├── LICENSE ├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── README.md └── loki ├── ssh-logs.json ├── global_ssh_logs.json ├── sudo_logs.json └── privatebin_access_log.json /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 VoidQuark 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[BUG] [Dashboard Name] Title" 5 | labels: bug 6 | assignees: voidquark 7 | 8 | --- 9 | 10 | **Loki Version:** [Provide the version of Loki you are using] 11 | **Grafana Version:** [Provide the version of Grafana you are using] 12 | **Promtail Version:** [Provide the version of Promtail you are using] 13 | **Dashboard Name:** [Specify dashboard name] 14 | **Dashboard Revision Number:** [Specify the revision number of the dashboard] 15 | 16 | ### Describe the Bug 17 | 18 | **Description:** 19 | [Clearly describe the problem you are experiencing. Be as detailed as possible.] 20 | 21 | **Which Panel is Not Working:** 22 | [Specify the panel or panels that are not working as expected. Include the panel title.] 23 | 24 | **What's the Issue:** 25 | [Explain what is happening with the panel(s) that is not working. Describe the unexpected behavior.] 26 | 27 | **Expected Behavior:** 28 | [Describe what you expected to happen when interacting with the problematic panel(s).] 29 | 30 | ### Additional Information 31 | 32 | **Did You Try to Execute a Query from Panel in Grafana Explorer?** 33 | [Yes/No] 34 | - If yes, provide details of the query you executed and the results. 35 | - If no, consider trying to execute a query and report the results if relevant. 36 | 37 | **Screenshots/Logs:** 38 | [Attach any relevant screenshots or logs that can help us understand the issue better.] 39 | 40 | **Steps to Reproduce:** 41 | [Provide a step-by-step guide on how to reproduce the issue, if applicable.] 42 | 43 | **Additional Context:** 44 | [Include any additional context or information that may be relevant to the issue.] 45 | 46 | ### Checklist 47 | 48 | Please ensure that you have completed the following tasks before submitting the bug report: 49 | 50 | - [ ] Checked the documentation and community forums for a solution related to Loki configuration or Grafana configuration. 51 | - [ ] Searched existing issues to see if the problem has already been reported. 52 | - [ ] Ensured you are using the latest versions of Loki, Grafana, and Promtail. 53 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Dashboard Improvement Suggestion Template 4 | title: "[FEATURE] [Dashboard Name] Title" 5 | labels: enhancement 6 | assignees: voidquark 7 | 8 | --- 9 | 10 | ## Dashboard Improvement Suggestion Template 11 | 12 | **Dashboard Name:** 13 | [Specify the name of the dashboard you're providing feedback for] 14 | 15 | ### Improvement Details 16 | 17 | **Description:** 18 | [Describe the improvement or suggestion you would like to make. Be as specific as possible.] 19 | 20 | **Use Case:** 21 | [Explain the use case or scenario where this improvement would be beneficial.] 22 | 23 | ### Proposed Changes 24 | 25 | **Change Description:** 26 | [Provide a detailed description of the changes you suggest. Include any specific modifications or additions you have in mind.] 27 | 28 | **Visual Changes (if applicable):** 29 | [Describe any changes to the dashboard's visual elements, such as panels, graphs, or layout.] 30 | 31 | ### Rationale 32 | 33 | **Why is this Improvement Important:** 34 | [Explain why you believe this improvement is important. What benefits or advantages will it bring to users?] 35 | 36 | **Alternative Solutions (if any):** 37 | [If you have considered alternative ways to address the issue or achieve the desired outcome, please mention them.] 38 | 39 | ### Additional Information 40 | 41 | **Screenshots/Examples (if applicable):** 42 | [Attach any relevant screenshots or examples to illustrate your suggestion.] 43 | 44 | **Context (if any):** 45 | [Provide any additional context or information that may be relevant to your suggestion.] 46 | 47 | ### Checklist 48 | 49 | Please ensure that you have completed the following tasks before submitting your improvement suggestion: 50 | 51 | - [ ] Checked existing dashboards and features to confirm that the improvement is not already available. 52 | - [ ] Reviewed any related documentation or resources to ensure your suggestion aligns with best practices. 53 | - [ ] Considered the impact of your suggestion on the overall user experience. 54 | 55 | Thank you for taking the time to suggest improvements to our Grafana dashboards! Your feedback is valuable in helping us enhance the usability and effectiveness of our monitoring and visualization tools. 56 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Grafana Dashboards Collection 2 | 3 | Grafana Dashboards Collection. 4 | 5 | ## Table of Content 6 | 7 | - [Nextcloud Logs](#nextcloud-logs) 8 | - [PrivateBin Access Logs](#privatebin-access-logs) 9 | - [Promtail Metrics and Logs](#promtail-metrics-and-logs) 10 | - [SSH Logs](#ssh-logs) 11 | - [Global SSH Logs View](#global-ssh-logs-view) 12 | - [SUDO Logs](#sudo-logs) 13 | - [Author Information](#author-information) 14 | 15 | ## Nextcloud Logs 16 | 17 | Nextcloud Application and Audit Logs dashboard. 18 | 19 | Log shipper: `promtail` 20 | 21 | Log aggregator: `loki` 22 | 23 | Grafana dashboard URL: [Dashboard ID 17821](https://grafana.com/grafana/dashboards/17821-nextcloud-log/) 24 | 25 | How to use this dashboard is described in blog: [Parsing Nextcloud Audit Logs with Grafana Loki](https://voidquark.com/blog/parsing-nextcloud-audit-logs-with-grafana-loki/). 26 | 27 | ## PrivateBin Access Logs 28 | 29 | Monitoring PrivateBin Application NGINX Access Logs for paste statistics. 30 | 31 | Log shipper: `promtail` 32 | 33 | Log aggregator: `loki` 34 | 35 | Grafana dashboard URL: [Dashboard ID 19507](https://grafana.com/grafana/dashboards/19507-privatebin-access-log/) 36 | 37 | How to use this dashboard is described in blog: [PrivateBin NGINX Access Log](https://voidquark.com/blog/privatebin-nginx-access-log-dashboard/). 38 | 39 | ## Promtail Metrics and Logs 40 | 41 | Promtail Metrics and Logs dashboard. 42 | 43 | Log shipper: `promtail` 44 | 45 | Log aggregator: `loki` 46 | 47 | Datasources: `prometheus, loki` (mixed) 48 | 49 | Grafana dashboard URL: [Dashboard ID 20881](https://grafana.com/grafana/dashboards/20881-promtail-monitoring-metrics-and-logs/) 50 | 51 | How to use this dashboard is described in blog: [Grafana Dashboard for Promtail Metrics and Logs](https://voidquark.com/blog/promtail-grafana-dashboard/). 52 | 53 | ## SSH Logs 54 | 55 | Linux SSH Logs dashboard. 56 | 57 | Log shipper: `promtail` 58 | 59 | Log aggregator: `loki` 60 | 61 | Grafana dashboard URL: [Dashboard ID 17514](https://grafana.com/grafana/dashboards/17514-ssh-logs/) 62 | 63 | How to use this dashboard is described in blog: [Parsing SSH Logs with Grafana Loki](https://voidquark.com/blog/parsing-ssh-logs-with-grafana-loki/). 64 | 65 | ## Global SSH Logs View 66 | 67 | Linux Global SSH Logs View dashboard. 68 | 69 | Log shipper: `promtail` 70 | 71 | Log aggregator: `loki` 72 | 73 | Grafana dashboard URL: [Dashboard ID 21750](https://grafana.com/grafana/dashboards/21750-global-ssh-logs-view/) 74 | 75 | How to use this dashboard is described in blog: [Global SSH Logs View with Loki](https://voidquark.com/blog/global-ssh-logs-view-with-loki). 76 | 77 | ## SUDO Logs 78 | 79 | Linux SUDO Logs dashboard. Track both accepted and rejected SUDO events. 80 | 81 | Log shipper: `promtail` 82 | 83 | Log aggregator: `loki` 84 | 85 | Grafana dashboard URL: [Dashboard ID 19816](https://grafana.com/grafana/dashboards/19816-sudo-logs-json-version/) 86 | 87 | How to use this dashboard is described in blog: [Parsing SUDO Logs with Grafana Loki](https://voidquark.com/blog/parsing-sudo-logs-with-grafana-loki). 88 | 89 | ## Author Information 90 | 91 | Created by [VoidQuark](https://voidquark.com) 92 | -------------------------------------------------------------------------------- /loki/ssh-logs.json: -------------------------------------------------------------------------------- 1 | { 2 | "__inputs": [ 3 | { 4 | "name": "DS_LOKI", 5 | "label": "loki", 6 | "description": "", 7 | "type": "datasource", 8 | "pluginId": "loki", 9 | "pluginName": "Loki" 10 | } 11 | ], 12 | "__elements": {}, 13 | "__requires": [ 14 | { 15 | "type": "grafana", 16 | "id": "grafana", 17 | "name": "Grafana", 18 | "version": "11.1.4" 19 | }, 20 | { 21 | "type": "panel", 22 | "id": "logs", 23 | "name": "Logs", 24 | "version": "" 25 | }, 26 | { 27 | "type": "datasource", 28 | "id": "loki", 29 | "name": "Loki", 30 | "version": "1.0.0" 31 | }, 32 | { 33 | "type": "panel", 34 | "id": "piechart", 35 | "name": "Pie chart", 36 | "version": "" 37 | }, 38 | { 39 | "type": "panel", 40 | "id": "stat", 41 | "name": "Stat", 42 | "version": "" 43 | }, 44 | { 45 | "type": "panel", 46 | "id": "table", 47 | "name": "Table", 48 | "version": "" 49 | } 50 | ], 51 | "annotations": { 52 | "list": [ 53 | { 54 | "builtIn": 1, 55 | "datasource": { 56 | "type": "grafana", 57 | "uid": "-- Grafana --" 58 | }, 59 | "enable": true, 60 | "hide": true, 61 | "iconColor": "rgba(0, 211, 255, 1)", 62 | "name": "Annotations & Alerts", 63 | "target": { 64 | "limit": 100, 65 | "matchAny": false, 66 | "tags": [], 67 | "type": "dashboard" 68 | }, 69 | "type": "dashboard" 70 | } 71 | ] 72 | }, 73 | "description": "Loki v2/v3 SSH Logs", 74 | "editable": true, 75 | "fiscalYearStartMonth": 0, 76 | "gnetId": 17514, 77 | "graphTooltip": 0, 78 | "id": null, 79 | "links": [], 80 | "liveNow": false, 81 | "panels": [ 82 | { 83 | "collapsed": false, 84 | "gridPos": { 85 | "h": 1, 86 | "w": 24, 87 | "x": 0, 88 | "y": 0 89 | }, 90 | "id": 5, 91 | "panels": [], 92 | "title": "SSH - Total Stats", 93 | "type": "row" 94 | }, 95 | { 96 | "datasource": { 97 | "type": "loki", 98 | "uid": "${DS_LOKI}" 99 | }, 100 | "description": "", 101 | "fieldConfig": { 102 | "defaults": { 103 | "color": { 104 | "mode": "thresholds" 105 | }, 106 | "mappings": [ 107 | { 108 | "options": { 109 | "match": "null", 110 | "result": { 111 | "index": 0, 112 | "text": "0" 113 | } 114 | }, 115 | "type": "special" 116 | } 117 | ], 118 | "thresholds": { 119 | "mode": "absolute", 120 | "steps": [ 121 | { 122 | "color": "purple", 123 | "value": null 124 | } 125 | ] 126 | }, 127 | "unit": "short" 128 | }, 129 | "overrides": [] 130 | }, 131 | "gridPos": { 132 | "h": 4, 133 | "w": 6, 134 | "x": 0, 135 | "y": 1 136 | }, 137 | "id": 2, 138 | "options": { 139 | "colorMode": "background", 140 | "graphMode": "none", 141 | "justifyMode": "center", 142 | "orientation": "auto", 143 | "percentChangeColorMode": "standard", 144 | "reduceOptions": { 145 | "calcs": [ 146 | "sum" 147 | ], 148 | "fields": "", 149 | "values": false 150 | }, 151 | "showPercentChange": false, 152 | "textMode": "auto", 153 | "wideLayout": true 154 | }, 155 | "pluginVersion": "11.1.4", 156 | "targets": [ 157 | { 158 | "datasource": { 159 | "type": "loki", 160 | "uid": "${DS_LOKI}" 161 | }, 162 | "editorMode": "code", 163 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__interval]))", 164 | "queryType": "range", 165 | "refId": "A" 166 | } 167 | ], 168 | "title": "Total Opened Connection", 169 | "type": "stat" 170 | }, 171 | { 172 | "datasource": { 173 | "type": "loki", 174 | "uid": "${DS_LOKI}" 175 | }, 176 | "description": "", 177 | "fieldConfig": { 178 | "defaults": { 179 | "color": { 180 | "mode": "thresholds" 181 | }, 182 | "mappings": [ 183 | { 184 | "options": { 185 | "match": "null", 186 | "result": { 187 | "index": 0, 188 | "text": "0" 189 | } 190 | }, 191 | "type": "special" 192 | } 193 | ], 194 | "thresholds": { 195 | "mode": "absolute", 196 | "steps": [ 197 | { 198 | "color": "purple", 199 | "value": null 200 | }, 201 | { 202 | "color": "red", 203 | "value": 1 204 | } 205 | ] 206 | }, 207 | "unit": "short" 208 | }, 209 | "overrides": [] 210 | }, 211 | "gridPos": { 212 | "h": 4, 213 | "w": 3, 214 | "x": 6, 215 | "y": 1 216 | }, 217 | "id": 3, 218 | "options": { 219 | "colorMode": "background", 220 | "graphMode": "none", 221 | "justifyMode": "center", 222 | "orientation": "auto", 223 | "percentChangeColorMode": "standard", 224 | "reduceOptions": { 225 | "calcs": [ 226 | "sum" 227 | ], 228 | "fields": "", 229 | "values": false 230 | }, 231 | "showPercentChange": false, 232 | "textMode": "auto", 233 | "wideLayout": true 234 | }, 235 | "pluginVersion": "11.1.4", 236 | "targets": [ 237 | { 238 | "datasource": { 239 | "type": "loki", 240 | "uid": "${DS_LOKI}" 241 | }, 242 | "editorMode": "code", 243 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__interval]))", 244 | "hide": false, 245 | "queryType": "range", 246 | "refId": "A" 247 | } 248 | ], 249 | "title": "Total Failed Connection", 250 | "transformations": [ 251 | { 252 | "id": "merge", 253 | "options": {} 254 | } 255 | ], 256 | "type": "stat" 257 | }, 258 | { 259 | "datasource": { 260 | "type": "loki", 261 | "uid": "${DS_LOKI}" 262 | }, 263 | "fieldConfig": { 264 | "defaults": { 265 | "mappings": [ 266 | { 267 | "options": { 268 | "match": "null", 269 | "result": { 270 | "index": 0, 271 | "text": "0" 272 | } 273 | }, 274 | "type": "special" 275 | } 276 | ], 277 | "thresholds": { 278 | "mode": "absolute", 279 | "steps": [ 280 | { 281 | "color": "purple", 282 | "value": null 283 | }, 284 | { 285 | "color": "red", 286 | "value": 1 287 | } 288 | ] 289 | }, 290 | "unit": "short" 291 | }, 292 | "overrides": [] 293 | }, 294 | "gridPos": { 295 | "h": 4, 296 | "w": 3, 297 | "x": 9, 298 | "y": 1 299 | }, 300 | "id": 21, 301 | "options": { 302 | "colorMode": "background", 303 | "graphMode": "none", 304 | "justifyMode": "auto", 305 | "orientation": "auto", 306 | "percentChangeColorMode": "standard", 307 | "reduceOptions": { 308 | "calcs": [ 309 | "count" 310 | ], 311 | "fields": "/^IP$/", 312 | "values": false 313 | }, 314 | "showPercentChange": false, 315 | "textMode": "auto", 316 | "wideLayout": true 317 | }, 318 | "pluginVersion": "11.1.4", 319 | "targets": [ 320 | { 321 | "datasource": { 322 | "type": "loki", 323 | "uid": "${DS_LOKI}" 324 | }, 325 | "editorMode": "code", 326 | "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", 327 | "hide": false, 328 | "legendFormat": "{{ ip }}", 329 | "queryType": "range", 330 | "refId": "A", 331 | "resolution": 1 332 | }, 333 | { 334 | "datasource": { 335 | "type": "loki", 336 | "uid": "${DS_LOKI}" 337 | }, 338 | "editorMode": "code", 339 | "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", 340 | "hide": false, 341 | "legendFormat": "{{ ip }}", 342 | "queryType": "range", 343 | "refId": "B" 344 | } 345 | ], 346 | "title": "Total Failed - Unique IP", 347 | "transformations": [ 348 | { 349 | "id": "labelsToFields", 350 | "options": { 351 | "mode": "rows", 352 | "valueLabel": "ip" 353 | } 354 | }, 355 | { 356 | "id": "merge", 357 | "options": {} 358 | }, 359 | { 360 | "id": "organize", 361 | "options": { 362 | "excludeByName": { 363 | "178.40.119.51": false, 364 | "194.154.240.221": false, 365 | "label": true 366 | }, 367 | "indexByName": {}, 368 | "renameByName": { 369 | "value": "IP" 370 | } 371 | } 372 | } 373 | ], 374 | "type": "stat" 375 | }, 376 | { 377 | "datasource": { 378 | "type": "loki", 379 | "uid": "${DS_LOKI}" 380 | }, 381 | "description": "", 382 | "fieldConfig": { 383 | "defaults": { 384 | "color": { 385 | "mode": "thresholds" 386 | }, 387 | "mappings": [ 388 | { 389 | "options": { 390 | "match": "null", 391 | "result": { 392 | "index": 0, 393 | "text": "0" 394 | } 395 | }, 396 | "type": "special" 397 | } 398 | ], 399 | "thresholds": { 400 | "mode": "absolute", 401 | "steps": [ 402 | { 403 | "color": "orange", 404 | "value": null 405 | } 406 | ] 407 | }, 408 | "unit": "short" 409 | }, 410 | "overrides": [] 411 | }, 412 | "gridPos": { 413 | "h": 4, 414 | "w": 3, 415 | "x": 12, 416 | "y": 1 417 | }, 418 | "id": 6, 419 | "options": { 420 | "colorMode": "background", 421 | "graphMode": "none", 422 | "justifyMode": "auto", 423 | "orientation": "auto", 424 | "percentChangeColorMode": "standard", 425 | "reduceOptions": { 426 | "calcs": [ 427 | "sum" 428 | ], 429 | "fields": "", 430 | "values": false 431 | }, 432 | "showPercentChange": false, 433 | "textMode": "auto", 434 | "wideLayout": true 435 | }, 436 | "pluginVersion": "11.1.4", 437 | "targets": [ 438 | { 439 | "datasource": { 440 | "type": "loki", 441 | "uid": "${DS_LOKI}" 442 | }, 443 | "editorMode": "code", 444 | "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", 445 | "queryType": "range", 446 | "refId": "A" 447 | } 448 | ], 449 | "title": "SSH Log Lines", 450 | "type": "stat" 451 | }, 452 | { 453 | "datasource": { 454 | "type": "loki", 455 | "uid": "${DS_LOKI}" 456 | }, 457 | "description": "", 458 | "fieldConfig": { 459 | "defaults": { 460 | "color": { 461 | "mode": "thresholds" 462 | }, 463 | "mappings": [ 464 | { 465 | "options": { 466 | "match": "null", 467 | "result": { 468 | "index": 0, 469 | "text": "0" 470 | } 471 | }, 472 | "type": "special" 473 | } 474 | ], 475 | "thresholds": { 476 | "mode": "absolute", 477 | "steps": [ 478 | { 479 | "color": "orange", 480 | "value": null 481 | } 482 | ] 483 | }, 484 | "unit": "decbytes" 485 | }, 486 | "overrides": [] 487 | }, 488 | "gridPos": { 489 | "h": 4, 490 | "w": 3, 491 | "x": 15, 492 | "y": 1 493 | }, 494 | "id": 7, 495 | "options": { 496 | "colorMode": "background", 497 | "graphMode": "none", 498 | "justifyMode": "auto", 499 | "orientation": "auto", 500 | "percentChangeColorMode": "standard", 501 | "reduceOptions": { 502 | "calcs": [ 503 | "sum" 504 | ], 505 | "fields": "", 506 | "values": false 507 | }, 508 | "showPercentChange": false, 509 | "textMode": "auto", 510 | "wideLayout": true 511 | }, 512 | "pluginVersion": "11.1.4", 513 | "targets": [ 514 | { 515 | "datasource": { 516 | "type": "loki", 517 | "uid": "${DS_LOKI}" 518 | }, 519 | "editorMode": "code", 520 | "expr": "bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__interval])", 521 | "queryType": "range", 522 | "refId": "A" 523 | } 524 | ], 525 | "title": "SSH Log in bytes", 526 | "type": "stat" 527 | }, 528 | { 529 | "datasource": { 530 | "type": "loki", 531 | "uid": "${DS_LOKI}" 532 | }, 533 | "fieldConfig": { 534 | "defaults": { 535 | "color": { 536 | "mode": "palette-classic" 537 | }, 538 | "custom": { 539 | "hideFrom": { 540 | "legend": false, 541 | "tooltip": false, 542 | "viz": false 543 | } 544 | }, 545 | "mappings": [] 546 | }, 547 | "overrides": [] 548 | }, 549 | "gridPos": { 550 | "h": 9, 551 | "w": 6, 552 | "x": 0, 553 | "y": 5 554 | }, 555 | "id": 15, 556 | "options": { 557 | "displayLabels": [], 558 | "legend": { 559 | "displayMode": "table", 560 | "placement": "right", 561 | "showLegend": true, 562 | "values": [ 563 | "value", 564 | "percent" 565 | ] 566 | }, 567 | "pieType": "donut", 568 | "reduceOptions": { 569 | "calcs": [ 570 | "sum" 571 | ], 572 | "fields": "", 573 | "values": false 574 | }, 575 | "tooltip": { 576 | "mode": "multi", 577 | "sort": "none" 578 | } 579 | }, 580 | "pluginVersion": "9.2.5", 581 | "targets": [ 582 | { 583 | "datasource": { 584 | "type": "loki", 585 | "uid": "${DS_LOKI}" 586 | }, 587 | "editorMode": "code", 588 | "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__interval]))", 589 | "hide": false, 590 | "legendFormat": "{{ username }}", 591 | "queryType": "range", 592 | "refId": "A" 593 | }, 594 | { 595 | "datasource": { 596 | "type": "loki", 597 | "uid": "${DS_LOKI}" 598 | }, 599 | "editorMode": "code", 600 | "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__interval]))", 601 | "hide": false, 602 | "legendFormat": "{{ username }}", 603 | "queryType": "range", 604 | "refId": "B" 605 | } 606 | ], 607 | "title": "Session Opened by User", 608 | "type": "piechart" 609 | }, 610 | { 611 | "datasource": { 612 | "type": "loki", 613 | "uid": "${DS_LOKI}" 614 | }, 615 | "fieldConfig": { 616 | "defaults": { 617 | "color": { 618 | "mode": "palette-classic" 619 | }, 620 | "custom": { 621 | "hideFrom": { 622 | "legend": false, 623 | "tooltip": false, 624 | "viz": false 625 | } 626 | }, 627 | "mappings": [] 628 | }, 629 | "overrides": [] 630 | }, 631 | "gridPos": { 632 | "h": 9, 633 | "w": 6, 634 | "x": 6, 635 | "y": 5 636 | }, 637 | "id": 16, 638 | "options": { 639 | "displayLabels": [], 640 | "legend": { 641 | "displayMode": "table", 642 | "placement": "right", 643 | "showLegend": true, 644 | "values": [ 645 | "value", 646 | "percent" 647 | ] 648 | }, 649 | "pieType": "donut", 650 | "reduceOptions": { 651 | "calcs": [ 652 | "sum" 653 | ], 654 | "fields": "", 655 | "values": false 656 | }, 657 | "tooltip": { 658 | "mode": "multi", 659 | "sort": "none" 660 | } 661 | }, 662 | "pluginVersion": "9.2.5", 663 | "targets": [ 664 | { 665 | "datasource": { 666 | "type": "loki", 667 | "uid": "${DS_LOKI}" 668 | }, 669 | "editorMode": "code", 670 | "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", 671 | "hide": false, 672 | "legendFormat": "{{ username }}", 673 | "queryType": "range", 674 | "refId": "A" 675 | }, 676 | { 677 | "datasource": { 678 | "type": "loki", 679 | "uid": "${DS_LOKI}" 680 | }, 681 | "editorMode": "code", 682 | "expr": "sum by (username) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__interval]))", 683 | "hide": false, 684 | "legendFormat": "{{ username }}", 685 | "queryType": "range", 686 | "refId": "B" 687 | } 688 | ], 689 | "title": "Failed Attempt by User", 690 | "transformations": [ 691 | { 692 | "id": "joinByLabels", 693 | "options": { 694 | "value": "username" 695 | } 696 | } 697 | ], 698 | "type": "piechart" 699 | }, 700 | { 701 | "datasource": { 702 | "type": "loki", 703 | "uid": "${DS_LOKI}" 704 | }, 705 | "gridPos": { 706 | "h": 16, 707 | "w": 12, 708 | "x": 12, 709 | "y": 5 710 | }, 711 | "id": 9, 712 | "options": { 713 | "dedupStrategy": "signature", 714 | "enableLogDetails": true, 715 | "prettifyLogMessage": false, 716 | "showCommonLabels": false, 717 | "showLabels": false, 718 | "showTime": false, 719 | "sortOrder": "Descending", 720 | "wrapLogMessage": false 721 | }, 722 | "targets": [ 723 | { 724 | "datasource": { 725 | "type": "loki", 726 | "uid": "${DS_LOKI}" 727 | }, 728 | "editorMode": "code", 729 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" ", 730 | "queryType": "range", 731 | "refId": "A" 732 | } 733 | ], 734 | "title": "SSH Recent Log", 735 | "type": "logs" 736 | }, 737 | { 738 | "datasource": { 739 | "type": "loki", 740 | "uid": "${DS_LOKI}" 741 | }, 742 | "fieldConfig": { 743 | "defaults": { 744 | "custom": { 745 | "align": "auto", 746 | "cellOptions": { 747 | "type": "auto" 748 | }, 749 | "filterable": true, 750 | "inspect": false 751 | }, 752 | "mappings": [], 753 | "thresholds": { 754 | "mode": "absolute", 755 | "steps": [ 756 | { 757 | "color": "green", 758 | "value": null 759 | } 760 | ] 761 | } 762 | }, 763 | "overrides": [] 764 | }, 765 | "gridPos": { 766 | "h": 7, 767 | "w": 6, 768 | "x": 0, 769 | "y": 14 770 | }, 771 | "id": 22, 772 | "options": { 773 | "cellHeight": "sm", 774 | "footer": { 775 | "countRows": false, 776 | "fields": "", 777 | "reducer": [ 778 | "sum" 779 | ], 780 | "show": false 781 | }, 782 | "frameIndex": 0, 783 | "showHeader": true 784 | }, 785 | "pluginVersion": "11.1.4", 786 | "targets": [ 787 | { 788 | "datasource": { 789 | "type": "loki", 790 | "uid": "${DS_LOKI}" 791 | }, 792 | "editorMode": "code", 793 | "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__interval]))", 794 | "hide": false, 795 | "legendFormat": "{{ ip }}", 796 | "queryType": "range", 797 | "refId": "A", 798 | "resolution": 1 799 | } 800 | ], 801 | "title": "Session Opened by Unique IP", 802 | "transformations": [ 803 | { 804 | "id": "labelsToFields", 805 | "options": { 806 | "mode": "rows" 807 | } 808 | }, 809 | { 810 | "id": "merge", 811 | "options": {} 812 | }, 813 | { 814 | "id": "organize", 815 | "options": { 816 | "excludeByName": { 817 | "label": true 818 | }, 819 | "indexByName": {}, 820 | "renameByName": { 821 | "value": "IP" 822 | } 823 | } 824 | } 825 | ], 826 | "type": "table" 827 | }, 828 | { 829 | "datasource": { 830 | "type": "loki", 831 | "uid": "${DS_LOKI}" 832 | }, 833 | "fieldConfig": { 834 | "defaults": { 835 | "custom": { 836 | "align": "auto", 837 | "cellOptions": { 838 | "type": "auto" 839 | }, 840 | "filterable": true, 841 | "inspect": false 842 | }, 843 | "mappings": [], 844 | "thresholds": { 845 | "mode": "absolute", 846 | "steps": [ 847 | { 848 | "color": "green", 849 | "value": null 850 | } 851 | ] 852 | } 853 | }, 854 | "overrides": [] 855 | }, 856 | "gridPos": { 857 | "h": 7, 858 | "w": 6, 859 | "x": 6, 860 | "y": 14 861 | }, 862 | "id": 19, 863 | "options": { 864 | "cellHeight": "sm", 865 | "footer": { 866 | "countRows": false, 867 | "fields": "", 868 | "reducer": [ 869 | "sum" 870 | ], 871 | "show": false 872 | }, 873 | "frameIndex": 0, 874 | "showHeader": true 875 | }, 876 | "pluginVersion": "11.1.4", 877 | "targets": [ 878 | { 879 | "datasource": { 880 | "type": "loki", 881 | "uid": "${DS_LOKI}" 882 | }, 883 | "editorMode": "code", 884 | "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__interval]))", 885 | "hide": false, 886 | "legendFormat": "{{ ip }}", 887 | "queryType": "range", 888 | "refId": "A", 889 | "resolution": 1 890 | }, 891 | { 892 | "datasource": { 893 | "type": "loki", 894 | "uid": "${DS_LOKI}" 895 | }, 896 | "editorMode": "code", 897 | "expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__interval]))", 898 | "hide": false, 899 | "legendFormat": "{{ ip }}", 900 | "queryType": "range", 901 | "refId": "B" 902 | } 903 | ], 904 | "title": "Failed by Unique IP", 905 | "transformations": [ 906 | { 907 | "id": "labelsToFields", 908 | "options": { 909 | "mode": "rows" 910 | } 911 | }, 912 | { 913 | "id": "merge", 914 | "options": {} 915 | }, 916 | { 917 | "id": "organize", 918 | "options": { 919 | "excludeByName": { 920 | "label": true 921 | }, 922 | "indexByName": {}, 923 | "renameByName": { 924 | "value": "IP" 925 | } 926 | } 927 | } 928 | ], 929 | "type": "table" 930 | }, 931 | { 932 | "collapsed": false, 933 | "gridPos": { 934 | "h": 1, 935 | "w": 24, 936 | "x": 0, 937 | "y": 21 938 | }, 939 | "id": 11, 940 | "panels": [], 941 | "title": "Detailed Stats", 942 | "type": "row" 943 | }, 944 | { 945 | "datasource": { 946 | "type": "loki", 947 | "uid": "${DS_LOKI}" 948 | }, 949 | "fieldConfig": { 950 | "defaults": { 951 | "custom": { 952 | "align": "auto", 953 | "cellOptions": { 954 | "type": "auto" 955 | }, 956 | "filterable": true, 957 | "inspect": false 958 | }, 959 | "mappings": [], 960 | "thresholds": { 961 | "mode": "absolute", 962 | "steps": [ 963 | { 964 | "color": "green", 965 | "value": null 966 | } 967 | ] 968 | } 969 | }, 970 | "overrides": [] 971 | }, 972 | "gridPos": { 973 | "h": 10, 974 | "w": 12, 975 | "x": 0, 976 | "y": 22 977 | }, 978 | "id": 20, 979 | "maxDataPoints": 1, 980 | "options": { 981 | "cellHeight": "sm", 982 | "footer": { 983 | "countRows": false, 984 | "fields": "", 985 | "reducer": [ 986 | "sum" 987 | ], 988 | "show": false 989 | }, 990 | "showHeader": true 991 | }, 992 | "pluginVersion": "11.1.4", 993 | "targets": [ 994 | { 995 | "datasource": { 996 | "type": "loki", 997 | "uid": "${DS_LOKI}" 998 | }, 999 | "editorMode": "code", 1000 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for from port <_>` | __error__=\"\"", 1001 | "hide": false, 1002 | "legendFormat": "{{ ip }} {{ username }}", 1003 | "queryType": "range", 1004 | "refId": "A", 1005 | "resolution": 1 1006 | } 1007 | ], 1008 | "title": "Session Opened by User and IP", 1009 | "transformations": [ 1010 | { 1011 | "id": "merge", 1012 | "options": {} 1013 | }, 1014 | { 1015 | "id": "extractFields", 1016 | "options": { 1017 | "format": "auto", 1018 | "replace": false, 1019 | "source": "labels" 1020 | } 1021 | }, 1022 | { 1023 | "id": "organize", 1024 | "options": { 1025 | "excludeByName": { 1026 | "Line": true, 1027 | "Time": false, 1028 | "env": true, 1029 | "filename": true, 1030 | "id": true, 1031 | "job": true, 1032 | "label": true, 1033 | "labels": true, 1034 | "tsNs": true 1035 | }, 1036 | "indexByName": {}, 1037 | "renameByName": { 1038 | "label": "", 1039 | "value": "" 1040 | } 1041 | } 1042 | }, 1043 | { 1044 | "id": "sortBy", 1045 | "options": { 1046 | "fields": {}, 1047 | "sort": [ 1048 | { 1049 | "desc": true, 1050 | "field": "Time" 1051 | } 1052 | ] 1053 | } 1054 | } 1055 | ], 1056 | "type": "table" 1057 | }, 1058 | { 1059 | "datasource": { 1060 | "type": "loki", 1061 | "uid": "${DS_LOKI}" 1062 | }, 1063 | "fieldConfig": { 1064 | "defaults": { 1065 | "color": { 1066 | "mode": "thresholds" 1067 | }, 1068 | "custom": { 1069 | "align": "auto", 1070 | "cellOptions": { 1071 | "type": "auto" 1072 | }, 1073 | "filterable": true, 1074 | "inspect": false 1075 | }, 1076 | "mappings": [], 1077 | "thresholds": { 1078 | "mode": "absolute", 1079 | "steps": [ 1080 | { 1081 | "color": "green", 1082 | "value": null 1083 | } 1084 | ] 1085 | } 1086 | }, 1087 | "overrides": [] 1088 | }, 1089 | "gridPos": { 1090 | "h": 10, 1091 | "w": 12, 1092 | "x": 12, 1093 | "y": 22 1094 | }, 1095 | "id": 23, 1096 | "options": { 1097 | "cellHeight": "sm", 1098 | "footer": { 1099 | "countRows": false, 1100 | "fields": "", 1101 | "reducer": [ 1102 | "sum" 1103 | ], 1104 | "show": false 1105 | }, 1106 | "showHeader": true 1107 | }, 1108 | "pluginVersion": "11.1.4", 1109 | "targets": [ 1110 | { 1111 | "datasource": { 1112 | "type": "loki", 1113 | "uid": "${DS_LOKI}" 1114 | }, 1115 | "editorMode": "code", 1116 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Failed .* user\" | pattern `<_> user from <_> port` | __error__=\"\"", 1117 | "hide": false, 1118 | "queryType": "range", 1119 | "refId": "A" 1120 | }, 1121 | { 1122 | "datasource": { 1123 | "type": "loki", 1124 | "uid": "${DS_LOKI}" 1125 | }, 1126 | "editorMode": "code", 1127 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from port` | __error__=\"\"", 1128 | "hide": false, 1129 | "queryType": "range", 1130 | "refId": "B" 1131 | }, 1132 | { 1133 | "datasource": { 1134 | "type": "loki", 1135 | "uid": "${DS_LOKI}" 1136 | }, 1137 | "editorMode": "code", 1138 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Connection closed by authenticating user\" | pattern `<_> user port` | __error__=\"\"", 1139 | "hide": false, 1140 | "queryType": "range", 1141 | "refId": "C" 1142 | } 1143 | ], 1144 | "title": "SSH Failure by User and IP", 1145 | "transformations": [ 1146 | { 1147 | "id": "merge", 1148 | "options": {} 1149 | }, 1150 | { 1151 | "id": "extractFields", 1152 | "options": { 1153 | "format": "auto", 1154 | "replace": false, 1155 | "source": "labels" 1156 | } 1157 | }, 1158 | { 1159 | "id": "organize", 1160 | "options": { 1161 | "excludeByName": { 1162 | "Line": true, 1163 | "env": true, 1164 | "filename": true, 1165 | "id": true, 1166 | "job": true, 1167 | "labels": true, 1168 | "tsNs": true 1169 | }, 1170 | "indexByName": {}, 1171 | "renameByName": { 1172 | "Time": "", 1173 | "env": "", 1174 | "instance": "", 1175 | "job": "", 1176 | "tsNs": "" 1177 | } 1178 | } 1179 | }, 1180 | { 1181 | "id": "sortBy", 1182 | "options": { 1183 | "fields": {}, 1184 | "sort": [ 1185 | { 1186 | "desc": true, 1187 | "field": "Time" 1188 | } 1189 | ] 1190 | } 1191 | } 1192 | ], 1193 | "type": "table" 1194 | }, 1195 | { 1196 | "datasource": { 1197 | "type": "loki", 1198 | "uid": "${DS_LOKI}" 1199 | }, 1200 | "fieldConfig": { 1201 | "defaults": { 1202 | "color": { 1203 | "mode": "thresholds" 1204 | }, 1205 | "custom": { 1206 | "align": "auto", 1207 | "cellOptions": { 1208 | "type": "auto" 1209 | }, 1210 | "filterable": true, 1211 | "inspect": false 1212 | }, 1213 | "mappings": [], 1214 | "thresholds": { 1215 | "mode": "absolute", 1216 | "steps": [ 1217 | { 1218 | "color": "green", 1219 | "value": null 1220 | } 1221 | ] 1222 | } 1223 | }, 1224 | "overrides": [] 1225 | }, 1226 | "gridPos": { 1227 | "h": 10, 1228 | "w": 12, 1229 | "x": 0, 1230 | "y": 32 1231 | }, 1232 | "id": 13, 1233 | "options": { 1234 | "cellHeight": "sm", 1235 | "footer": { 1236 | "countRows": false, 1237 | "fields": "", 1238 | "reducer": [ 1239 | "sum" 1240 | ], 1241 | "show": false 1242 | }, 1243 | "showHeader": true 1244 | }, 1245 | "pluginVersion": "11.1.4", 1246 | "targets": [ 1247 | { 1248 | "datasource": { 1249 | "type": "loki", 1250 | "uid": "${DS_LOKI}" 1251 | }, 1252 | "editorMode": "code", 1253 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\"", 1254 | "hide": false, 1255 | "queryType": "range", 1256 | "refId": "A" 1257 | }, 1258 | { 1259 | "datasource": { 1260 | "type": "loki", 1261 | "uid": "${DS_LOKI}" 1262 | }, 1263 | "editorMode": "code", 1264 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\"", 1265 | "hide": false, 1266 | "queryType": "range", 1267 | "refId": "B" 1268 | } 1269 | ], 1270 | "title": "SSH Session Opened by User", 1271 | "transformations": [ 1272 | { 1273 | "id": "merge", 1274 | "options": {} 1275 | }, 1276 | { 1277 | "id": "extractFields", 1278 | "options": { 1279 | "format": "auto", 1280 | "replace": false, 1281 | "source": "labels" 1282 | } 1283 | }, 1284 | { 1285 | "id": "organize", 1286 | "options": { 1287 | "excludeByName": { 1288 | "Line": true, 1289 | "env": true, 1290 | "filename": true, 1291 | "id": true, 1292 | "job": true, 1293 | "labels": true, 1294 | "tsNs": true 1295 | }, 1296 | "indexByName": {}, 1297 | "renameByName": { 1298 | "Time": "", 1299 | "env": "", 1300 | "instance": "", 1301 | "job": "", 1302 | "tsNs": "" 1303 | } 1304 | } 1305 | }, 1306 | { 1307 | "id": "sortBy", 1308 | "options": { 1309 | "fields": {}, 1310 | "sort": [ 1311 | { 1312 | "desc": true, 1313 | "field": "Time" 1314 | } 1315 | ] 1316 | } 1317 | } 1318 | ], 1319 | "type": "table" 1320 | }, 1321 | { 1322 | "datasource": { 1323 | "type": "loki", 1324 | "uid": "${DS_LOKI}" 1325 | }, 1326 | "fieldConfig": { 1327 | "defaults": { 1328 | "color": { 1329 | "mode": "thresholds" 1330 | }, 1331 | "custom": { 1332 | "align": "auto", 1333 | "cellOptions": { 1334 | "type": "auto" 1335 | }, 1336 | "filterable": true, 1337 | "inspect": false 1338 | }, 1339 | "mappings": [], 1340 | "thresholds": { 1341 | "mode": "absolute", 1342 | "steps": [ 1343 | { 1344 | "color": "green", 1345 | "value": null 1346 | } 1347 | ] 1348 | } 1349 | }, 1350 | "overrides": [] 1351 | }, 1352 | "gridPos": { 1353 | "h": 10, 1354 | "w": 12, 1355 | "x": 12, 1356 | "y": 32 1357 | }, 1358 | "id": 14, 1359 | "options": { 1360 | "cellHeight": "sm", 1361 | "footer": { 1362 | "countRows": false, 1363 | "fields": "", 1364 | "reducer": [ 1365 | "sum" 1366 | ], 1367 | "show": false 1368 | }, 1369 | "showHeader": true 1370 | }, 1371 | "pluginVersion": "11.1.4", 1372 | "targets": [ 1373 | { 1374 | "datasource": { 1375 | "type": "loki", 1376 | "uid": "${DS_LOKI}" 1377 | }, 1378 | "editorMode": "code", 1379 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\"", 1380 | "hide": false, 1381 | "queryType": "range", 1382 | "refId": "A" 1383 | }, 1384 | { 1385 | "datasource": { 1386 | "type": "loki", 1387 | "uid": "${DS_LOKI}" 1388 | }, 1389 | "editorMode": "code", 1390 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\"", 1391 | "hide": false, 1392 | "queryType": "range", 1393 | "refId": "B" 1394 | } 1395 | ], 1396 | "title": "SSH Failure by User", 1397 | "transformations": [ 1398 | { 1399 | "id": "merge", 1400 | "options": {} 1401 | }, 1402 | { 1403 | "id": "extractFields", 1404 | "options": { 1405 | "format": "auto", 1406 | "replace": false, 1407 | "source": "labels" 1408 | } 1409 | }, 1410 | { 1411 | "id": "organize", 1412 | "options": { 1413 | "excludeByName": { 1414 | "Line": true, 1415 | "env": true, 1416 | "filename": true, 1417 | "id": true, 1418 | "job": true, 1419 | "labels": true, 1420 | "tsNs": true 1421 | }, 1422 | "indexByName": {}, 1423 | "renameByName": { 1424 | "Time": "", 1425 | "env": "", 1426 | "instance": "", 1427 | "job": "", 1428 | "tsNs": "" 1429 | } 1430 | } 1431 | }, 1432 | { 1433 | "id": "sortBy", 1434 | "options": { 1435 | "fields": {}, 1436 | "sort": [ 1437 | { 1438 | "desc": true, 1439 | "field": "Time" 1440 | } 1441 | ] 1442 | } 1443 | } 1444 | ], 1445 | "type": "table" 1446 | } 1447 | ], 1448 | "refresh": "", 1449 | "revision": 2, 1450 | "schemaVersion": 39, 1451 | "tags": [ 1452 | "loki", 1453 | "linux", 1454 | "ssh" 1455 | ], 1456 | "templating": { 1457 | "list": [ 1458 | { 1459 | "current": {}, 1460 | "hide": 0, 1461 | "includeAll": false, 1462 | "label": "Datasource", 1463 | "multi": false, 1464 | "name": "datasource", 1465 | "options": [], 1466 | "query": "loki", 1467 | "queryValue": "", 1468 | "refresh": 1, 1469 | "regex": "", 1470 | "skipUrlSync": false, 1471 | "type": "datasource" 1472 | }, 1473 | { 1474 | "current": {}, 1475 | "datasource": { 1476 | "type": "loki", 1477 | "uid": "${datasource}" 1478 | }, 1479 | "definition": "label_names()", 1480 | "hide": 0, 1481 | "includeAll": false, 1482 | "label": "Label Name", 1483 | "multi": false, 1484 | "name": "label_name", 1485 | "options": [], 1486 | "query": "label_names()", 1487 | "refresh": 1, 1488 | "regex": "", 1489 | "skipUrlSync": false, 1490 | "sort": 0, 1491 | "type": "query" 1492 | }, 1493 | { 1494 | "current": {}, 1495 | "datasource": { 1496 | "type": "loki", 1497 | "uid": "${DS_LOKI}" 1498 | }, 1499 | "definition": "label_values($label_value)", 1500 | "hide": 0, 1501 | "includeAll": false, 1502 | "label": "Label Value", 1503 | "multi": false, 1504 | "name": "label_value", 1505 | "options": [], 1506 | "query": "label_values($label_name)", 1507 | "refresh": 2, 1508 | "regex": "", 1509 | "skipUrlSync": false, 1510 | "sort": 1, 1511 | "type": "query" 1512 | }, 1513 | { 1514 | "allValue": ".*", 1515 | "current": {}, 1516 | "datasource": { 1517 | "type": "loki", 1518 | "uid": "${DS_LOKI}" 1519 | }, 1520 | "definition": "", 1521 | "hide": 0, 1522 | "includeAll": false, 1523 | "label": "Job", 1524 | "multi": false, 1525 | "name": "job", 1526 | "options": [], 1527 | "query": { 1528 | "label": "job", 1529 | "refId": "LokiVariableQueryEditor-VariableQuery", 1530 | "stream": "{$label_name=~\"$label_value\"}", 1531 | "type": 1 1532 | }, 1533 | "refresh": 1, 1534 | "regex": "", 1535 | "skipUrlSync": false, 1536 | "sort": 0, 1537 | "type": "query" 1538 | }, 1539 | { 1540 | "allValue": ".*", 1541 | "current": {}, 1542 | "datasource": { 1543 | "type": "loki", 1544 | "uid": "${DS_LOKI}" 1545 | }, 1546 | "definition": "", 1547 | "hide": 0, 1548 | "includeAll": false, 1549 | "label": "Instance", 1550 | "multi": false, 1551 | "name": "instance", 1552 | "options": [], 1553 | "query": { 1554 | "label": "instance", 1555 | "refId": "LokiVariableQueryEditor-VariableQuery", 1556 | "stream": "{$label_name=~\"$label_value\"}", 1557 | "type": 1 1558 | }, 1559 | "refresh": 1, 1560 | "regex": "", 1561 | "skipUrlSync": false, 1562 | "sort": 0, 1563 | "type": "query" 1564 | } 1565 | ] 1566 | }, 1567 | "time": { 1568 | "from": "now-2d", 1569 | "to": "now" 1570 | }, 1571 | "timepicker": {}, 1572 | "timezone": "", 1573 | "title": "SSH Logs", 1574 | "uid": "OMEuTfqVk", 1575 | "version": 3, 1576 | "weekStart": "" 1577 | } 1578 | -------------------------------------------------------------------------------- /loki/global_ssh_logs.json: -------------------------------------------------------------------------------- 1 | { 2 | "__inputs": [ 3 | { 4 | "name": "DS_LOKI", 5 | "label": "loki", 6 | "description": "", 7 | "type": "datasource", 8 | "pluginId": "loki", 9 | "pluginName": "Loki" 10 | } 11 | ], 12 | "__elements": {}, 13 | "__requires": [ 14 | { 15 | "type": "grafana", 16 | "id": "grafana", 17 | "name": "Grafana", 18 | "version": "11.1.4" 19 | }, 20 | { 21 | "type": "panel", 22 | "id": "logs", 23 | "name": "Logs", 24 | "version": "" 25 | }, 26 | { 27 | "type": "datasource", 28 | "id": "loki", 29 | "name": "Loki", 30 | "version": "1.0.0" 31 | }, 32 | { 33 | "type": "panel", 34 | "id": "stat", 35 | "name": "Stat", 36 | "version": "" 37 | }, 38 | { 39 | "type": "panel", 40 | "id": "table", 41 | "name": "Table", 42 | "version": "" 43 | }, 44 | { 45 | "type": "panel", 46 | "id": "timeseries", 47 | "name": "Time series", 48 | "version": "" 49 | } 50 | ], 51 | "annotations": { 52 | "list": [ 53 | { 54 | "builtIn": 1, 55 | "datasource": { 56 | "type": "grafana", 57 | "uid": "-- Grafana --" 58 | }, 59 | "enable": true, 60 | "hide": true, 61 | "iconColor": "rgba(0, 211, 255, 1)", 62 | "name": "Annotations & Alerts", 63 | "type": "dashboard" 64 | } 65 | ] 66 | }, 67 | "editable": true, 68 | "fiscalYearStartMonth": 0, 69 | "graphTooltip": 0, 70 | "id": null, 71 | "links": [], 72 | "panels": [ 73 | { 74 | "datasource": { 75 | "type": "loki", 76 | "uid": "${datasource}" 77 | }, 78 | "description": "", 79 | "fieldConfig": { 80 | "defaults": { 81 | "color": { 82 | "mode": "thresholds" 83 | }, 84 | "mappings": [ 85 | { 86 | "options": { 87 | "match": "null", 88 | "result": { 89 | "index": 0, 90 | "text": "0" 91 | } 92 | }, 93 | "type": "special" 94 | } 95 | ], 96 | "thresholds": { 97 | "mode": "absolute", 98 | "steps": [ 99 | { 100 | "color": "purple", 101 | "value": null 102 | }, 103 | { 104 | "color": "red", 105 | "value": 1 106 | } 107 | ] 108 | }, 109 | "unit": "short" 110 | }, 111 | "overrides": [] 112 | }, 113 | "gridPos": { 114 | "h": 4, 115 | "w": 3, 116 | "x": 0, 117 | "y": 0 118 | }, 119 | "id": 2, 120 | "options": { 121 | "colorMode": "background", 122 | "graphMode": "none", 123 | "justifyMode": "center", 124 | "orientation": "auto", 125 | "percentChangeColorMode": "standard", 126 | "reduceOptions": { 127 | "calcs": [ 128 | "sum" 129 | ], 130 | "fields": "", 131 | "values": false 132 | }, 133 | "showPercentChange": false, 134 | "textMode": "auto", 135 | "wideLayout": true 136 | }, 137 | "pluginVersion": "11.1.4", 138 | "targets": [ 139 | { 140 | "datasource": { 141 | "type": "loki", 142 | "uid": "${DS_LOKI}" 143 | }, 144 | "editorMode": "code", 145 | "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__auto])", 146 | "hide": false, 147 | "queryType": "instant", 148 | "refId": "A" 149 | } 150 | ], 151 | "title": "Total Failed Connections", 152 | "type": "stat" 153 | }, 154 | { 155 | "datasource": { 156 | "type": "loki", 157 | "uid": "${datasource}" 158 | }, 159 | "description": "", 160 | "fieldConfig": { 161 | "defaults": { 162 | "color": { 163 | "mode": "thresholds" 164 | }, 165 | "mappings": [ 166 | { 167 | "options": { 168 | "match": "null", 169 | "result": { 170 | "index": 0, 171 | "text": "0" 172 | } 173 | }, 174 | "type": "special" 175 | } 176 | ], 177 | "thresholds": { 178 | "mode": "absolute", 179 | "steps": [ 180 | { 181 | "color": "purple", 182 | "value": null 183 | }, 184 | { 185 | "color": "red", 186 | "value": 1 187 | } 188 | ] 189 | }, 190 | "unit": "short" 191 | }, 192 | "overrides": [] 193 | }, 194 | "gridPos": { 195 | "h": 4, 196 | "w": 4, 197 | "x": 3, 198 | "y": 0 199 | }, 200 | "id": 4, 201 | "options": { 202 | "colorMode": "background", 203 | "graphMode": "none", 204 | "justifyMode": "center", 205 | "orientation": "auto", 206 | "percentChangeColorMode": "standard", 207 | "reduceOptions": { 208 | "calcs": [ 209 | "sum" 210 | ], 211 | "fields": "", 212 | "values": false 213 | }, 214 | "showPercentChange": false, 215 | "textMode": "auto", 216 | "wideLayout": true 217 | }, 218 | "pluginVersion": "11.1.4", 219 | "targets": [ 220 | { 221 | "datasource": { 222 | "type": "loki", 223 | "uid": "${DS_LOKI}" 224 | }, 225 | "editorMode": "code", 226 | "expr": "sum by (instance) (count by (ip, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__auto])) or count by (ip, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__auto]))) or on() vector(0)", 227 | "hide": false, 228 | "queryType": "instant", 229 | "refId": "A" 230 | } 231 | ], 232 | "title": "Total Failed Connections - Unique IP", 233 | "type": "stat" 234 | }, 235 | { 236 | "datasource": { 237 | "type": "loki", 238 | "uid": "${datasource}" 239 | }, 240 | "description": "", 241 | "fieldConfig": { 242 | "defaults": { 243 | "color": { 244 | "mode": "thresholds" 245 | }, 246 | "mappings": [ 247 | { 248 | "options": { 249 | "match": "null", 250 | "result": { 251 | "index": 0, 252 | "text": "0" 253 | } 254 | }, 255 | "type": "special" 256 | } 257 | ], 258 | "thresholds": { 259 | "mode": "absolute", 260 | "steps": [ 261 | { 262 | "color": "purple", 263 | "value": null 264 | }, 265 | { 266 | "color": "red", 267 | "value": 1 268 | } 269 | ] 270 | }, 271 | "unit": "short" 272 | }, 273 | "overrides": [] 274 | }, 275 | "gridPos": { 276 | "h": 4, 277 | "w": 4, 278 | "x": 7, 279 | "y": 0 280 | }, 281 | "id": 5, 282 | "options": { 283 | "colorMode": "background", 284 | "graphMode": "none", 285 | "justifyMode": "center", 286 | "orientation": "auto", 287 | "percentChangeColorMode": "standard", 288 | "reduceOptions": { 289 | "calcs": [ 290 | "sum" 291 | ], 292 | "fields": "", 293 | "values": false 294 | }, 295 | "showPercentChange": false, 296 | "textMode": "auto", 297 | "wideLayout": true 298 | }, 299 | "pluginVersion": "11.1.4", 300 | "targets": [ 301 | { 302 | "datasource": { 303 | "type": "loki", 304 | "uid": "${DS_LOKI}" 305 | }, 306 | "editorMode": "code", 307 | "expr": "sum by (instance) (count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__auto])) or count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__auto]))) or on() vector(0)", 308 | "hide": false, 309 | "queryType": "instant", 310 | "refId": "A" 311 | } 312 | ], 313 | "title": "Total Failed Connections - Unique Users", 314 | "type": "stat" 315 | }, 316 | { 317 | "datasource": { 318 | "type": "loki", 319 | "uid": "${datasource}" 320 | }, 321 | "description": "", 322 | "fieldConfig": { 323 | "defaults": { 324 | "color": { 325 | "mode": "thresholds" 326 | }, 327 | "mappings": [ 328 | { 329 | "options": { 330 | "match": "null", 331 | "result": { 332 | "index": 0, 333 | "text": "0" 334 | } 335 | }, 336 | "type": "special" 337 | } 338 | ], 339 | "thresholds": { 340 | "mode": "absolute", 341 | "steps": [ 342 | { 343 | "color": "purple", 344 | "value": null 345 | } 346 | ] 347 | }, 348 | "unit": "short" 349 | }, 350 | "overrides": [] 351 | }, 352 | "gridPos": { 353 | "h": 4, 354 | "w": 3, 355 | "x": 11, 356 | "y": 0 357 | }, 358 | "id": 6, 359 | "options": { 360 | "colorMode": "background", 361 | "graphMode": "none", 362 | "justifyMode": "center", 363 | "orientation": "auto", 364 | "percentChangeColorMode": "standard", 365 | "reduceOptions": { 366 | "calcs": [ 367 | "sum" 368 | ], 369 | "fields": "", 370 | "values": false 371 | }, 372 | "showPercentChange": false, 373 | "textMode": "auto", 374 | "wideLayout": true 375 | }, 376 | "pluginVersion": "11.1.4", 377 | "targets": [ 378 | { 379 | "datasource": { 380 | "type": "loki", 381 | "uid": "${DS_LOKI}" 382 | }, 383 | "editorMode": "code", 384 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__auto])) or on() vector(0)", 385 | "hide": false, 386 | "queryType": "instant", 387 | "refId": "A" 388 | } 389 | ], 390 | "title": "Total Open Connections", 391 | "type": "stat" 392 | }, 393 | { 394 | "datasource": { 395 | "type": "loki", 396 | "uid": "${datasource}" 397 | }, 398 | "description": "", 399 | "fieldConfig": { 400 | "defaults": { 401 | "color": { 402 | "mode": "thresholds" 403 | }, 404 | "mappings": [ 405 | { 406 | "options": { 407 | "match": "null", 408 | "result": { 409 | "index": 0, 410 | "text": "0" 411 | } 412 | }, 413 | "type": "special" 414 | } 415 | ], 416 | "thresholds": { 417 | "mode": "absolute", 418 | "steps": [ 419 | { 420 | "color": "purple", 421 | "value": null 422 | } 423 | ] 424 | }, 425 | "unit": "short" 426 | }, 427 | "overrides": [] 428 | }, 429 | "gridPos": { 430 | "h": 4, 431 | "w": 4, 432 | "x": 14, 433 | "y": 0 434 | }, 435 | "id": 7, 436 | "options": { 437 | "colorMode": "background", 438 | "graphMode": "none", 439 | "justifyMode": "center", 440 | "orientation": "auto", 441 | "percentChangeColorMode": "standard", 442 | "reduceOptions": { 443 | "calcs": [ 444 | "sum" 445 | ], 446 | "fields": "", 447 | "values": false 448 | }, 449 | "showPercentChange": false, 450 | "textMode": "auto", 451 | "wideLayout": true 452 | }, 453 | "pluginVersion": "11.1.4", 454 | "targets": [ 455 | { 456 | "datasource": { 457 | "type": "loki", 458 | "uid": "${DS_LOKI}" 459 | }, 460 | "editorMode": "code", 461 | "expr": "count by (ip, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__auto])) or on() vector(0)", 462 | "hide": false, 463 | "queryType": "instant", 464 | "refId": "A" 465 | } 466 | ], 467 | "title": "Total Open Connections - Unique IP", 468 | "type": "stat" 469 | }, 470 | { 471 | "datasource": { 472 | "type": "loki", 473 | "uid": "${datasource}" 474 | }, 475 | "description": "", 476 | "fieldConfig": { 477 | "defaults": { 478 | "color": { 479 | "mode": "thresholds" 480 | }, 481 | "mappings": [ 482 | { 483 | "options": { 484 | "match": "null", 485 | "result": { 486 | "index": 0, 487 | "text": "0" 488 | } 489 | }, 490 | "type": "special" 491 | } 492 | ], 493 | "thresholds": { 494 | "mode": "absolute", 495 | "steps": [ 496 | { 497 | "color": "purple", 498 | "value": null 499 | } 500 | ] 501 | }, 502 | "unit": "short" 503 | }, 504 | "overrides": [] 505 | }, 506 | "gridPos": { 507 | "h": 4, 508 | "w": 4, 509 | "x": 18, 510 | "y": 0 511 | }, 512 | "id": 8, 513 | "options": { 514 | "colorMode": "background", 515 | "graphMode": "none", 516 | "justifyMode": "center", 517 | "orientation": "auto", 518 | "percentChangeColorMode": "standard", 519 | "reduceOptions": { 520 | "calcs": [ 521 | "sum" 522 | ], 523 | "fields": "", 524 | "values": false 525 | }, 526 | "showPercentChange": false, 527 | "textMode": "auto", 528 | "wideLayout": true 529 | }, 530 | "pluginVersion": "11.1.4", 531 | "targets": [ 532 | { 533 | "datasource": { 534 | "type": "loki", 535 | "uid": "${DS_LOKI}" 536 | }, 537 | "editorMode": "code", 538 | "expr": "sum by (instance) (count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__auto])) or count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__auto]))) or on() vector(0)", 539 | "hide": false, 540 | "queryType": "instant", 541 | "refId": "A" 542 | } 543 | ], 544 | "title": "Total Open Connections - Unique Users", 545 | "type": "stat" 546 | }, 547 | { 548 | "datasource": { 549 | "type": "loki", 550 | "uid": "${datasource}" 551 | }, 552 | "description": "", 553 | "fieldConfig": { 554 | "defaults": { 555 | "color": { 556 | "mode": "thresholds" 557 | }, 558 | "mappings": [ 559 | { 560 | "options": { 561 | "match": "null", 562 | "result": { 563 | "index": 0, 564 | "text": "0" 565 | } 566 | }, 567 | "type": "special" 568 | } 569 | ], 570 | "thresholds": { 571 | "mode": "absolute", 572 | "steps": [ 573 | { 574 | "color": "orange", 575 | "value": null 576 | } 577 | ] 578 | }, 579 | "unit": "decbytes" 580 | }, 581 | "overrides": [] 582 | }, 583 | "gridPos": { 584 | "h": 4, 585 | "w": 2, 586 | "x": 22, 587 | "y": 0 588 | }, 589 | "id": 10, 590 | "options": { 591 | "colorMode": "background", 592 | "graphMode": "none", 593 | "justifyMode": "center", 594 | "orientation": "auto", 595 | "percentChangeColorMode": "standard", 596 | "reduceOptions": { 597 | "calcs": [ 598 | "sum" 599 | ], 600 | "fields": "", 601 | "values": false 602 | }, 603 | "showPercentChange": false, 604 | "textMode": "auto", 605 | "wideLayout": true 606 | }, 607 | "pluginVersion": "11.1.4", 608 | "targets": [ 609 | { 610 | "datasource": { 611 | "type": "loki", 612 | "uid": "${DS_LOKI}" 613 | }, 614 | "editorMode": "code", 615 | "expr": "bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" | __error__=\"\" [$__auto])", 616 | "hide": false, 617 | "queryType": "instant", 618 | "refId": "A" 619 | } 620 | ], 621 | "title": "SSH Log in bytes", 622 | "type": "stat" 623 | }, 624 | { 625 | "datasource": { 626 | "type": "loki", 627 | "uid": "${datasource}" 628 | }, 629 | "description": "", 630 | "fieldConfig": { 631 | "defaults": { 632 | "color": { 633 | "mode": "thresholds" 634 | }, 635 | "custom": { 636 | "align": "auto", 637 | "cellOptions": { 638 | "type": "auto", 639 | "wrapText": false 640 | }, 641 | "filterable": false, 642 | "inspect": false 643 | }, 644 | "fieldMinMax": false, 645 | "mappings": [ 646 | { 647 | "options": { 648 | "match": "null", 649 | "result": { 650 | "index": 0, 651 | "text": "0" 652 | } 653 | }, 654 | "type": "special" 655 | }, 656 | { 657 | "options": { 658 | "match": "nan", 659 | "result": { 660 | "index": 1, 661 | "text": "0" 662 | } 663 | }, 664 | "type": "special" 665 | } 666 | ], 667 | "noValue": "0", 668 | "thresholds": { 669 | "mode": "absolute", 670 | "steps": [ 671 | { 672 | "color": "green", 673 | "value": null 674 | } 675 | ] 676 | }, 677 | "unit": "short" 678 | }, 679 | "overrides": [ 680 | { 681 | "matcher": { 682 | "id": "byName", 683 | "options": "Instance" 684 | }, 685 | "properties": [ 686 | { 687 | "id": "custom.filterable", 688 | "value": true 689 | } 690 | ] 691 | }, 692 | { 693 | "matcher": { 694 | "id": "byName", 695 | "options": "Failed Connections" 696 | }, 697 | "properties": [ 698 | { 699 | "id": "custom.cellOptions", 700 | "value": { 701 | "mode": "basic", 702 | "type": "gauge", 703 | "valueDisplayMode": "color" 704 | } 705 | }, 706 | { 707 | "id": "thresholds", 708 | "value": { 709 | "mode": "absolute", 710 | "steps": [ 711 | { 712 | "color": "green", 713 | "value": null 714 | }, 715 | { 716 | "color": "red", 717 | "value": 1 718 | } 719 | ] 720 | } 721 | } 722 | ] 723 | }, 724 | { 725 | "matcher": { 726 | "id": "byName", 727 | "options": "Failed Unique IP" 728 | }, 729 | "properties": [ 730 | { 731 | "id": "custom.cellOptions", 732 | "value": { 733 | "mode": "basic", 734 | "type": "gauge", 735 | "valueDisplayMode": "color" 736 | } 737 | }, 738 | { 739 | "id": "thresholds", 740 | "value": { 741 | "mode": "absolute", 742 | "steps": [ 743 | { 744 | "color": "green", 745 | "value": null 746 | }, 747 | { 748 | "color": "red", 749 | "value": 1 750 | } 751 | ] 752 | } 753 | } 754 | ] 755 | }, 756 | { 757 | "matcher": { 758 | "id": "byName", 759 | "options": "Failed Unique Users" 760 | }, 761 | "properties": [ 762 | { 763 | "id": "custom.cellOptions", 764 | "value": { 765 | "mode": "basic", 766 | "type": "gauge", 767 | "valueDisplayMode": "color" 768 | } 769 | }, 770 | { 771 | "id": "thresholds", 772 | "value": { 773 | "mode": "absolute", 774 | "steps": [ 775 | { 776 | "color": "green", 777 | "value": null 778 | }, 779 | { 780 | "color": "red", 781 | "value": 1 782 | } 783 | ] 784 | } 785 | } 786 | ] 787 | }, 788 | { 789 | "matcher": { 790 | "id": "byName", 791 | "options": "Open Connections" 792 | }, 793 | "properties": [ 794 | { 795 | "id": "custom.cellOptions", 796 | "value": { 797 | "mode": "basic", 798 | "type": "gauge", 799 | "valueDisplayMode": "color" 800 | } 801 | }, 802 | { 803 | "id": "thresholds", 804 | "value": { 805 | "mode": "absolute", 806 | "steps": [ 807 | { 808 | "color": "purple", 809 | "value": null 810 | } 811 | ] 812 | } 813 | } 814 | ] 815 | }, 816 | { 817 | "matcher": { 818 | "id": "byName", 819 | "options": "Open Unique IP" 820 | }, 821 | "properties": [ 822 | { 823 | "id": "custom.cellOptions", 824 | "value": { 825 | "mode": "basic", 826 | "type": "gauge", 827 | "valueDisplayMode": "color" 828 | } 829 | }, 830 | { 831 | "id": "thresholds", 832 | "value": { 833 | "mode": "absolute", 834 | "steps": [ 835 | { 836 | "color": "purple", 837 | "value": null 838 | } 839 | ] 840 | } 841 | } 842 | ] 843 | }, 844 | { 845 | "matcher": { 846 | "id": "byName", 847 | "options": "Open Unique Users" 848 | }, 849 | "properties": [ 850 | { 851 | "id": "custom.cellOptions", 852 | "value": { 853 | "mode": "basic", 854 | "type": "gauge", 855 | "valueDisplayMode": "color" 856 | } 857 | }, 858 | { 859 | "id": "thresholds", 860 | "value": { 861 | "mode": "absolute", 862 | "steps": [ 863 | { 864 | "color": "purple", 865 | "value": null 866 | } 867 | ] 868 | } 869 | } 870 | ] 871 | }, 872 | { 873 | "matcher": { 874 | "id": "byName", 875 | "options": "Instance" 876 | }, 877 | "properties": [ 878 | { 879 | "id": "custom.cellOptions", 880 | "value": { 881 | "applyToRow": false, 882 | "mode": "basic", 883 | "type": "color-background", 884 | "wrapText": false 885 | } 886 | }, 887 | { 888 | "id": "color", 889 | "value": { 890 | "fixedColor": "#303846", 891 | "mode": "fixed" 892 | } 893 | } 894 | ] 895 | } 896 | ] 897 | }, 898 | "gridPos": { 899 | "h": 19, 900 | "w": 24, 901 | "x": 0, 902 | "y": 4 903 | }, 904 | "id": 3, 905 | "options": { 906 | "cellHeight": "sm", 907 | "footer": { 908 | "countRows": false, 909 | "fields": "", 910 | "reducer": [ 911 | "sum" 912 | ], 913 | "show": true 914 | }, 915 | "showHeader": true, 916 | "sortBy": [ 917 | { 918 | "desc": true, 919 | "displayName": "Opened Connection" 920 | } 921 | ] 922 | }, 923 | "pluginVersion": "11.1.4", 924 | "targets": [ 925 | { 926 | "datasource": { 927 | "type": "loki", 928 | "uid": "${DS_LOKI}" 929 | }, 930 | "editorMode": "code", 931 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__auto])) or on() vector(0)", 932 | "hide": false, 933 | "queryType": "instant", 934 | "refId": "A" 935 | }, 936 | { 937 | "datasource": { 938 | "type": "loki", 939 | "uid": "${datasource}" 940 | }, 941 | "editorMode": "code", 942 | "expr": "sum by (instance) (count by (ip, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from port` | __error__=\"\" [$__auto])) or count by (ip, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> port` | __error__=\"\" [$__auto]))) or on() vector(0)", 943 | "hide": false, 944 | "queryType": "instant", 945 | "refId": "B" 946 | }, 947 | { 948 | "datasource": { 949 | "type": "loki", 950 | "uid": "${DS_LOKI}" 951 | }, 952 | "editorMode": "code", 953 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__auto])) or on() vector(0)", 954 | "hide": false, 955 | "queryType": "instant", 956 | "refId": "C" 957 | }, 958 | { 959 | "datasource": { 960 | "type": "loki", 961 | "uid": "${datasource}" 962 | }, 963 | "editorMode": "code", 964 | "expr": "count by (ip, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Accepted\" | pattern `<_> Accepted <_> for <_> from port <_>` | __error__=\"\" [$__auto])) or on() vector(0)", 965 | "hide": false, 966 | "queryType": "instant", 967 | "refId": "D" 968 | }, 969 | { 970 | "datasource": { 971 | "type": "loki", 972 | "uid": "${DS_LOKI}" 973 | }, 974 | "editorMode": "code", 975 | "expr": "sum by (instance) (count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed .* user\" | pattern `<_> user <_> port` | __error__=\"\" [$__auto])) or count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": Failed\" !~\"invalid user\" | pattern `<_> for from <_> port` | __error__=\"\" [$__auto]))) or on() vector(0)", 976 | "hide": false, 977 | "queryType": "instant", 978 | "refId": "E" 979 | }, 980 | { 981 | "datasource": { 982 | "type": "loki", 983 | "uid": "${datasource}" 984 | }, 985 | "editorMode": "code", 986 | "expr": "sum by (instance) (count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user (` | username !~\".* by \" | __error__=\"\" [$__auto])) or count by (username, instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | pattern `<_> session opened for user <_>` | username !~\".*(uid=.*)\" | __error__=\"\" [$__auto]))) or on() vector(0)", 987 | "hide": false, 988 | "queryType": "instant", 989 | "refId": "F" 990 | } 991 | ], 992 | "title": "Global SSH Stats - Open and Failed Connections", 993 | "transformations": [ 994 | { 995 | "id": "merge", 996 | "options": {} 997 | }, 998 | { 999 | "id": "extractFields", 1000 | "options": { 1001 | "format": "auto", 1002 | "jsonPaths": [ 1003 | { 1004 | "path": "" 1005 | } 1006 | ], 1007 | "keepTime": false, 1008 | "replace": false, 1009 | "source": "instance" 1010 | } 1011 | }, 1012 | { 1013 | "id": "groupBy", 1014 | "options": { 1015 | "fields": { 1016 | "Time": { 1017 | "aggregations": [ 1018 | "lastNotNull" 1019 | ], 1020 | "operation": "aggregate" 1021 | }, 1022 | "TotalFailedUniqueIP": { 1023 | "aggregations": [ 1024 | "lastNotNull" 1025 | ], 1026 | "operation": "aggregate" 1027 | }, 1028 | "Value #A": { 1029 | "aggregations": [ 1030 | "lastNotNull" 1031 | ], 1032 | "operation": "aggregate" 1033 | }, 1034 | "Value #B": { 1035 | "aggregations": [ 1036 | "sum" 1037 | ], 1038 | "operation": "aggregate" 1039 | }, 1040 | "Value #C": { 1041 | "aggregations": [ 1042 | "lastNotNull" 1043 | ], 1044 | "operation": "aggregate" 1045 | }, 1046 | "Value #D": { 1047 | "aggregations": [ 1048 | "sum" 1049 | ], 1050 | "operation": "aggregate" 1051 | }, 1052 | "Value #E": { 1053 | "aggregations": [ 1054 | "lastNotNull" 1055 | ], 1056 | "operation": "aggregate" 1057 | }, 1058 | "Value #F": { 1059 | "aggregations": [ 1060 | "lastNotNull" 1061 | ], 1062 | "operation": "aggregate" 1063 | }, 1064 | "Value #G": { 1065 | "aggregations": [ 1066 | "sum" 1067 | ], 1068 | "operation": "aggregate" 1069 | }, 1070 | "Value #Test": { 1071 | "aggregations": [ 1072 | "lastNotNull" 1073 | ], 1074 | "operation": "aggregate" 1075 | }, 1076 | "instance": { 1077 | "aggregations": [], 1078 | "operation": "groupby" 1079 | }, 1080 | "ip": { 1081 | "aggregations": [] 1082 | } 1083 | } 1084 | } 1085 | }, 1086 | { 1087 | "id": "organize", 1088 | "options": { 1089 | "excludeByName": { 1090 | "TotalFailedUniqueIP (lastNotNull)": false, 1091 | "Value #B (lastNotNull)": true, 1092 | "Value #C (lastNotNull)": false, 1093 | "Value #D (lastNotNull)": false, 1094 | "Value #F (last)": false, 1095 | "Value #F (lastNotNull)": false, 1096 | "Value #G (lastNotNull)": false 1097 | }, 1098 | "includeByName": {}, 1099 | "indexByName": { 1100 | "Time (lastNotNull)": 0, 1101 | "Value #A (lastNotNull)": 2, 1102 | "Value #B (sum)": 3, 1103 | "Value #C (lastNotNull)": 5, 1104 | "Value #D (sum)": 6, 1105 | "Value #E (lastNotNull)": 4, 1106 | "instance": 1 1107 | }, 1108 | "renameByName": { 1109 | "FailedAttemptByUser": "Failed Unique User", 1110 | "TEST": "Total Failed Unique IP", 1111 | "Time (lastNotNull)": "Time", 1112 | "TotalFailedUniqueIP": "Failed Unique IP", 1113 | "TotalFailedUniqueIP (lastNotNull)": "Failed Unique IP", 1114 | "Value #A (lastNotNull)": "Failed Connections", 1115 | "Value #B (sum)": "Failed Unique IP", 1116 | "Value #C (lastNotNull)": "Open Connections", 1117 | "Value #D (lastNotNull)": "Opened Connection Unique IP", 1118 | "Value #D (sum)": "Open Unique IP", 1119 | "Value #E (lastNotNull)": "Failed Unique Users", 1120 | "Value #F (lastNotNull)": "Open Unique Users", 1121 | "instance": "Instance" 1122 | } 1123 | } 1124 | } 1125 | ], 1126 | "type": "table" 1127 | }, 1128 | { 1129 | "datasource": { 1130 | "type": "loki", 1131 | "uid": "${DS_LOKI}" 1132 | }, 1133 | "description": "", 1134 | "fieldConfig": { 1135 | "defaults": { 1136 | "color": { 1137 | "mode": "palette-classic" 1138 | }, 1139 | "custom": { 1140 | "axisBorderShow": false, 1141 | "axisCenteredZero": false, 1142 | "axisColorMode": "text", 1143 | "axisLabel": "", 1144 | "axisPlacement": "auto", 1145 | "barAlignment": 0, 1146 | "drawStyle": "points", 1147 | "fillOpacity": 0, 1148 | "gradientMode": "none", 1149 | "hideFrom": { 1150 | "legend": false, 1151 | "tooltip": false, 1152 | "viz": false 1153 | }, 1154 | "insertNulls": 1, 1155 | "lineInterpolation": "smooth", 1156 | "lineStyle": { 1157 | "fill": "solid" 1158 | }, 1159 | "lineWidth": 1, 1160 | "pointSize": 10, 1161 | "scaleDistribution": { 1162 | "type": "linear" 1163 | }, 1164 | "showPoints": "always", 1165 | "spanNulls": true, 1166 | "stacking": { 1167 | "group": "A", 1168 | "mode": "none" 1169 | }, 1170 | "thresholdsStyle": { 1171 | "mode": "off" 1172 | } 1173 | }, 1174 | "fieldMinMax": false, 1175 | "mappings": [ 1176 | { 1177 | "options": { 1178 | "match": "null", 1179 | "result": { 1180 | "index": 0, 1181 | "text": "0" 1182 | } 1183 | }, 1184 | "type": "special" 1185 | }, 1186 | { 1187 | "options": { 1188 | "match": "nan", 1189 | "result": { 1190 | "index": 1, 1191 | "text": "0" 1192 | } 1193 | }, 1194 | "type": "special" 1195 | } 1196 | ], 1197 | "noValue": "0", 1198 | "thresholds": { 1199 | "mode": "absolute", 1200 | "steps": [ 1201 | { 1202 | "color": "green", 1203 | "value": null 1204 | }, 1205 | { 1206 | "color": "text", 1207 | "value": 0 1208 | } 1209 | ] 1210 | }, 1211 | "unit": "short" 1212 | }, 1213 | "overrides": [ 1214 | { 1215 | "matcher": { 1216 | "id": "byFrameRefID", 1217 | "options": "A" 1218 | }, 1219 | "properties": [ 1220 | { 1221 | "id": "custom.axisColorMode", 1222 | "value": "text" 1223 | }, 1224 | { 1225 | "id": "color", 1226 | "value": { 1227 | "fixedColor": "red", 1228 | "mode": "fixed" 1229 | } 1230 | } 1231 | ] 1232 | }, 1233 | { 1234 | "matcher": { 1235 | "id": "byFrameRefID", 1236 | "options": "B" 1237 | }, 1238 | "properties": [ 1239 | { 1240 | "id": "custom.axisColorMode", 1241 | "value": "text" 1242 | }, 1243 | { 1244 | "id": "color", 1245 | "value": { 1246 | "fixedColor": "purple", 1247 | "mode": "fixed" 1248 | } 1249 | } 1250 | ] 1251 | } 1252 | ] 1253 | }, 1254 | "gridPos": { 1255 | "h": 10, 1256 | "w": 24, 1257 | "x": 0, 1258 | "y": 23 1259 | }, 1260 | "id": 9, 1261 | "options": { 1262 | "legend": { 1263 | "calcs": [ 1264 | "last", 1265 | "sum" 1266 | ], 1267 | "displayMode": "table", 1268 | "placement": "right", 1269 | "showLegend": true 1270 | }, 1271 | "timezone": [ 1272 | "browser" 1273 | ], 1274 | "tooltip": { 1275 | "hoverProximity": 25, 1276 | "mode": "single", 1277 | "sort": "none" 1278 | } 1279 | }, 1280 | "pluginVersion": "11.1.4", 1281 | "targets": [ 1282 | { 1283 | "datasource": { 1284 | "type": "loki", 1285 | "uid": "${datasource}" 1286 | }, 1287 | "editorMode": "code", 1288 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Failed|: Invalid|: Connection closed by authenticating user\" | __error__=\"\" [$__auto]))", 1289 | "hide": false, 1290 | "legendFormat": "Failed - {{ instance }}", 1291 | "queryType": "range", 1292 | "refId": "A" 1293 | }, 1294 | { 1295 | "datasource": { 1296 | "type": "loki", 1297 | "uid": "${DS_LOKI}" 1298 | }, 1299 | "editorMode": "code", 1300 | "expr": "sum by(instance) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |=\": session opened for\" | __error__=\"\" [$__auto]))", 1301 | "hide": false, 1302 | "legendFormat": "Open - {{ instance }}", 1303 | "queryType": "range", 1304 | "refId": "B" 1305 | } 1306 | ], 1307 | "title": "Global SSH Stats - Open vs Failed Connections - Over Time", 1308 | "transformations": [ 1309 | { 1310 | "disabled": true, 1311 | "id": "merge", 1312 | "options": {} 1313 | }, 1314 | { 1315 | "disabled": true, 1316 | "id": "extractFields", 1317 | "options": { 1318 | "format": "auto", 1319 | "jsonPaths": [ 1320 | { 1321 | "path": "" 1322 | } 1323 | ], 1324 | "keepTime": false, 1325 | "replace": false, 1326 | "source": "instance" 1327 | } 1328 | }, 1329 | { 1330 | "disabled": true, 1331 | "id": "groupBy", 1332 | "options": { 1333 | "fields": { 1334 | "Time": { 1335 | "aggregations": [ 1336 | "lastNotNull" 1337 | ], 1338 | "operation": "aggregate" 1339 | }, 1340 | "TotalFailedUniqueIP": { 1341 | "aggregations": [ 1342 | "lastNotNull" 1343 | ], 1344 | "operation": "aggregate" 1345 | }, 1346 | "Value #A": { 1347 | "aggregations": [ 1348 | "lastNotNull" 1349 | ], 1350 | "operation": "aggregate" 1351 | }, 1352 | "Value #B": { 1353 | "aggregations": [ 1354 | "sum" 1355 | ], 1356 | "operation": "aggregate" 1357 | }, 1358 | "Value #C": { 1359 | "aggregations": [ 1360 | "lastNotNull" 1361 | ], 1362 | "operation": "aggregate" 1363 | }, 1364 | "Value #D": { 1365 | "aggregations": [ 1366 | "sum" 1367 | ], 1368 | "operation": "aggregate" 1369 | }, 1370 | "Value #E": { 1371 | "aggregations": [ 1372 | "lastNotNull" 1373 | ], 1374 | "operation": "aggregate" 1375 | }, 1376 | "Value #F": { 1377 | "aggregations": [ 1378 | "lastNotNull" 1379 | ], 1380 | "operation": "aggregate" 1381 | }, 1382 | "Value #G": { 1383 | "aggregations": [ 1384 | "sum" 1385 | ], 1386 | "operation": "aggregate" 1387 | }, 1388 | "Value #Test": { 1389 | "aggregations": [ 1390 | "lastNotNull" 1391 | ], 1392 | "operation": "aggregate" 1393 | }, 1394 | "instance": { 1395 | "aggregations": [], 1396 | "operation": "groupby" 1397 | }, 1398 | "ip": { 1399 | "aggregations": [] 1400 | } 1401 | } 1402 | } 1403 | }, 1404 | { 1405 | "disabled": true, 1406 | "id": "organize", 1407 | "options": { 1408 | "excludeByName": { 1409 | "TotalFailedUniqueIP (lastNotNull)": false, 1410 | "Value #B (lastNotNull)": true, 1411 | "Value #C (lastNotNull)": false, 1412 | "Value #D (lastNotNull)": false, 1413 | "Value #F (last)": false, 1414 | "Value #F (lastNotNull)": false, 1415 | "Value #G (lastNotNull)": false 1416 | }, 1417 | "includeByName": {}, 1418 | "indexByName": { 1419 | "Time (lastNotNull)": 0, 1420 | "Value #A (lastNotNull)": 2, 1421 | "Value #B (sum)": 3, 1422 | "Value #C (lastNotNull)": 5, 1423 | "Value #D (sum)": 6, 1424 | "Value #E (lastNotNull)": 4, 1425 | "instance": 1 1426 | }, 1427 | "renameByName": { 1428 | "FailedAttemptByUser": "Failed Unique User", 1429 | "TEST": "Total Failed Unique IP", 1430 | "Time (lastNotNull)": "Time", 1431 | "TotalFailedUniqueIP": "Failed Unique IP", 1432 | "TotalFailedUniqueIP (lastNotNull)": "Failed Unique IP", 1433 | "Value #A (lastNotNull)": "Failed Connection", 1434 | "Value #B (sum)": "Failed Unique IP", 1435 | "Value #C (lastNotNull)": "Opened Connection", 1436 | "Value #D (lastNotNull)": "Opened Connection Unique IP", 1437 | "Value #D (sum)": "Opened Connection Unique IP", 1438 | "Value #E (lastNotNull)": "Failed Unique User", 1439 | "Value #F (lastNotNull)": "Opened Unique User", 1440 | "instance": "Instance" 1441 | } 1442 | } 1443 | } 1444 | ], 1445 | "type": "timeseries" 1446 | }, 1447 | { 1448 | "datasource": { 1449 | "type": "loki", 1450 | "uid": "${datasource}" 1451 | }, 1452 | "gridPos": { 1453 | "h": 22, 1454 | "w": 24, 1455 | "x": 0, 1456 | "y": 33 1457 | }, 1458 | "id": 11, 1459 | "options": { 1460 | "dedupStrategy": "none", 1461 | "enableLogDetails": true, 1462 | "prettifyLogMessage": false, 1463 | "showCommonLabels": false, 1464 | "showLabels": false, 1465 | "showTime": false, 1466 | "sortOrder": "Descending", 1467 | "wrapLogMessage": false 1468 | }, 1469 | "targets": [ 1470 | { 1471 | "datasource": { 1472 | "type": "loki", 1473 | "uid": "${DS_LOKI}" 1474 | }, 1475 | "editorMode": "code", 1476 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" ", 1477 | "queryType": "range", 1478 | "refId": "A" 1479 | } 1480 | ], 1481 | "title": "Global - SSH Recent Logs", 1482 | "type": "logs" 1483 | } 1484 | ], 1485 | "schemaVersion": 39, 1486 | "tags": [ 1487 | "loki", 1488 | "linux", 1489 | "ssh" 1490 | ], 1491 | "templating": { 1492 | "list": [ 1493 | { 1494 | "current": {}, 1495 | "hide": 0, 1496 | "includeAll": false, 1497 | "label": "Datasource", 1498 | "multi": false, 1499 | "name": "datasource", 1500 | "options": [], 1501 | "query": "loki", 1502 | "refresh": 1, 1503 | "regex": "", 1504 | "skipUrlSync": false, 1505 | "type": "datasource" 1506 | }, 1507 | { 1508 | "current": {}, 1509 | "datasource": { 1510 | "type": "loki", 1511 | "uid": "${datasource}" 1512 | }, 1513 | "definition": "", 1514 | "hide": 0, 1515 | "includeAll": false, 1516 | "label": "Label Name", 1517 | "multi": false, 1518 | "name": "label_name", 1519 | "options": [], 1520 | "query": { 1521 | "label": "", 1522 | "refId": "LokiVariableQueryEditor-VariableQuery", 1523 | "stream": "", 1524 | "type": 0 1525 | }, 1526 | "refresh": 1, 1527 | "regex": "", 1528 | "skipUrlSync": false, 1529 | "sort": 0, 1530 | "type": "query" 1531 | }, 1532 | { 1533 | "current": {}, 1534 | "datasource": { 1535 | "type": "loki", 1536 | "uid": "${DS_LOKI}" 1537 | }, 1538 | "definition": "", 1539 | "hide": 0, 1540 | "includeAll": false, 1541 | "label": "Label Value", 1542 | "multi": false, 1543 | "name": "label_value", 1544 | "options": [], 1545 | "query": { 1546 | "label": "$label_name", 1547 | "refId": "LokiVariableQueryEditor-VariableQuery", 1548 | "stream": "", 1549 | "type": 1 1550 | }, 1551 | "refresh": 2, 1552 | "regex": "", 1553 | "skipUrlSync": false, 1554 | "sort": 1, 1555 | "type": "query" 1556 | }, 1557 | { 1558 | "current": {}, 1559 | "datasource": { 1560 | "type": "loki", 1561 | "uid": "${DS_LOKI}" 1562 | }, 1563 | "definition": "", 1564 | "hide": 0, 1565 | "includeAll": false, 1566 | "label": "Job", 1567 | "multi": false, 1568 | "name": "job", 1569 | "options": [], 1570 | "query": { 1571 | "label": "job", 1572 | "refId": "LokiVariableQueryEditor-VariableQuery", 1573 | "stream": "{$label_name=~\"$label_value\"}", 1574 | "type": 1 1575 | }, 1576 | "refresh": 1, 1577 | "regex": "", 1578 | "skipUrlSync": false, 1579 | "sort": 0, 1580 | "type": "query" 1581 | }, 1582 | { 1583 | "allValue": ".*", 1584 | "current": {}, 1585 | "datasource": { 1586 | "type": "loki", 1587 | "uid": "${DS_LOKI}" 1588 | }, 1589 | "definition": "", 1590 | "hide": 0, 1591 | "includeAll": true, 1592 | "label": "Instance", 1593 | "multi": true, 1594 | "name": "instance", 1595 | "options": [], 1596 | "query": { 1597 | "label": "instance", 1598 | "refId": "LokiVariableQueryEditor-VariableQuery", 1599 | "stream": "{$label_name=~\"$label_value\"}", 1600 | "type": 1 1601 | }, 1602 | "refresh": 1, 1603 | "regex": "", 1604 | "skipUrlSync": false, 1605 | "sort": 0, 1606 | "type": "query" 1607 | } 1608 | ] 1609 | }, 1610 | "time": { 1611 | "from": "now-3d", 1612 | "to": "now" 1613 | }, 1614 | "timepicker": {}, 1615 | "timezone": "browser", 1616 | "title": "Global SSH Logs View", 1617 | "uid": "dduzuipqnun7ke", 1618 | "version": 26, 1619 | "weekStart": "" 1620 | } -------------------------------------------------------------------------------- /loki/sudo_logs.json: -------------------------------------------------------------------------------- 1 | { 2 | "__inputs": [ 3 | { 4 | "name": "DS_LOKI", 5 | "label": "loki", 6 | "description": "", 7 | "type": "datasource", 8 | "pluginId": "loki", 9 | "pluginName": "Loki" 10 | } 11 | ], 12 | "__elements": {}, 13 | "__requires": [ 14 | { 15 | "type": "grafana", 16 | "id": "grafana", 17 | "name": "Grafana", 18 | "version": "10.4.0" 19 | }, 20 | { 21 | "type": "panel", 22 | "id": "logs", 23 | "name": "Logs", 24 | "version": "" 25 | }, 26 | { 27 | "type": "datasource", 28 | "id": "loki", 29 | "name": "Loki", 30 | "version": "1.0.0" 31 | }, 32 | { 33 | "type": "panel", 34 | "id": "piechart", 35 | "name": "Pie chart", 36 | "version": "" 37 | }, 38 | { 39 | "type": "panel", 40 | "id": "stat", 41 | "name": "Stat", 42 | "version": "" 43 | }, 44 | { 45 | "type": "panel", 46 | "id": "table", 47 | "name": "Table", 48 | "version": "" 49 | }, 50 | { 51 | "type": "panel", 52 | "id": "text", 53 | "name": "Text", 54 | "version": "" 55 | } 56 | ], 57 | "annotations": { 58 | "list": [ 59 | { 60 | "builtIn": 1, 61 | "datasource": { 62 | "type": "grafana", 63 | "uid": "-- Grafana --" 64 | }, 65 | "enable": true, 66 | "hide": true, 67 | "iconColor": "rgba(0, 211, 255, 1)", 68 | "name": "Annotations & Alerts", 69 | "type": "dashboard" 70 | } 71 | ] 72 | }, 73 | "description": "Monitor SUDO Logs with JSON Logging", 74 | "editable": true, 75 | "fiscalYearStartMonth": 0, 76 | "gnetId": 19816, 77 | "graphTooltip": 0, 78 | "id": null, 79 | "links": [], 80 | "liveNow": false, 81 | "panels": [ 82 | { 83 | "collapsed": false, 84 | "gridPos": { 85 | "h": 1, 86 | "w": 24, 87 | "x": 0, 88 | "y": 0 89 | }, 90 | "id": 8, 91 | "panels": [], 92 | "title": "Total Stats", 93 | "type": "row" 94 | }, 95 | { 96 | "datasource": { 97 | "type": "loki", 98 | "uid": "${DS_LOKI}" 99 | }, 100 | "description": "", 101 | "fieldConfig": { 102 | "defaults": { 103 | "color": { 104 | "mode": "thresholds" 105 | }, 106 | "mappings": [ 107 | { 108 | "options": { 109 | "match": "null", 110 | "result": { 111 | "index": 0, 112 | "text": "0" 113 | } 114 | }, 115 | "type": "special" 116 | } 117 | ], 118 | "thresholds": { 119 | "mode": "absolute", 120 | "steps": [ 121 | { 122 | "color": "purple", 123 | "value": null 124 | } 125 | ] 126 | }, 127 | "unit": "short" 128 | }, 129 | "overrides": [] 130 | }, 131 | "gridPos": { 132 | "h": 4, 133 | "w": 4, 134 | "x": 0, 135 | "y": 1 136 | }, 137 | "id": 2, 138 | "options": { 139 | "colorMode": "background", 140 | "graphMode": "none", 141 | "justifyMode": "center", 142 | "orientation": "auto", 143 | "reduceOptions": { 144 | "calcs": [ 145 | "sum" 146 | ], 147 | "fields": "", 148 | "values": false 149 | }, 150 | "showPercentChange": false, 151 | "textMode": "auto", 152 | "wideLayout": true 153 | }, 154 | "pluginVersion": "10.4.0", 155 | "targets": [ 156 | { 157 | "datasource": { 158 | "type": "loki", 159 | "uid": "${DS_LOKI}" 160 | }, 161 | "editorMode": "code", 162 | "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"accept\\\":{.*\" | __error__=\"\" [$__range])", 163 | "hide": false, 164 | "queryType": "instant", 165 | "refId": "A" 166 | } 167 | ], 168 | "title": "Total Accepted SUDO Events", 169 | "type": "stat" 170 | }, 171 | { 172 | "datasource": { 173 | "type": "loki", 174 | "uid": "${DS_LOKI}" 175 | }, 176 | "description": "", 177 | "fieldConfig": { 178 | "defaults": { 179 | "color": { 180 | "mode": "thresholds" 181 | }, 182 | "mappings": [ 183 | { 184 | "options": { 185 | "match": "null", 186 | "result": { 187 | "index": 0, 188 | "text": "0" 189 | } 190 | }, 191 | "type": "special" 192 | } 193 | ], 194 | "thresholds": { 195 | "mode": "absolute", 196 | "steps": [ 197 | { 198 | "color": "purple", 199 | "value": null 200 | }, 201 | { 202 | "color": "red", 203 | "value": 1 204 | } 205 | ] 206 | }, 207 | "unit": "short" 208 | }, 209 | "overrides": [] 210 | }, 211 | "gridPos": { 212 | "h": 4, 213 | "w": 4, 214 | "x": 4, 215 | "y": 1 216 | }, 217 | "id": 3, 218 | "options": { 219 | "colorMode": "background", 220 | "graphMode": "none", 221 | "justifyMode": "center", 222 | "orientation": "auto", 223 | "reduceOptions": { 224 | "calcs": [ 225 | "sum" 226 | ], 227 | "fields": "", 228 | "values": false 229 | }, 230 | "showPercentChange": false, 231 | "textMode": "auto", 232 | "wideLayout": true 233 | }, 234 | "pluginVersion": "10.4.0", 235 | "targets": [ 236 | { 237 | "datasource": { 238 | "type": "loki", 239 | "uid": "${DS_LOKI}" 240 | }, 241 | "editorMode": "code", 242 | "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"reject\\\":{.*\" | __error__=\"\" [$__range])", 243 | "hide": false, 244 | "queryType": "instant", 245 | "refId": "A" 246 | } 247 | ], 248 | "title": "Total Rejected SUDO Events", 249 | "transformations": [ 250 | { 251 | "id": "merge", 252 | "options": {} 253 | } 254 | ], 255 | "type": "stat" 256 | }, 257 | { 258 | "datasource": { 259 | "type": "loki", 260 | "uid": "${DS_LOKI}" 261 | }, 262 | "description": "", 263 | "fieldConfig": { 264 | "defaults": { 265 | "color": { 266 | "mode": "thresholds" 267 | }, 268 | "mappings": [ 269 | { 270 | "options": { 271 | "match": "null", 272 | "result": { 273 | "index": 0, 274 | "text": "0" 275 | } 276 | }, 277 | "type": "special" 278 | } 279 | ], 280 | "thresholds": { 281 | "mode": "absolute", 282 | "steps": [ 283 | { 284 | "color": "orange", 285 | "value": null 286 | } 287 | ] 288 | }, 289 | "unit": "short" 290 | }, 291 | "overrides": [] 292 | }, 293 | "gridPos": { 294 | "h": 4, 295 | "w": 3, 296 | "x": 8, 297 | "y": 1 298 | }, 299 | "id": 4, 300 | "options": { 301 | "colorMode": "background", 302 | "graphMode": "none", 303 | "justifyMode": "auto", 304 | "orientation": "auto", 305 | "reduceOptions": { 306 | "calcs": [ 307 | "sum" 308 | ], 309 | "fields": "", 310 | "values": false 311 | }, 312 | "showPercentChange": false, 313 | "textMode": "auto", 314 | "wideLayout": true 315 | }, 316 | "pluginVersion": "10.4.0", 317 | "targets": [ 318 | { 319 | "datasource": { 320 | "type": "loki", 321 | "uid": "${DS_LOKI}" 322 | }, 323 | "editorMode": "code", 324 | "expr": "count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"reject\\\":{.*|.+{\\\"accept\\\":{.*\" | __error__=\"\" [$__range])", 325 | "hide": false, 326 | "queryType": "instant", 327 | "refId": "A" 328 | } 329 | ], 330 | "title": "SUDO Log Lines", 331 | "type": "stat" 332 | }, 333 | { 334 | "datasource": { 335 | "type": "loki", 336 | "uid": "${DS_LOKI}" 337 | }, 338 | "description": "", 339 | "fieldConfig": { 340 | "defaults": { 341 | "color": { 342 | "mode": "thresholds" 343 | }, 344 | "mappings": [ 345 | { 346 | "options": { 347 | "match": "null", 348 | "result": { 349 | "index": 0, 350 | "text": "0" 351 | } 352 | }, 353 | "type": "special" 354 | } 355 | ], 356 | "thresholds": { 357 | "mode": "absolute", 358 | "steps": [ 359 | { 360 | "color": "orange", 361 | "value": null 362 | } 363 | ] 364 | }, 365 | "unit": "decbytes" 366 | }, 367 | "overrides": [] 368 | }, 369 | "gridPos": { 370 | "h": 4, 371 | "w": 3, 372 | "x": 11, 373 | "y": 1 374 | }, 375 | "id": 5, 376 | "options": { 377 | "colorMode": "background", 378 | "graphMode": "none", 379 | "justifyMode": "auto", 380 | "orientation": "auto", 381 | "reduceOptions": { 382 | "calcs": [ 383 | "sum" 384 | ], 385 | "fields": "", 386 | "values": false 387 | }, 388 | "showPercentChange": false, 389 | "textMode": "auto", 390 | "wideLayout": true 391 | }, 392 | "pluginVersion": "10.4.0", 393 | "targets": [ 394 | { 395 | "datasource": { 396 | "type": "loki", 397 | "uid": "${DS_LOKI}" 398 | }, 399 | "editorMode": "code", 400 | "expr": "sum(bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"reject\\\":{.*|.+{\\\"accept\\\":{.*\" | __error__=\"\" [$__range]))", 401 | "queryType": "instant", 402 | "refId": "A" 403 | } 404 | ], 405 | "title": "SUDO Log in bytes", 406 | "type": "stat" 407 | }, 408 | { 409 | "datasource": { 410 | "type": "datasource", 411 | "uid": "grafana" 412 | }, 413 | "gridPos": { 414 | "h": 4, 415 | "w": 5, 416 | "x": 14, 417 | "y": 1 418 | }, 419 | "id": 7, 420 | "options": { 421 | "code": { 422 | "language": "plaintext", 423 | "showLineNumbers": false, 424 | "showMiniMap": false 425 | }, 426 | "content": "# SUDO JSON Log\n\nCreated by [VoidQuark](https://voidquark.com)\n\n- [Dashboard Source](https://github.com/voidquark/grafana-dashboards)\n\n- Follow me on [X](https://x.com/voidquark) for updates on new and current dashboards.", 427 | "mode": "markdown" 428 | }, 429 | "pluginVersion": "10.4.0", 430 | "type": "text" 431 | }, 432 | { 433 | "datasource": { 434 | "type": "loki", 435 | "uid": "${DS_LOKI}" 436 | }, 437 | "fieldConfig": { 438 | "defaults": { 439 | "color": { 440 | "mode": "palette-classic" 441 | }, 442 | "custom": { 443 | "hideFrom": { 444 | "legend": false, 445 | "tooltip": false, 446 | "viz": false 447 | } 448 | }, 449 | "mappings": [] 450 | }, 451 | "overrides": [] 452 | }, 453 | "gridPos": { 454 | "h": 11, 455 | "w": 6, 456 | "x": 0, 457 | "y": 5 458 | }, 459 | "id": 9, 460 | "options": { 461 | "displayLabels": [], 462 | "legend": { 463 | "displayMode": "table", 464 | "placement": "right", 465 | "showLegend": true, 466 | "values": [ 467 | "value", 468 | "percent" 469 | ] 470 | }, 471 | "pieType": "donut", 472 | "reduceOptions": { 473 | "calcs": [ 474 | "sum" 475 | ], 476 | "fields": "", 477 | "values": false 478 | }, 479 | "tooltip": { 480 | "mode": "multi", 481 | "sort": "none" 482 | } 483 | }, 484 | "pluginVersion": "9.2.5", 485 | "targets": [ 486 | { 487 | "datasource": { 488 | "type": "loki", 489 | "uid": "${DS_LOKI}" 490 | }, 491 | "editorMode": "code", 492 | "expr": "sum by(sudo_accept_submituser) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"accept\\\":{.*\" | __error__=\"\" [$__interval]))", 493 | "hide": false, 494 | "legendFormat": "{{ sudo_accept_submituser }}", 495 | "queryType": "range", 496 | "refId": "A" 497 | } 498 | ], 499 | "title": "Accepted SUDO Events by User", 500 | "type": "piechart" 501 | }, 502 | { 503 | "datasource": { 504 | "type": "loki", 505 | "uid": "${DS_LOKI}" 506 | }, 507 | "fieldConfig": { 508 | "defaults": { 509 | "color": { 510 | "fixedColor": "#f7001d", 511 | "mode": "palette-classic" 512 | }, 513 | "custom": { 514 | "hideFrom": { 515 | "legend": false, 516 | "tooltip": false, 517 | "viz": false 518 | } 519 | }, 520 | "mappings": [] 521 | }, 522 | "overrides": [] 523 | }, 524 | "gridPos": { 525 | "h": 11, 526 | "w": 6, 527 | "x": 6, 528 | "y": 5 529 | }, 530 | "id": 10, 531 | "options": { 532 | "displayLabels": [], 533 | "legend": { 534 | "displayMode": "table", 535 | "placement": "right", 536 | "showLegend": true, 537 | "values": [ 538 | "value", 539 | "percent" 540 | ] 541 | }, 542 | "pieType": "donut", 543 | "reduceOptions": { 544 | "calcs": [ 545 | "sum" 546 | ], 547 | "fields": "", 548 | "values": false 549 | }, 550 | "tooltip": { 551 | "mode": "multi", 552 | "sort": "none" 553 | } 554 | }, 555 | "pluginVersion": "9.2.5", 556 | "targets": [ 557 | { 558 | "datasource": { 559 | "type": "loki", 560 | "uid": "${DS_LOKI}" 561 | }, 562 | "editorMode": "code", 563 | "expr": "sum by(sudo_reject_submituser) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"reject\\\":{.*\" | __error__=\"\" [$__interval]))", 564 | "hide": false, 565 | "legendFormat": "{{ sudo_reject_submituser }}", 566 | "queryType": "range", 567 | "refId": "A" 568 | } 569 | ], 570 | "title": "Rejected SUDO Events by User", 571 | "type": "piechart" 572 | }, 573 | { 574 | "datasource": { 575 | "type": "loki", 576 | "uid": "${DS_LOKI}" 577 | }, 578 | "gridPos": { 579 | "h": 15, 580 | "w": 23, 581 | "x": 0, 582 | "y": 16 583 | }, 584 | "id": 6, 585 | "options": { 586 | "dedupStrategy": "none", 587 | "enableLogDetails": true, 588 | "prettifyLogMessage": false, 589 | "showCommonLabels": false, 590 | "showLabels": false, 591 | "showTime": true, 592 | "sortOrder": "Descending", 593 | "wrapLogMessage": false 594 | }, 595 | "targets": [ 596 | { 597 | "datasource": { 598 | "type": "loki", 599 | "uid": "${DS_LOKI}" 600 | }, 601 | "editorMode": "code", 602 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"accept\\\":{.*\" | json runargv=\"sudo.accept.runargv\" | line_format\"👤 {{ .sudo_accept_submituser }} 📂 {{ .sudo_accept_submitcwd }} 🎯 {{ .sudo_accept_runuser }} 🖥️ {{ .runargv }}\" | __error__=\"\"", 603 | "hide": false, 604 | "queryType": "range", 605 | "refId": "A" 606 | }, 607 | { 608 | "datasource": { 609 | "type": "loki", 610 | "uid": "${DS_LOKI}" 611 | }, 612 | "editorMode": "code", 613 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\"^{\\\"reject\\\":{.*\" | json runargv=\"reject.runargv\" | line_format\"🚫 {{ .sudo_reject_reason }} 👤 {{ .sudo_reject_submituser }} 📂 {{ .sudo_reject_submitcwd }} 🎯 {{ .sudo_reject_runuser }} 🖥️ {{ .runargv }}\" | __error__=\"\"", 614 | "hide": false, 615 | "queryType": "range", 616 | "refId": "B" 617 | } 618 | ], 619 | "title": "SUDO Recent Log", 620 | "type": "logs" 621 | }, 622 | { 623 | "collapsed": false, 624 | "gridPos": { 625 | "h": 1, 626 | "w": 24, 627 | "x": 0, 628 | "y": 31 629 | }, 630 | "id": 11, 631 | "panels": [], 632 | "title": "Accepted SUDO Events - Details", 633 | "type": "row" 634 | }, 635 | { 636 | "datasource": { 637 | "type": "loki", 638 | "uid": "${DS_LOKI}" 639 | }, 640 | "fieldConfig": { 641 | "defaults": { 642 | "color": { 643 | "mode": "thresholds" 644 | }, 645 | "custom": { 646 | "align": "auto", 647 | "cellOptions": { 648 | "type": "auto" 649 | }, 650 | "filterable": true, 651 | "inspect": false 652 | }, 653 | "mappings": [], 654 | "thresholds": { 655 | "mode": "absolute", 656 | "steps": [ 657 | { 658 | "color": "green", 659 | "value": null 660 | }, 661 | { 662 | "color": "red", 663 | "value": 80 664 | } 665 | ] 666 | } 667 | }, 668 | "overrides": [ 669 | { 670 | "matcher": { 671 | "id": "byName", 672 | "options": "Time" 673 | }, 674 | "properties": [ 675 | { 676 | "id": "custom.width", 677 | "value": 200 678 | } 679 | ] 680 | }, 681 | { 682 | "matcher": { 683 | "id": "byName", 684 | "options": "Source User" 685 | }, 686 | "properties": [ 687 | { 688 | "id": "custom.width", 689 | "value": 150 690 | } 691 | ] 692 | }, 693 | { 694 | "matcher": { 695 | "id": "byName", 696 | "options": "Source PWD" 697 | }, 698 | "properties": [ 699 | { 700 | "id": "custom.width", 701 | "value": 200 702 | } 703 | ] 704 | }, 705 | { 706 | "matcher": { 707 | "id": "byName", 708 | "options": "Target User" 709 | }, 710 | "properties": [ 711 | { 712 | "id": "custom.width", 713 | "value": 150 714 | } 715 | ] 716 | }, 717 | { 718 | "matcher": { 719 | "id": "byName", 720 | "options": "Instance" 721 | }, 722 | "properties": [ 723 | { 724 | "id": "custom.width", 725 | "value": 200 726 | } 727 | ] 728 | }, 729 | { 730 | "matcher": { 731 | "id": "byName", 732 | "options": "Sudo Command" 733 | }, 734 | "properties": [ 735 | { 736 | "id": "custom.width" 737 | } 738 | ] 739 | }, 740 | { 741 | "matcher": { 742 | "id": "byName", 743 | "options": "TTY Name" 744 | }, 745 | "properties": [ 746 | { 747 | "id": "custom.width", 748 | "value": 120 749 | } 750 | ] 751 | } 752 | ] 753 | }, 754 | "gridPos": { 755 | "h": 21, 756 | "w": 23, 757 | "x": 0, 758 | "y": 32 759 | }, 760 | "id": 1, 761 | "options": { 762 | "cellHeight": "sm", 763 | "footer": { 764 | "countRows": false, 765 | "fields": "", 766 | "reducer": [ 767 | "sum" 768 | ], 769 | "show": false 770 | }, 771 | "showHeader": true, 772 | "sortBy": [] 773 | }, 774 | "pluginVersion": "10.4.0", 775 | "targets": [ 776 | { 777 | "datasource": { 778 | "type": "loki", 779 | "uid": "${DS_LOKI}" 780 | }, 781 | "editorMode": "code", 782 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"accept\\\":{.*\" | json runargv=\"sudo.accept.runargv\" | __error__=\"\"", 783 | "legendFormat": "", 784 | "queryType": "range", 785 | "refId": "A" 786 | } 787 | ], 788 | "title": "Accepted SUDO Events Details", 789 | "transformations": [ 790 | { 791 | "id": "extractFields", 792 | "options": { 793 | "format": "json", 794 | "keepTime": true, 795 | "replace": true, 796 | "source": "labels" 797 | } 798 | }, 799 | { 800 | "id": "organize", 801 | "options": { 802 | "excludeByName": { 803 | "accept_columns": true, 804 | "accept_command": true, 805 | "accept_lines": true, 806 | "accept_runcwd": true, 807 | "accept_runuid": true, 808 | "accept_server_time_iso8601": true, 809 | "accept_server_time_localtime": true, 810 | "accept_server_time_nanoseconds": true, 811 | "accept_server_time_seconds": true, 812 | "accept_submit_time_iso8601": true, 813 | "accept_submit_time_localtime": true, 814 | "accept_submit_time_nanoseconds": true, 815 | "accept_submit_time_seconds": true, 816 | "accept_submithost": true, 817 | "env": true, 818 | "filename": true, 819 | "instance": false, 820 | "job": true, 821 | "sudo_accept_columns": true, 822 | "sudo_accept_command": true, 823 | "sudo_accept_lines": true, 824 | "sudo_accept_runcwd": true, 825 | "sudo_accept_runuid": true, 826 | "sudo_accept_runuser": false, 827 | "sudo_accept_server_time_iso8601": true, 828 | "sudo_accept_server_time_localtime": true, 829 | "sudo_accept_server_time_nanoseconds": true, 830 | "sudo_accept_server_time_seconds": true, 831 | "sudo_accept_submit_time_iso8601": true, 832 | "sudo_accept_submit_time_localtime": true, 833 | "sudo_accept_submit_time_nanoseconds": true, 834 | "sudo_accept_submit_time_seconds": true, 835 | "sudo_accept_submithost": true, 836 | "sudo_json_message": true 837 | }, 838 | "includeByName": {}, 839 | "indexByName": { 840 | "Time": 0, 841 | "env": 7, 842 | "filename": 8, 843 | "instance": 4, 844 | "job": 9, 845 | "runargv": 5, 846 | "sudo_accept_columns": 11, 847 | "sudo_accept_command": 12, 848 | "sudo_accept_lines": 13, 849 | "sudo_accept_runcwd": 14, 850 | "sudo_accept_runuid": 15, 851 | "sudo_accept_runuser": 3, 852 | "sudo_accept_server_time_iso8601": 16, 853 | "sudo_accept_server_time_localtime": 17, 854 | "sudo_accept_server_time_nanoseconds": 18, 855 | "sudo_accept_server_time_seconds": 19, 856 | "sudo_accept_submit_time_iso8601": 20, 857 | "sudo_accept_submit_time_localtime": 21, 858 | "sudo_accept_submit_time_nanoseconds": 22, 859 | "sudo_accept_submit_time_seconds": 23, 860 | "sudo_accept_submitcwd": 2, 861 | "sudo_accept_submithost": 24, 862 | "sudo_accept_submituser": 1, 863 | "sudo_accept_ttyname": 6, 864 | "sudo_json_message": 10 865 | }, 866 | "renameByName": { 867 | "accept_runcwd": "", 868 | "accept_runuser": "Target User", 869 | "accept_submitcwd": "Source PWD", 870 | "accept_submithost": "", 871 | "accept_submituser": "Source User", 872 | "accept_ttyname": "TTY Name", 873 | "instance": "Instance", 874 | "runargv": "Sudo Command", 875 | "sudo_accept_runuser": "Target User", 876 | "sudo_accept_submitcwd": "Source PWD", 877 | "sudo_accept_submithost": "", 878 | "sudo_accept_submituser": "Source User", 879 | "sudo_accept_ttyname": "TTY Name" 880 | } 881 | } 882 | }, 883 | { 884 | "id": "sortBy", 885 | "options": { 886 | "fields": {}, 887 | "sort": [ 888 | { 889 | "desc": true, 890 | "field": "Time" 891 | } 892 | ] 893 | } 894 | } 895 | ], 896 | "type": "table" 897 | }, 898 | { 899 | "datasource": { 900 | "type": "loki", 901 | "uid": "${DS_LOKI}" 902 | }, 903 | "description": "", 904 | "fieldConfig": { 905 | "defaults": { 906 | "color": { 907 | "mode": "thresholds" 908 | }, 909 | "custom": { 910 | "align": "auto", 911 | "cellOptions": { 912 | "type": "auto" 913 | }, 914 | "filterable": false, 915 | "inspect": true 916 | }, 917 | "mappings": [], 918 | "thresholds": { 919 | "mode": "absolute", 920 | "steps": [ 921 | { 922 | "color": "dark-purple", 923 | "value": null 924 | } 925 | ] 926 | } 927 | }, 928 | "overrides": [ 929 | { 930 | "matcher": { 931 | "id": "byName", 932 | "options": "Count" 933 | }, 934 | "properties": [ 935 | { 936 | "id": "custom.cellOptions", 937 | "value": { 938 | "type": "gauge" 939 | } 940 | } 941 | ] 942 | } 943 | ] 944 | }, 945 | "gridPos": { 946 | "h": 12, 947 | "w": 23, 948 | "x": 0, 949 | "y": 53 950 | }, 951 | "id": 15, 952 | "options": { 953 | "cellHeight": "sm", 954 | "footer": { 955 | "countRows": false, 956 | "fields": [ 957 | "Value #A" 958 | ], 959 | "reducer": [ 960 | "sum" 961 | ], 962 | "show": true 963 | }, 964 | "showHeader": true, 965 | "sortBy": [] 966 | }, 967 | "pluginVersion": "10.4.0", 968 | "targets": [ 969 | { 970 | "datasource": { 971 | "type": "loki", 972 | "uid": "${DS_LOKI}" 973 | }, 974 | "editorMode": "code", 975 | "expr": "topk(10, sum by (sudo_accept_submituser, runargv) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"accept\\\":{.*\" | json runargv=\"sudo.accept.runargv\" | __error__=\"\" [$__range])))", 976 | "hide": false, 977 | "legendFormat": "{{ sudo_accept_submituser }} {{ runargv }}", 978 | "queryType": "instant", 979 | "refId": "A" 980 | } 981 | ], 982 | "title": "Top 10 Accepted SUDO Events by User and Command", 983 | "transformations": [ 984 | { 985 | "id": "organize", 986 | "options": { 987 | "excludeByName": { 988 | "Time": true, 989 | "accept_columns": true, 990 | "accept_command": true, 991 | "accept_lines": true, 992 | "accept_runcwd": true, 993 | "accept_runuid": true, 994 | "accept_server_time_iso8601": true, 995 | "accept_server_time_localtime": true, 996 | "accept_server_time_nanoseconds": true, 997 | "accept_server_time_seconds": true, 998 | "accept_submit_time_iso8601": true, 999 | "accept_submit_time_localtime": true, 1000 | "accept_submit_time_nanoseconds": true, 1001 | "accept_submit_time_seconds": true, 1002 | "accept_submithost": true, 1003 | "env": true, 1004 | "filename": true, 1005 | "instance": false, 1006 | "job": true, 1007 | "sudo_json_message": true 1008 | }, 1009 | "includeByName": {}, 1010 | "indexByName": { 1011 | "Time": 0, 1012 | "Value #A": 3, 1013 | "runargv": 2, 1014 | "sudo_accept_submituser": 1 1015 | }, 1016 | "renameByName": { 1017 | "Value #A": "Count", 1018 | "accept_runcwd": "", 1019 | "accept_runuser": "Target User", 1020 | "accept_submitcwd": "Source PWD", 1021 | "accept_submithost": "", 1022 | "accept_submituser": "Source User", 1023 | "accept_ttyname": "TTY Name", 1024 | "instance": "Instance", 1025 | "reject_submituser": "User", 1026 | "runargv": "Sudo Command", 1027 | "sudo_accept_submituser": "Source User" 1028 | } 1029 | } 1030 | }, 1031 | { 1032 | "id": "sortBy", 1033 | "options": { 1034 | "fields": {}, 1035 | "sort": [ 1036 | { 1037 | "desc": true, 1038 | "field": "Count" 1039 | } 1040 | ] 1041 | } 1042 | } 1043 | ], 1044 | "type": "table" 1045 | }, 1046 | { 1047 | "collapsed": false, 1048 | "gridPos": { 1049 | "h": 1, 1050 | "w": 24, 1051 | "x": 0, 1052 | "y": 65 1053 | }, 1054 | "id": 13, 1055 | "panels": [], 1056 | "title": "Rejected SUDO Events - Details", 1057 | "type": "row" 1058 | }, 1059 | { 1060 | "datasource": { 1061 | "type": "loki", 1062 | "uid": "${DS_LOKI}" 1063 | }, 1064 | "fieldConfig": { 1065 | "defaults": { 1066 | "color": { 1067 | "mode": "thresholds" 1068 | }, 1069 | "custom": { 1070 | "align": "auto", 1071 | "cellOptions": { 1072 | "type": "auto" 1073 | }, 1074 | "filterable": true, 1075 | "inspect": false 1076 | }, 1077 | "mappings": [], 1078 | "thresholds": { 1079 | "mode": "absolute", 1080 | "steps": [ 1081 | { 1082 | "color": "green", 1083 | "value": null 1084 | } 1085 | ] 1086 | } 1087 | }, 1088 | "overrides": [ 1089 | { 1090 | "matcher": { 1091 | "id": "byName", 1092 | "options": "Time" 1093 | }, 1094 | "properties": [ 1095 | { 1096 | "id": "custom.width", 1097 | "value": 200 1098 | } 1099 | ] 1100 | }, 1101 | { 1102 | "matcher": { 1103 | "id": "byName", 1104 | "options": "Source User" 1105 | }, 1106 | "properties": [ 1107 | { 1108 | "id": "custom.width", 1109 | "value": 150 1110 | } 1111 | ] 1112 | }, 1113 | { 1114 | "matcher": { 1115 | "id": "byName", 1116 | "options": "Source PWD" 1117 | }, 1118 | "properties": [ 1119 | { 1120 | "id": "custom.width", 1121 | "value": 220 1122 | } 1123 | ] 1124 | }, 1125 | { 1126 | "matcher": { 1127 | "id": "byName", 1128 | "options": "Target User" 1129 | }, 1130 | "properties": [ 1131 | { 1132 | "id": "custom.width", 1133 | "value": 150 1134 | } 1135 | ] 1136 | }, 1137 | { 1138 | "matcher": { 1139 | "id": "byName", 1140 | "options": "Reject Reason" 1141 | }, 1142 | "properties": [ 1143 | { 1144 | "id": "custom.width" 1145 | } 1146 | ] 1147 | }, 1148 | { 1149 | "matcher": { 1150 | "id": "byName", 1151 | "options": "Instance" 1152 | }, 1153 | "properties": [ 1154 | { 1155 | "id": "custom.width", 1156 | "value": 200 1157 | } 1158 | ] 1159 | }, 1160 | { 1161 | "matcher": { 1162 | "id": "byName", 1163 | "options": "Sudo Command" 1164 | }, 1165 | "properties": [ 1166 | { 1167 | "id": "custom.width" 1168 | } 1169 | ] 1170 | }, 1171 | { 1172 | "matcher": { 1173 | "id": "byName", 1174 | "options": "TTY Name" 1175 | }, 1176 | "properties": [ 1177 | { 1178 | "id": "custom.width", 1179 | "value": 120 1180 | } 1181 | ] 1182 | } 1183 | ] 1184 | }, 1185 | "gridPos": { 1186 | "h": 21, 1187 | "w": 23, 1188 | "x": 0, 1189 | "y": 66 1190 | }, 1191 | "id": 14, 1192 | "options": { 1193 | "cellHeight": "sm", 1194 | "footer": { 1195 | "countRows": false, 1196 | "enablePagination": false, 1197 | "fields": "", 1198 | "reducer": [ 1199 | "sum" 1200 | ], 1201 | "show": false 1202 | }, 1203 | "showHeader": true, 1204 | "sortBy": [] 1205 | }, 1206 | "pluginVersion": "10.4.0", 1207 | "targets": [ 1208 | { 1209 | "datasource": { 1210 | "type": "loki", 1211 | "uid": "${DS_LOKI}" 1212 | }, 1213 | "editorMode": "code", 1214 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"reject\\\":{.*\" | json runargv=\"sudo.reject.runargv\" | __error__=\"\"", 1215 | "legendFormat": "", 1216 | "queryType": "range", 1217 | "refId": "A" 1218 | } 1219 | ], 1220 | "title": "Rejected SUDO Events Details", 1221 | "transformations": [ 1222 | { 1223 | "id": "extractFields", 1224 | "options": { 1225 | "format": "json", 1226 | "keepTime": true, 1227 | "replace": true, 1228 | "source": "labels" 1229 | } 1230 | }, 1231 | { 1232 | "id": "organize", 1233 | "options": { 1234 | "excludeByName": { 1235 | "accept_columns": true, 1236 | "accept_command": true, 1237 | "accept_lines": true, 1238 | "accept_runcwd": true, 1239 | "accept_runuid": true, 1240 | "accept_server_time_iso8601": true, 1241 | "accept_server_time_localtime": true, 1242 | "accept_server_time_nanoseconds": true, 1243 | "accept_server_time_seconds": true, 1244 | "accept_submit_time_iso8601": true, 1245 | "accept_submit_time_localtime": true, 1246 | "accept_submit_time_nanoseconds": true, 1247 | "accept_submit_time_seconds": true, 1248 | "accept_submithost": true, 1249 | "env": true, 1250 | "filename": true, 1251 | "instance": false, 1252 | "job": true, 1253 | "reject_columns": true, 1254 | "reject_command": true, 1255 | "reject_lines": true, 1256 | "reject_runcwd": true, 1257 | "reject_runuid": true, 1258 | "reject_server_time_iso8601": true, 1259 | "reject_server_time_localtime": true, 1260 | "reject_server_time_nanoseconds": true, 1261 | "reject_server_time_seconds": true, 1262 | "reject_submit_time_iso8601": true, 1263 | "reject_submit_time_localtime": true, 1264 | "reject_submit_time_nanoseconds": true, 1265 | "reject_submit_time_seconds": true, 1266 | "reject_submithost": true, 1267 | "reject_ttyname": false, 1268 | "sudo_json_message": true, 1269 | "sudo_reject_columns": true, 1270 | "sudo_reject_command": true, 1271 | "sudo_reject_lines": true, 1272 | "sudo_reject_runcwd": true, 1273 | "sudo_reject_runuid": true, 1274 | "sudo_reject_server_time_iso8601": true, 1275 | "sudo_reject_server_time_localtime": true, 1276 | "sudo_reject_server_time_nanoseconds": true, 1277 | "sudo_reject_server_time_seconds": true, 1278 | "sudo_reject_submit_time_iso8601": true, 1279 | "sudo_reject_submit_time_localtime": true, 1280 | "sudo_reject_submit_time_nanoseconds": true, 1281 | "sudo_reject_submit_time_seconds": true, 1282 | "sudo_reject_submithost": true 1283 | }, 1284 | "includeByName": {}, 1285 | "indexByName": { 1286 | "Time": 0, 1287 | "env": 8, 1288 | "filename": 9, 1289 | "instance": 5, 1290 | "job": 10, 1291 | "runargv": 6, 1292 | "sudo_json_message": 11, 1293 | "sudo_reject_columns": 12, 1294 | "sudo_reject_command": 13, 1295 | "sudo_reject_lines": 14, 1296 | "sudo_reject_reason": 4, 1297 | "sudo_reject_runcwd": 15, 1298 | "sudo_reject_runuid": 16, 1299 | "sudo_reject_runuser": 3, 1300 | "sudo_reject_server_time_iso8601": 17, 1301 | "sudo_reject_server_time_localtime": 18, 1302 | "sudo_reject_server_time_nanoseconds": 19, 1303 | "sudo_reject_server_time_seconds": 20, 1304 | "sudo_reject_submit_time_iso8601": 21, 1305 | "sudo_reject_submit_time_localtime": 22, 1306 | "sudo_reject_submit_time_nanoseconds": 23, 1307 | "sudo_reject_submit_time_seconds": 24, 1308 | "sudo_reject_submitcwd": 2, 1309 | "sudo_reject_submithost": 25, 1310 | "sudo_reject_submituser": 1, 1311 | "sudo_reject_ttyname": 7 1312 | }, 1313 | "renameByName": { 1314 | "accept_runcwd": "", 1315 | "accept_runuser": "Target User", 1316 | "accept_submitcwd": "Source PWD", 1317 | "accept_submithost": "", 1318 | "accept_submituser": "Source User", 1319 | "accept_ttyname": "TTY Name", 1320 | "instance": "Instance", 1321 | "reject_reason": "Reject Reason", 1322 | "reject_runuser": "Target User", 1323 | "reject_submitcwd": "Source PWD", 1324 | "reject_submituser": "Source User", 1325 | "runargv": "Sudo Command", 1326 | "sudo_reject_columns": "", 1327 | "sudo_reject_reason": "Reject Reason", 1328 | "sudo_reject_runuser": "Target User", 1329 | "sudo_reject_submitcwd": "Source PWD", 1330 | "sudo_reject_submituser": "Source User", 1331 | "sudo_reject_ttyname": "TTY Name" 1332 | } 1333 | } 1334 | }, 1335 | { 1336 | "id": "sortBy", 1337 | "options": { 1338 | "fields": {}, 1339 | "sort": [ 1340 | { 1341 | "desc": true, 1342 | "field": "Time" 1343 | } 1344 | ] 1345 | } 1346 | } 1347 | ], 1348 | "type": "table" 1349 | }, 1350 | { 1351 | "datasource": { 1352 | "type": "loki", 1353 | "uid": "${DS_LOKI}" 1354 | }, 1355 | "description": "", 1356 | "fieldConfig": { 1357 | "defaults": { 1358 | "color": { 1359 | "mode": "thresholds" 1360 | }, 1361 | "custom": { 1362 | "align": "auto", 1363 | "cellOptions": { 1364 | "type": "auto" 1365 | }, 1366 | "filterable": false, 1367 | "inspect": true 1368 | }, 1369 | "mappings": [], 1370 | "thresholds": { 1371 | "mode": "absolute", 1372 | "steps": [ 1373 | { 1374 | "color": "dark-purple", 1375 | "value": null 1376 | } 1377 | ] 1378 | } 1379 | }, 1380 | "overrides": [ 1381 | { 1382 | "matcher": { 1383 | "id": "byName", 1384 | "options": "Count" 1385 | }, 1386 | "properties": [ 1387 | { 1388 | "id": "custom.cellOptions", 1389 | "value": { 1390 | "type": "gauge" 1391 | } 1392 | } 1393 | ] 1394 | } 1395 | ] 1396 | }, 1397 | "gridPos": { 1398 | "h": 12, 1399 | "w": 23, 1400 | "x": 0, 1401 | "y": 87 1402 | }, 1403 | "id": 12, 1404 | "options": { 1405 | "cellHeight": "sm", 1406 | "footer": { 1407 | "countRows": false, 1408 | "fields": [ 1409 | "Value #A" 1410 | ], 1411 | "reducer": [ 1412 | "sum" 1413 | ], 1414 | "show": true 1415 | }, 1416 | "showHeader": true, 1417 | "sortBy": [] 1418 | }, 1419 | "pluginVersion": "10.4.0", 1420 | "targets": [ 1421 | { 1422 | "datasource": { 1423 | "type": "loki", 1424 | "uid": "${DS_LOKI}" 1425 | }, 1426 | "editorMode": "code", 1427 | "expr": "topk(10, sum by (sudo_reject_submituser, runargv) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sudo[\" | pattern `<_> sudo[<_>]<_> <_>:` | line_format\"{{ .sudo_json_message }}\" | json | sudo_json_message=~\".+{\\\"reject\\\":{.*\" | json runargv=\"sudo.reject.runargv\" | __error__=\"\" [$__range])))", 1428 | "hide": false, 1429 | "legendFormat": "{{ sudo_reject_submituser }} {{ runargv }}", 1430 | "queryType": "instant", 1431 | "refId": "A" 1432 | } 1433 | ], 1434 | "title": "Top 10 Rejected SUDO Events by User and Command", 1435 | "transformations": [ 1436 | { 1437 | "id": "organize", 1438 | "options": { 1439 | "excludeByName": { 1440 | "Time": true, 1441 | "accept_columns": true, 1442 | "accept_command": true, 1443 | "accept_lines": true, 1444 | "accept_runcwd": true, 1445 | "accept_runuid": true, 1446 | "accept_server_time_iso8601": true, 1447 | "accept_server_time_localtime": true, 1448 | "accept_server_time_nanoseconds": true, 1449 | "accept_server_time_seconds": true, 1450 | "accept_submit_time_iso8601": true, 1451 | "accept_submit_time_localtime": true, 1452 | "accept_submit_time_nanoseconds": true, 1453 | "accept_submit_time_seconds": true, 1454 | "accept_submithost": true, 1455 | "env": true, 1456 | "filename": true, 1457 | "instance": false, 1458 | "job": true, 1459 | "sudo_json_message": true 1460 | }, 1461 | "includeByName": {}, 1462 | "indexByName": { 1463 | "Time": 0, 1464 | "Value #A": 3, 1465 | "runargv": 2, 1466 | "sudo_reject_submituser": 1 1467 | }, 1468 | "renameByName": { 1469 | "Value #A": "Count", 1470 | "accept_runcwd": "", 1471 | "accept_runuser": "Target User", 1472 | "accept_submitcwd": "Source PWD", 1473 | "accept_submithost": "", 1474 | "accept_submituser": "Source User", 1475 | "accept_ttyname": "TTY Name", 1476 | "instance": "Instance", 1477 | "reject_submituser": "User", 1478 | "runargv": "Sudo Command", 1479 | "sudo_reject_submituser": "Source User" 1480 | } 1481 | } 1482 | }, 1483 | { 1484 | "id": "sortBy", 1485 | "options": { 1486 | "fields": {}, 1487 | "sort": [ 1488 | { 1489 | "desc": true, 1490 | "field": "Count" 1491 | } 1492 | ] 1493 | } 1494 | } 1495 | ], 1496 | "type": "table" 1497 | } 1498 | ], 1499 | "refresh": "1m", 1500 | "schemaVersion": 39, 1501 | "tags": [ 1502 | "linux", 1503 | "loki", 1504 | "sudo" 1505 | ], 1506 | "templating": { 1507 | "list": [ 1508 | { 1509 | "current": { 1510 | "selected": false, 1511 | "text": "loki", 1512 | "value": "P982945308D3682D1" 1513 | }, 1514 | "hide": 0, 1515 | "includeAll": false, 1516 | "label": "Datasource", 1517 | "multi": false, 1518 | "name": "datasource", 1519 | "options": [], 1520 | "query": "loki", 1521 | "refresh": 1, 1522 | "regex": "", 1523 | "skipUrlSync": false, 1524 | "type": "datasource" 1525 | }, 1526 | { 1527 | "current": {}, 1528 | "datasource": { 1529 | "type": "loki", 1530 | "uid": "${DS_LOKI}" 1531 | }, 1532 | "definition": "", 1533 | "hide": 0, 1534 | "includeAll": false, 1535 | "label": "Label Name", 1536 | "multi": false, 1537 | "name": "label_name", 1538 | "options": [], 1539 | "query": { 1540 | "label": "", 1541 | "refId": "LokiVariableQueryEditor-VariableQuery", 1542 | "stream": "", 1543 | "type": 0 1544 | }, 1545 | "refresh": 2, 1546 | "regex": "", 1547 | "skipUrlSync": false, 1548 | "sort": 0, 1549 | "type": "query" 1550 | }, 1551 | { 1552 | "current": {}, 1553 | "datasource": { 1554 | "type": "loki", 1555 | "uid": "${DS_LOKI}" 1556 | }, 1557 | "definition": "", 1558 | "hide": 0, 1559 | "includeAll": true, 1560 | "label": "Label Value", 1561 | "multi": true, 1562 | "name": "label_value", 1563 | "options": [], 1564 | "query": { 1565 | "label": "$label_name", 1566 | "refId": "LokiVariableQueryEditor-VariableQuery", 1567 | "stream": "", 1568 | "type": 1 1569 | }, 1570 | "refresh": 2, 1571 | "regex": "", 1572 | "skipUrlSync": false, 1573 | "sort": 1, 1574 | "type": "query" 1575 | }, 1576 | { 1577 | "allValue": ".*", 1578 | "current": {}, 1579 | "datasource": { 1580 | "type": "loki", 1581 | "uid": "${DS_LOKI}" 1582 | }, 1583 | "definition": "", 1584 | "hide": 0, 1585 | "includeAll": true, 1586 | "label": "Job", 1587 | "multi": true, 1588 | "name": "job", 1589 | "options": [], 1590 | "query": { 1591 | "label": "job", 1592 | "refId": "LokiVariableQueryEditor-VariableQuery", 1593 | "stream": "{$label_name=~\"$label_value\"}", 1594 | "type": 1 1595 | }, 1596 | "refresh": 2, 1597 | "regex": "", 1598 | "skipUrlSync": false, 1599 | "sort": 0, 1600 | "type": "query" 1601 | }, 1602 | { 1603 | "allValue": ".*", 1604 | "current": {}, 1605 | "datasource": { 1606 | "type": "loki", 1607 | "uid": "${DS_LOKI}" 1608 | }, 1609 | "definition": "", 1610 | "hide": 0, 1611 | "includeAll": false, 1612 | "label": "Instance", 1613 | "multi": false, 1614 | "name": "instance", 1615 | "options": [], 1616 | "query": { 1617 | "label": "instance", 1618 | "refId": "LokiVariableQueryEditor-VariableQuery", 1619 | "stream": "{$label_name=~\"$label_value\"}", 1620 | "type": 1 1621 | }, 1622 | "refresh": 2, 1623 | "regex": "", 1624 | "skipUrlSync": false, 1625 | "sort": 0, 1626 | "type": "query" 1627 | } 1628 | ] 1629 | }, 1630 | "time": { 1631 | "from": "now-24h", 1632 | "to": "now" 1633 | }, 1634 | "timepicker": {}, 1635 | "timezone": "", 1636 | "title": "SUDO Logs - JSON version", 1637 | "uid": "e3f0d8c9-ca9f-4a0d-bad6-2f12c6714558", 1638 | "version": 2, 1639 | "weekStart": "" 1640 | } 1641 | -------------------------------------------------------------------------------- /loki/privatebin_access_log.json: -------------------------------------------------------------------------------- 1 | { 2 | "__inputs": [ 3 | { 4 | "name": "DS_LOKI", 5 | "label": "loki", 6 | "description": "", 7 | "type": "datasource", 8 | "pluginId": "loki", 9 | "pluginName": "Loki" 10 | } 11 | ], 12 | "__elements": {}, 13 | "__requires": [ 14 | { 15 | "type": "grafana", 16 | "id": "grafana", 17 | "name": "Grafana", 18 | "version": "10.1.1" 19 | }, 20 | { 21 | "type": "panel", 22 | "id": "logs", 23 | "name": "Logs", 24 | "version": "" 25 | }, 26 | { 27 | "type": "datasource", 28 | "id": "loki", 29 | "name": "Loki", 30 | "version": "1.0.0" 31 | }, 32 | { 33 | "type": "panel", 34 | "id": "stat", 35 | "name": "Stat", 36 | "version": "" 37 | }, 38 | { 39 | "type": "panel", 40 | "id": "table", 41 | "name": "Table", 42 | "version": "" 43 | }, 44 | { 45 | "type": "panel", 46 | "id": "text", 47 | "name": "Text", 48 | "version": "" 49 | }, 50 | { 51 | "type": "panel", 52 | "id": "timeseries", 53 | "name": "Time series", 54 | "version": "" 55 | } 56 | ], 57 | "annotations": { 58 | "list": [ 59 | { 60 | "builtIn": 1, 61 | "datasource": { 62 | "type": "grafana", 63 | "uid": "-- Grafana --" 64 | }, 65 | "enable": true, 66 | "hide": true, 67 | "iconColor": "rgba(0, 211, 255, 1)", 68 | "name": "Annotations & Alerts", 69 | "type": "dashboard" 70 | } 71 | ] 72 | }, 73 | "description": "Loki - PrivateBin NGINX JSON Access Log", 74 | "editable": true, 75 | "fiscalYearStartMonth": 0, 76 | "gnetId": 19507, 77 | "graphTooltip": 0, 78 | "id": null, 79 | "links": [], 80 | "liveNow": false, 81 | "panels": [ 82 | { 83 | "collapsed": false, 84 | "gridPos": { 85 | "h": 1, 86 | "w": 24, 87 | "x": 0, 88 | "y": 0 89 | }, 90 | "id": 1, 91 | "panels": [], 92 | "title": "Total Stats", 93 | "type": "row" 94 | }, 95 | { 96 | "datasource": { 97 | "type": "loki", 98 | "uid": "${DS_LOKI}" 99 | }, 100 | "description": "PrivateBin POST request may contain both a created paste and post requests for discussion comments. Since the URL remains the same, it's not possible to determine whether it's a paste or a discussion comment. If you intend to use this dashboard, it is recommended to disable discussions, as this can lead to incorrect results.", 101 | "fieldConfig": { 102 | "defaults": { 103 | "color": { 104 | "mode": "thresholds" 105 | }, 106 | "mappings": [ 107 | { 108 | "options": { 109 | "match": "null", 110 | "result": { 111 | "index": 0, 112 | "text": "0" 113 | } 114 | }, 115 | "type": "special" 116 | } 117 | ], 118 | "thresholds": { 119 | "mode": "absolute", 120 | "steps": [ 121 | { 122 | "color": "purple", 123 | "value": null 124 | } 125 | ] 126 | }, 127 | "unit": "short" 128 | }, 129 | "overrides": [] 130 | }, 131 | "gridPos": { 132 | "h": 4, 133 | "w": 3, 134 | "x": 0, 135 | "y": 1 136 | }, 137 | "id": 10, 138 | "options": { 139 | "colorMode": "background", 140 | "graphMode": "none", 141 | "justifyMode": "center", 142 | "orientation": "auto", 143 | "reduceOptions": { 144 | "calcs": [], 145 | "fields": "", 146 | "values": false 147 | }, 148 | "textMode": "auto" 149 | }, 150 | "pluginVersion": "10.1.1", 151 | "targets": [ 152 | { 153 | "datasource": { 154 | "type": "loki", 155 | "uid": "${DS_LOKI}" 156 | }, 157 | "editorMode": "code", 158 | "expr": "sum by(host) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=\"POST\" | status=~\"200|201|202|204\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range]))", 159 | "queryType": "instant", 160 | "refId": "A" 161 | } 162 | ], 163 | "title": "Total Created Paste", 164 | "type": "stat" 165 | }, 166 | { 167 | "datasource": { 168 | "type": "loki", 169 | "uid": "${DS_LOKI}" 170 | }, 171 | "description": "This can include both expired and unexpired paste requests.", 172 | "fieldConfig": { 173 | "defaults": { 174 | "color": { 175 | "mode": "thresholds" 176 | }, 177 | "mappings": [ 178 | { 179 | "options": { 180 | "match": "null", 181 | "result": { 182 | "index": 0, 183 | "text": "0" 184 | } 185 | }, 186 | "type": "special" 187 | } 188 | ], 189 | "thresholds": { 190 | "mode": "absolute", 191 | "steps": [ 192 | { 193 | "color": "purple", 194 | "value": null 195 | } 196 | ] 197 | }, 198 | "unit": "short" 199 | }, 200 | "overrides": [] 201 | }, 202 | "gridPos": { 203 | "h": 4, 204 | "w": 3, 205 | "x": 3, 206 | "y": 1 207 | }, 208 | "id": 8, 209 | "options": { 210 | "colorMode": "background", 211 | "graphMode": "none", 212 | "justifyMode": "center", 213 | "orientation": "auto", 214 | "reduceOptions": { 215 | "calcs": [], 216 | "fields": "", 217 | "values": false 218 | }, 219 | "textMode": "auto" 220 | }, 221 | "pluginVersion": "10.1.1", 222 | "targets": [ 223 | { 224 | "datasource": { 225 | "type": "loki", 226 | "uid": "${DS_LOKI}" 227 | }, 228 | "editorMode": "code", 229 | "expr": "sum by(host) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range]))", 230 | "queryType": "instant", 231 | "refId": "A" 232 | } 233 | ], 234 | "title": "Total Requested Paste", 235 | "type": "stat" 236 | }, 237 | { 238 | "datasource": { 239 | "type": "loki", 240 | "uid": "${DS_LOKI}" 241 | }, 242 | "description": "This can include both expired and unexpired paste requests.", 243 | "fieldConfig": { 244 | "defaults": { 245 | "color": { 246 | "mode": "thresholds" 247 | }, 248 | "mappings": [ 249 | { 250 | "options": { 251 | "match": "null", 252 | "result": { 253 | "index": 0, 254 | "text": "0" 255 | } 256 | }, 257 | "type": "special" 258 | } 259 | ], 260 | "thresholds": { 261 | "mode": "absolute", 262 | "steps": [ 263 | { 264 | "color": "super-light-blue", 265 | "value": null 266 | } 267 | ] 268 | }, 269 | "unit": "decbytes" 270 | }, 271 | "overrides": [] 272 | }, 273 | "gridPos": { 274 | "h": 4, 275 | "w": 4, 276 | "x": 6, 277 | "y": 1 278 | }, 279 | "id": 20, 280 | "options": { 281 | "colorMode": "background", 282 | "graphMode": "none", 283 | "justifyMode": "center", 284 | "orientation": "auto", 285 | "reduceOptions": { 286 | "calcs": [ 287 | "sum" 288 | ], 289 | "fields": "", 290 | "values": false 291 | }, 292 | "textMode": "auto" 293 | }, 294 | "pluginVersion": "10.1.1", 295 | "targets": [ 296 | { 297 | "datasource": { 298 | "type": "loki", 299 | "uid": "${DS_LOKI}" 300 | }, 301 | "editorMode": "code", 302 | "expr": "sum by (host) (sum_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=~\"GET|POST\" | accept=~\".*application/json.*\" | unwrap body_bytes_sent | __error__=\"\" [$__range]))", 303 | "legendFormat": "", 304 | "queryType": "instant", 305 | "refId": "A" 306 | } 307 | ], 308 | "title": "Paste - Total Body Bytes Send", 309 | "type": "stat" 310 | }, 311 | { 312 | "datasource": { 313 | "type": "loki", 314 | "uid": "${DS_LOKI}" 315 | }, 316 | "description": "", 317 | "fieldConfig": { 318 | "defaults": { 319 | "color": { 320 | "mode": "thresholds" 321 | }, 322 | "mappings": [ 323 | { 324 | "options": { 325 | "match": "null", 326 | "result": { 327 | "index": 0, 328 | "text": "0" 329 | } 330 | }, 331 | "type": "special" 332 | } 333 | ], 334 | "thresholds": { 335 | "mode": "absolute", 336 | "steps": [ 337 | { 338 | "color": "orange", 339 | "value": null 340 | } 341 | ] 342 | }, 343 | "unit": "decbytes" 344 | }, 345 | "overrides": [] 346 | }, 347 | "gridPos": { 348 | "h": 4, 349 | "w": 3, 350 | "x": 10, 351 | "y": 1 352 | }, 353 | "id": 11, 354 | "options": { 355 | "colorMode": "background", 356 | "graphMode": "none", 357 | "justifyMode": "auto", 358 | "orientation": "auto", 359 | "reduceOptions": { 360 | "calcs": [ 361 | "sum" 362 | ], 363 | "fields": "", 364 | "values": false 365 | }, 366 | "textMode": "auto" 367 | }, 368 | "pluginVersion": "10.1.1", 369 | "targets": [ 370 | { 371 | "datasource": { 372 | "type": "loki", 373 | "uid": "${DS_LOKI}" 374 | }, 375 | "editorMode": "code", 376 | "expr": "sum(bytes_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | __error__=\"\" [$__range]))", 377 | "queryType": "instant", 378 | "refId": "A" 379 | } 380 | ], 381 | "title": "Access Log in bytes", 382 | "type": "stat" 383 | }, 384 | { 385 | "datasource": { 386 | "type": "loki", 387 | "uid": "${DS_LOKI}" 388 | }, 389 | "description": "", 390 | "fieldConfig": { 391 | "defaults": { 392 | "color": { 393 | "mode": "thresholds" 394 | }, 395 | "mappings": [ 396 | { 397 | "options": { 398 | "match": "null", 399 | "result": { 400 | "index": 0, 401 | "text": "0" 402 | } 403 | }, 404 | "type": "special" 405 | } 406 | ], 407 | "thresholds": { 408 | "mode": "absolute", 409 | "steps": [ 410 | { 411 | "color": "orange", 412 | "value": null 413 | } 414 | ] 415 | }, 416 | "unit": "short" 417 | }, 418 | "overrides": [] 419 | }, 420 | "gridPos": { 421 | "h": 4, 422 | "w": 3, 423 | "x": 13, 424 | "y": 1 425 | }, 426 | "id": 9, 427 | "options": { 428 | "colorMode": "background", 429 | "graphMode": "none", 430 | "justifyMode": "auto", 431 | "orientation": "auto", 432 | "reduceOptions": { 433 | "calcs": [], 434 | "fields": "", 435 | "values": false 436 | }, 437 | "textMode": "auto" 438 | }, 439 | "pluginVersion": "10.1.1", 440 | "targets": [ 441 | { 442 | "datasource": { 443 | "type": "loki", 444 | "uid": "${DS_LOKI}" 445 | }, 446 | "editorMode": "code", 447 | "expr": "sum(count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | __error__=\"\" [$__range]))", 448 | "queryType": "instant", 449 | "refId": "A" 450 | } 451 | ], 452 | "title": "Access Log Lines", 453 | "type": "stat" 454 | }, 455 | { 456 | "datasource": { 457 | "type": "datasource", 458 | "uid": "grafana" 459 | }, 460 | "gridPos": { 461 | "h": 8, 462 | "w": 3, 463 | "x": 16, 464 | "y": 1 465 | }, 466 | "id": 28, 467 | "options": { 468 | "code": { 469 | "language": "plaintext", 470 | "showLineNumbers": false, 471 | "showMiniMap": false 472 | }, 473 | "content": "# PrivateBin Access Log\n\nCreated by [VoidQuark](https://voidquark.com)\n\n- [Dashboard Source](https://github.com/voidquark/grafana-dashboards)\n\n- Follow me on [Twitter](https://twitter.com/voidquark) for updates on new and current dashboards.", 474 | "mode": "markdown" 475 | }, 476 | "pluginVersion": "10.1.1", 477 | "type": "text" 478 | }, 479 | { 480 | "datasource": { 481 | "type": "loki", 482 | "uid": "${DS_LOKI}" 483 | }, 484 | "description": "PrivateBin POST request may contain both a created paste and post requests for discussion comments. Since the URL remains the same, it's not possible to determine whether it's a paste or a discussion comment. If you intend to use this dashboard, it is recommended to disable discussions, as this can lead to incorrect results.", 485 | "fieldConfig": { 486 | "defaults": { 487 | "color": { 488 | "mode": "thresholds" 489 | }, 490 | "mappings": [ 491 | { 492 | "options": { 493 | "match": "null", 494 | "result": { 495 | "index": 0, 496 | "text": "0" 497 | } 498 | }, 499 | "type": "special" 500 | } 501 | ], 502 | "thresholds": { 503 | "mode": "absolute", 504 | "steps": [ 505 | { 506 | "color": "purple", 507 | "value": null 508 | } 509 | ] 510 | }, 511 | "unit": "short" 512 | }, 513 | "overrides": [] 514 | }, 515 | "gridPos": { 516 | "h": 4, 517 | "w": 4, 518 | "x": 0, 519 | "y": 5 520 | }, 521 | "id": 12, 522 | "options": { 523 | "colorMode": "background", 524 | "graphMode": "none", 525 | "justifyMode": "auto", 526 | "orientation": "auto", 527 | "reduceOptions": { 528 | "calcs": [], 529 | "fields": "", 530 | "values": false 531 | }, 532 | "textMode": "auto" 533 | }, 534 | "pluginVersion": "10.1.1", 535 | "targets": [ 536 | { 537 | "datasource": { 538 | "type": "loki", 539 | "uid": "${DS_LOKI}" 540 | }, 541 | "editorMode": "code", 542 | "expr": "count(count by(cf_connecting_ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=\"POST\" | status=~\"200|201|202|204\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 543 | "hide": false, 544 | "legendFormat": "{{ cf_connecting_ip }}", 545 | "queryType": "instant", 546 | "refId": "A", 547 | "step": "" 548 | } 549 | ], 550 | "title": "Total Created Paste - Unique IP", 551 | "transformations": [], 552 | "type": "stat" 553 | }, 554 | { 555 | "datasource": { 556 | "type": "loki", 557 | "uid": "${DS_LOKI}" 558 | }, 559 | "description": "This can include both expired and unexpired paste requests.", 560 | "fieldConfig": { 561 | "defaults": { 562 | "color": { 563 | "mode": "thresholds" 564 | }, 565 | "mappings": [ 566 | { 567 | "options": { 568 | "match": "null", 569 | "result": { 570 | "index": 0, 571 | "text": "0" 572 | } 573 | }, 574 | "type": "special" 575 | } 576 | ], 577 | "thresholds": { 578 | "mode": "absolute", 579 | "steps": [ 580 | { 581 | "color": "purple", 582 | "value": null 583 | } 584 | ] 585 | }, 586 | "unit": "short" 587 | }, 588 | "overrides": [] 589 | }, 590 | "gridPos": { 591 | "h": 4, 592 | "w": 4, 593 | "x": 4, 594 | "y": 5 595 | }, 596 | "id": 7, 597 | "options": { 598 | "colorMode": "background", 599 | "graphMode": "none", 600 | "justifyMode": "auto", 601 | "orientation": "auto", 602 | "reduceOptions": { 603 | "calcs": [], 604 | "fields": "", 605 | "values": false 606 | }, 607 | "textMode": "auto" 608 | }, 609 | "pluginVersion": "10.1.1", 610 | "targets": [ 611 | { 612 | "datasource": { 613 | "type": "loki", 614 | "uid": "${DS_LOKI}" 615 | }, 616 | "editorMode": "code", 617 | "expr": "count(count by(cf_connecting_ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 618 | "hide": false, 619 | "legendFormat": "{{ cf_connecting_ip }}", 620 | "queryType": "instant", 621 | "refId": "A", 622 | "step": "" 623 | } 624 | ], 625 | "title": "Total Requested Paste - Unique IP", 626 | "transformations": [], 627 | "type": "stat" 628 | }, 629 | { 630 | "datasource": { 631 | "type": "loki", 632 | "uid": "${DS_LOKI}" 633 | }, 634 | "description": "This counter includes all 4xx requests for all types of requests, not just paste requests.", 635 | "fieldConfig": { 636 | "defaults": { 637 | "color": { 638 | "mode": "thresholds" 639 | }, 640 | "mappings": [ 641 | { 642 | "options": { 643 | "match": "null", 644 | "result": { 645 | "index": 0, 646 | "text": "0" 647 | } 648 | }, 649 | "type": "special" 650 | } 651 | ], 652 | "thresholds": { 653 | "mode": "absolute", 654 | "steps": [ 655 | { 656 | "color": "light-green", 657 | "value": null 658 | }, 659 | { 660 | "color": "light-green", 661 | "value": 0 662 | }, 663 | { 664 | "color": "super-light-red", 665 | "value": 1 666 | } 667 | ] 668 | }, 669 | "unit": "short" 670 | }, 671 | "overrides": [] 672 | }, 673 | "gridPos": { 674 | "h": 4, 675 | "w": 3, 676 | "x": 8, 677 | "y": 5 678 | }, 679 | "id": 13, 680 | "options": { 681 | "colorMode": "background", 682 | "graphMode": "none", 683 | "justifyMode": "center", 684 | "orientation": "auto", 685 | "reduceOptions": { 686 | "calcs": [], 687 | "fields": "", 688 | "values": false 689 | }, 690 | "textMode": "auto" 691 | }, 692 | "pluginVersion": "10.1.1", 693 | "targets": [ 694 | { 695 | "datasource": { 696 | "type": "loki", 697 | "uid": "${DS_LOKI}" 698 | }, 699 | "editorMode": "code", 700 | "expr": "sum by(host) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | status=~\"4.+\" | __error__=\"\" [$__range]))", 701 | "queryType": "instant", 702 | "refId": "A" 703 | } 704 | ], 705 | "title": "Total Request 4xx", 706 | "type": "stat" 707 | }, 708 | { 709 | "datasource": { 710 | "type": "loki", 711 | "uid": "${DS_LOKI}" 712 | }, 713 | "description": "This counter includes all 5xx requests for all types of requests, not just paste requests.", 714 | "fieldConfig": { 715 | "defaults": { 716 | "color": { 717 | "mode": "thresholds" 718 | }, 719 | "mappings": [ 720 | { 721 | "options": { 722 | "match": "null", 723 | "result": { 724 | "index": 0, 725 | "text": "0" 726 | } 727 | }, 728 | "type": "special" 729 | } 730 | ], 731 | "thresholds": { 732 | "mode": "absolute", 733 | "steps": [ 734 | { 735 | "color": "light-green", 736 | "value": null 737 | }, 738 | { 739 | "color": "light-green", 740 | "value": 0 741 | }, 742 | { 743 | "color": "super-light-yellow", 744 | "value": 1 745 | } 746 | ] 747 | }, 748 | "unit": "short" 749 | }, 750 | "overrides": [] 751 | }, 752 | "gridPos": { 753 | "h": 4, 754 | "w": 3, 755 | "x": 11, 756 | "y": 5 757 | }, 758 | "id": 19, 759 | "options": { 760 | "colorMode": "background", 761 | "graphMode": "none", 762 | "justifyMode": "center", 763 | "orientation": "auto", 764 | "reduceOptions": { 765 | "calcs": [], 766 | "fields": "", 767 | "values": false 768 | }, 769 | "textMode": "auto" 770 | }, 771 | "pluginVersion": "10.1.1", 772 | "targets": [ 773 | { 774 | "datasource": { 775 | "type": "loki", 776 | "uid": "${DS_LOKI}" 777 | }, 778 | "editorMode": "code", 779 | "expr": "sum by(host) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | status=~\"5.+\" | __error__=\"\" [$__range]))", 780 | "queryType": "instant", 781 | "refId": "A" 782 | } 783 | ], 784 | "title": "Total Request 5xx", 785 | "type": "stat" 786 | }, 787 | { 788 | "datasource": { 789 | "type": "loki", 790 | "uid": "${DS_LOKI}" 791 | }, 792 | "gridPos": { 793 | "h": 12, 794 | "w": 19, 795 | "x": 0, 796 | "y": 9 797 | }, 798 | "id": 27, 799 | "options": { 800 | "dedupStrategy": "none", 801 | "enableLogDetails": true, 802 | "prettifyLogMessage": false, 803 | "showCommonLabels": false, 804 | "showLabels": false, 805 | "showTime": true, 806 | "sortOrder": "Descending", 807 | "wrapLogMessage": false 808 | }, 809 | "targets": [ 810 | { 811 | "datasource": { 812 | "type": "loki", 813 | "uid": "${DS_LOKI}" 814 | }, 815 | "editorMode": "code", 816 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | line_format \"📜 {{.request_method}} 📋{{.request_uri }} 🌍{{.cf_ipcountry}} {{.cf_connecting_ip}} 🆔{{.cf_ray}} 💻{{.user_agent }}\"", 817 | "queryType": "range", 818 | "refId": "A" 819 | }, 820 | { 821 | "datasource": { 822 | "type": "loki", 823 | "uid": "${DS_LOKI}" 824 | }, 825 | "editorMode": "code", 826 | "expr": "{$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=\"POST\" | status=~\"200|201|202|204\" | accept=~\".*application/json.*\" | line_format \"✉️ {{.request_method}} 📋{{.request_uri }} 🌍{{.cf_ipcountry}} {{.cf_connecting_ip}} 🆔{{.cf_ray}} 💻{{.user_agent }}\"", 827 | "hide": false, 828 | "queryType": "range", 829 | "refId": "B" 830 | } 831 | ], 832 | "title": "Paste - Privatebin Recent Log", 833 | "type": "logs" 834 | }, 835 | { 836 | "collapsed": false, 837 | "gridPos": { 838 | "h": 1, 839 | "w": 24, 840 | "x": 0, 841 | "y": 21 842 | }, 843 | "id": 18, 844 | "panels": [], 845 | "title": "Stats Overtime", 846 | "type": "row" 847 | }, 848 | { 849 | "datasource": { 850 | "type": "loki", 851 | "uid": "${DS_LOKI}" 852 | }, 853 | "fieldConfig": { 854 | "defaults": { 855 | "color": { 856 | "mode": "palette-classic" 857 | }, 858 | "custom": { 859 | "axisCenteredZero": false, 860 | "axisColorMode": "text", 861 | "axisLabel": "", 862 | "axisPlacement": "auto", 863 | "barAlignment": 0, 864 | "drawStyle": "line", 865 | "fillOpacity": 7, 866 | "gradientMode": "hue", 867 | "hideFrom": { 868 | "legend": false, 869 | "tooltip": false, 870 | "viz": false 871 | }, 872 | "insertNulls": false, 873 | "lineInterpolation": "smooth", 874 | "lineStyle": { 875 | "fill": "solid" 876 | }, 877 | "lineWidth": 1, 878 | "pointSize": 7, 879 | "scaleDistribution": { 880 | "type": "linear" 881 | }, 882 | "showPoints": "always", 883 | "spanNulls": true, 884 | "stacking": { 885 | "group": "A", 886 | "mode": "none" 887 | }, 888 | "thresholdsStyle": { 889 | "mode": "off" 890 | } 891 | }, 892 | "mappings": [], 893 | "thresholds": { 894 | "mode": "absolute", 895 | "steps": [ 896 | { 897 | "color": "light-green", 898 | "value": null 899 | } 900 | ] 901 | }, 902 | "unit": "short" 903 | }, 904 | "overrides": [] 905 | }, 906 | "gridPos": { 907 | "h": 10, 908 | "w": 11, 909 | "x": 0, 910 | "y": 22 911 | }, 912 | "id": 16, 913 | "options": { 914 | "legend": { 915 | "calcs": [], 916 | "displayMode": "list", 917 | "placement": "right", 918 | "showLegend": true 919 | }, 920 | "tooltip": { 921 | "mode": "multi", 922 | "sort": "none" 923 | } 924 | }, 925 | "pluginVersion": "10.1.1", 926 | "targets": [ 927 | { 928 | "datasource": { 929 | "type": "loki", 930 | "uid": "${DS_LOKI}" 931 | }, 932 | "editorMode": "code", 933 | "expr": "sum by (status) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__interval]))", 934 | "hide": false, 935 | "legendFormat": "GET Status Code {{ status }}", 936 | "queryType": "range", 937 | "refId": "A" 938 | }, 939 | { 940 | "datasource": { 941 | "type": "loki", 942 | "uid": "${DS_LOKI}" 943 | }, 944 | "editorMode": "code", 945 | "expr": "sum by (status) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=\"POST\" | accept=~\".*application/json.*\" | __error__=\"\" [$__interval]))", 946 | "hide": false, 947 | "legendFormat": "POST Status Code {{ status }}", 948 | "queryType": "range", 949 | "refId": "B" 950 | } 951 | ], 952 | "title": "Paste - GET/POST Status Code", 953 | "type": "timeseries" 954 | }, 955 | { 956 | "datasource": { 957 | "type": "loki", 958 | "uid": "${DS_LOKI}" 959 | }, 960 | "fieldConfig": { 961 | "defaults": { 962 | "color": { 963 | "mode": "palette-classic" 964 | }, 965 | "custom": { 966 | "axisCenteredZero": false, 967 | "axisColorMode": "text", 968 | "axisLabel": "", 969 | "axisPlacement": "auto", 970 | "barAlignment": 0, 971 | "drawStyle": "line", 972 | "fillOpacity": 7, 973 | "gradientMode": "hue", 974 | "hideFrom": { 975 | "legend": false, 976 | "tooltip": false, 977 | "viz": false 978 | }, 979 | "insertNulls": false, 980 | "lineInterpolation": "smooth", 981 | "lineStyle": { 982 | "fill": "solid" 983 | }, 984 | "lineWidth": 1, 985 | "pointSize": 7, 986 | "scaleDistribution": { 987 | "type": "linear" 988 | }, 989 | "showPoints": "always", 990 | "spanNulls": true, 991 | "stacking": { 992 | "group": "A", 993 | "mode": "none" 994 | }, 995 | "thresholdsStyle": { 996 | "mode": "off" 997 | } 998 | }, 999 | "mappings": [], 1000 | "thresholds": { 1001 | "mode": "absolute", 1002 | "steps": [ 1003 | { 1004 | "color": "light-green", 1005 | "value": null 1006 | } 1007 | ] 1008 | }, 1009 | "unit": "decbytes" 1010 | }, 1011 | "overrides": [] 1012 | }, 1013 | "gridPos": { 1014 | "h": 9, 1015 | "w": 10, 1016 | "x": 11, 1017 | "y": 22 1018 | }, 1019 | "id": 17, 1020 | "options": { 1021 | "legend": { 1022 | "calcs": [], 1023 | "displayMode": "list", 1024 | "placement": "right", 1025 | "showLegend": true 1026 | }, 1027 | "tooltip": { 1028 | "mode": "multi", 1029 | "sort": "none" 1030 | } 1031 | }, 1032 | "pluginVersion": "10.1.1", 1033 | "targets": [ 1034 | { 1035 | "datasource": { 1036 | "type": "loki", 1037 | "uid": "${DS_LOKI}" 1038 | }, 1039 | "editorMode": "code", 1040 | "expr": "sum by (host) (sum_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_method=~\"GET|POST\" | accept=~\".*application/json.*\" | unwrap body_bytes_sent | __error__=\"\" [$__interval]))", 1041 | "hide": false, 1042 | "legendFormat": "Bytes sent {{ body_bytes_sent }}", 1043 | "queryType": "range", 1044 | "refId": "A" 1045 | } 1046 | ], 1047 | "title": "Paste - Body Bytes Send", 1048 | "type": "timeseries" 1049 | }, 1050 | { 1051 | "collapsed": false, 1052 | "gridPos": { 1053 | "h": 1, 1054 | "w": 24, 1055 | "x": 0, 1056 | "y": 32 1057 | }, 1058 | "id": 22, 1059 | "panels": [], 1060 | "title": "Other Stats", 1061 | "type": "row" 1062 | }, 1063 | { 1064 | "datasource": { 1065 | "type": "loki", 1066 | "uid": "${DS_LOKI}" 1067 | }, 1068 | "fieldConfig": { 1069 | "defaults": { 1070 | "custom": { 1071 | "align": "auto", 1072 | "cellOptions": { 1073 | "type": "auto" 1074 | }, 1075 | "filterable": false, 1076 | "inspect": true 1077 | }, 1078 | "mappings": [], 1079 | "thresholds": { 1080 | "mode": "absolute", 1081 | "steps": [ 1082 | { 1083 | "color": "dark-purple", 1084 | "value": null 1085 | } 1086 | ] 1087 | } 1088 | }, 1089 | "overrides": [ 1090 | { 1091 | "matcher": { 1092 | "id": "byName", 1093 | "options": "Request" 1094 | }, 1095 | "properties": [ 1096 | { 1097 | "id": "custom.cellOptions", 1098 | "value": { 1099 | "mode": "gradient", 1100 | "type": "gauge", 1101 | "valueDisplayMode": "text" 1102 | } 1103 | }, 1104 | { 1105 | "id": "custom.width", 1106 | "value": 200 1107 | } 1108 | ] 1109 | } 1110 | ] 1111 | }, 1112 | "gridPos": { 1113 | "h": 9, 1114 | "w": 11, 1115 | "x": 0, 1116 | "y": 33 1117 | }, 1118 | "id": 21, 1119 | "options": { 1120 | "cellHeight": "sm", 1121 | "footer": { 1122 | "countRows": false, 1123 | "enablePagination": false, 1124 | "fields": [ 1125 | "Value #A" 1126 | ], 1127 | "reducer": [ 1128 | "sum" 1129 | ], 1130 | "show": true 1131 | }, 1132 | "showHeader": true, 1133 | "sortBy": [] 1134 | }, 1135 | "pluginVersion": "10.1.1", 1136 | "targets": [ 1137 | { 1138 | "datasource": { 1139 | "type": "loki", 1140 | "uid": "${DS_LOKI}" 1141 | }, 1142 | "editorMode": "code", 1143 | "expr": "topk(10, sum by (user_agent) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 1144 | "legendFormat": "User Agent: {{ user_agent }}", 1145 | "queryType": "instant", 1146 | "refId": "A" 1147 | } 1148 | ], 1149 | "title": "Paste - Top 10 User Agents", 1150 | "transformations": [ 1151 | { 1152 | "id": "organize", 1153 | "options": { 1154 | "excludeByName": { 1155 | "Time": true, 1156 | "Value #A": false 1157 | }, 1158 | "indexByName": { 1159 | "Time": 2, 1160 | "Value #A": 1, 1161 | "user_agent": 0 1162 | }, 1163 | "renameByName": { 1164 | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36": "", 1165 | "Value #A": "Request", 1166 | "user_agent": "User Agent" 1167 | } 1168 | } 1169 | }, 1170 | { 1171 | "id": "sortBy", 1172 | "options": { 1173 | "fields": {}, 1174 | "sort": [ 1175 | { 1176 | "desc": true, 1177 | "field": "Request" 1178 | } 1179 | ] 1180 | } 1181 | } 1182 | ], 1183 | "type": "table" 1184 | }, 1185 | { 1186 | "datasource": { 1187 | "type": "loki", 1188 | "uid": "${DS_LOKI}" 1189 | }, 1190 | "fieldConfig": { 1191 | "defaults": { 1192 | "custom": { 1193 | "align": "auto", 1194 | "cellOptions": { 1195 | "type": "auto" 1196 | }, 1197 | "filterable": false, 1198 | "inspect": true 1199 | }, 1200 | "mappings": [], 1201 | "thresholds": { 1202 | "mode": "absolute", 1203 | "steps": [ 1204 | { 1205 | "color": "dark-purple", 1206 | "value": null 1207 | } 1208 | ] 1209 | } 1210 | }, 1211 | "overrides": [ 1212 | { 1213 | "matcher": { 1214 | "id": "byName", 1215 | "options": "Request" 1216 | }, 1217 | "properties": [ 1218 | { 1219 | "id": "custom.cellOptions", 1220 | "value": { 1221 | "mode": "gradient", 1222 | "type": "gauge", 1223 | "valueDisplayMode": "text" 1224 | } 1225 | } 1226 | ] 1227 | } 1228 | ] 1229 | }, 1230 | "gridPos": { 1231 | "h": 9, 1232 | "w": 13, 1233 | "x": 11, 1234 | "y": 33 1235 | }, 1236 | "id": 26, 1237 | "options": { 1238 | "cellHeight": "sm", 1239 | "footer": { 1240 | "countRows": false, 1241 | "enablePagination": false, 1242 | "fields": [ 1243 | "Value #A" 1244 | ], 1245 | "reducer": [ 1246 | "sum" 1247 | ], 1248 | "show": true 1249 | }, 1250 | "showHeader": true, 1251 | "sortBy": [] 1252 | }, 1253 | "pluginVersion": "10.1.1", 1254 | "targets": [ 1255 | { 1256 | "datasource": { 1257 | "type": "loki", 1258 | "uid": "${DS_LOKI}" 1259 | }, 1260 | "editorMode": "code", 1261 | "expr": "topk(10, sum by (cf_connecting_ip,cf_ipcountry) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 1262 | "legendFormat": "Top Visitors: {{ cf_connecting_ip }} {{ cf_ipcountry }}", 1263 | "queryType": "instant", 1264 | "refId": "A" 1265 | } 1266 | ], 1267 | "title": "Paste - Top 10 Requested Paste by IP and Country", 1268 | "transformations": [ 1269 | { 1270 | "id": "organize", 1271 | "options": { 1272 | "excludeByName": { 1273 | "Time": true, 1274 | "Value #A": false 1275 | }, 1276 | "indexByName": { 1277 | "Time": 0, 1278 | "Value #A": 3, 1279 | "cf_connecting_ip": 1, 1280 | "cf_ipcountry": 2 1281 | }, 1282 | "renameByName": { 1283 | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36": "", 1284 | "Value #A": "Request", 1285 | "cf_connecting_ip": "IP", 1286 | "cf_ipcountry": "Country", 1287 | "request_uri": "Requested Paste", 1288 | "user_agent": "User Agent" 1289 | } 1290 | } 1291 | }, 1292 | { 1293 | "id": "sortBy", 1294 | "options": { 1295 | "fields": {}, 1296 | "sort": [ 1297 | { 1298 | "desc": true, 1299 | "field": "Request" 1300 | } 1301 | ] 1302 | } 1303 | } 1304 | ], 1305 | "type": "table" 1306 | }, 1307 | { 1308 | "datasource": { 1309 | "type": "loki", 1310 | "uid": "${DS_LOKI}" 1311 | }, 1312 | "fieldConfig": { 1313 | "defaults": { 1314 | "custom": { 1315 | "align": "auto", 1316 | "cellOptions": { 1317 | "type": "auto" 1318 | }, 1319 | "filterable": false, 1320 | "inspect": true 1321 | }, 1322 | "mappings": [], 1323 | "thresholds": { 1324 | "mode": "absolute", 1325 | "steps": [ 1326 | { 1327 | "color": "dark-purple", 1328 | "value": null 1329 | } 1330 | ] 1331 | } 1332 | }, 1333 | "overrides": [ 1334 | { 1335 | "matcher": { 1336 | "id": "byName", 1337 | "options": "Request" 1338 | }, 1339 | "properties": [ 1340 | { 1341 | "id": "custom.cellOptions", 1342 | "value": { 1343 | "mode": "gradient", 1344 | "type": "gauge", 1345 | "valueDisplayMode": "text" 1346 | } 1347 | } 1348 | ] 1349 | } 1350 | ] 1351 | }, 1352 | "gridPos": { 1353 | "h": 13, 1354 | "w": 9, 1355 | "x": 0, 1356 | "y": 42 1357 | }, 1358 | "id": 23, 1359 | "options": { 1360 | "cellHeight": "sm", 1361 | "footer": { 1362 | "countRows": false, 1363 | "enablePagination": false, 1364 | "fields": [ 1365 | "Value #A" 1366 | ], 1367 | "reducer": [ 1368 | "sum" 1369 | ], 1370 | "show": true 1371 | }, 1372 | "showHeader": true, 1373 | "sortBy": [] 1374 | }, 1375 | "pluginVersion": "10.1.1", 1376 | "targets": [ 1377 | { 1378 | "datasource": { 1379 | "type": "loki", 1380 | "uid": "${DS_LOKI}" 1381 | }, 1382 | "editorMode": "code", 1383 | "expr": "topk(15, sum by (request_uri) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 1384 | "legendFormat": "Requested Paste: {{ request_uri }}", 1385 | "queryType": "instant", 1386 | "refId": "A" 1387 | } 1388 | ], 1389 | "title": "Paste - Top 15 Requested Paste", 1390 | "transformations": [ 1391 | { 1392 | "id": "organize", 1393 | "options": { 1394 | "excludeByName": { 1395 | "Time": true, 1396 | "Value #A": false 1397 | }, 1398 | "indexByName": { 1399 | "Time": 0, 1400 | "Value #A": 2, 1401 | "request_uri": 1 1402 | }, 1403 | "renameByName": { 1404 | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36": "", 1405 | "Value #A": "Request", 1406 | "request_uri": "Requested Paste", 1407 | "user_agent": "User Agent" 1408 | } 1409 | } 1410 | }, 1411 | { 1412 | "id": "sortBy", 1413 | "options": { 1414 | "fields": {}, 1415 | "sort": [ 1416 | { 1417 | "desc": true, 1418 | "field": "Request" 1419 | } 1420 | ] 1421 | } 1422 | } 1423 | ], 1424 | "type": "table" 1425 | }, 1426 | { 1427 | "datasource": { 1428 | "type": "loki", 1429 | "uid": "${DS_LOKI}" 1430 | }, 1431 | "fieldConfig": { 1432 | "defaults": { 1433 | "custom": { 1434 | "align": "auto", 1435 | "cellOptions": { 1436 | "type": "auto" 1437 | }, 1438 | "filterable": false, 1439 | "inspect": true 1440 | }, 1441 | "mappings": [], 1442 | "thresholds": { 1443 | "mode": "absolute", 1444 | "steps": [ 1445 | { 1446 | "color": "dark-purple", 1447 | "value": null 1448 | } 1449 | ] 1450 | } 1451 | }, 1452 | "overrides": [ 1453 | { 1454 | "matcher": { 1455 | "id": "byName", 1456 | "options": "referer" 1457 | }, 1458 | "properties": [ 1459 | { 1460 | "id": "mappings", 1461 | "value": [ 1462 | { 1463 | "options": { 1464 | "match": "null", 1465 | "result": { 1466 | "index": 0, 1467 | "text": "Direct" 1468 | } 1469 | }, 1470 | "type": "special" 1471 | }, 1472 | { 1473 | "options": { 1474 | "match": "empty", 1475 | "result": { 1476 | "index": 1, 1477 | "text": "Direct" 1478 | } 1479 | }, 1480 | "type": "special" 1481 | } 1482 | ] 1483 | } 1484 | ] 1485 | }, 1486 | { 1487 | "matcher": { 1488 | "id": "byName", 1489 | "options": "Request" 1490 | }, 1491 | "properties": [ 1492 | { 1493 | "id": "custom.cellOptions", 1494 | "value": { 1495 | "type": "gauge" 1496 | } 1497 | } 1498 | ] 1499 | } 1500 | ] 1501 | }, 1502 | "gridPos": { 1503 | "h": 13, 1504 | "w": 7, 1505 | "x": 9, 1506 | "y": 42 1507 | }, 1508 | "id": 24, 1509 | "options": { 1510 | "cellHeight": "sm", 1511 | "footer": { 1512 | "countRows": false, 1513 | "enablePagination": false, 1514 | "fields": [ 1515 | "Value #A" 1516 | ], 1517 | "reducer": [ 1518 | "sum" 1519 | ], 1520 | "show": true 1521 | }, 1522 | "showHeader": true, 1523 | "sortBy": [] 1524 | }, 1525 | "pluginVersion": "10.1.1", 1526 | "targets": [ 1527 | { 1528 | "datasource": { 1529 | "type": "loki", 1530 | "uid": "${DS_LOKI}" 1531 | }, 1532 | "editorMode": "code", 1533 | "expr": "topk(15, sum by (referer) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 1534 | "legendFormat": "Referer: {{ referer }}", 1535 | "queryType": "instant", 1536 | "refId": "A" 1537 | } 1538 | ], 1539 | "title": "Paste - Top 15 Referer", 1540 | "transformations": [ 1541 | { 1542 | "id": "organize", 1543 | "options": { 1544 | "excludeByName": { 1545 | "Time": true, 1546 | "Value #A": false 1547 | }, 1548 | "indexByName": { 1549 | "Time": 0, 1550 | "Value #A": 2, 1551 | "referer": 1 1552 | }, 1553 | "renameByName": { 1554 | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36": "", 1555 | "Value #A": "Request", 1556 | "referer": "Referer", 1557 | "request_uri": "Requested Paste", 1558 | "user_agent": "User Agent" 1559 | } 1560 | } 1561 | }, 1562 | { 1563 | "id": "sortBy", 1564 | "options": { 1565 | "fields": {}, 1566 | "sort": [ 1567 | { 1568 | "desc": true, 1569 | "field": "Request" 1570 | } 1571 | ] 1572 | } 1573 | } 1574 | ], 1575 | "type": "table" 1576 | }, 1577 | { 1578 | "datasource": { 1579 | "type": "loki", 1580 | "uid": "${DS_LOKI}" 1581 | }, 1582 | "fieldConfig": { 1583 | "defaults": { 1584 | "custom": { 1585 | "align": "auto", 1586 | "cellOptions": { 1587 | "type": "auto" 1588 | }, 1589 | "filterable": false, 1590 | "inspect": true 1591 | }, 1592 | "mappings": [], 1593 | "thresholds": { 1594 | "mode": "absolute", 1595 | "steps": [ 1596 | { 1597 | "color": "dark-purple", 1598 | "value": null 1599 | } 1600 | ] 1601 | } 1602 | }, 1603 | "overrides": [ 1604 | { 1605 | "matcher": { 1606 | "id": "byName", 1607 | "options": "referer" 1608 | }, 1609 | "properties": [ 1610 | { 1611 | "id": "mappings", 1612 | "value": [ 1613 | { 1614 | "options": { 1615 | "match": "null", 1616 | "result": { 1617 | "index": 0, 1618 | "text": "Direct" 1619 | } 1620 | }, 1621 | "type": "special" 1622 | }, 1623 | { 1624 | "options": { 1625 | "match": "empty", 1626 | "result": { 1627 | "index": 1, 1628 | "text": "Direct" 1629 | } 1630 | }, 1631 | "type": "special" 1632 | } 1633 | ] 1634 | } 1635 | ] 1636 | }, 1637 | { 1638 | "matcher": { 1639 | "id": "byName", 1640 | "options": "Request" 1641 | }, 1642 | "properties": [ 1643 | { 1644 | "id": "custom.cellOptions", 1645 | "value": { 1646 | "type": "gauge" 1647 | } 1648 | } 1649 | ] 1650 | } 1651 | ] 1652 | }, 1653 | "gridPos": { 1654 | "h": 13, 1655 | "w": 5, 1656 | "x": 16, 1657 | "y": 42 1658 | }, 1659 | "id": 25, 1660 | "options": { 1661 | "cellHeight": "sm", 1662 | "footer": { 1663 | "countRows": false, 1664 | "enablePagination": false, 1665 | "fields": [ 1666 | "Value #A" 1667 | ], 1668 | "reducer": [ 1669 | "sum" 1670 | ], 1671 | "show": true 1672 | }, 1673 | "showHeader": true, 1674 | "sortBy": [] 1675 | }, 1676 | "pluginVersion": "10.1.1", 1677 | "targets": [ 1678 | { 1679 | "datasource": { 1680 | "type": "loki", 1681 | "uid": "${DS_LOKI}" 1682 | }, 1683 | "editorMode": "code", 1684 | "expr": "topk(10, sum by (cf_ipcountry) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} | json | request_uri=~\".*pasteid=.*\" | request_method=\"GET\" | accept=~\".*application/json.*\" | __error__=\"\" [$__range])))", 1685 | "legendFormat": "Country: {{ cf_ipcountry }}", 1686 | "queryType": "instant", 1687 | "refId": "A" 1688 | } 1689 | ], 1690 | "title": "Top 10 Requested Paste by Country", 1691 | "transformations": [ 1692 | { 1693 | "id": "organize", 1694 | "options": { 1695 | "excludeByName": { 1696 | "Time": true, 1697 | "Value #A": false 1698 | }, 1699 | "indexByName": { 1700 | "Time": 0, 1701 | "Value #A": 2, 1702 | "cf_ipcountry": 1 1703 | }, 1704 | "renameByName": { 1705 | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36": "", 1706 | "Value #A": "Request", 1707 | "cf_ipcountry": "Country", 1708 | "referer": "Referer", 1709 | "request_uri": "Requested Paste", 1710 | "user_agent": "User Agent" 1711 | } 1712 | } 1713 | }, 1714 | { 1715 | "id": "sortBy", 1716 | "options": { 1717 | "fields": {}, 1718 | "sort": [ 1719 | { 1720 | "desc": true, 1721 | "field": "Request" 1722 | } 1723 | ] 1724 | } 1725 | } 1726 | ], 1727 | "type": "table" 1728 | } 1729 | ], 1730 | "refresh": "", 1731 | "schemaVersion": 38, 1732 | "style": "dark", 1733 | "tags": [ 1734 | "loki", 1735 | "privatebin" 1736 | ], 1737 | "templating": { 1738 | "list": [ 1739 | { 1740 | "current": { 1741 | "selected": false, 1742 | "text": "loki", 1743 | "value": "P982945308D3682D1" 1744 | }, 1745 | "hide": 0, 1746 | "includeAll": false, 1747 | "label": "Datasource", 1748 | "multi": false, 1749 | "name": "datasource", 1750 | "options": [], 1751 | "query": "loki", 1752 | "refresh": 1, 1753 | "regex": "", 1754 | "skipUrlSync": false, 1755 | "type": "datasource" 1756 | }, 1757 | { 1758 | "current": {}, 1759 | "datasource": { 1760 | "type": "loki", 1761 | "uid": "${DS_LOKI}" 1762 | }, 1763 | "definition": "", 1764 | "hide": 0, 1765 | "includeAll": false, 1766 | "label": "Label Name", 1767 | "multi": false, 1768 | "name": "label_name", 1769 | "options": [], 1770 | "query": { 1771 | "label": "", 1772 | "refId": "LokiVariableQueryEditor-VariableQuery", 1773 | "stream": "", 1774 | "type": 0 1775 | }, 1776 | "refresh": 2, 1777 | "regex": "", 1778 | "skipUrlSync": false, 1779 | "sort": 0, 1780 | "type": "query" 1781 | }, 1782 | { 1783 | "current": {}, 1784 | "datasource": { 1785 | "type": "loki", 1786 | "uid": "${DS_LOKI}" 1787 | }, 1788 | "definition": "", 1789 | "hide": 0, 1790 | "includeAll": false, 1791 | "label": "Label Value", 1792 | "multi": false, 1793 | "name": "label_value", 1794 | "options": [], 1795 | "query": { 1796 | "label": "$label_name", 1797 | "refId": "LokiVariableQueryEditor-VariableQuery", 1798 | "stream": "", 1799 | "type": 1 1800 | }, 1801 | "refresh": 1, 1802 | "regex": "", 1803 | "skipUrlSync": false, 1804 | "sort": 0, 1805 | "type": "query" 1806 | }, 1807 | { 1808 | "current": {}, 1809 | "datasource": { 1810 | "type": "loki", 1811 | "uid": "${DS_LOKI}" 1812 | }, 1813 | "definition": "", 1814 | "hide": 0, 1815 | "includeAll": false, 1816 | "label": "Job", 1817 | "multi": false, 1818 | "name": "job", 1819 | "options": [], 1820 | "query": { 1821 | "label": "job", 1822 | "refId": "LokiVariableQueryEditor-VariableQuery", 1823 | "stream": "{$label_name=~\"$label_value\"}", 1824 | "type": 1 1825 | }, 1826 | "refresh": 1, 1827 | "regex": "", 1828 | "skipUrlSync": false, 1829 | "sort": 0, 1830 | "type": "query" 1831 | }, 1832 | { 1833 | "current": {}, 1834 | "datasource": { 1835 | "type": "loki", 1836 | "uid": "${DS_LOKI}" 1837 | }, 1838 | "definition": "", 1839 | "hide": 0, 1840 | "includeAll": false, 1841 | "label": "Instance", 1842 | "multi": false, 1843 | "name": "instance", 1844 | "options": [], 1845 | "query": { 1846 | "label": "instance", 1847 | "refId": "LokiVariableQueryEditor-VariableQuery", 1848 | "stream": "{$label_name=~\"$label_value\"}", 1849 | "type": 1 1850 | }, 1851 | "refresh": 1, 1852 | "regex": "", 1853 | "skipUrlSync": false, 1854 | "sort": 0, 1855 | "type": "query" 1856 | } 1857 | ] 1858 | }, 1859 | "time": { 1860 | "from": "now-3h", 1861 | "to": "now" 1862 | }, 1863 | "timepicker": {}, 1864 | "timezone": "", 1865 | "title": "PrivateBin Access Log", 1866 | "uid": "f28fcf36-bfa6-4c44-85aa-fa0dc9d9ce1a", 1867 | "version": 2, 1868 | "weekStart": "" 1869 | } 1870 | --------------------------------------------------------------------------------