{ "searches": [ { "name": "Unique_Visitors_Count", "description": "A count of the unique visitors over a specified time period", "query": "where(status>0) Calculate(unique:remote_addr)" }, { "name": "Page_View_Distribution", "description": "A quick view of the distribution of page requests", "query": "where(status!=404) GroupBy(request) Calculate(count)" }, { "name": "Status_Type_Distribution", "description": "A view of the distribution of status types", "query": "where(status>0) groupby(status) calculate(count)" }, { "name": "Average_Response_Time", "description": "The average respsone time over a period of time", "query": "where(status>0) calculate(average:request_time)" }, { "name": "AverageResponse_Time_PerPage", "description": "The average respsone time over a period of time per page", "query": "where(status>0) groupby(request) calculate(average:request_time)" }, { "name": "Average_Response_Over_40Users", "description": "The average respsone time over a period of time for 40 users", "query": "where(status>0) groupby(remote_addr) calculate(average:request_time)" }, { "name": "Average_Bytes_Sent_Per_Page", "description": "The average size of respsonse based on the requested page", "query": "where(status>0) groupby(request) calculate(average:body_bytes_sent)" }, { "name": "404Errors", "description": "Total amount of 404 errors for a specific time period", "query": "where(status=404) Calculate(count)" }, { "name": "404_URL_Distribution", "description": "Distribution of 404 errors over requests", "query": "where(status=404) Groupby(request) calculate(count)" }, { "name": "404_Requests_IPs", "description": "Distribution of 404 errors over requests", "query": "where(status=404) Groupby(request) calculate(count)" }, { "name": "UserAgentsDistrobution", "description": "Distribution of user agents", "query": "where(status>0) Groupby(http_user_agent) calculate(count)" } ], "tags": [ { "type": "Alert", "name": "Excessive 404's", "description": "excesive amount of 404 errors", "labels": [ { "name": "404 Error", "color": "123456" } ], "patterns": [ "request=404" ], "actions": [{ "type": "Alert", "min_matches_count": 20, "min_matches_period": "Hour", "min_report_count": 1, "min_report_period": "Hour" }] }, { "type": "Alert", "name": "Slow Respsone Times", "description": "response times for applications are slow", "labels": [ { "name": "Slow Respsonse", "color": "123456" } ], "patterns": [ "request_time>1000" ], "actions": [{ "type": "Alert", "min_matches_count": 15, "min_matches_period": "Hour", "min_report_count": 1, "min_report_period": "Hour" }] }, { "type": "AlertNotify", "sub_type": "InactivityAlert", "name": "Web Log Not Sending", "description": "Inactivity of server stats log for 20 mins", "patterns": [ "" ], "timeframe_value": 1, "timeframe_period": "Hour", "actions": [{ "type": "Alert", "min_report_count": 1, "min_report_period": "Hour" }] }, { "type": "AlertNotify", "sub_type": "AnomalyAlert", "name": "Basic Web Anomaly Acticvity", "description": "Number requested pages for the current hour vs same time last week", "scheduled_query": { "query": "where(request>0)", "function": "COUNT", "threshold_value": "+30", "threshold_type": "%", "time_period": "Week", "time_value": 60 }, "actions": [{ "type": "Alert", "min_report_count": 1, "min_report_period": "Hour" }] } ], "widgets": [ { "name": "Unique User Count", "description": "A counter for unique user count", "search_name": "Unique_Visitors_Count", "type": "Count" }, { "name": "Average Respsone Time", "description": "Time line Line Chart key by second", "search_name": "Average_Response_Time", "type": "TimelineLineChart", "show_tooltip": true }, { "name": "Requested Page Distribution", "description": "Requested Page Distribution", "search_name": "Page_View_Distribution", "type": "BarChart" }, { "name": "Status Type Distribution", "description": "Status distribution", "search_name": "Status_Type_Distribution", "type": "BarChart" }, { "name": "Bytes Sent Distribution", "description": "The average size of the pages being returned to the users", "search_name": "Average_Bytes_Sent_Per_Page", "type": "BarChart" }, { "name": "User Agent Distribution", "description": "The distribution of user agents", "search_name": "UserAgentsDistrobution", "type": "PieChart" }, { "name": "404 Error Count", "description": "A counter for 404 errors", "search_name": "404Errors", "type": "Count" }, { "name": "404 Distribution", "description": "The distribution of 404 errors over requests", "search_name": "404_URL_Distribution", "type": "BarChart" } ], "cards": [ { "name": "Unique User Count", "description": "A counter for unique user count", "queries": [{ "leql" : {"statement": "where(status>0) Calculate(unique:remote_addr)"}}], "visualization": "COUNT" }, { "name": "Average Respsone Time", "description": "Time line Line Chart key by second", "queries": [{ "leql" : {"statement": "where(status>0) calculate(average:request_time)"}}], "visualization": "LINE", }, { "name": "Requested Page Distribution", "description": "Requested Page Distribution", "queries": [{ "leql" : {"statement": "where(status!=404) GroupBy(request) Calculate(count)"}}], "visualization": "BAR" }, { "name": "Status Type Distribution", "description": "Status distribution", "queries": [{ "leql" : {"where(status>0) groupby(status) calculate(count)"}}], "visualization": "BAR" }, { "name": "Bytes Sent Distribution", "description": "The average size of the pages being returned to the users", "queries": [{ "leql" : {"statement": "where(status>0) groupby(request) calculate(average:body_bytes_sent)"}}], "visualization": "BAR" }, { "name": "User Agent Distribution", "description": "The distribution of user agents", "queries": [{ "leql" : {"statement": "where(status>0) Groupby(http_user_agent) calculate(count)"}}], "visualization": "PIE" }, { "name": "404 Error Count", "description": "A counter for 404 errors", "queries": [{ "leql" : {"where(status=404) Calculate(count)"}}], "visualization": "COUNT" }, { "name": "404 Distribution", "description": "The distribution of 404 errors over requests", "queries": [{ "leql" : {"where(status=404) Groupby(request) calculate(count)"}}], "visualization": "BAR" } ] }