{ "searches": [ { "name": "Unique_Visitors_Count", "description": "A count of the unique visitors over a specified time period", "query": "where(sc_status>0) Calculate(unique:c_ip)" }, { "name": "Page_View_Distribution", "description": "A quick view of the distribution of page requests", "query": "where(sc_status!=404) GroupBy(c_ip) Calculate(count)" }, { "name": "Status_Type_Distribution", "description": "A view of the distribution of status types", "query": "where(sc_status>0) groupby(sc_status) calculate(count)" }, { "name": "Average_Response_Time", "description": "The average response time over a period of time", "query": "where(sc_status>0) calculate(average:time_taken)" }, { "name": "AverageResponse_Time_PerPage", "description": "The average response time over a period of time per page", "query": "where(sc_status>0) groupby(c_ip) calculate(average:time_taken)" }, { "name": "404Errors", "description": "Total amount of 404 errors for a specific time period", "query": "where(sc_status=404) Calculate(count)" }, { "name": "404_URL_Distribution", "description": "Distribution of 404 errors over requests", "query": "where(sc_status=404) Groupby(cs_uri_stem) Calculate(count)" }, { "name": "404_Requests_IPs", "description": "Distribution of 404 errors by IP Address", "query": "where(sc_status=404) Groupby(c_ip) Calculate(count)" }, { "name": "UserAgentsDistribution", "description": "Distribution of user agents", "query": "where(sc_status > 0) groupby(cs_User_Agent) calculate(COUNT)" } ], "tags": [ { "type": "Alert", "name": "Excessive 404's", "description": "excessive amount of 404 errors", "labels": [ { "name": "404 Error", "color": "123456" } ], "patterns": [ "sc_status=404" ], "actions": [{ "type": "Alert", "min_matches_count": 20, "min_matches_period": "Hour", "min_report_count": 1, "min_report_period": "Hour" }] }, { "type": "Alert", "name": "Slow Response Times", "description": "response times for applications are slow", "labels": [ { "name": "Slow Response", "color": "123456" } ], "patterns": [ "time_taken>1000" ], "actions": [{ "type": "Alert", "min_matches_count": 15, "min_matches_period": "Hour", "min_report_count": 1, "min_report_period": "Hour" }] }, { "type": "AlertNotify", "sub_type": "InactivityAlert", "name": "Web Log Not Sending", "description": "Inactivity of server stats log for 20 mins", "patterns": [ "" ], "timeframe_value": 1, "timeframe_period": "Hour", "actions": [{ "type": "Alert", "min_report_count": 1, "min_report_period": "Hour" }] }, { "type": "AlertNotify", "sub_type": "AnomalyAlert", "name": "Basic Web Anomaly Activity", "description": "Number requested pages for the current hour vs same time last week", "scheduled_query": { "query": "where(sc_status>0)", "function": "COUNT", "threshold_value": "+30", "threshold_type": "%", "time_period": "Week", "time_value": 60 }, "actions": [{ "type": "Alert", "min_report_count": 1, "min_report_period": "Hour" }] } ], "widgets": [ { "name": "Unique User Count", "description": "A counter for unique user count", "search_name": "Unique_Visitors_Count", "type": "Count" }, { "name": "Average Response Time", "description": "Time line Line Chart key by second", "search_name": "Average_Response_Time", "type": "TimelineLineChart", "show_tooltip": true }, { "name": "Requested Page Distribution", "description": "Requested Page Distribution", "search_name": "Page_View_Distribution", "type": "BarChart" }, { "name": "Status Type Distribution", "description": "Status distribution", "search_name": "Status_Type_Distribution", "type": "BarChart" }, { "name": "User Agent Distribution", "description": "The distribution of user agents", "search_name": "UserAgentsDistribution", "type": "PieChart" }, { "name": "404 Error Count", "description": "A counter for 404 errors", "search_name": "404Errors", "type": "Count" }, { "name": "404 Distribution", "description": "The distribution of 404 errors over requests", "search_name": "404_URL_Distribution", "type": "BarChart" } ], "cards": [ { "name": "Unique User Count", "description": "A counter for unique user count", "queries": [{ "leql" : { "statement": "where(sc_status>0) Calculate(unique:c_ip)"}}], "visualization": "COUNT" }, { "name": "Average Response Time", "description": "Time line Line Chart key by second", "queries": [{ "leql" : { "statement": "where(sc_status>0) calculate(average:time_taken)"}}], "visualization": "LINE" }, { "name": "Requested Page Distribution", "description": "Requested Page Distribution", "queries": [{ "leql" : { "statement": "where(sc_status!=404) GroupBy(c_ip) Calculate(count)"}}], "visualization": "BAR" }, { "name": "Status Type Distribution", "description": "Status distribution", "queries": [{ "leql" : { "statement": "where(sc_status>0) groupby(sc_status) calculate(count)"}}], "visualization": "BAR" }, { "name": "User Agent Distribution", "description": "The distribution of user agents", "queries": [{ "leql" : { "statement": "where(sc_status > 0) groupby(cs_User_Agent) calculate(COUNT)"}}], "visualization": "PIE" }, { "name": "404 Error Count", "description": "A counter for 404 errors", "queries": [{ "leql" : { "statement": "where(sc_status=404) Calculate(count)"}}], "visualization": "COUNT" }, { "name": "404 Distribution", "description": "The distribution of 404 errors over requests", "queries": [{ "leql" : { "statement": "where(sc_status=404) Groupby(cs_uri_stem) Calculate(count)"}}], "visualization": "BAR" } ] }