enabled. + +**Port already in use:** + +If you see the **Port Already in Use** error, see the following instructions. The example below is for port 514: + +- On systems using Syslog, if the Agent listens for Wazuh logs on port 514, the following error can appear in the Agent logs: `Can't start UDP forwarder on port 514: listen udp :514: bind: address already in use`. This error occurs because by default, Syslog listens on port 514. To resolve this error, take **one** of the following steps: + - Disable Syslog. + - Configure the Agent to listen on a different, available port. + + +For further assistance, contact [Datadog support][1]. + +[1]: https://docs.datadoghq.com/help/ +[2]: https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent +[3]: https://wazuh.com/ +[4]: https://docs.datadoghq.com/agent/guide/integration-management/?tab=linux#install +[5]: https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information +[6]: https://github.com/DataDog/integrations-core/blob/master/wazuh/datadog_checks/wazuh/data/conf.yaml.example diff --git a/wazuh/assets/configuration/spec.yaml b/wazuh/assets/configuration/spec.yaml new file mode 100644 index 0000000000000..c5b2d1b487c82 --- /dev/null +++ b/wazuh/assets/configuration/spec.yaml @@ -0,0 +1,10 @@ +name: Wazuh +files: +- name: wazuh.yaml + options: + - template: logs + example: + - type: udp + port: + source: wazuh + service: wazuh diff --git a/wazuh/assets/dashboards/wazuh_MITRE_ATT&CK.json b/wazuh/assets/dashboards/wazuh_MITRE_ATT&CK.json new file mode 100644 index 0000000000000..8ce8229f9a589 --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_MITRE_ATT&CK.json @@ -0,0 +1,663 @@ +{ + "title": "Wazuh - MITRE ATT&CK", + "description": "MITRE ATT&CK dashboard provides comprehensive insights into MITRE ATT&CK from Wazuh events.", + "widgets": [ + { + "id": 6719457516841834, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 2845032460173664, + "definition": { + "title": "MITRE ATT&CK Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2394665444134448, + "definition": { + "title": "Events Over Time By MITRE Tactics", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.mitre.tactic", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 4197916590627842, + "definition": { + "title": "Total Events Count", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 2397692967185504, + "definition": { + "title": "Events Level Distribution", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.level", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 3, + "y": 3, + "width": 4, + "height": 4 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 8 + } + }, + { + "id": 452387587280208, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nMITRE ATT&CK dashboard provides comprehensive insights into MITRE ATT&CK from Wazuh events.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 5 + } + }, + { + "id": 2605480011477974, + "definition": { + "title": "MITRE ATT&CK Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8691866892795102, + "definition": { + "title": "Top 10 Tactics", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.mitre.tactic", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 4159102517932664, + "definition": { + "title": "Top 10 Technique", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.mitre.technique", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 3317555951058826, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + }, + { + "id": 2882961872412366, + "definition": { + "title": "MITRE Tactics by Agent", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@rule.mitre.tactic", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + }, + { + "id": 7853332679226809, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh @rule.mitre.id:* $Agent_Name $Manager_Name $Level $Service $Group $MITRE_Technique", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 17 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Service", + "prefix": "service", + "available_values": [], + "default": "*" + }, + { + "name": "Group", + "prefix": "@rule.groups", + "available_values": [], + "default": "*" + }, + { + "name": "MITRE_Technique", + "prefix": "@rule.mitre.technique", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_cloud_security.json b/wazuh/assets/dashboards/wazuh_cloud_security.json new file mode 100644 index 0000000000000..9556eaf2dc786 --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_cloud_security.json @@ -0,0 +1,3095 @@ +{ + "title": "Wazuh - Cloud Security", + "description": "Cloud Security dashboard provides comprehensive insights into Wazuh events from Docker, GitHub, Amazon Web Services, Google Cloud, Office365.", + "widgets": [ + { + "id": 1575089511418526, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 4817356234101454, + "definition": { + "title": "Cloud Security Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4833013745121944, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:(wazuh-github OR wazuh-google-cloud OR wazuh-amazon OR wazuh-docker OR wazuh-office365) $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 4 + } + }, + { + "id": 5292538524670792, + "definition": { + "title": "Total Events Count", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:(wazuh-github OR wazuh-google-cloud OR wazuh-amazon OR wazuh-docker OR wazuh-office365) $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 2, + "height": 3 + } + }, + { + "id": 1748667458567602, + "definition": { + "title": "Events Distribution by Cloud Service", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "service", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:(wazuh-github OR wazuh-google-cloud OR wazuh-amazon OR wazuh-docker OR wazuh-office365) $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 2, + "y": 4, + "width": 5, + "height": 3 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 8 + } + }, + { + "id": 7259867207323456, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nCloud Security dashboard provides comprehensive insights into Wazuh events from Docker, GitHub, Amazon Web Services, Google Cloud, Office365.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 5 + } + }, + { + "id": 7241725715442548, + "definition": { + "title": "Amazon Web Services", + "background_color": "vivid_purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2928192722577692, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 8294607549955160, + "definition": { + "title": "Top 10 Sources", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.source", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + }, + { + "id": 2158587339666538, + "definition": { + "title": "Top 10 S3 Buckets", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.log_info.s3bucket", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 3, + "width": 6, + "height": 4 + } + }, + { + "id": 3500738886537062, + "definition": { + "title": "Top 10 Regions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.region", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 3, + "height": 4 + } + }, + { + "id": 4270606079098118, + "definition": { + "title": "Top 10 Accounts", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.accountId", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 3, + "y": 7, + "width": 5, + "height": 4 + } + }, + { + "id": 399931406376820, + "definition": { + "title": "Top 10 Countries", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@GeoLocation.country_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 4633594651302264, + "definition": { + "title": "Top 10 Event Types", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.type", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 5, + "height": 4 + } + }, + { + "id": 5924985441413878, + "definition": { + "title": "Events Distribution by Severity", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.severity", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 5, + "y": 11, + "width": 7, + "height": 4 + } + }, + { + "id": 2269549552463962, + "definition": { + "title": "Event Distribution by Action Type", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.aws.service.action.actionType", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + }, + { + "id": 7082924263831498, + "definition": { + "title": "Instance Status Info", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@data.aws.resource.instanceDetails.instanceId" + }, + "group_by": [ + { + "facet": "@data.aws.resource.instanceDetails.instanceId", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@data.aws.resource.instanceDetails.instanceId" + } + }, + { + "facet": "@data.aws.resource.instanceDetails.instanceState", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@data.aws.resource.instanceDetails.instanceId" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-amazon $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 19, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 24 + } + }, + { + "id": 1245337496198886, + "definition": { + "title": "Google Cloud", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 561986557086490, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "COUNT", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 5795808873799870, + "definition": { + "title": "Events Distribution by Severity", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.gcp.severity", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 7, + "height": 4 + } + }, + { + "id": 5956513688768584, + "definition": { + "title": "Events Distribution by Protocol", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.gcp.jsonPayload.protocol", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 7, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 3692677507540432, + "definition": { + "title": "Top 10 Instances", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.gcp.jsonPayload.vmInstanceName", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 7999724327545938, + "definition": { + "title": "Events Distribution by Response Code", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.gcp.jsonPayload.responseCode", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 8, + "height": 4 + } + }, + { + "id": 3677771879918620, + "definition": { + "title": "Top 10 Project", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.gcp.resource.labels.project_id", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 4527042803321536, + "definition": { + "title": "Top 10 Resource Location", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.gcp.resource.labels.location", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 5266120004018830, + "definition": { + "title": "Top 10 Source IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 6, + "height": 4 + } + }, + { + "id": 7230403095534432, + "definition": { + "title": "Top 10 Countries", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@GeoLocation.country_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-google-cloud $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 32, + "width": 12, + "height": 1 + } + }, + { + "id": 2354326830925852, + "definition": { + "title": "Office 365", + "background_color": "vivid_purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2794397708322768, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "datadog16", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 1022648219600948, + "definition": { + "title": "Suspicious Downloads", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-office365 @rule.id:91724 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 1875607446106454, + "definition": { + "title": "Full Access Permissions", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-office365 @rule.id:91725 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 6865881125768212, + "definition": { + "title": "Phishing and Malware", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-office365 @rule.id:(91556 OR 91575 OR 91700) $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 7330141338041320, + "definition": { + "title": "Top 10 Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 4, + "height": 4 + } + }, + { + "id": 4496883989739330, + "definition": { + "title": "Events Distribution by Result Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.office365.ResultStatus", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 4, + "y": 6, + "width": 8, + "height": 4 + } + }, + { + "id": 6961031451752228, + "definition": { + "title": "Distribution of Subscription by Users", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.office365.Subscription", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 12, + "height": 4 + } + }, + { + "id": 8537477015778756, + "definition": { + "title": "Top 10 Operations", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.office365.Operation", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 14, + "width": 4, + "height": 4 + } + }, + { + "id": 6834809132762262, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 14, + "width": 8, + "height": 4 + } + }, + { + "id": 6485155745934564, + "definition": { + "title": "Top 10 Client IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 18, + "width": 5, + "height": 4 + } + }, + { + "id": 6907998811205500, + "definition": { + "title": "Top 10 Countries", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@GeoLocation.country_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-office365 $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 5, + "y": 18, + "width": 7, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 33, + "width": 12, + "height": 1 + } + }, + { + "id": 4875838896961110, + "definition": { + "title": "GITHUB", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7702225747947318, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-github $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 2676818957173066, + "definition": { + "title": "Events Distribution by Users", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-github $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 7, + "height": 4 + } + }, + { + "id": 7550893216388226, + "definition": { + "title": "Top 10 Organizations", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.github.org", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-github $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 7, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 5076107730865302, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-github $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 7, + "height": 4 + } + }, + { + "id": 2785447412027712, + "definition": { + "title": "Top 10 Actions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.github.action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-github $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 7, + "y": 7, + "width": 5, + "height": 4 + } + }, + { + "id": 6220483431481606, + "definition": { + "title": "Geo-distribution of Actor Locations", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "geomap", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.github.actor_location.country_code", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-github $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 34, + "width": 12, + "height": 16 + } + }, + { + "id": 2395517531558770, + "definition": { + "title": "Docker", + "background_color": "vivid_purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7156208150716184, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:wazuh-docker $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "area" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 6865448806643654, + "definition": { + "title": "Top 10 Images", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.docker.Actor.Attributes.image", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-docker $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 3 + } + }, + { + "id": 5849290828564156, + "definition": { + "title": "Top 10 Actions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.docker.Action", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-docker $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 3, + "width": 6, + "height": 3 + } + }, + { + "id": 3432703269020372, + "definition": { + "title": "Top 10 Agents", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-docker $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 6, + "height": 3 + } + }, + { + "id": 5591909467352946, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:wazuh-docker $Service $Group $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 6, + "y": 6, + "width": 6, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 50, + "width": 12, + "height": 10 + } + }, + { + "id": 8180626602299470, + "definition": { + "title": "Cloud Security Event Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:(wazuh-docker OR wazuh-github OR wazuh-amazon OR wazuh-office365 OR wazuh-google-cloud) $Agent_Name $Manager_Name $Level $Service $Group ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Service", + "prefix": "service", + "available_values": [], + "default": "*" + }, + { + "name": "Group", + "prefix": "@rule.groups", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_file_integrity_monitoring.json b/wazuh/assets/dashboards/wazuh_file_integrity_monitoring.json new file mode 100644 index 0000000000000..625d76f473c3b --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_file_integrity_monitoring.json @@ -0,0 +1,1356 @@ +{ + "title": "Wazuh - File Integrity Monitoring", + "description": "File Integrity Monitoring dashboard provides comprehensive insights into file integrity monitoring events generated by Wazuh.", + "widgets": [ + { + "id": 4024669289646362, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 4494277148691096, + "definition": { + "title": "File Integrity Monitoring Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8719270230953014, + "definition": { + "title": "Total Events Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 1992525522216382, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 7, + "height": 3 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 7 + } + }, + { + "id": 5413429525032366, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nFile Integrity Monitoring dashboard provides comprehensive insights into file integrity monitoring events generated by Wazuh.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 2758352658220106, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 3 + } + }, + { + "id": 7924370448247518, + "definition": { + "title": "Events by Action Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.event", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 4 + } + }, + { + "id": 329408977384920, + "definition": { + "title": "File Integrity Monitoring Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2013497684674332, + "definition": { + "title": "Events Distribution by Actions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.event", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 5881951673117876, + "definition": { + "title": "Top Agents by Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@agent.name", + "limit": 1000, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 448436359486378, + "definition": { + "title": "Events Distribution by Changed Attributes", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.changed_attributes", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + }, + { + "id": 2551707350749488, + "definition": { + "title": "Top 10 Users", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.uname_after", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.id", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + }, + { + "id": 3020756436018874, + "definition": { + "title": "Added Files", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring @syscheck.event:added $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + }, + { + "id": 1870609086763558, + "definition": { + "title": "Modified Files", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring @syscheck.event:modified $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 4 + } + }, + { + "id": 8362556047285270, + "definition": { + "title": "Removed Files", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring @syscheck.event:deleted $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 20, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 14, + "width": 12, + "height": 25 + } + }, + { + "id": 771463225620538, + "definition": { + "title": "File Integrity Checksum", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4199236080682532, + "definition": { + "title": "Events Distribution by Actions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.event", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring @rule.id:(550 OR 553 OR 554 OR 555) $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 8468021606366272, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:file-integrity-monitoring @rule.id:(550 OR 553 OR 554 OR 555) $Agent_Name $Manager_Name $Level $Syscheck_Event $Status", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "syscheck.event", + "width": "auto" + }, + { + "field": "syscheck.changed_attributes", + "width": "auto" + }, + { + "field": "rule.description", + "width": "auto" + }, + { + "field": "content", + "width": "compact" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 39, + "width": 12, + "height": 5 + } + }, + { + "id": 6310523177866342, + "definition": { + "title": "Registry Key Integrity Checksum", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 661490468547602, + "definition": { + "title": "Events Distribution by Actions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.event", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring @rule.id:(594 OR 597 OR 598) $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 3712486923718272, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "time": {}, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:file-integrity-monitoring @rule.id:(594 OR 597 OR 598) $Agent_Name $Manager_Name $Level $Syscheck_Event $Status", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "syscheck.event", + "width": "auto" + }, + { + "field": "syscheck.changed_attributes", + "width": "auto" + }, + { + "field": "rule.description", + "width": "auto" + }, + { + "field": "content", + "width": "compact" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 44, + "width": 12, + "height": 5 + } + }, + { + "id": 952730505508422, + "definition": { + "title": "Registry Value Integrity Checksum", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7828775983506238, + "definition": { + "title": "Events Distribution by Actions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@syscheck.event", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:file-integrity-monitoring @rule.id:[750 TO 752] $Agent_Name $Manager_Name $Level $Syscheck_Event $Status" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 230204935135028, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "time": {}, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:file-integrity-monitoring @rule.id:[750 TO 752] $Agent_Name $Manager_Name $Level $Syscheck_Event $Status", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "syscheck.event", + "width": "auto" + }, + { + "field": "syscheck.changed_attributes", + "width": "auto" + }, + { + "field": "rule.description", + "width": "auto" + }, + { + "field": "content", + "width": "compact" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 49, + "width": 12, + "height": 5 + } + }, + { + "id": 2936146082947726, + "definition": { + "title": "File Integrity Monitoring Events Details", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:file-integrity-monitoring $Agent_Name $Manager_Name $Level $Syscheck_Event $Status", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "syscheck.changed_attributes", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Syscheck_Event", + "prefix": "@syscheck.event", + "available_values": [], + "default": "*" + }, + { + "name": "Status", + "prefix": "status", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_malware_detection.json b/wazuh/assets/dashboards/wazuh_malware_detection.json new file mode 100644 index 0000000000000..f239e575a2ae9 --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_malware_detection.json @@ -0,0 +1,549 @@ +{ + "title": "Wazuh - Malware Detection", + "description": "Malware Detection dashboard provides comprehensive insights into rootcheck events generated by Wazuh.", + "widgets": [ + { + "id": 3421047797740378, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 6068191936882372, + "definition": { + "title": "Malware Detection Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4355270808793430, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "hide_incomplete_cost_data": true + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 3829235507627962, + "definition": { + "title": "Total Events Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 255229142299270, + "definition": { + "title": "Top 10 Rule Levels", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.level", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 3, + "y": 3, + "width": 4, + "height": 4 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 8 + } + }, + { + "id": 1178455404503812, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nMalware Detection dashboard provides comprehensive insights into rootcheck events generated by Wazuh.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 5 + } + }, + { + "id": 7490666824574026, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + }, + { + "id": 6928351649089164, + "definition": { + "title": "Top 10 Affected Files", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.file", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 4931805386079628, + "definition": { + "title": "Top 10 Agents", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 4 + } + }, + { + "id": 1561981459458854, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:malware-detector $Agent_Name $Manager_Name $Level ", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_overview.json b/wazuh/assets/dashboards/wazuh_overview.json new file mode 100644 index 0000000000000..133ec2ad9fdaa --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_overview.json @@ -0,0 +1,1249 @@ +{ + "title": "Wazuh - Overview", + "description": "Wazuh provides a comprehensive security solution that detects, analyzes, and responds to threats across multiple IT infrastructure layers. Wazuh collects telemetry from endpoints, network devices, cloud workloads, third-party APIs, and other sources for unified security monitoring and protection.", + "widgets": [ + { + "id": 6348446344076584, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "cover", + "has_background": true, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 1853977853681626, + "definition": { + "title": "Event Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7958987691224374, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 546713173439682, + "definition": { + "title": "Total Event Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 3 + } + }, + { + "id": 8618808784283546, + "definition": { + "title": "Event Count by Service", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "service", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 2, + "y": 3, + "width": 5, + "height": 3 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 7 + } + }, + { + "id": 1331273711921418, + "definition": { + "type": "note", + "content": "\nWazuh provides a comprehensive security solution that detects, analyzes, and responds to threats across multiple IT infrastructure layers. Wazuh collects telemetry from endpoints, network devices, cloud workloads, third-party APIs, and other sources for unified security monitoring and protection.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 8103558959830770, + "definition": { + "type": "note", + "content": "| Level | Title | Description |\n| ---------- | ---------- | ----------|\n| 00 | Ignored | No action taken. Used to avoid false positives. These rules are scanned before all the others, include events with no security relevance and do not appear in the security event dashboard. |\n| 02 | System low priority notification | System notification or status messages. These have no security relevance and do not appear in the security event dashboard. |\n| 03 | System low priority notification | These include successful login attempts, firewall allow events, etc. |\n| 04 | System low priority error | Errors related to bad configurations or unused devices/applications. These have no security relevance and are usually caused by default installations or software testing. |\n| 05 | User generated error | These include missed passwords, denied actions, etc. By themselves, these have no security relevance. |\n|06 | Low relevance attack | These indicate a worm or a virus that has no effect on the system (like code red for Apache servers, etc). These also include frequent IDS events and frequent errors. |\n| 07 | \"Bad word\" matching | These include words like \"bad\", \"error\", etc. These events are most of the time unclassified and may have some security relevance. |\n| 08 | First time seen | Include first time seen events. First time an IDS event is fired or the first time a user logs in. It also includes security relevant actions such as the activation of a sniffer or similar activities. |\n| 09 | Error from invalid source | Include attempts to login as an unknown user or from an invalid source. May have security relevance (especially if repeated). These also include errors regarding the \"admin\" (root) account. |\n| 10 | Multiple user generated errors | These include multiple bad passwords, multiple failed logins, etc. These may indicate an attack or simply signal that a user has forgotten their credentials. |\n| 11 | Integrity checking warning | These include messages regarding the modification of binaries or the presence of rootkits (by Rootcheck). These may indicate a successful attack. Also included IDS events that will be ignored (high number of repetitions). |\n| 12 | High importance event | These include error or warning messages from the system, kernel, etc. These may indicate an attack against a specific application. |\n| 13 | Unusual error (high importance) | It matches a common attack pattern most of the time. |\n| 14 | High importance security event | It is triggered with correlation most of the time, and it indicates an attack. |\n| 15 | Severe attack | No chances of false positives. Immediate attention is necessary. |\n\nReference Link: https://documentation.wazuh.com/current/user-manual/ruleset/rules/rules-classification.html\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 5 + } + }, + { + "id": 6646248707273296, + "definition": { + "title": "Events Level Distribution (Level > 3)", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.level", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.level:>3 $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "never" + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 5 + } + }, + { + "id": 5829340058908242, + "definition": { + "title": "Error or Critical Events Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh status:(error OR critical) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 0, + "y": 5, + "width": 4, + "height": 3 + } + }, + { + "id": 6741392378103126, + "definition": { + "title": "Total Authentication Success Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.groups:authentication_success $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 5, + "width": 4, + "height": 3 + } + }, + { + "id": 3265693880274044, + "definition": { + "title": "Total Authentication Failed Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.groups:authentication_failed $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 5, + "width": 4, + "height": 3 + } + }, + { + "id": 587442089219928, + "definition": { + "title": "Top 10 Rules", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 5622536135026798, + "definition": { + "title": "Top 10 Agents", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 8, + "width": 6, + "height": 4 + } + }, + { + "id": 4384564956599440, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh $Agent_Name $Manager_Name $Level $Service $Group", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 5 + } + }, + { + "id": 4185348993152106, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4623916271966642, + "definition": { + "type": "note", + "content": "\nDatadog Cloud SIEM analyzes and correlates Wazuh logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](/security). ", + "background_color": "purple", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 1460345638454502, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh status:critical $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 5476757533653882, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh status:high $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 1379476249905458, + "definition": { + "title": "Critical Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh status:critical $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [ + { + "label": "View related Security Signals", + "link": "/security?query=@workflow.rule.name:{{@workflow.rule.name.value}}&column=time&order=desc&view=signal&start={{timestamp_widget_start}}&end={{timestamp_widget_end}}&paused=false" + } + ], + "style": {} + }, + "layout": { + "x": 4, + "y": 1, + "width": 8, + "height": 4 + } + }, + { + "id": 2880232965900544, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh status:medium $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 3273472547821490, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#ffb52b", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh status:low $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 3890991967630338, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#84c1e0", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh status:info $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "custom_links": [], + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 317314577134156, + "definition": { + "title": "High Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh status:high $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [ + { + "label": "View related Security Signals", + "link": "/security?query=@workflow.rule.name:{{@workflow.rule.name.value}}&column=time&order=desc&view=signal&start={{timestamp_widget_start}}&end={{timestamp_widget_end}}&paused=false" + } + ], + "style": {} + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 514638455017102, + "definition": { + "title": "Medium Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh status:medium $Agent_Name $Manager_Name $Level $Service $Group" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "custom_links": [ + { + "label": "View related Security Signals", + "link": "/security?query=@workflow.rule.name:{{@workflow.rule.name.value}}&column=time&order=desc&view=signal&start={{timestamp_widget_start}}&end={{timestamp_widget_end}}&paused=false" + } + ], + "style": {} + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 24, + "width": 12, + "height": 10 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Service", + "prefix": "service", + "available_values": [], + "default": "*" + }, + { + "name": "Group", + "prefix": "@rule.groups", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_security_operations.json b/wazuh/assets/dashboards/wazuh_security_operations.json new file mode 100644 index 0000000000000..32f108975df41 --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_security_operations.json @@ -0,0 +1,1376 @@ +{ + "title": "Wazuh - Security Operations", + "description": "Security Operations dashboard provides comprehensive insights into security requirement related information like PCI DSS, GDPR, HIPAA, NIST 800-53, TSC from Events.", + "widgets": [ + { + "id": 659977522045826, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 4028971359469922, + "definition": { + "title": "Security Operations Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2123298265834496, + "definition": { + "title": "Total Events with Security Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh (@rule.pci_dss:* OR @rule.tsc:* OR @rule.gdpr:* OR @rule.nist_800_53:* OR @rule.hipaa:*) $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 7769394477981692, + "definition": { + "title": "Security Requirement Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh (@rule.pci_dss:* OR @rule.tsc:* OR @rule.gdpr:* OR @rule.nist_800_53:* OR @rule.hipaa:*) $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 8 + } + }, + { + "id": 7604364197333406, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nSecurity Operations dashboard provides comprehensive insights into security requirement related information like PCI DSS, GDPR, HIPAA, NIST 800-53, TSC from Events.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 5 + } + }, + { + "id": 2048602689858436, + "definition": { + "title": "PCI DSS", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1144093616807694, + "definition": { + "title": "Events Counts with PCI DSS Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.pci_dss:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 1974780754823316, + "definition": { + "title": "Event Count of PCI DSS Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.pci_dss", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.pci_dss:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 7 + } + }, + { + "id": 5268880744823144, + "definition": { + "title": "Top 10 Rules with PCI DSS Requirements", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.pci_dss:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 8 + } + }, + { + "id": 7720483941389346, + "definition": { + "title": "GDPR", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8869749848032790, + "definition": { + "title": "Events Count with GDPR Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.gdpr:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 2072584630965960, + "definition": { + "title": "Event Count of GDPR Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.gdpr", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.gdpr:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 7 + } + }, + { + "id": 4615541744804000, + "definition": { + "title": "Top 10 Rules with GDPR Requirements ", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.gdpr:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 8 + } + }, + { + "id": 6154096858104650, + "definition": { + "title": "HIPAA", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4365777638872602, + "definition": { + "title": "Events Count with HIPAA Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.hipaa:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 6333749761980034, + "definition": { + "title": "Event Count of HIPAA Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.hipaa", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.hipaa:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 7 + } + }, + { + "id": 3411386705914300, + "definition": { + "title": "Top 10 Rules with HIPAA Requirements", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.hipaa:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 24, + "width": 12, + "height": 8 + } + }, + { + "id": 2725338051777554, + "definition": { + "title": "NIST 800-53", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3030073106892164, + "definition": { + "title": "Events count with NIST 800-53 requirements", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.nist_800_53:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 888882234752200, + "definition": { + "title": "Event count of NIST 800-53 Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.nist_800_53", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.nist_800_53:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 7 + } + }, + { + "id": 5942697126017822, + "definition": { + "title": "Top 10 Rules with NIST 800-53 requirements ", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.nist_800_53:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 32, + "width": 12, + "height": 8 + } + }, + { + "id": 8095667855962074, + "definition": { + "title": "TSC", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5586127486730564, + "definition": { + "title": "Events count with TSC requirements", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh @rule.tsc:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 166034171012158, + "definition": { + "title": "Event Count of TSC Requirements", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.tsc", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.tsc:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 7 + } + }, + { + "id": 7677757863899770, + "definition": { + "title": "Top 10 Rules with TSC Requirements", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.description", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh @rule.tsc:* $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 40, + "width": 12, + "height": 8 + } + }, + { + "id": 6535282856367696, + "definition": { + "title": "Security Operations Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh (@rule.pci_dss:* OR @rule.tsc:* OR @rule.gdpr:* OR @rule.nist_800_53:* OR @rule.hipaa:*) $Agent_Name $Manager_Name $Level $Service $Group $PCI_DSS $GDPR $HIPAA $NIST_800_53 $TSC ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "rule.pci_dss", + "width": "auto" + }, + { + "field": "rule.gdpr", + "width": "auto" + }, + { + "field": "rule.hipaa", + "width": "auto" + }, + { + "field": "rule.nist_800_53", + "width": "auto" + }, + { + "field": "rule.tsc", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Service", + "prefix": "service", + "available_values": [], + "default": "*" + }, + { + "name": "Group", + "prefix": "@rule.groups", + "available_values": [], + "default": "*" + }, + { + "name": "PCI_DSS", + "prefix": "@rule.pci_dss", + "available_values": [], + "default": "*" + }, + { + "name": "GDPR", + "prefix": "@rule.gdpr", + "available_values": [], + "default": "*" + }, + { + "name": "HIPAA", + "prefix": "@rule.hipaa", + "available_values": [], + "default": "*" + }, + { + "name": "NIST_800_53", + "prefix": "@rule.nist_800_53", + "available_values": [], + "default": "*" + }, + { + "name": "TSC", + "prefix": "@rule.tsc", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_system.json b/wazuh/assets/dashboards/wazuh_system.json new file mode 100644 index 0000000000000..4c7a24c4a79e9 --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_system.json @@ -0,0 +1,2289 @@ +{ + "title": "Wazuh - System", + "description": "System Dashboard offers a comprehensive summary of Wazuh events for services like SSHD, PAM, Windows, Syslog, FTPD, DPKG, YUM.", + "widgets": [ + { + "id": 4087507448996678, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 1677921339827388, + "definition": { + "title": "System Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 442076009473208, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": { + "hide_incomplete_cost_data": true + }, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Event", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 807392182347004, + "definition": { + "title": "Total Events Count", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 7475578766639274, + "definition": { + "title": "Events Distribution by Rule Level", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@rule.level", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "never" + }, + "layout": { + "x": 3, + "y": 3, + "width": 4, + "height": 4 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 8 + } + }, + { + "id": 4843648181281802, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nSystem Dashboard offers a comprehensive summary of Wazuh events for services like SSHD, PAM, Windows, Syslog, FTPD, DPKG, YUM.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 5 + } + }, + { + "id": 293055881057102, + "definition": { + "title": "Windows", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 6633030749462436, + "definition": { + "title": "Total Windows Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:windows $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 2737863318490500, + "definition": { + "title": "Windows System Error Alerts", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.groups:(system_error windows) $Agent_Name $Manager_Name $Level $Service $Group ", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 4 + } + }, + { + "id": 7179567743066542, + "definition": { + "title": "Group Changed Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.groups:group_changed $Agent_Name $Manager_Name $Level $Service $Group ", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "rule.description", + "width": "auto" + }, + { + "field": "full_log", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + }, + { + "id": 5804276721412176, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.groups:windows $Agent_Name $Manager_Name $Level $Service $Group", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "message", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 13 + } + }, + { + "id": 6561100401353856, + "definition": { + "title": "PAM", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4098547939003020, + "definition": { + "title": "Total PAM Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:pam $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 3279306525749082, + "definition": { + "title": "Authentication Failed Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:(pam authentication_failed) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 3001234188052714, + "definition": { + "title": "Invalid Login Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:(pam invalid_login) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">=", + "value": 1, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 3977832210879388, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.groups:pam $Agent_Name $Manager_Name $Level $Service $Group", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "message", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 21, + "width": 12, + "height": 9 + } + }, + { + "id": 7563583504446370, + "definition": { + "title": "SSHD", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7839476564361440, + "definition": { + "title": "Total SSHD Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:sshd $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 2, + "height": 4 + } + }, + { + "id": 1752579454795136, + "definition": { + "title": "Count of Multiple Authentication Failure Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:(authentication_failures sshd) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4385002891723170, + "definition": { + "title": "Count of Authentication Failed Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:(sshd authentication_failed) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 2580501997053630, + "definition": { + "title": "Count of Invalid Login Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:(sshd invalid_login) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 6868930633346486, + "definition": { + "title": "Top 10 Maximum Failed Authentication Source IPs", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:(sshd authentication_failed) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 2106925902158378, + "definition": { + "title": "Geo-Distributed Failed Authentication Source IPs", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:(sshd authentication_failed) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, + { + "id": 5571068253243182, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.groups:sshd $Agent_Name $Manager_Name $Level $Service $Group", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 8, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 30, + "width": 12, + "height": 13 + } + }, + { + "id": 4609175900676718, + "definition": { + "title": "Syslog", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5113274333691136, + "definition": { + "title": "Total Syslog Events Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:syslog $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 17451418834084, + "definition": { + "title": "Illegal Port Connection by Source", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.id:2551 $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 1230597184231180, + "definition": { + "title": "Top 10 Access Denied Source IP", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.id:2503 $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 3352179480576314, + "definition": { + "title": "Top 10 Authentication Failed Events By Source IP", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:(syslog authentication_failed) $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 2474681446510698, + "definition": { + "title": "Log Details of New User Added to System", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.id:5902 $Agent_Name $Manager_Name $Level $Service $Group", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "usr.id", + "width": "auto" + }, + { + "field": "rule.description", + "width": "auto" + }, + { + "field": "message", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 43, + "width": 12, + "height": 9 + } + }, + { + "id": 8543804388564854, + "definition": { + "title": "FTPD", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3450376916341706, + "definition": { + "title": "Total FTPD Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:ftpd $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 6036318236451164, + "definition": { + "title": "Top 10 Connection Refused Sources", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.id:11107 $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 4 + } + }, + { + "id": 3526360098795738, + "definition": { + "title": "Disconnected User List", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system @rule.id:11110 $Agent_Name $Manager_Name $Level $Service $Group", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "host", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.description", + "width": "auto" + }, + { + "field": "message", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 52, + "width": 12, + "height": 9 + } + }, + { + "id": 3413580681201012, + "definition": { + "title": "DPKG", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7816341086919750, + "definition": { + "title": "Total DPKG Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:dpkg $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 2, + "height": 4 + } + }, + { + "id": 2745252369514204, + "definition": { + "title": "Top 10 Debian Package Installed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.package", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:dpkg @data.dpkg_status:install $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 2, + "y": 0, + "width": 5, + "height": 4 + } + }, + { + "id": 7668126053378424, + "definition": { + "title": "Top 10 Debian Package Removed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.package", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:dpkg @data.dpkg_status:remove $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 7, + "y": 0, + "width": 5, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 61, + "width": 12, + "height": 5 + } + }, + { + "id": 4987188962040138, + "definition": { + "title": "Yum", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 178050723312040, + "definition": { + "title": "Total Yum Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:system @rule.groups:yum $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 2096218428893638, + "definition": { + "title": "Top 10 Yum Packages Installed", + "title_size": "16", + "title_align": "left", + "time": { + "hide_incomplete_cost_data": true + }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.package", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:yum @data.yum_status:Installed $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 3103992120177378, + "definition": { + "title": "Top 10 Yum Package Updated", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.package", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:yum @data.yum_status:Updated $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 3, + "height": 4 + } + }, + { + "id": 2491992843098420, + "definition": { + "title": "Top 10 Yum Package Removed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.package", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:system @rule.groups:yum @data.yum_status:Erased $Agent_Name $Manager_Name $Level $Service $Group" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 9, + "y": 0, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 66, + "width": 12, + "height": 5 + } + }, + { + "id": 6435847721864372, + "definition": { + "title": "Events Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8513797087942712, + "definition": { + "title": "System Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:system $Agent_Name $Manager_Name $Level $Service $Group ", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 71, + "width": 12, + "height": 5 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Service", + "prefix": "service", + "available_values": [], + "default": "*" + }, + { + "name": "Group", + "prefix": "@rule.groups", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/dashboards/wazuh_vulnerability_detection.json b/wazuh/assets/dashboards/wazuh_vulnerability_detection.json new file mode 100644 index 0000000000000..136325efad30b --- /dev/null +++ b/wazuh/assets/dashboards/wazuh_vulnerability_detection.json @@ -0,0 +1,857 @@ +{ + "title": "Wazuh - Vulnerability Detection", + "description": "Vulnerability Detection dashboard provides comprehensive insights into vulnerabilities found in system by Wazuh.", + "widgets": [ + { + "id": 3241695104934894, + "definition": { + "type": "image", + "url": "https://wazuh.com/brand-assets/Wazuh-Logo.png", + "url_dark_theme": "https://wazuh.com/wp-content/themes/wazuh-v3/assets/images/trademark-and-brand-policy/Wazuh-logo-dark-backgroud.png", + "sizing": "contain", + "margin": "sm", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 7731090086808488, + "definition": { + "title": "Vulnerability Detection Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2346227907404976, + "definition": { + "title": "Total Events Count", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:vulnerability-detector $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 995966523828360, + "definition": { + "title": "Events Over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Count", + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:vulnerability-detector $Agent_Name $Manager_Name $Level $Vulnerability_Status $Vulnerability_Severity" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 7, + "height": 3 + } + } + ] + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 7 + } + }, + { + "id": 3722981187393880, + "definition": { + "type": "note", + "content": "**Dashboard Overview**\n\nVulnerability Detection dashboard provides comprehensive insights into vulnerabilities found in system by Wazuh.\n\nFor more information, see the [Wazuh Integration Documentation](https://docs.datadoghq.com/integrations/wazuh/)\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.\n", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 3142797663078644, + "definition": { + "title": "Vulnerability Detection Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1547241309851244, + "definition": { + "title": "Total Critical Severity Vulnerability Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:vulnerability-detector @data.vulnerability.severity:Critical $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 6089716315812684, + "definition": { + "title": "Total High Severity Vulnerability Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:vulnerability-detector @data.vulnerability.severity:High $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 5165112387972246, + "definition": { + "title": "Total Medium Severity Vulnerability Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:vulnerability-detector @data.vulnerability.severity:Medium $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 0, + "width": 4, + "height": 3 + } + }, + { + "id": 2245291057741448, + "definition": { + "title": "Total Low Severity Vulnerability Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:wazuh service:vulnerability-detector @data.vulnerability.severity:Low $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 2718749144291254, + "definition": { + "title": "Top 10 Latest Critical Vulnerability", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.vulnerability.cve", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@timestamp", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:vulnerability-detector @data.vulnerability.status:Active @data.vulnerability.severity:Critical $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "order_by": [ + { + "type": "group", + "name": "@timestamp", + "order": "desc" + } + ], + "count": 100 + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 3 + } + }, + { + "id": 4792903542761758, + "definition": { + "title": "Top 10 CVE", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.vulnerability.cve", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:vulnerability-detector $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 6, + "height": 4 + } + }, + { + "id": 8489421953906876, + "definition": { + "title": "Top 10 Agents with Vulnerability Events", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@agent.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:vulnerability-detector $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 6, + "width": 6, + "height": 4 + } + }, + { + "id": 8596195345126224, + "definition": { + "title": "Top 10 Vulnerability Assigner", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.vulnerability.assigner", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:vulnerability-detector $Agent_Name $Manager_Name $Level $Vulnerability_Status $Vulnerability_Severity" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 10, + "width": 4, + "height": 4 + } + }, + { + "id": 3667365058893686, + "definition": { + "title": " Packages Affected by Vulnerability", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@data.vulnerability.package.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@data.vulnerability.severity", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:wazuh service:vulnerability-detector $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "COUNT", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 10, + "width": 8, + "height": 4 + } + }, + { + "id": 1144249679581738, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:wazuh service:vulnerability-detector $Vulnerability_Severity $Vulnerability_Status $Level $Manager_Name $Agent_Name ", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "service", + "width": "auto" + }, + { + "field": "agent.name", + "width": "auto" + }, + { + "field": "rule.level", + "width": "auto" + }, + { + "field": "rule.id", + "width": "auto" + }, + { + "field": "rule.groups", + "width": "auto" + }, + { + "field": "content", + "width": "full" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 14, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 19 + } + } + ], + "template_variables": [ + { + "name": "Agent_Name", + "prefix": "@agent.name", + "available_values": [], + "default": "*" + }, + { + "name": "Manager_Name", + "prefix": "@manager.name", + "available_values": [], + "default": "*" + }, + { + "name": "Level", + "prefix": "@rule.level", + "available_values": [ + "0", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9", + "10", + "11", + "12", + "13", + "14", + "15" + ], + "default": "*" + }, + { + "name": "Vulnerability_Status", + "prefix": "@data.vulnerability.status", + "available_values": [], + "default": "*" + }, + { + "name": "Vulnerability_Severity", + "prefix": "@data.vulnerability.severity", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/wazuh/assets/logs/wazuh.yaml b/wazuh/assets/logs/wazuh.yaml new file mode 100644 index 0000000000000..de9d1d576db77 --- /dev/null +++ b/wazuh/assets/logs/wazuh.yaml @@ -0,0 +1,471 @@ +id: wazuh +metric_id: wazuh +backend_only: false +facets: + - groups: + - Web Access + name: URL Path + path: http.url + source: log + - groups: + - Web Access + name: URL Host + path: http.url_details.host + source: log + - groups: + - Web Access + name: URL Path + path: http.url_details.path + source: log + - groups: + - Web Access + name: URL Port + path: http.url_details.port + source: log + - groups: + - Web Access + name: URL scheme + path: http.url_details.scheme + source: log + - groups: + - Geoip + name: City Name + path: network.client.geoip.city.name + source: log + - groups: + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name + source: log + - groups: + - Web Access + name: Client IP + path: network.client.ip + source: log + - groups: + - Web Access + name: Client Port + path: network.client.port + source: log + - groups: + - Geoip + name: Destination City Name + path: network.destination.geoip.city.name + source: log + - groups: + - Geoip + name: Destination Continent Code + path: network.destination.geoip.continent.code + source: log + - groups: + - Geoip + name: Destination Continent Name + path: network.destination.geoip.continent.name + source: log + - groups: + - Geoip + name: Destination Country ISO Code + path: network.destination.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Destination Country Name + path: network.destination.geoip.country.name + source: log + - groups: + - Geoip + name: Destination Subdivision ISO Code + path: network.destination.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Destination Subdivision Name + path: network.destination.geoip.subdivision.name + source: log + - groups: + - Web Access + name: Destination IP + path: network.destination.ip + source: log + - groups: + - Web Access + name: Destination Port + path: network.destination.port + source: log + - groups: + - User + name: User Email + path: usr.email + source: log + - groups: + - User + name: User ID + path: usr.id + source: log + - groups: + - User + name: User Name + path: usr.name + source: log +pipeline: + type: pipeline + name: Wazuh + enabled: true + filter: + query: "source:wazuh" + processors: + - type: grok-parser + name: Parsing wazuh alerts + enabled: true + source: message + samples: + - '<132>Sep 13 13:21:06 ub20-host ossec: + {"timestamp":"2024-09-13T13:21:06.262+0530","rule":{"level":3,"description":"Successful + sudo to ROOT + executed.","id":"5402","mitre":{"id":["T1548.003"],"tactic":["Privilege + Escalation","Defense Evasion"],"technique":["Sudo and Sudo + Caching"]},"firedtimes":3,"mail":false,"groups":["syslog","sudo"],"pci_dss":["10.2.5","10.2.2"],"gpg13":["7.6","7.8","7.13"],"gdpr":["IV_32.2"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7","AC.6"],"tsc":["CC6.8","CC7.2","CC7.3"]},"agent":{"id":"000","name":"ub20-host"},"manager":{"name":"ub20-host"},"id":"1726213866.2869025","full_log":"Sep + 13 13:21:04 ub20-host sudo: root : TTY=pts/13 ; PWD=/home/devuser + ; USER=root ; COMMAND=/usr/bin/nano + /var/ossec/etc/ossec.conf","predecoder":{"program_name":"sudo","timestamp":"Sep + 13 + 13:21:04","hostname":"ub20-host"},"decoder":{"parent":"sudo","name":"sudo","ftscomment":"First + time user executed the sudo + command"},"data":{"srcuser":"root","dstuser":"root","tty":"pts/13","pwd":"/home/devuser","command":"/usr/bin/nano + /var/ossec/etc/ossec.conf"},"location":"/var/log/auth.log"}' + - '<132>Sep 13 06:57:24 ub20-host ossec: + {"timestamp":"2024-09-13T06:57:24.370+0530","rule":{"level":7,"description":"New + dpkg (Debian Package) + installed.","id":"2902","firedtimes":4,"mail":false,"groups":["syslog","dpkg","config_changed"],"pci_dss":["10.6.1","10.2.7"],"gpg13":["4.10"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6","AU.14"],"tsc":["CC7.2","CC7.3","CC6.8","CC8.1"]},"agent":{"id":"000","name":"ub20-host"},"manager":{"name":"ub20-host"},"id":"1726190844.1166546","full_log":"2024-09-13 + 06:57:23 status installed python3-setuptools:all + 59.6.0-1.2ubuntu0.22.04.2","decoder":{"name":"dpkg-decoder"},"data":{"dpkg_status":"status + installed","package":"python3-setuptools","arch":"all","version":"59.6.0-1.2ubuntu0.22.04.2"},"location":"/var/log/dpkg.log"}' + - '<132>Sep 12 17:26:07 ub20-host ossec: + {"timestamp":"2024-09-12T17:26:07.096+0530","rule":{"level":5,"description":"sshd: + Attempt to login using a non-existent + user","id":"5710","firedtimes":4,"mail":false,"groups":["syslog","sshd","authentication_failed","invalid_login"],"gdpr":["IV_35.7.d","IV_32.2"],"gpg13":["7.1"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7","AU.6"],"pci_dss":["10.2.4","10.2.5","10.6.1"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"009","name":"test","ip":"10.10.10.10"},"manager":{"name":"ub20-host"},"id":"1726142167.5280471","full_log":"Sep + 12 17:26:06 test sshd[648303]: Disconnecting invalid user admin + 10.10.10.10 port 65182: Too many authentication failures + [preauth]","predecoder":{"program_name":"sshd","timestamp":"Sep 12 + 17:26:06","hostname":"test"},"decoder":{"parent":"sshd","name":"sshd"},"data":{"srcip":"10.10.10.10","srcport":"65182","srcuser":"admin"},"location":"/var/log/auth.log"}' + - '<132>Sep 12 15:52:53 ub20-host ossec: + {"timestamp":"2024-09-12T15:52:53.997+0530","rule":{"level":3,"description":"CIS + Ubuntu Linux 22.04 LTS Benchmark v1.0.0.: Ensure all groups in + /etc/passwd exist in + /etc/group.","id":"19008","firedtimes":161,"mail":false,"groups":["sca"],"gdpr":["IV_35.7.d"],"pci_dss":["2.2"],"nist_800_53":["CM.1"],"tsc":["CC7.1","CC7.2"],"cis":["6.2.3"],"mitre_mitigations":["M1027"],"mitre_tactics":["TA0003"],"mitre_techniques":["T1222","T1222.002"]},"agent":{"id":"009","name":"test","ip":"10.10.10.10"},"manager":{"name":"ub20-host"},"id":"1726136573.4870334","decoder":{"name":"sca"},"data":{"sca":{"type":"check","scan_id":"305863468","policy":"CIS + Ubuntu Linux 22.04 LTS Benchmark + v1.0.0.","check":{"id":"28680","title":"Ensure all groups in + /etc/passwd exist in /etc/group.","description":"Over time, system + administration errors and changes can lead to groups being defined in + /etc/passwd but not in /etc/group.","rationale":"Groups defined in the + /etc/passwd file but not in the /etc/group file pose a threat to + system security since group permissions are not properly + managed.","remediation":"Analyze the output of the Audit step above + and perform the appropriate action to correct any discrepancies + found.","compliance":{"cis":"6.2.3","mitre_mitigations":"M1027","mitre_tactics":"TA0003","mitre_techniques":"T1222,T1222.002"},"file":["/etc/group"],"result":"passed"}}},"location":"sca"}' + - '<132>Sep 13 12:06:18 ub20-host ossec: + {"timestamp":"2024-09-13T12:06:18.798+0530","rule":{"level":3,"description":"Service + startup type was changed","id":"61104","info":"This does not appear to + be logged on Windows + 2000","firedtimes":2,"mail":false,"groups":["windows","windows_system","policy_changed"],"pci_dss":["10.6"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"tsc":["CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"007","name":"win1-1-1-1","ip":"10.10.10.10"},"manager":{"name":"ub20-host"},"id":"1726209378.2623069","decoder":{"name":"windows_eventchannel"},"data":{"win":{"system":{"providerName":"Service + Control + Manager","providerGuid":"{555908d1-a6d7-4695-8e1e-26931d2012f4}","eventSourceName":"Service + Control + Manager","eventID":"7040","version":"0","level":"4","task":"0","opcode":"0","keywords":"0x8080000000000000","systemTime":"2024-09-13T06:36:17.6181876Z","eventRecordID":"8694","processID":"832","threadID":"10120","channel":"System","computer":"win1-1-1-1","severityValue":"INFORMATION","message":"\"The + start type of the Background Intelligent Transfer Service service was + changed from auto start to demand + start.\""},"eventdata":{"param1":"Background Intelligent Transfer + Service","param2":"auto start","param3":"demand + start","param4":"BITS"}}},"location":"EventChannel"}' + grok: + supportRules: "" + matchRules: 'wazuh_alert_parsing_rule (<%{integer}>)?(%{date("MMM d + HH:mm:ss")}|%{date("MMM d HH:mm:ss")}) + %{notSpace:syslog.hostname:nullIf("-")} + %{notSpace:syslog.appname:nullIf("-")}: %{data::json}' + - name: Assign `status` attribute from `rule.level` value + enabled: true + source: rule.level + target: status + lookupTable: |- + 0,information + 1,information + 2,information + 3,information + 4,information + 5,information + 6,information + 7,warning + 8,warning + 9,warning + 10,warning + 11,warning + 12,error + 13,error + 14,error + 15,critical + type: lookup-processor + - type: date-remapper + name: Define `timestamp` as the official date of the log + enabled: true + sources: + - timestamp + - type: category-processor + name: Define `service` from `rule.groups` + enabled: true + categories: + - filter: + query: "@rule.groups:syscheck" + name: file-integrity-monitoring + - filter: + query: "@rule.groups:vulnerability-detector" + name: vulnerability-detector + - filter: + query: "@rule.groups:rootcheck" + name: malware-detector + - filter: + query: "@rule.groups:github" + name: wazuh-github + - filter: + query: "@rule.groups:gcp" + name: wazuh-google-cloud + - filter: + query: "@rule.groups:amazon" + name: wazuh-amazon + - filter: + query: "@rule.groups:office365" + name: wazuh-office365 + - filter: + query: "@rule.groups:docker" + name: wazuh-docker + - name: system + filter: + query: "@rule.groups:(sshd OR pam OR wazuh OR ossec OR su OR sudo OR adduser OR + ftpd OR windows OR dpkg OR yum OR syslog)" + target: service + - type: category-processor + name: Define `service` value as `other` for other rule groups + enabled: true + categories: + - filter: + query: -@service:(file-integrity-monitoring OR vulnerability-detector OR + malware-detector OR wazuh-github OR wazuh-google-cloud OR + wazuh-amazon OR wazuh-office365 OR wazuh-docker OR system) + name: other + target: service + - type: service-remapper + name: Define `service` as the official service of the log + enabled: true + sources: + - service + - type: attribute-remapper + name: Map `data.github.actor` to `usr.name` + enabled: true + sources: + - data.github.actor + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.gcp.jsonPayload.sourceIP` to `network.client.ip` + enabled: true + sources: + - data.gcp.jsonPayload.sourceIP + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.office365.UserId` to `usr.email` + enabled: true + sources: + - data.office365.UserId + sourceType: attribute + target: usr.email + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.office365.ClientIP` to `network.client.ip` + enabled: true + sources: + - data.office365.ClientIP + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.src_ip` to `network.client.ip` + enabled: true + sources: + - data.src_ip + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.srcip` to `network.client.ip` + enabled: true + sources: + - data.srcip + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.srcport` to `network.client.port` + enabled: true + sources: + - data.srcport + sourceType: attribute + target: network.client.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.uid` to `usr.id` + enabled: true + sources: + - data.uid + sourceType: attribute + target: usr.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.srcuser` to `usr.name` + enabled: true + sources: + - data.srcuser + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.dstip` to `network.destination.ip` + enabled: true + sources: + - data.dstip + sourceType: attribute + target: network.destination.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.dstport` to `network.destination.port` + enabled: true + sources: + - data.dstport + sourceType: attribute + target: network.destination.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.src_port` to `network.client.port` + enabled: true + sources: + - data.src_port + sourceType: attribute + target: network.client.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `data.url` to `http.url` + enabled: true + sources: + - data.url + sourceType: attribute + target: http.url + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: status-remapper + name: Define `status` as the official status of the log + enabled: true + sources: + - status + - type: geo-ip-parser + name: Define `network.client.ip` as default geoip attribute for source + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: geo-ip-parser + name: Define `network.destination.ip` as default geoip attribute for destination + enabled: true + sources: + - network.destination.ip + target: network.destination.geoip + ip_processing_behavior: do-nothing + - type: url-parser + name: Extracts information from `http.url` + enabled: true + sources: + - http.url + target: http.url_details + normalizeEndingSlashes: false + - type: pipeline + name: Processing of Yum Logs + enabled: true + filter: + query: "@rule.groups:yum" + processors: + - type: grok-parser + name: Parse yum logs + enabled: true + source: full_log + samples: + - "Dec 17 07:05:06 ax yum: Installed: libX11-devel - + 1.0.3-9.el5.i386" + - "Oct 8 07:17:27 ax yum[61038]: Erased: + file-roller-3.28.1-2.el7.x86_64" + - | + Aug 20 12:46:57 Installed: device-mapper-event.i386 1.02.24-1.el5 + - "Aug 20 12:51:21 Erased: libhugetlbfs-lib" + - | + Aug 20 12:45:56 Updated: perl.i386 4:5.8.8-10.el5_2.3 + grok: + supportRules: |- + DATETIME (%{date("MMM d HH:mm:ss"):}|%{date("MMM d HH:mm:ss"):}) + SKIPHEADER %{regex("[^:]*"):} + matchRules: >- + yum_package_parsing_rule %{DATETIME} %{SKIPHEADER}: + %{word:data.yum_status}: %{data:data.package} + + + yum_package_parsing_rule_2 %{DATETIME} %{word:data.yum_status}: %{data:data.package} diff --git a/wazuh/assets/logs/wazuh_tests.yaml b/wazuh/assets/logs/wazuh_tests.yaml new file mode 100644 index 0000000000000..6848d4c6320ab --- /dev/null +++ b/wazuh/assets/logs/wazuh_tests.yaml @@ -0,0 +1,912 @@ +id: wazuh +tests: + - + sample: |- + <132>Sep 23 05:55:30 ub20 ossec: {"timestamp":"2024-09-23T05:55:30","rule":{"level":5,"description":"Registry Value Integrity Checksum Changed","id":"750","mitre":{"id":["T1565.001","T1112"],"tactic":["Impact","Defense Evasion"],"technique":["Stored Data Manipulation","Modify Registry"]},"firedtimes":11,"mail":false,"groups":["ossec","syscheck","syscheck_entry_modified","syscheck_registry"],"pci_dss":["11.5"],"gpg13":["4.13"],"gdpr":["II_5.1.f"],"hipaa":["164.312.c.1","164.312.c.2"],"nist_800_53":["SI.7"],"tsc":["PI1.4","PI1.5","CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"007","name":"ub20","ip":"10.10.10.10"},"manager":{"name":"ub20"},"id":"1727051130.307309","full_log":"Registry Value '[x32] HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bam\\State\\UserSettings\\S-1-5-21-407847833-942180688-1368611096-1010\\\\Device\\HarddiskVolume3\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe' modified + Mode: scheduled + Changed attributes: md5,sha1,sha256 + Old md5sum was: '4846b4c5616e0c64cb5b8e819ab04f89' + New md5sum is : '0ee93c27cf42e2da3604b882ee45532b' + Old sha1sum was: 'f532d82856fe2caa1855cfac46db8ef15a86e89c' + New sha1sum is : '19c0cef959812a95c7ac12d465ec400df796f952' + Old sha256sum was: '578954f71e55ba6b255e4cdb349bb7c1f981eeeb04ed05f7ad1855a8f389d2c9' + New sha256sum is : 'da42382c2410098d76ebee82fc73a696224433c82deff26fb5ff1c796b3f7bdc' + ","syscheck":{"path":"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bam\\State\\UserSettings\\S-1-5-21-407847833-942180688-1368611096-1010","mode":"scheduled","arch":"[x32]","value_name":"\\Device\\HarddiskVolume3\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe","value_type":"REG_BINARY","size_after":"24","md5_before":"4846b4c5616e0c64cb5b8e819ab04f89","md5_after":"0ee93c27cf42e2da3604b882ee45532b","sha1_before":"f532d82856fe2caa1855cfac46db8ef15a86e89c","sha1_after":"19c0cef959812a95c7ac12d465ec400df796f952","sha256_before":"578954f71e55ba6b255e4cdb349bb7c1f981eeeb04ed05f7ad1855a8f389d2c9","sha256_after":"da42382c2410098d76ebee82fc73a696224433c82deff26fb5ff1c796b3f7bdc","changed_attributes":["md5","sha1","sha256"],"event":"modified"},"decoder":{"name":"syscheck_registry_value_modified"},"location":"syscheck"} + service: "file-integrity-monitoring" + result: + custom: + agent: + id: "007" + ip: "10.10.10.10" + name: "ub20" + decoder: + name: "syscheck_registry_value_modified" + full_log: | + Registry Value '[x32] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-407847833-942180688-1368611096-1010\\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' modified + Mode: scheduled + Changed attributes: md5,sha1,sha256 + Old md5sum was: '4846b4c5616e0c64cb5b8e819ab04f89' + New md5sum is : '0ee93c27cf42e2da3604b882ee45532b' + Old sha1sum was: 'f532d82856fe2caa1855cfac46db8ef15a86e89c' + New sha1sum is : '19c0cef959812a95c7ac12d465ec400df796f952' + Old sha256sum was: '578954f71e55ba6b255e4cdb349bb7c1f981eeeb04ed05f7ad1855a8f389d2c9' + New sha256sum is : 'da42382c2410098d76ebee82fc73a696224433c82deff26fb5ff1c796b3f7bdc' + id: "1727051130.307309" + location: "syscheck" + manager: + name: "ub20" + rule: + description: "Registry Value Integrity Checksum Changed" + firedtimes: 11 + gdpr: + - "II_5.1.f" + gpg13: + - "4.13" + groups: + - "ossec" + - "syscheck" + - "syscheck_entry_modified" + - "syscheck_registry" + hipaa: + - "164.312.c.1" + - "164.312.c.2" + id: "750" + level: 5 + mail: false + mitre: + id: + - "T1565.001" + - "T1112" + tactic: + - "Impact" + - "Defense Evasion" + technique: + - "Stored Data Manipulation" + - "Modify Registry" + nist_800_53: + - "SI.7" + pci_dss: + - "11.5" + tsc: + - "PI1.4" + - "PI1.5" + - "CC6.1" + - "CC6.8" + - "CC7.2" + - "CC7.3" + service: "file-integrity-monitoring" + status: "information" + syscheck: + arch: "[x32]" + changed_attributes: + - "md5" + - "sha1" + - "sha256" + event: "modified" + md5_after: "0ee93c27cf42e2da3604b882ee45532b" + md5_before: "4846b4c5616e0c64cb5b8e819ab04f89" + mode: "scheduled" + path: "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bam\\State\\UserSettings\\S-1-5-21-407847833-942180688-1368611096-1010" + sha1_after: "19c0cef959812a95c7ac12d465ec400df796f952" + sha1_before: "f532d82856fe2caa1855cfac46db8ef15a86e89c" + sha256_after: "da42382c2410098d76ebee82fc73a696224433c82deff26fb5ff1c796b3f7bdc" + sha256_before: "578954f71e55ba6b255e4cdb349bb7c1f981eeeb04ed05f7ad1855a8f389d2c9" + size_after: "24" + value_name: "\\Device\\HarddiskVolume3\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" + value_type: "REG_BINARY" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-23T05:55:30" + message: |- + <132>Sep 23 05:55:30 ub20 ossec: {"timestamp":"2024-09-23T05:55:30","rule":{"level":5,"description":"Registry Value Integrity Checksum Changed","id":"750","mitre":{"id":["T1565.001","T1112"],"tactic":["Impact","Defense Evasion"],"technique":["Stored Data Manipulation","Modify Registry"]},"firedtimes":11,"mail":false,"groups":["ossec","syscheck","syscheck_entry_modified","syscheck_registry"],"pci_dss":["11.5"],"gpg13":["4.13"],"gdpr":["II_5.1.f"],"hipaa":["164.312.c.1","164.312.c.2"],"nist_800_53":["SI.7"],"tsc":["PI1.4","PI1.5","CC6.1","CC6.8","CC7.2","CC7.3"]},"agent":{"id":"007","name":"ub20","ip":"10.10.10.10"},"manager":{"name":"ub20"},"id":"1727051130.307309","full_log":"Registry Value '[x32] HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bam\\State\\UserSettings\\S-1-5-21-407847833-942180688-1368611096-1010\\\\Device\\HarddiskVolume3\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe' modified + Mode: scheduled + Changed attributes: md5,sha1,sha256 + Old md5sum was: '4846b4c5616e0c64cb5b8e819ab04f89' + New md5sum is : '0ee93c27cf42e2da3604b882ee45532b' + Old sha1sum was: 'f532d82856fe2caa1855cfac46db8ef15a86e89c' + New sha1sum is : '19c0cef959812a95c7ac12d465ec400df796f952' + Old sha256sum was: '578954f71e55ba6b255e4cdb349bb7c1f981eeeb04ed05f7ad1855a8f389d2c9' + New sha256sum is : 'da42382c2410098d76ebee82fc73a696224433c82deff26fb5ff1c796b3f7bdc' + ","syscheck":{"path":"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bam\\State\\UserSettings\\S-1-5-21-407847833-942180688-1368611096-1010","mode":"scheduled","arch":"[x32]","value_name":"\\Device\\HarddiskVolume3\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe","value_type":"REG_BINARY","size_after":"24","md5_before":"4846b4c5616e0c64cb5b8e819ab04f89","md5_after":"0ee93c27cf42e2da3604b882ee45532b","sha1_before":"f532d82856fe2caa1855cfac46db8ef15a86e89c","sha1_after":"19c0cef959812a95c7ac12d465ec400df796f952","sha256_before":"578954f71e55ba6b255e4cdb349bb7c1f981eeeb04ed05f7ad1855a8f389d2c9","sha256_after":"da42382c2410098d76ebee82fc73a696224433c82deff26fb5ff1c796b3f7bdc","changed_attributes":["md5","sha1","sha256"],"event":"modified"},"decoder":{"name":"syscheck_registry_value_modified"},"location":"syscheck"} + service: "file-integrity-monitoring" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1727070930000 + - sample: '<132>Sep 19 08:25:04 ub20 ossec: + {"timestamp":"2024-09-19T08:25:04.210+0530","rule":{"level":7,"description":"Dpkg + (Debian Package) half + configured.","id":"2904","firedtimes":7,"mail":false,"groups":["syslog","dpkg","config_changed"],"pci_dss":["10.6.1","10.2.7"],"gpg13":["4.10"],"gdpr":["IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6","AU.14"],"tsc":["CC7.2","CC7.3","CC6.8","CC8.1"]},"agent":{"id":"000","name":"ub20"},"manager":{"name":"ub20"},"id":"1726714504.1044193","full_log":"2024-09-19 + 08:25:02 status half-configured linux-headers-5.15.0-119:all + 5.15.0-119.129","decoder":{"name":"dpkg-decoder"},"data":{"dpkg_status":"status + half-configured","package":"linux-headers-5.15.0-119","arch":"all","version":"5.15.0-119.129"},"location":"/var/log/dpkg.log"}' + result: + custom: + agent: + id: "000" + name: "ub20" + data: + arch: "all" + dpkg_status: "status half-configured" + package: "linux-headers-5.15.0-119" + version: "5.15.0-119.129" + decoder: + name: "dpkg-decoder" + full_log: "2024-09-19 08:25:02 status half-configured linux-headers-5.15.0-119:all 5.15.0-119.129" + id: "1726714504.1044193" + location: "/var/log/dpkg.log" + manager: + name: "ub20" + rule: + description: "Dpkg (Debian Package) half configured." + firedtimes: 7 + gdpr: + - "IV_35.7.d" + gpg13: + - "4.10" + groups: + - "syslog" + - "dpkg" + - "config_changed" + hipaa: + - "164.312.b" + id: "2904" + level: 7 + mail: false + nist_800_53: + - "AU.6" + - "AU.14" + pci_dss: + - "10.6.1" + - "10.2.7" + tsc: + - "CC7.2" + - "CC7.3" + - "CC6.8" + - "CC8.1" + service: "system" + status: "warning" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-19T08:25:04.210+0530" + message: "<132>Sep 19 08:25:04 ub20 ossec: {\"timestamp\":\"2024-09-19T08:25:04.210+0530\",\"rule\":{\"level\":7,\"description\":\"Dpkg (Debian Package) half configured.\",\"id\":\"2904\",\"firedtimes\":7,\"mail\":false,\"groups\":[\"syslog\",\"dpkg\",\"config_changed\"],\"pci_dss\":[\"10.6.1\",\"10.2.7\"],\"gpg13\":[\"4.10\"],\"gdpr\":[\"IV_35.7.d\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.6\",\"AU.14\"],\"tsc\":[\"CC7.2\",\"CC7.3\",\"CC6.8\",\"CC8.1\"]},\"agent\":{\"id\":\"000\",\"name\":\"ub20\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726714504.1044193\",\"full_log\":\"2024-09-19 08:25:02 status half-configured linux-headers-5.15.0-119:all 5.15.0-119.129\",\"decoder\":{\"name\":\"dpkg-decoder\"},\"data\":{\"dpkg_status\":\"status half-configured\",\"package\":\"linux-headers-5.15.0-119\",\"arch\":\"all\",\"version\":\"5.15.0-119.129\"},\"location\":\"/var/log/dpkg.log\"}" + service: "system" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726714504210 + - sample: '<132>Sep 18 16:05:21 ub20 ossec: + {"timestamp":"2024-09-18T16:05:21.609+0530","rule":{"level":3,"description":"PAM: + Login session + closed.","id":"5502","firedtimes":5,"mail":false,"groups":["pam","syslog"],"pci_dss":["10.2.5"],"gpg13":["7.8","7.9"],"gdpr":["IV_32.2"],"hipaa":["164.312.b"],"nist_800_53":["AU.14","AC.7"],"tsc":["CC6.8","CC7.2","CC7.3"]},"agent":{"id":"000","name":"ub20"},"manager":{"name":"ub20"},"id":"1726655721.947358","full_log":"Sep + 18 16:05:20 ub20 su: pam_unix(su:session): session closed for + user root","predecoder":{"program_name":"su","timestamp":"Sep 18 + 16:05:20","hostname":"ub20"},"decoder":{"parent":"pam","name":"pam"},"data":{"dstuser":"root"},"location":"/var/log/auth.log"}' + result: + custom: + agent: + id: "000" + name: "ub20" + data: + dstuser: "root" + decoder: + name: "pam" + parent: "pam" + full_log: "Sep 18 16:05:20 ub20 su: pam_unix(su:session): session closed for user root" + id: "1726655721.947358" + location: "/var/log/auth.log" + manager: + name: "ub20" + predecoder: + hostname: "ub20" + program_name: "su" + timestamp: "Sep 18 16:05:20" + rule: + description: "PAM: Login session closed." + firedtimes: 5 + gdpr: + - "IV_32.2" + gpg13: + - "7.8" + - "7.9" + groups: + - "pam" + - "syslog" + hipaa: + - "164.312.b" + id: "5502" + level: 3 + mail: false + nist_800_53: + - "AU.14" + - "AC.7" + pci_dss: + - "10.2.5" + tsc: + - "CC6.8" + - "CC7.2" + - "CC7.3" + service: "system" + status: "information" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-18T16:05:21.609+0530" + message: "<132>Sep 18 16:05:21 ub20 ossec: {\"timestamp\":\"2024-09-18T16:05:21.609+0530\",\"rule\":{\"level\":3,\"description\":\"PAM: Login session closed.\",\"id\":\"5502\",\"firedtimes\":5,\"mail\":false,\"groups\":[\"pam\",\"syslog\"],\"pci_dss\":[\"10.2.5\"],\"gpg13\":[\"7.8\",\"7.9\"],\"gdpr\":[\"IV_32.2\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.14\",\"AC.7\"],\"tsc\":[\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"000\",\"name\":\"ub20\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726655721.947358\",\"full_log\":\"Sep 18 16:05:20 ub20 su: pam_unix(su:session): session closed for user root\",\"predecoder\":{\"program_name\":\"su\",\"timestamp\":\"Sep 18 16:05:20\",\"hostname\":\"ub20\"},\"decoder\":{\"parent\":\"pam\",\"name\":\"pam\"},\"data\":{\"dstuser\":\"root\"},\"location\":\"/var/log/auth.log\"}" + service: "system" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726655721609 + - + sample: "<132>Sep 20 01:30:20 ub20 ossec: {\"timestamp\":\"2024-09-20T01:30:20.439+0530\",\"rule\":{\"level\":7,\"description\":\"Host-based anomaly detection event (rootcheck).\",\"id\":\"510\",\"firedtimes\":2,\"mail\":false,\"groups\":[\"ossec\",\"rootcheck\"],\"pci_dss\":[\"10.6.1\"],\"gdpr\":[\"IV_35.7.d\"]},\"agent\":{\"id\":\"000\",\"name\":\"ub20\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726776020.112790\",\"full_log\":\"Trojaned version of file '/usr/bin/diff' detected. Signature used: 'bash|^/bin/sh|file\\\\.h|proc\\\\.h|/dev/[^n]|^/bin/.*sh' (Generic).\",\"decoder\":{\"name\":\"rootcheck\"},\"data\":{\"title\":\"Trojaned version of file detected.\",\"file\":\"/usr/bin/diff\"},\"location\":\"rootcheck\"}" + result: + custom: + agent: + id: "000" + name: "ub20" + data: + file: "/usr/bin/diff" + title: "Trojaned version of file detected." + decoder: + name: "rootcheck" + full_log: "Trojaned version of file '/usr/bin/diff' detected. Signature used: 'bash|^/bin/sh|file\\.h|proc\\.h|/dev/[^n]|^/bin/.*sh' (Generic)." + id: "1726776020.112790" + location: "rootcheck" + manager: + name: "ub20" + rule: + description: "Host-based anomaly detection event (rootcheck)." + firedtimes: 2 + gdpr: + - "IV_35.7.d" + groups: + - "ossec" + - "rootcheck" + id: "510" + level: 7 + mail: false + pci_dss: + - "10.6.1" + service: "malware-detector" + status: "warning" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-20T01:30:20.439+0530" + message: "<132>Sep 20 01:30:20 ub20 ossec: {\"timestamp\":\"2024-09-20T01:30:20.439+0530\",\"rule\":{\"level\":7,\"description\":\"Host-based anomaly detection event (rootcheck).\",\"id\":\"510\",\"firedtimes\":2,\"mail\":false,\"groups\":[\"ossec\",\"rootcheck\"],\"pci_dss\":[\"10.6.1\"],\"gdpr\":[\"IV_35.7.d\"]},\"agent\":{\"id\":\"000\",\"name\":\"ub20\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726776020.112790\",\"full_log\":\"Trojaned version of file '/usr/bin/diff' detected. Signature used: 'bash|^/bin/sh|file\\\\.h|proc\\\\.h|/dev/[^n]|^/bin/.*sh' (Generic).\",\"decoder\":{\"name\":\"rootcheck\"},\"data\":{\"title\":\"Trojaned version of file detected.\",\"file\":\"/usr/bin/diff\"},\"location\":\"rootcheck\"}" + service: "malware-detector" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726776020439 + - + sample: "<132>Sep 18 15:47:37 ub20 ossec: {\"timestamp\":\"2024-09-18T15:47:37.787+0530\",\"rule\":{\"level\":7,\"description\":\"New Yum package installed.\",\"id\":\"2932\",\"firedtimes\":8,\"mail\":false,\"groups\":[\"syslog\",\"yum\",\"config_changed\"],\"pci_dss\":[\"10.6.1\",\"10.2.7\"],\"gpg13\":[\"4.10\"],\"gdpr\":[\"IV_35.7.d\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.6\",\"AU.14\"],\"tsc\":[\"CC7.2\",\"CC7.3\",\"CC6.8\",\"CC8.1\"]},\"agent\":{\"id\":\"010\",\"name\":\"co7\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726654657.842337\",\"full_log\":\"Sep 18 15:47:36 co7 yum[28968]: Installed: libX11-devel-1.6.7-5.el7_9.x86_64\",\"predecoder\":{\"program_name\":\"yum\",\"timestamp\":\"Sep 18 15:47:36\",\"hostname\":\"co7\"},\"decoder\":{},\"location\":\"/var/log/messages\"}" + result: + custom: + agent: + id: "010" + ip: "10.10.10.10" + name: "co7" + data: + package: "libX11-devel-1.6.7-5.el7_9.x86_64" + yum_status: "Installed" + full_log: "Sep 18 15:47:36 co7 yum[28968]: Installed: libX11-devel-1.6.7-5.el7_9.x86_64" + id: "1726654657.842337" + location: "/var/log/messages" + manager: + name: "ub20" + predecoder: + hostname: "co7" + program_name: "yum" + timestamp: "Sep 18 15:47:36" + rule: + description: "New Yum package installed." + firedtimes: 8 + gdpr: + - "IV_35.7.d" + gpg13: + - "4.10" + groups: + - "syslog" + - "yum" + - "config_changed" + hipaa: + - "164.312.b" + id: "2932" + level: 7 + mail: false + nist_800_53: + - "AU.6" + - "AU.14" + pci_dss: + - "10.6.1" + - "10.2.7" + tsc: + - "CC7.2" + - "CC7.3" + - "CC6.8" + - "CC8.1" + service: "system" + status: "warning" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-18T15:47:37.787+0530" + message: "<132>Sep 18 15:47:37 ub20 ossec: {\"timestamp\":\"2024-09-18T15:47:37.787+0530\",\"rule\":{\"level\":7,\"description\":\"New Yum package installed.\",\"id\":\"2932\",\"firedtimes\":8,\"mail\":false,\"groups\":[\"syslog\",\"yum\",\"config_changed\"],\"pci_dss\":[\"10.6.1\",\"10.2.7\"],\"gpg13\":[\"4.10\"],\"gdpr\":[\"IV_35.7.d\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.6\",\"AU.14\"],\"tsc\":[\"CC7.2\",\"CC7.3\",\"CC6.8\",\"CC8.1\"]},\"agent\":{\"id\":\"010\",\"name\":\"co7\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726654657.842337\",\"full_log\":\"Sep 18 15:47:36 co7 yum[28968]: Installed: libX11-devel-1.6.7-5.el7_9.x86_64\",\"predecoder\":{\"program_name\":\"yum\",\"timestamp\":\"Sep 18 15:47:36\",\"hostname\":\"co7\"},\"decoder\":{},\"location\":\"/var/log/messages\"}" + service: "system" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726654657787 + - + sample: "<132>Sep 16 16:58:16 Debian ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-16T16:58:16.015398+05:30\", \"rule\": {\"firedtimes\": 27, \"mail\": false, \"level\": 3, \"description\": \"AWS GuardDuty: PORT_PROBE - Unprotected port on EC2 instance i-0b0b8b34a48c8f1c4 is being probed. [IP: 10.10.10.10] [Port: 80]\", \"groups\": [\"amazon\", \"aws\", \"aws_guardduty\"], \"id\": \"80305\"}, \"agent\": {\"id\": \"007\", \"name\": \"Debian\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {\"name\": \"json\"}, \"data\": {\"aws\": {\"severity\": \"2\", \"schemaVersion\": \"2.0\", \"resource\": {\"resourceType\": \"Instance\", \"instanceDetails\": {\"launchTime\": \"2019-03-22T14:15:41Z\", \"instanceId\": \"i-0cab4a083d57dc400\", \"networkInterfaces\": {\"networkInterfaceId\": \"eni-0bb465b2d939dbda6\", \"subnetId\": \"subnet-6b1d6203\", \"vpcId\": \"vpc-921e61fa\", \"privateDnsName\": \"ip-10-0-0-1.ec2.internal\", \"publicIp\": \"10.10.10.10\", \"publicDnsName\": \"ec2-10.10.10.10.compute-1.amazonaws.com\", \"privateIpAddress\": \"10.0.0.1\"}, \"instanceState\": \"running\", \"imageId\": \"ami-09ae67bbfcd740875\", \"instanceType\": \"a1.medium\", \"imageDescription\": \"Canonical, Ubuntu, 18.04 LTS, UNSUPPORTED daily arm64 bionic image build on 2019-02-12\", \"productCodes\": {\"productCodeId\": \"zud1u4kjmxu2j2jf0n36bqa\", \"productCodeType\": \"marketplace\"}, \"iamInstanceProfile\": {\"id\": \"AIPAJGAZMFPZHKIBOUFGA\", \"arn\": \"arn:aws:iam::150447125201:instance-profile/opsworks-web-production\"}, \"availabilityZone\": \"us-east-1e\"}}, \"description\": \"EC2 instance has an unprotected port which is being probed by a known malicious host.\", \"source\": \"guardduty\", \"type\": \"Recon:EC2/PortProbeUnprotectedPort\", \"title\": \"Unprotected port on EC2 instance i-0cab4a083d57dc400 is being probed.\", \"partition\": \"aws\", \"service\": {\"archived\": \"false\", \"resourceRole\": \"TARGET\", \"detectorId\": \"cab38390b400c06fb2897dfcebffb80d\", \"additionalInfo\": {\"threatListName\": \"ProofPoint\", \"threatName\": \"Scanner\"}, \"count\": \"2115\", \"action\": {\"actionType\": \"PORT_PROBE\", \"portProbeAction\": {\"blocked\": \"false\", \"portProbeDetails\": {\"localPortDetails\": {\"port\": \"80\", \"portName\": \"HTTP\"}, \"remoteIpDetails\": {\"country\": {\"countryName\": \"Mexico\"}, \"city\": {\"cityName\": \"M\\u00e9rida\"}, \"geoLocation\": {\"lon\": \"-89.616700\", \"lat\": \"20.950000\"}, \"organization\": {\"asnOrg\": \"Internet Mexico Company\", \"org\": \"Internet Mexico Company\", \"isp\": \"Internet Mexico Company\", \"asn\": \"4257\"}, \"ipAddressV4\": \"10.10.10.10\"}}}}, \"serviceName\": \"guardduty\", \"eventFirstSeen\": \"2024-08-28T05:41:44.820Z\", \"eventLastSeen\": \"2024-08-31T05:41:44.820Z\"}, \"region\": \"eu-west-1\", \"accountId\": \"18773455640\", \"log_info\": {\"s3bucket\": \"aws-sample-bucket-2\", \"log_file\": \"guardduty/2024/08/31/05/firehose_guardduty-1-2024-08-31-05-41-44-820b5b9b-ec62-4a07-85d7-b1699b9c031e.zip\"}, \"createdAt\": \"2024-08-28T05:41:44.820Z\"}, \"integration\": \"aws\"}, \"location\": \"Wazuh-AWS\", \"input\": {\"type\": \"log\"}, \"GeoLocation\": {\"country_name\": \"Germany\", \"location\": {\"lat\": 52.524, \"lon\": 13.411}, \"region_name\": \"Berlin\", \"city_name\": \"Berlin\"}}" + result: + custom: + '@sampledata': true + GeoLocation: + city_name: "Berlin" + country_name: "Germany" + location: + lat: 52.524 + lon: 13.411 + region_name: "Berlin" + agent: + id: "007" + ip: "10.10.10.10" + name: "Debian" + cluster: + name: "wazuh" + data: + aws: + accountId: "18773455640" + createdAt: "2024-08-28T05:41:44.820Z" + description: "EC2 instance has an unprotected port which is being probed by a known malicious host." + log_info: + log_file: "guardduty/2024/08/31/05/firehose_guardduty-1-2024-08-31-05-41-44-820b5b9b-ec62-4a07-85d7-b1699b9c031e.zip" + s3bucket: "aws-sample-bucket-2" + partition: "aws" + region: "eu-west-1" + resource: + instanceDetails: + availabilityZone: "us-east-1e" + iamInstanceProfile: + arn: "arn:aws:iam::150447125201:instance-profile/opsworks-web-production" + id: "AIPAJGAZMFPZHKIBOUFGA" + imageDescription: "Canonical, Ubuntu, 18.04 LTS, UNSUPPORTED daily arm64 bionic image build on 2019-02-12" + imageId: "ami-09ae67bbfcd740875" + instanceId: "i-0cab4a083d57dc400" + instanceState: "running" + instanceType: "a1.medium" + launchTime: "2019-03-22T14:15:41Z" + networkInterfaces: + networkInterfaceId: "eni-0bb465b2d939dbda6" + privateDnsName: "ip-10-0-0-1.ec2.internal" + privateIpAddress: "10.0.0.1" + publicDnsName: "ec2-10.10.10.10.compute-1.amazonaws.com" + publicIp: "10.10.10.10" + subnetId: "subnet-6b1d6203" + vpcId: "vpc-921e61fa" + productCodes: + productCodeId: "zud1u4kjmxu2j2jf0n36bqa" + productCodeType: "marketplace" + resourceType: "Instance" + schemaVersion: "2.0" + service: + action: + actionType: "PORT_PROBE" + portProbeAction: + blocked: "false" + portProbeDetails: + localPortDetails: + port: "80" + portName: "HTTP" + remoteIpDetails: + city: + cityName: "Mérida" + country: + countryName: "Mexico" + geoLocation: + lat: "20.950000" + lon: "-89.616700" + ipAddressV4: "10.10.10.10" + organization: + asn: "4257" + asnOrg: "Internet Mexico Company" + isp: "Internet Mexico Company" + org: "Internet Mexico Company" + additionalInfo: + threatListName: "ProofPoint" + threatName: "Scanner" + archived: "false" + count: "2115" + detectorId: "cab38390b400c06fb2897dfcebffb80d" + eventFirstSeen: "2024-08-28T05:41:44.820Z" + eventLastSeen: "2024-08-31T05:41:44.820Z" + resourceRole: "TARGET" + serviceName: "guardduty" + severity: "2" + source: "guardduty" + title: "Unprotected port on EC2 instance i-0cab4a083d57dc400 is being probed." + type: "Recon:EC2/PortProbeUnprotectedPort" + integration: "aws" + decoder: + name: "json" + id: "1580123327.49031" + input: + type: "log" + location: "Wazuh-AWS" + manager: + name: "ub20" + rule: + description: "AWS GuardDuty: PORT_PROBE - Unprotected port on EC2 instance i-0b0b8b34a48c8f1c4 is being probed. [IP: 10.10.10.10] [Port: 80]" + firedtimes: 27 + groups: + - "amazon" + - "aws" + - "aws_guardduty" + id: "80305" + level: 3 + mail: false + service: "wazuh-amazon" + status: "information" + syslog: + appname: "ossec" + hostname: "Debian" + timestamp: "2024-09-16T16:58:16.015398+05:30" + message: "<132>Sep 16 16:58:16 Debian ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-16T16:58:16.015398+05:30\", \"rule\": {\"firedtimes\": 27, \"mail\": false, \"level\": 3, \"description\": \"AWS GuardDuty: PORT_PROBE - Unprotected port on EC2 instance i-0b0b8b34a48c8f1c4 is being probed. [IP: 10.10.10.10] [Port: 80]\", \"groups\": [\"amazon\", \"aws\", \"aws_guardduty\"], \"id\": \"80305\"}, \"agent\": {\"id\": \"007\", \"name\": \"Debian\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {\"name\": \"json\"}, \"data\": {\"aws\": {\"severity\": \"2\", \"schemaVersion\": \"2.0\", \"resource\": {\"resourceType\": \"Instance\", \"instanceDetails\": {\"launchTime\": \"2019-03-22T14:15:41Z\", \"instanceId\": \"i-0cab4a083d57dc400\", \"networkInterfaces\": {\"networkInterfaceId\": \"eni-0bb465b2d939dbda6\", \"subnetId\": \"subnet-6b1d6203\", \"vpcId\": \"vpc-921e61fa\", \"privateDnsName\": \"ip-10-0-0-1.ec2.internal\", \"publicIp\": \"10.10.10.10\", \"publicDnsName\": \"ec2-10.10.10.10.compute-1.amazonaws.com\", \"privateIpAddress\": \"10.0.0.1\"}, \"instanceState\": \"running\", \"imageId\": \"ami-09ae67bbfcd740875\", \"instanceType\": \"a1.medium\", \"imageDescription\": \"Canonical, Ubuntu, 18.04 LTS, UNSUPPORTED daily arm64 bionic image build on 2019-02-12\", \"productCodes\": {\"productCodeId\": \"zud1u4kjmxu2j2jf0n36bqa\", \"productCodeType\": \"marketplace\"}, \"iamInstanceProfile\": {\"id\": \"AIPAJGAZMFPZHKIBOUFGA\", \"arn\": \"arn:aws:iam::150447125201:instance-profile/opsworks-web-production\"}, \"availabilityZone\": \"us-east-1e\"}}, \"description\": \"EC2 instance has an unprotected port which is being probed by a known malicious host.\", \"source\": \"guardduty\", \"type\": \"Recon:EC2/PortProbeUnprotectedPort\", \"title\": \"Unprotected port on EC2 instance i-0cab4a083d57dc400 is being probed.\", \"partition\": \"aws\", \"service\": {\"archived\": \"false\", \"resourceRole\": \"TARGET\", \"detectorId\": \"cab38390b400c06fb2897dfcebffb80d\", \"additionalInfo\": {\"threatListName\": \"ProofPoint\", \"threatName\": \"Scanner\"}, \"count\": \"2115\", \"action\": {\"actionType\": \"PORT_PROBE\", \"portProbeAction\": {\"blocked\": \"false\", \"portProbeDetails\": {\"localPortDetails\": {\"port\": \"80\", \"portName\": \"HTTP\"}, \"remoteIpDetails\": {\"country\": {\"countryName\": \"Mexico\"}, \"city\": {\"cityName\": \"M\\u00e9rida\"}, \"geoLocation\": {\"lon\": \"-89.616700\", \"lat\": \"20.950000\"}, \"organization\": {\"asnOrg\": \"Internet Mexico Company\", \"org\": \"Internet Mexico Company\", \"isp\": \"Internet Mexico Company\", \"asn\": \"4257\"}, \"ipAddressV4\": \"10.10.10.10\"}}}}, \"serviceName\": \"guardduty\", \"eventFirstSeen\": \"2024-08-28T05:41:44.820Z\", \"eventLastSeen\": \"2024-08-31T05:41:44.820Z\"}, \"region\": \"eu-west-1\", \"accountId\": \"18773455640\", \"log_info\": {\"s3bucket\": \"aws-sample-bucket-2\", \"log_file\": \"guardduty/2024/08/31/05/firehose_guardduty-1-2024-08-31-05-41-44-820b5b9b-ec62-4a07-85d7-b1699b9c031e.zip\"}, \"createdAt\": \"2024-08-28T05:41:44.820Z\"}, \"integration\": \"aws\"}, \"location\": \"Wazuh-AWS\", \"input\": {\"type\": \"log\"}, \"GeoLocation\": {\"country_name\": \"Germany\", \"location\": {\"lat\": 52.524, \"lon\": 13.411}, \"region_name\": \"Berlin\", \"city_name\": \"Berlin\"}}" + service: "wazuh-amazon" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726486096015 + - + sample: "<132>Sep 17 10:25:49 Amazon ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T10:25:49.352657+05:30\", \"rule\": {\"level\": 3, \"description\": \"GitHub Git push.\", \"id\": \"91160\", \"firedtimes\": 2, \"mail\": false, \"groups\": [\"github\", \"git\", \"git_git\"]}, \"agent\": {\"id\": \"002\", \"name\": \"Amazon\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {\"name\": \"json\"}, \"data\": {\"github\": {\"actor\": \"User1\", \"@timestamp\": \"2024-08-30T17:23:47.725+0000\", \"org\": \"Organization1\", \"repo\": \"Organization1/Repo7\", \"actor_location\": {\"country_code\": \"DE\"}, \"action\": \"git.push\", \"transport_protocol_name\": \"http\", \"transport_protocol\": \"1\", \"repository\": \"Organization1/Repo1\", \"repository_public\": \"false\"}}, \"location\": \"github\"}" + result: + custom: + '@sampledata': true + agent: + id: "002" + ip: "10.10.10.10" + name: "Amazon" + cluster: + name: "wazuh" + data: + github: + '@timestamp': "2024-08-30T17:23:47.725+0000" + action: "git.push" + actor_location: + country_code: "DE" + org: "Organization1" + repo: "Organization1/Repo7" + repository: "Organization1/Repo1" + repository_public: "false" + transport_protocol: "1" + transport_protocol_name: "http" + decoder: + name: "json" + id: "1580123327.49031" + location: "github" + manager: + name: "ub20" + rule: + description: "GitHub Git push." + firedtimes: 2 + groups: + - "github" + - "git" + - "git_git" + id: "91160" + level: 3 + mail: false + service: "wazuh-github" + status: "information" + syslog: + appname: "ossec" + hostname: "Amazon" + timestamp: "2024-09-17T10:25:49.352657+05:30" + usr: + name: "User1" + message: "<132>Sep 17 10:25:49 Amazon ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T10:25:49.352657+05:30\", \"rule\": {\"level\": 3, \"description\": \"GitHub Git push.\", \"id\": \"91160\", \"firedtimes\": 2, \"mail\": false, \"groups\": [\"github\", \"git\", \"git_git\"]}, \"agent\": {\"id\": \"002\", \"name\": \"Amazon\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {\"name\": \"json\"}, \"data\": {\"github\": {\"actor\": \"User1\", \"@timestamp\": \"2024-08-30T17:23:47.725+0000\", \"org\": \"Organization1\", \"repo\": \"Organization1/Repo7\", \"actor_location\": {\"country_code\": \"DE\"}, \"action\": \"git.push\", \"transport_protocol_name\": \"http\", \"transport_protocol\": \"1\", \"repository\": \"Organization1/Repo1\", \"repository_public\": \"false\"}}, \"location\": \"github\"}" + service: "wazuh-github" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726548949352 + - + sample: "<132>Sep 18 20:41:50 ub20 ossec: {\"timestamp\":\"2024-09-18T20:41:50.115+0530\",\"rule\":{\"level\":10,\"description\":\"CVE-2023-43787 affects libX11-devel\",\"id\":\"23505\",\"firedtimes\":12,\"mail\":false,\"groups\":[\"vulnerability-detector\"],\"gdpr\":[\"IV_35.7.d\"],\"pci_dss\":[\"11.2.1\",\"11.2.3\"],\"tsc\":[\"CC7.1\",\"CC7.2\"]},\"agent\":{\"id\":\"010\",\"name\":\"co7\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726672310.1698045\",\"decoder\":{\"name\":\"json\"},\"data\":{\"vulnerability\":{\"assigner\":\"redhat\",\"cve\":\"CVE-2023-43787\",\"cvss\":{\"cvss3\":{\"base_score\":\"7.800000\",\"vector\":{\"availability\":\"HIGH\",\"confidentiality_impact\":\"HIGH\",\"integrity_impact\":\"HIGH\",\"privileges_required\":\"LOW\",\"scope\":\"UNCHANGED\",\"user_interaction\":\"NONE\"}}},\"cwe_reference\":\"CWE-122\",\"enumeration\":\"CVE\",\"package\":{\"architecture\":\"x86_64\",\"condition\":\"Package default status\",\"name\":\"libX11-devel\",\"source\":\" \",\"version\":\"1.6.7-5.el7_9\"},\"published\":\"2023-10-10T13:15:22Z\",\"rationale\":\"A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.\",\"reference\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242254, https://access.redhat.com/security/cve/CVE-2023-43787, http://www.openwall.com/lists/oss-security/2024/01/24/9, https://access.redhat.com/errata/RHSA-2024:2145, https://access.redhat.com/errata/RHSA-2024:2973, https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/, https://security.netapp.com/advisory/ntap-20231103-0006/\",\"severity\":\"High\",\"status\":\"Active\",\"title\":\"CVE-2023-43787 affects libX11-devel\",\"type\":\"Packages\",\"updated\":\"2024-05-22T17:16:05Z\"}},\"location\":\"vulnerability-detector\"}" + result: + custom: + agent: + id: "010" + ip: "10.10.10.10" + name: "co7" + data: + vulnerability: + assigner: "redhat" + cve: "CVE-2023-43787" + cvss: + cvss3: + base_score: "7.800000" + vector: + availability: "HIGH" + confidentiality_impact: "HIGH" + integrity_impact: "HIGH" + privileges_required: "LOW" + scope: "UNCHANGED" + user_interaction: "NONE" + cwe_reference: "CWE-122" + enumeration: "CVE" + package: + architecture: "x86_64" + condition: "Package default status" + name: "libX11-devel" + source: " " + version: "1.6.7-5.el7_9" + published: "2023-10-10T13:15:22Z" + rationale: "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges." + reference: "https://bugzilla.redhat.com/show_bug.cgi?id=2242254, https://access.redhat.com/security/cve/CVE-2023-43787, http://www.openwall.com/lists/oss-security/2024/01/24/9, https://access.redhat.com/errata/RHSA-2024:2145, https://access.redhat.com/errata/RHSA-2024:2973, https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/, https://security.netapp.com/advisory/ntap-20231103-0006/" + severity: "High" + status: "Active" + title: "CVE-2023-43787 affects libX11-devel" + type: "Packages" + updated: "2024-05-22T17:16:05Z" + decoder: + name: "json" + id: "1726672310.1698045" + location: "vulnerability-detector" + manager: + name: "ub20" + rule: + description: "CVE-2023-43787 affects libX11-devel" + firedtimes: 12 + gdpr: + - "IV_35.7.d" + groups: + - "vulnerability-detector" + id: "23505" + level: 10 + mail: false + pci_dss: + - "11.2.1" + - "11.2.3" + tsc: + - "CC7.1" + - "CC7.2" + service: "vulnerability-detector" + status: "warning" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-18T20:41:50.115+0530" + message: "<132>Sep 18 20:41:50 ub20 ossec: {\"timestamp\":\"2024-09-18T20:41:50.115+0530\",\"rule\":{\"level\":10,\"description\":\"CVE-2023-43787 affects libX11-devel\",\"id\":\"23505\",\"firedtimes\":12,\"mail\":false,\"groups\":[\"vulnerability-detector\"],\"gdpr\":[\"IV_35.7.d\"],\"pci_dss\":[\"11.2.1\",\"11.2.3\"],\"tsc\":[\"CC7.1\",\"CC7.2\"]},\"agent\":{\"id\":\"010\",\"name\":\"co7\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726672310.1698045\",\"decoder\":{\"name\":\"json\"},\"data\":{\"vulnerability\":{\"assigner\":\"redhat\",\"cve\":\"CVE-2023-43787\",\"cvss\":{\"cvss3\":{\"base_score\":\"7.800000\",\"vector\":{\"availability\":\"HIGH\",\"confidentiality_impact\":\"HIGH\",\"integrity_impact\":\"HIGH\",\"privileges_required\":\"LOW\",\"scope\":\"UNCHANGED\",\"user_interaction\":\"NONE\"}}},\"cwe_reference\":\"CWE-122\",\"enumeration\":\"CVE\",\"package\":{\"architecture\":\"x86_64\",\"condition\":\"Package default status\",\"name\":\"libX11-devel\",\"source\":\" \",\"version\":\"1.6.7-5.el7_9\"},\"published\":\"2023-10-10T13:15:22Z\",\"rationale\":\"A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.\",\"reference\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242254, https://access.redhat.com/security/cve/CVE-2023-43787, http://www.openwall.com/lists/oss-security/2024/01/24/9, https://access.redhat.com/errata/RHSA-2024:2145, https://access.redhat.com/errata/RHSA-2024:2973, https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/, https://security.netapp.com/advisory/ntap-20231103-0006/\",\"severity\":\"High\",\"status\":\"Active\",\"title\":\"CVE-2023-43787 affects libX11-devel\",\"type\":\"Packages\",\"updated\":\"2024-05-22T17:16:05Z\"}},\"location\":\"vulnerability-detector\"}" + service: "vulnerability-detector" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726672310115 + - + sample: "<132>Sep 16 16:17:37 Ubuntu ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T11:30:16.015304+05:30\", \"rule\": {\"level\": 5, \"description\": \"GCP notice event with source IP 10.10.10.10 from europe-west1 with response code NXDOMAIN\", \"id\": \"65010\", \"firedtimes\": 2, \"mail\": true, \"groups\": [\"gcp\"]}, \"agent\": {\"id\": \"004\", \"name\": \"Ubuntu\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {}, \"data\": {\"integration\": \"gcp\", \"gcp\": {\"insertId\": \"uk1zpe23xcj\", \"jsonPayload\": {\"authAnswer\": \"true\", \"protocol\": \"UDP\", \"queryName\": \"41.212.95.203.in-addr.arpa\", \"queryType\": \"A\", \"responseCode\": \"NXDOMAIN\", \"sourceIP\": \"10.10.10.10\", \"vmInstanceId\": \"4980113928800839680.000000\", \"vmInstanceName\": \"531339229531.instance-1\"}, \"logName\": \"projects/wazuh-dev/logs/dns.googleapis.com%2Fdns_queries\", \"receiveTimestamp\": \"2019-11-11T02:42:05.05853152Z\", \"resource\": {\"labels\": {\"location\": \"us-central1\", \"project_id\": \"wazuh-test\", \"source_type\": \"gce-vm\", \"target_type\": \"external\"}, \"type\": \"dns_query\"}, \"severity\": \"CRITICAL\", \"timestamp\": \"2019-11-11T02:42:04.34921449Z\"}}, \"location\": \"\", \"GeoLocation\": {\"country_name\": \"Australia\", \"location\": {\"lat\": -33.8678513, \"lon\": 151.2073212}, \"region_name\": \"Sydney\", \"city_name\": \"Sydney\"}}" + result: + custom: + '@sampledata': true + GeoLocation: + city_name: "Sydney" + country_name: "Australia" + location: + lat: -33.8678513 + lon: 151.2073212 + region_name: "Sydney" + agent: + id: "004" + ip: "10.10.10.10" + name: "Ubuntu" + cluster: + name: "wazuh" + data: + gcp: + insertId: "uk1zpe23xcj" + jsonPayload: + authAnswer: "true" + protocol: "UDP" + queryName: "41.212.95.203.in-addr.arpa" + queryType: "A" + responseCode: "NXDOMAIN" + vmInstanceId: "4980113928800839680.000000" + vmInstanceName: "531339229531.instance-1" + logName: "projects/wazuh-dev/logs/dns.googleapis.com%2Fdns_queries" + receiveTimestamp: "2019-11-11T02:42:05.05853152Z" + resource: + labels: + location: "us-central1" + project_id: "wazuh-test" + source_type: "gce-vm" + target_type: "external" + type: "dns_query" + severity: "CRITICAL" + timestamp: "2019-11-11T02:42:04.34921449Z" + integration: "gcp" + id: "1580123327.49031" + location: "" + manager: + name: "ub20" + network: + client: + geoip: {} + ip: "10.10.10.10" + rule: + description: "GCP notice event with source IP 10.10.10.10 from europe-west1 with response code NXDOMAIN" + firedtimes: 2 + groups: + - "gcp" + id: "65010" + level: 5 + mail: true + service: "wazuh-google-cloud" + status: "information" + syslog: + appname: "ossec" + hostname: "Ubuntu" + timestamp: "2024-09-17T11:30:16.015304+05:30" + message: "<132>Sep 16 16:17:37 Ubuntu ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T11:30:16.015304+05:30\", \"rule\": {\"level\": 5, \"description\": \"GCP notice event with source IP 10.10.10.10 from europe-west1 with response code NXDOMAIN\", \"id\": \"65010\", \"firedtimes\": 2, \"mail\": true, \"groups\": [\"gcp\"]}, \"agent\": {\"id\": \"004\", \"name\": \"Ubuntu\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {}, \"data\": {\"integration\": \"gcp\", \"gcp\": {\"insertId\": \"uk1zpe23xcj\", \"jsonPayload\": {\"authAnswer\": \"true\", \"protocol\": \"UDP\", \"queryName\": \"41.212.95.203.in-addr.arpa\", \"queryType\": \"A\", \"responseCode\": \"NXDOMAIN\", \"sourceIP\": \"10.10.10.10\", \"vmInstanceId\": \"4980113928800839680.000000\", \"vmInstanceName\": \"531339229531.instance-1\"}, \"logName\": \"projects/wazuh-dev/logs/dns.googleapis.com%2Fdns_queries\", \"receiveTimestamp\": \"2019-11-11T02:42:05.05853152Z\", \"resource\": {\"labels\": {\"location\": \"us-central1\", \"project_id\": \"wazuh-test\", \"source_type\": \"gce-vm\", \"target_type\": \"external\"}, \"type\": \"dns_query\"}, \"severity\": \"CRITICAL\", \"timestamp\": \"2019-11-11T02:42:04.34921449Z\"}}, \"location\": \"\", \"GeoLocation\": {\"country_name\": \"Australia\", \"location\": {\"lat\": -33.8678513, \"lon\": 151.2073212}, \"region_name\": \"Sydney\", \"city_name\": \"Sydney\"}}" + service: "wazuh-google-cloud" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726552816015 + - + sample: "<132>Sep 17 12:09:39 ub20 ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T12:09:39.565041+05:30\", \"rule\": {\"level\": 3, \"description\": \"Office 365: Data Insights REST API events.\", \"id\": \"91580\", \"mail\": false, \"firedtimes\": 4, \"groups\": [\"office365\", \"DataInsightsRestApiAudit\", \"hipaa_164.312.b\", \"pci_dss_10.6.2\"]}, \"agent\": {\"id\": \"000\", \"ip\": \"10.10.10.10\", \"name\": \"ub20\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {\"name\": \"json\"}, \"data\": {\"integration\": \"Office365\", \"office365\": {\"CreationTime\": \"2024-08-29T20:06:43.482Z\", \"Id\": \"a0995136-91d8-4acf-8449-28c275ffb7e3\", \"Operation\": \"ValidaterbacAccessCheck\", \"OrganizationId\": \"ce013f05-a783-4186-9d85-5a14998b6111\", \"RecordType\": 52, \"UserKey\": \"d36253fb-24a1-481c-a199-f778534ccb5f\", \"UserType\": 0, \"Version\": 1, \"Workload\": \"SecurityComplianceCenter\", \"UserId\": \"frank@wazuh.com\", \"AadAppId\": \"d6fdaa33-e821-4211-83d0-cf74736489e1\", \"DataType\": \"rbacAccessCheck\", \"RelativeUrl\": \"/DataInsights/DataInsightsService.svc/validate/rbacAccessCheck?tenantid=0fea4e03-8146-453b-b889-54b4bd11565b\", \"ResultCount\": \"0\", \"Subscription\": \"Audit.General\", \"ResultStatus\": \"Failed\", \"ObjectId\": \"d14aa5cb-b070-42f8-8709-0f8afd942fc0\", \"ClientIP\": \"10.10.10.10\"}}, \"location\": \"office365\", \"GeoLocation\": {\"country_name\": \"England\", \"location\": {\"lat\": 51.5085297, \"lon\": -0.12574}, \"region_name\": \"London\", \"city_name\": \"London\"}}" + result: + custom: + '@sampledata': true + GeoLocation: + city_name: "London" + country_name: "England" + location: + lat: 51.5085297 + lon: -0.12574 + region_name: "London" + agent: + id: "000" + ip: "10.10.10.10" + name: "ub20" + cluster: + name: "wazuh" + data: + integration: "Office365" + office365: + AadAppId: "d6fdaa33-e821-4211-83d0-cf74736489e1" + CreationTime: "2024-08-29T20:06:43.482Z" + DataType: "rbacAccessCheck" + Id: "a0995136-91d8-4acf-8449-28c275ffb7e3" + ObjectId: "d14aa5cb-b070-42f8-8709-0f8afd942fc0" + Operation: "ValidaterbacAccessCheck" + OrganizationId: "ce013f05-a783-4186-9d85-5a14998b6111" + RecordType: 52 + RelativeUrl: "/DataInsights/DataInsightsService.svc/validate/rbacAccessCheck?tenantid=0fea4e03-8146-453b-b889-54b4bd11565b" + ResultCount: "0" + ResultStatus: "Failed" + Subscription: "Audit.General" + UserKey: "d36253fb-24a1-481c-a199-f778534ccb5f" + UserType: 0 + Version: 1 + Workload: "SecurityComplianceCenter" + decoder: + name: "json" + id: "1580123327.49031" + location: "office365" + manager: + name: "ub20" + network: + client: + geoip: {} + ip: "10.10.10.10" + rule: + description: "Office 365: Data Insights REST API events." + firedtimes: 4 + groups: + - "office365" + - "DataInsightsRestApiAudit" + - "hipaa_164.312.b" + - "pci_dss_10.6.2" + id: "91580" + level: 3 + mail: false + service: "wazuh-office365" + status: "information" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-17T12:09:39.565041+05:30" + usr: + email: "frank@wazuh.com" + message: "<132>Sep 17 12:09:39 ub20 ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T12:09:39.565041+05:30\", \"rule\": {\"level\": 3, \"description\": \"Office 365: Data Insights REST API events.\", \"id\": \"91580\", \"mail\": false, \"firedtimes\": 4, \"groups\": [\"office365\", \"DataInsightsRestApiAudit\", \"hipaa_164.312.b\", \"pci_dss_10.6.2\"]}, \"agent\": {\"id\": \"000\", \"ip\": \"10.10.10.10\", \"name\": \"ub20\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {\"name\": \"json\"}, \"data\": {\"integration\": \"Office365\", \"office365\": {\"CreationTime\": \"2024-08-29T20:06:43.482Z\", \"Id\": \"a0995136-91d8-4acf-8449-28c275ffb7e3\", \"Operation\": \"ValidaterbacAccessCheck\", \"OrganizationId\": \"ce013f05-a783-4186-9d85-5a14998b6111\", \"RecordType\": 52, \"UserKey\": \"d36253fb-24a1-481c-a199-f778534ccb5f\", \"UserType\": 0, \"Version\": 1, \"Workload\": \"SecurityComplianceCenter\", \"UserId\": \"frank@wazuh.com\", \"AadAppId\": \"d6fdaa33-e821-4211-83d0-cf74736489e1\", \"DataType\": \"rbacAccessCheck\", \"RelativeUrl\": \"/DataInsights/DataInsightsService.svc/validate/rbacAccessCheck?tenantid=0fea4e03-8146-453b-b889-54b4bd11565b\", \"ResultCount\": \"0\", \"Subscription\": \"Audit.General\", \"ResultStatus\": \"Failed\", \"ObjectId\": \"d14aa5cb-b070-42f8-8709-0f8afd942fc0\", \"ClientIP\": \"10.10.10.10\"}}, \"location\": \"office365\", \"GeoLocation\": {\"country_name\": \"England\", \"location\": {\"lat\": 51.5085297, \"lon\": -0.12574}, \"region_name\": \"London\", \"city_name\": \"London\"}}" + service: "wazuh-office365" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726555179565 + - + sample: "<132>Sep 17 12:37:36 Debian ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T12:37:36.093817+05:30\", \"rule\": {\"firedtimes\": 1, \"mail\": false, \"level\": 3, \"description\": \"Docker: Network bridge connected\", \"groups\": [\"docker\"], \"id\": \"87928\"}, \"agent\": {\"id\": \"007\", \"name\": \"Debian\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {}, \"data\": {\"integration\": \"docker\", \"docker\": {\"Action\": \"connect\", \"Type\": \"network\", \"Actor\": {\"Attributes\": {\"container\": \"4d193284273eda41a869c2ef22091d7e0492323b91d654f1bea09fcefde50c08\", \"name\": \"bridge\", \"type\": \"bridge\"}, \"ID\": \"128075e00d6a056b6454afaa183c3a2714f0307a848ee4dba0e095e0a29f086a\"}, \"scope\": \"local\", \"timeNano\": \"1587084599776133888.000000\", \"time\": \"1587084599\"}}, \"location\": \"\"}" + result: + custom: + '@sampledata': true + agent: + id: "007" + ip: "10.10.10.10" + name: "Debian" + cluster: + name: "wazuh" + data: + docker: + Action: "connect" + Actor: + Attributes: + container: "4d193284273eda41a869c2ef22091d7e0492323b91d654f1bea09fcefde50c08" + name: "bridge" + type: "bridge" + ID: "128075e00d6a056b6454afaa183c3a2714f0307a848ee4dba0e095e0a29f086a" + Type: "network" + scope: "local" + time: "1587084599" + timeNano: "1587084599776133888.000000" + integration: "docker" + id: "1580123327.49031" + location: "" + manager: + name: "ub20" + rule: + description: "Docker: Network bridge connected" + firedtimes: 1 + groups: + - "docker" + id: "87928" + level: 3 + mail: false + service: "wazuh-docker" + status: "information" + syslog: + appname: "ossec" + hostname: "Debian" + timestamp: "2024-09-17T12:37:36.093817+05:30" + message: "<132>Sep 17 12:37:36 Debian ossec: {\"@sampledata\": true, \"timestamp\": \"2024-09-17T12:37:36.093817+05:30\", \"rule\": {\"firedtimes\": 1, \"mail\": false, \"level\": 3, \"description\": \"Docker: Network bridge connected\", \"groups\": [\"docker\"], \"id\": \"87928\"}, \"agent\": {\"id\": \"007\", \"name\": \"Debian\", \"ip\": \"10.10.10.10\"}, \"manager\": {\"name\": \"ub20\"}, \"cluster\": {\"name\": \"wazuh\"}, \"id\": \"1580123327.49031\", \"predecoder\": {}, \"decoder\": {}, \"data\": {\"integration\": \"docker\", \"docker\": {\"Action\": \"connect\", \"Type\": \"network\", \"Actor\": {\"Attributes\": {\"container\": \"4d193284273eda41a869c2ef22091d7e0492323b91d654f1bea09fcefde50c08\", \"name\": \"bridge\", \"type\": \"bridge\"}, \"ID\": \"128075e00d6a056b6454afaa183c3a2714f0307a848ee4dba0e095e0a29f086a\"}, \"scope\": \"local\", \"timeNano\": \"1587084599776133888.000000\", \"time\": \"1587084599\"}}, \"location\": \"\"}" + service: "wazuh-docker" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726556856093 + - + sample: "<132>Sep 18 14:53:16 ub20 ossec: {\"timestamp\":\"2024-09-18T14:53:16.251+0530\",\"rule\":{\"level\":7,\"description\":\"SCA summary: CIS Microsoft Windows 10 Enterprise Benchmark v1.12.0: Score less than 50% (33)\",\"id\":\"19004\",\"firedtimes\":1,\"mail\":false,\"groups\":[\"sca\"],\"gdpr\":[\"IV_35.7.d\"],\"pci_dss\":[\"2.2\"],\"nist_800_53\":[\"CM.1\"],\"tsc\":[\"CC7.1\",\"CC7.2\"]},\"agent\":{\"id\":\"005\",\"name\":\"DESKTOP-C1V1PSE\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726651396.585956\",\"decoder\":{\"name\":\"sca\"},\"data\":{\"sca\":{\"type\":\"summary\",\"scan_id\":\"245628523\",\"policy\":\"CIS Microsoft Windows 10 Enterprise Benchmark v1.12.0\",\"description\":\"This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise.\",\"policy_id\":\"cis_win10_enterprise\",\"passed\":\"131\",\"failed\":\"258\",\"invalid\":\"5\",\"total_checks\":\"394\",\"score\":\"33\",\"file\":\"cis_win10_enterprise.yml\"}},\"location\":\"sca\"}" + result: + custom: + agent: + id: "005" + ip: "10.10.10.10" + name: "DESKTOP-C1V1PSE" + data: + sca: + description: "This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise." + failed: "258" + file: "cis_win10_enterprise.yml" + invalid: "5" + passed: "131" + policy: "CIS Microsoft Windows 10 Enterprise Benchmark v1.12.0" + policy_id: "cis_win10_enterprise" + scan_id: "245628523" + score: "33" + total_checks: "394" + type: "summary" + decoder: + name: "sca" + id: "1726651396.585956" + location: "sca" + manager: + name: "ub20" + rule: + description: "SCA summary: CIS Microsoft Windows 10 Enterprise Benchmark v1.12.0: Score less than 50% (33)" + firedtimes: 1 + gdpr: + - "IV_35.7.d" + groups: + - "sca" + id: "19004" + level: 7 + mail: false + nist_800_53: + - "CM.1" + pci_dss: + - "2.2" + tsc: + - "CC7.1" + - "CC7.2" + service: "other" + status: "warning" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-18T14:53:16.251+0530" + message: "<132>Sep 18 14:53:16 ub20 ossec: {\"timestamp\":\"2024-09-18T14:53:16.251+0530\",\"rule\":{\"level\":7,\"description\":\"SCA summary: CIS Microsoft Windows 10 Enterprise Benchmark v1.12.0: Score less than 50% (33)\",\"id\":\"19004\",\"firedtimes\":1,\"mail\":false,\"groups\":[\"sca\"],\"gdpr\":[\"IV_35.7.d\"],\"pci_dss\":[\"2.2\"],\"nist_800_53\":[\"CM.1\"],\"tsc\":[\"CC7.1\",\"CC7.2\"]},\"agent\":{\"id\":\"005\",\"name\":\"DESKTOP-C1V1PSE\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726651396.585956\",\"decoder\":{\"name\":\"sca\"},\"data\":{\"sca\":{\"type\":\"summary\",\"scan_id\":\"245628523\",\"policy\":\"CIS Microsoft Windows 10 Enterprise Benchmark v1.12.0\",\"description\":\"This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise.\",\"policy_id\":\"cis_win10_enterprise\",\"passed\":\"131\",\"failed\":\"258\",\"invalid\":\"5\",\"total_checks\":\"394\",\"score\":\"33\",\"file\":\"cis_win10_enterprise.yml\"}},\"location\":\"sca\"}" + service: "other" + status: "warn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726651396251 + - + sample: "<132>Sep 18 15:31:44 ub20 ossec: {\"timestamp\":\"2024-09-18T15:31:44.788+0530\",\"rule\":{\"level\":5,\"description\":\"sshd: authentication failed.\",\"id\":\"5760\",\"mitre\":{\"id\":[\"T1110.001\",\"T1021.004\"],\"tactic\":[\"Credential Access\",\"Lateral Movement\"],\"technique\":[\"Password Guessing\",\"SSH\"]},\"firedtimes\":2,\"mail\":false,\"groups\":[\"syslog\",\"sshd\",\"authentication_failed\"],\"gdpr\":[\"IV_35.7.d\",\"IV_32.2\"],\"gpg13\":[\"7.1\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.14\",\"AC.7\"],\"pci_dss\":[\"10.2.4\",\"10.2.5\"],\"tsc\":[\"CC6.1\",\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"010\",\"name\":\"co7\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726653704.812551\",\"full_log\":\"Sep 18 15:31:43 co7 sshd[28830]: Failed password for devuser from 10.10.10.10 port 57137 ssh2\",\"predecoder\":{\"program_name\":\"sshd\",\"timestamp\":\"Sep 18 15:31:43\",\"hostname\":\"co7\"},\"decoder\":{\"parent\":\"sshd\",\"name\":\"sshd\"},\"data\":{\"srcip\":\"10.10.10.10\",\"srcport\":\"57137\",\"dstuser\":\"devuser\"},\"location\":\"/var/log/secure\"}" + result: + custom: + agent: + id: "010" + ip: "10.10.10.10" + name: "co7" + data: + dstuser: "devuser" + decoder: + name: "sshd" + parent: "sshd" + full_log: "Sep 18 15:31:43 co7 sshd[28830]: Failed password for devuser from 10.10.10.10 port 57137 ssh2" + id: "1726653704.812551" + location: "/var/log/secure" + manager: + name: "ub20" + network: + client: + geoip: {} + ip: "10.10.10.10" + port: "57137" + predecoder: + hostname: "co7" + program_name: "sshd" + timestamp: "Sep 18 15:31:43" + rule: + description: "sshd: authentication failed." + firedtimes: 2 + gdpr: + - "IV_35.7.d" + - "IV_32.2" + gpg13: + - "7.1" + groups: + - "syslog" + - "sshd" + - "authentication_failed" + hipaa: + - "164.312.b" + id: "5760" + level: 5 + mail: false + mitre: + id: + - "T1110.001" + - "T1021.004" + tactic: + - "Credential Access" + - "Lateral Movement" + technique: + - "Password Guessing" + - "SSH" + nist_800_53: + - "AU.14" + - "AC.7" + pci_dss: + - "10.2.4" + - "10.2.5" + tsc: + - "CC6.1" + - "CC6.8" + - "CC7.2" + - "CC7.3" + service: "system" + status: "information" + syslog: + appname: "ossec" + hostname: "ub20" + timestamp: "2024-09-18T15:31:44.788+0530" + message: "<132>Sep 18 15:31:44 ub20 ossec: {\"timestamp\":\"2024-09-18T15:31:44.788+0530\",\"rule\":{\"level\":5,\"description\":\"sshd: authentication failed.\",\"id\":\"5760\",\"mitre\":{\"id\":[\"T1110.001\",\"T1021.004\"],\"tactic\":[\"Credential Access\",\"Lateral Movement\"],\"technique\":[\"Password Guessing\",\"SSH\"]},\"firedtimes\":2,\"mail\":false,\"groups\":[\"syslog\",\"sshd\",\"authentication_failed\"],\"gdpr\":[\"IV_35.7.d\",\"IV_32.2\"],\"gpg13\":[\"7.1\"],\"hipaa\":[\"164.312.b\"],\"nist_800_53\":[\"AU.14\",\"AC.7\"],\"pci_dss\":[\"10.2.4\",\"10.2.5\"],\"tsc\":[\"CC6.1\",\"CC6.8\",\"CC7.2\",\"CC7.3\"]},\"agent\":{\"id\":\"010\",\"name\":\"co7\",\"ip\":\"10.10.10.10\"},\"manager\":{\"name\":\"ub20\"},\"id\":\"1726653704.812551\",\"full_log\":\"Sep 18 15:31:43 co7 sshd[28830]: Failed password for devuser from 10.10.10.10 port 57137 ssh2\",\"predecoder\":{\"program_name\":\"sshd\",\"timestamp\":\"Sep 18 15:31:43\",\"hostname\":\"co7\"},\"decoder\":{\"parent\":\"sshd\",\"name\":\"sshd\"},\"data\":{\"srcip\":\"10.10.10.10\",\"srcport\":\"57137\",\"dstuser\":\"devuser\"},\"location\":\"/var/log/secure\"}" + service: "system" + status: "info" + tags: + - "source:LOGS_SOURCE" + timestamp: 1726653704788 diff --git a/wazuh/assets/service_checks.json b/wazuh/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/wazuh/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/wazuh/assets/wazuh.svg b/wazuh/assets/wazuh.svg new file mode 100644 index 0000000000000..4be537e5b4009 --- /dev/null +++ b/wazuh/assets/wazuh.svg @@ -0,0 +1,25 @@ + + + + + + + + + + + + + diff --git a/wazuh/datadog_checks/__init__.py b/wazuh/datadog_checks/__init__.py new file mode 100644 index 0000000000000..1517d901c0aae --- /dev/null +++ b/wazuh/datadog_checks/__init__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__path__ = __import__('pkgutil').extend_path(__path__, __name__) # type: ignore diff --git a/wazuh/datadog_checks/wazuh/__about__.py b/wazuh/datadog_checks/wazuh/__about__.py new file mode 100644 index 0000000000000..acbfd1c866b84 --- /dev/null +++ b/wazuh/datadog_checks/wazuh/__about__.py @@ -0,0 +1,4 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +__version__ = '1.0.0' diff --git a/wazuh/datadog_checks/wazuh/__init__.py b/wazuh/datadog_checks/wazuh/__init__.py new file mode 100644 index 0000000000000..e3e1909cdf383 --- /dev/null +++ b/wazuh/datadog_checks/wazuh/__init__.py @@ -0,0 +1,6 @@ +# (C) Datadog, Inc. 2024-present +# All rights reserved +# Licensed under a 3-clause BSD style license (see LICENSE) +from .__about__ import __version__ + +__all__ = ['__version__'] diff --git a/wazuh/datadog_checks/wazuh/data/conf.yaml.example b/wazuh/datadog_checks/wazuh/data/conf.yaml.example new file mode 100644 index 0000000000000..f6801265fd70f --- /dev/null +++ b/wazuh/datadog_checks/wazuh/data/conf.yaml.example @@ -0,0 +1,20 @@ +## Log Section +## +## type - required - Type of log input source (tcp / udp / file / windows_event). +## port / path / channel_path - required - Set port if type is tcp or udp. +## Set path if type is file. +## Set channel_path if type is windows_event. +## source - required - Attribute that defines which integration sent the logs. +## encoding - optional - For file specifies the file encoding. Default is utf-8. Other +## possible values are utf-16-le and utf-16-be. +## service - optional - The name of the service that generates the log. +## Overrides any `service` defined in the `init_config` section. +## tags - optional - Add tags to the collected logs. +## +## Discover Datadog log collection: https://docs.datadoghq.com/logs/log_collection/ +# +# logs: +# - type: udp +# port: +# source: wazuh +# service: wazuh diff --git a/wazuh/images/wazuh-cloud-security.png b/wazuh/images/wazuh-cloud-security.png new file mode 100644 index 0000000000000..9bda3f3a700aa Binary files /dev/null and b/wazuh/images/wazuh-cloud-security.png differ diff --git a/wazuh/images/wazuh-file-integrity-monitoring.png b/wazuh/images/wazuh-file-integrity-monitoring.png new file mode 100644 index 0000000000000..410dd468aaa16 Binary files /dev/null and b/wazuh/images/wazuh-file-integrity-monitoring.png differ diff --git a/wazuh/images/wazuh-malware-detection.png b/wazuh/images/wazuh-malware-detection.png new file mode 100644 index 0000000000000..18ef63b1b2474 Binary files /dev/null and b/wazuh/images/wazuh-malware-detection.png differ diff --git a/wazuh/images/wazuh-mitre-attack.png b/wazuh/images/wazuh-mitre-attack.png new file mode 100644 index 0000000000000..1b5e6137245fa Binary files /dev/null and b/wazuh/images/wazuh-mitre-attack.png differ diff --git a/wazuh/images/wazuh-overview.png b/wazuh/images/wazuh-overview.png new file mode 100644 index 0000000000000..0fffffbc2f09c Binary files /dev/null and b/wazuh/images/wazuh-overview.png differ diff --git a/wazuh/images/wazuh-security-operations.png b/wazuh/images/wazuh-security-operations.png new file mode 100644 index 0000000000000..7ccd56f75e6db Binary files /dev/null and b/wazuh/images/wazuh-security-operations.png differ diff --git a/wazuh/images/wazuh-system.png b/wazuh/images/wazuh-system.png new file mode 100644 index 0000000000000..0a9c1fe6589c3 Binary files /dev/null and b/wazuh/images/wazuh-system.png differ diff --git a/wazuh/images/wazuh-vulnerability-detection.png b/wazuh/images/wazuh-vulnerability-detection.png new file mode 100644 index 0000000000000..2ef58ef7a1564 Binary files /dev/null and b/wazuh/images/wazuh-vulnerability-detection.png differ diff --git a/wazuh/manifest.json b/wazuh/manifest.json new file mode 100644 index 0000000000000..f89f0792e24be --- /dev/null +++ b/wazuh/manifest.json @@ -0,0 +1,101 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "5b1e3f2f-419d-4d9d-bb00-002b58e28835", + "app_id": "wazuh", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into the Wazuh alerts.", + "title": "Wazuh", + "media": [ + { + "caption": "Wazuh - Cloud Security", + "image_url": "images/wazuh-cloud-security.png", + "media_type": "image" + }, + { + "caption": "Wazuh - File Integrity Monitoring", + "image_url": "images/wazuh-file-integrity-monitoring.png", + "media_type": "image" + }, + { + "caption": "Wazuh - Malware Detection", + "image_url": "images/wazuh-malware-detection.png", + "media_type": "image" + }, + { + "caption": "Wazuh - MITRE ATT&CK", + "image_url": "images/wazuh-mitre-attack.png", + "media_type": "image" + }, + { + "caption": "Wazuh - Overview", + "image_url": "images/wazuh-overview.png", + "media_type": "image" + }, + { + "caption": "Wazuh - Security Operations", + "image_url": "images/wazuh-security-operations.png", + "media_type": "image" + }, + { + "caption": "Wazuh - System", + "image_url": "images/wazuh-system.png", + "media_type": "image" + }, + { + "caption": "Wazuh - Vulnerability Detection", + "image_url": "images/wazuh-vulnerability-detection.png", + "media_type": "image" + } + ], + "classifier_tags": [ + "Supported OS::Linux", + "Supported OS::Windows", + "Supported OS::macOS", + "Category::Alerting", + "Category::Log Collection", + "Category::Security", + "Offering::Integration", + "Submitted Data Type::Logs" + ] + }, + "assets": { + "integration": { + "auto_install": true, + "source_type_id": 26101213, + "source_type_name": "Wazuh", + "configuration": { + "spec": "assets/configuration/spec.yaml" + }, + "events": { + "creates_events": false + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + } + }, + "dashboards": { + "Wazuh - Overview": "assets/dashboards/wazuh_overview.json", + "Wazuh - File Integrity Monitoring": "assets/dashboards/wazuh_file_integrity_monitoring.json", + "Wazuh - Malware Detection": "assets/dashboards/wazuh_malware_detection.json", + "Wazuh - MITRE ATT&CK": "assets/dashboards/wazuh_MITRE_ATT&CK.json", + "Wazuh - Security Operations": "assets/dashboards/wazuh_security_operations.json", + "Wazuh - System": "assets/dashboards/wazuh_system.json", + "Wazuh - Vulnerability Detection": "assets/dashboards/wazuh_vulnerability_detection.json", + "Wazuh - Cloud Security": "assets/dashboards/wazuh_cloud_security.json" + }, + "logs": { + "source": "wazuh" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +} \ No newline at end of file diff --git a/wazuh/pyproject.toml b/wazuh/pyproject.toml new file mode 100644 index 0000000000000..7356d30e21a67 --- /dev/null +++ b/wazuh/pyproject.toml @@ -0,0 +1,59 @@ +[build-system] +requires = [ + "hatchling>=0.13.0", +] +build-backend = "hatchling.build" + +[project] +name = "datadog-wazuh" +description = "The wazuh check" +readme = "README.md" +license = "BSD-3-Clause" +keywords = [ + "datadog", + "datadog agent", + "datadog check", + "wazuh", +] +authors = [ + { name = "Datadog", email = "packages@datadoghq.com" }, +] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Intended Audience :: System Administrators", + "License :: OSI Approved :: BSD License", + "Private :: Do Not Upload", + "Programming Language :: Python :: 3.11", + "Topic :: System :: Monitoring", +] +dependencies = [ + "datadog-checks-base>=4.2.0", +] +dynamic = [ + "version", +] + +[project.optional-dependencies] +deps = [] + +[project.urls] +Source = "https://github.com/DataDog/integrations-core" + +[tool.hatch.version] +path = "datadog_checks/wazuh/__about__.py" + +[tool.hatch.build.targets.sdist] +include = [ + "/datadog_checks", + "/tests", + "/manifest.json", +] + +[tool.hatch.build.targets.wheel] +include = [ + "/datadog_checks/wazuh", +] +dev-mode-dirs = [ + ".", +] diff --git a/weaviate/CHANGELOG.md b/weaviate/CHANGELOG.md index e1954acd0ba49..fbca1fbe70130 100644 --- a/weaviate/CHANGELOG.md +++ b/weaviate/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.3.3 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/weblogic/CHANGELOG.md b/weblogic/CHANGELOG.md index 5b0da3e2ef323..ba1249c1d43a6 100644 --- a/weblogic/CHANGELOG.md +++ b/weblogic/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.3.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/win32_event_log/CHANGELOG.md b/win32_event_log/CHANGELOG.md index cd6a84332e6dc..e57801dc172c0 100644 --- a/win32_event_log/CHANGELOG.md +++ b/win32_event_log/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 3.3.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/windows_performance_counters/CHANGELOG.md b/windows_performance_counters/CHANGELOG.md index 28e88c421d934..01412a9a3ac45 100644 --- a/windows_performance_counters/CHANGELOG.md +++ b/windows_performance_counters/CHANGELOG.md @@ -4,10 +4,6 @@ ## 3.1.0 / 2024-10-04 / Agent 7.59.0 -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -18,6 +14,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 2.1.1 / 2024-07-05 / Agent 7.55.0 ***Fixed***: diff --git a/windows_service/CHANGELOG.md b/windows_service/CHANGELOG.md index 4144983baacfd..70cc272a044ff 100644 --- a/windows_service/CHANGELOG.md +++ b/windows_service/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.9.1 / 2024-07-05 / Agent 7.56.0 ***Fixed***: diff --git a/windows_service/README.md b/windows_service/README.md index b7431301f7e47..3e1ebad4a6ad1 100644 --- a/windows_service/README.md +++ b/windows_service/README.md @@ -8,7 +8,7 @@ This check monitors the state of any Windows Service and submits a service check ### Installation -The Windows Service check is included in the [Datadog Agent][1] package, so you don't need to install anything else on your Windows hosts. +The Windows Service check is installed by default with the [Datadog Agent][1], but is not configured. Please see the next section to configure the check. ### Configuration @@ -136,3 +136,4 @@ If the service is present in the output, permissions are the issue. To give the [15]: https://docs.datadoghq.com/agent/guide/windows-agent-ddagent-user/ [16]: https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/configure-group-policies-set-security [17]: https://learn.microsoft.com/en-us/windows/win32/services/service-trigger-events +[18]: https://app.datadoghq.com/integrations/windows-service?search=windows%20service diff --git a/wmi_check/CHANGELOG.md b/wmi_check/CHANGELOG.md index 0f61c2c9ba6b5..882aa52fca4c8 100644 --- a/wmi_check/CHANGELOG.md +++ b/wmi_check/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 1.18.0 / 2024-01-05 / Agent 7.51.0 ***Added***: diff --git a/yarn/CHANGELOG.md b/yarn/CHANGELOG.md index dcafd1f4cc345..dc1602300edc8 100644 --- a/yarn/CHANGELOG.md +++ b/yarn/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 5.3.1 / 2024-05-31 / Agent 7.55.0 ***Fixed***: diff --git a/yarn/tests/test_integration.py b/yarn/tests/test_integration.py index d67e0ef3c63c8..b58a2bb200cd8 100644 --- a/yarn/tests/test_integration.py +++ b/yarn/tests/test_integration.py @@ -1,10 +1,12 @@ # (C) Datadog, Inc. 2019-present # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) +import os import pytest from datadog_checks.base import AgentCheck +from datadog_checks.yarn import YarnCheck from . import common @@ -30,3 +32,25 @@ def assert_check(aggregator): aggregator.assert_metric_has_tag(metric, common.LEGACY_CLUSTER_TAG) aggregator.assert_all_metrics_covered() + + +@pytest.mark.integration +def test_metadata(aggregator, instance, datadog_agent): + check = YarnCheck("yarn", {}, [instance]) + check.check_id = "test:123" + + check.check(instance) + + raw_version = os.getenv("YARN_VERSION") + + major, minor, patch = raw_version.split(".") + + version_metadata = { + "version.scheme": "semver", + "version.major": major, + "version.minor": minor, + "version.patch": patch, + "version.raw": raw_version, + } + + datadog_agent.assert_metadata("test:123", version_metadata) diff --git a/yarn/tests/test_yarn.py b/yarn/tests/test_yarn.py index 11eee87969ded..0ff1a36ccc18c 100644 --- a/yarn/tests/test_yarn.py +++ b/yarn/tests/test_yarn.py @@ -2,7 +2,6 @@ # All rights reserved # Licensed under a 3-clause BSD style license (see LICENSE) import copy -import os import re import pytest @@ -300,27 +299,6 @@ def test_ssl_verification(aggregator, mocked_bad_cert_request): ) -def test_metadata(aggregator, instance, datadog_agent): - check = YarnCheck("yarn", {}, [instance]) - check.check_id = "test:123" - - check.check(instance) - - raw_version = os.getenv("YARN_VERSION") - - major, minor, patch = raw_version.split(".") - - version_metadata = { - "version.scheme": "semver", - "version.major": major, - "version.minor": minor, - "version.patch": patch, - "version.raw": raw_version, - } - - datadog_agent.assert_metadata("test:123", version_metadata) - - def test_collect_apps_all_states(dd_run_check, aggregator, mocked_request): instance = YARN_COLLECT_APPS_ALL_STATES_CONFIG['instances'][0] yarn = YarnCheck('yarn', {}, [instance]) diff --git a/zk/CHANGELOG.md b/zk/CHANGELOG.md index fd57619d76c4d..0b4151d47cb70 100644 --- a/zk/CHANGELOG.md +++ b/zk/CHANGELOG.md @@ -8,10 +8,6 @@ * Remove support for Python 2. ([#18580](https://github.com/DataDog/integrations-core/pull/18580)) -***Added***: - -* Bump the python version from 3.11 to 3.12 ([#18207](https://github.com/DataDog/integrations-core/pull/18207)) - ***Fixed***: * Bump the version of datadog-checks-base to 37.0.0 ([#18617](https://github.com/DataDog/integrations-core/pull/18617)) @@ -22,6 +18,10 @@ * Bump minimum version of base check ([#18733](https://github.com/DataDog/integrations-core/pull/18733)) +***Added***: + +* Bump the python version from 3.11 to 3.12 ([#18212](https://github.com/DataDog/integrations-core/pull/18212)) + ## 4.5.0 / 2024-01-05 / Agent 7.51.0 ***Added***: