From 8fa23f13c4a5b067d76992738b0dd876496f99cf Mon Sep 17 00:00:00 2001 From: Brendan Smith <3453402+bsmithio@users.noreply.github.com> Date: Thu, 26 Jan 2023 00:15:47 -0600 Subject: [PATCH] More host filters, fixed LAN throughput direction --- OPNsense-Grafana-Dashboard.json | 153 ++++++++++++++++++++++++-------- 1 file changed, 115 insertions(+), 38 deletions(-) diff --git a/OPNsense-Grafana-Dashboard.json b/OPNsense-Grafana-Dashboard.json index 0b5a238..ddd4d1f 100644 --- a/OPNsense-Grafana-Dashboard.json +++ b/OPNsense-Grafana-Dashboard.json @@ -22,7 +22,7 @@ "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": 2, - "iteration": 1645431848722, + "iteration": 1674713419491, "links": [], "liveNow": true, "panels": [ @@ -41,6 +41,7 @@ }, { "datasource": { + "type": "influxdb", "uid": "${dataSource}" }, "fieldConfig": { @@ -98,7 +99,11 @@ "pluginVersion": "8.3.3", "targets": [ { - "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -20s)\r\n |> filter(fn: (r) =>\r\n r._measurement == \"system\" and\r\n r._field == \"n_users\"\r\n )\r\n |> keep(columns: [\"_value\"])\r\n |> last()", + "datasource": { + "type": "influxdb", + "uid": "${dataSource}" + }, + "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -20s)\r\n |> filter(fn: (r) =>\r\n r.host =~ /^${Host:regex}$/ and\r\n r._measurement == \"system\" and\r\n r._field == \"n_users\"\r\n )\r\n |> keep(columns: [\"_value\"])\r\n |> last()", "refId": "A" } ], @@ -107,6 +112,7 @@ }, { "datasource": { + "type": "influxdb", "uid": "${dataSource}" }, "fieldConfig": { @@ -163,7 +169,11 @@ "pluginVersion": "8.3.3", "targets": [ { - "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -20s)\r\n |> filter(fn: (r) =>\r\n r._measurement == \"cpu\" and\r\n r._field == \"usage_idle\" and\r\n r.cpu == \"cpu-total\"\r\n )\r\n |> map(fn: (r) => ({\r\n r with\r\n _value: r._value * -1.0 + 100.0\r\n })\r\n )\r\n |> keep(columns: [\"_value\"])\r\n |> last()", + "datasource": { + "type": "influxdb", + "uid": "${dataSource}" + }, + "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -20s)\r\n |> filter(fn: (r) =>\r\n r.host =~ /^${Host:regex}$/ and\r\n r._measurement == \"cpu\" and\r\n r._field == \"usage_idle\" and\r\n r.cpu == \"cpu-total\"\r\n )\r\n |> map(fn: (r) => ({\r\n r with\r\n _value: r._value * -1.0 + 100.0\r\n })\r\n )\r\n |> keep(columns: [\"_value\"])\r\n |> last()", "refId": "A" } ], @@ -466,6 +476,7 @@ }, { "datasource": { + "type": "influxdb", "uid": "${dataSource}" }, "fieldConfig": { @@ -526,7 +537,11 @@ "pluginVersion": "8.3.3", "targets": [ { - "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -20s)\r\n |> filter(fn: (r) =>\r\n r._measurement == \"system\" and\r\n r._field == \"uptime_format\"\r\n )\r\n |> keep(columns: [\"_value\"])\r\n |> last()\r\n", + "datasource": { + "type": "influxdb", + "uid": "${dataSource}" + }, + "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -20s)\r\n |> filter(fn: (r) =>\r\n r.host =~ /^${Host:regex}$/ and\r\n r._measurement == \"system\" and\r\n r._field == \"uptime_format\"\r\n )\r\n |> keep(columns: [\"_value\"])\r\n |> last()\r\n", "refId": "A" } ], @@ -631,6 +646,7 @@ "dashLength": 10, "dashes": false, "datasource": { + "type": "influxdb", "uid": "${dataSource}" }, "decimals": 2, @@ -679,8 +695,12 @@ "steppedLine": false, "targets": [ { + "datasource": { + "type": "influxdb", + "uid": "${dataSource}" + }, "hide": false, - "query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) =>\r\n r.device != \"devfs\" and\r\n r.device =~ /^${Disk:regex}$/ and\r\n r._measurement == \"disk\" and\r\n r._field == \"used_percent\"\r\n )", + "query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) =>\r\n r.host =~ /^${Host:regex}$/ and\r\n r.device != \"devfs\" and\r\n r.device =~ /^${Disk:regex}$/ and\r\n r._measurement == \"disk\" and\r\n r._field == \"used_percent\" \r\n )", "refId": "A" } ], @@ -935,6 +955,7 @@ }, { "datasource": { + "type": "elasticsearch", "uid": "${ESdataSource}" }, "fieldConfig": { @@ -1007,6 +1028,10 @@ "type": "date_histogram" } ], + "datasource": { + "type": "elasticsearch", + "uid": "${ESdataSource}" + }, "metrics": [ { "$$hashKey": "object:12", @@ -1015,7 +1040,7 @@ "type": "count" } ], - "query": "interface:$iface AND src_ip:$src_ip AND dst_port:$dst_port AND action:\"block\"", + "query": "interface:$iface AND src_ip:$src_ip AND dst_port:$dst_port AND action:\"block\" AND source:$Host", "refId": "A", "target": "", "timeField": "timestamp" @@ -1034,6 +1059,7 @@ "#8F3BB8" ], "datasource": { + "type": "elasticsearch", "uid": "${ESdataSource}" }, "decimals": 0, @@ -1062,50 +1088,53 @@ "stickyLabels": false, "tableQueryOptions": { "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "labelField": "src_ip_geo_country", + "latitudeField": "src_ip_lat", + "longitudeField": "src_ip_long", + "metricField": "Count", + "queryType": "coordinates" }, "targets": [ { "alias": "", "bucketAggs": [ { - "$$hashKey": "object:974", - "fake": true, "field": "src_ip_geo_country", - "id": "3", + "id": "2", "settings": { - "min_doc_count": 1, - "order": "asc", - "orderBy": "_count", + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", "size": "0" }, "type": "terms" }, { - "$$hashKey": "object:975", "field": "timestamp", - "id": "2", + "id": "3", "settings": { "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" }, "type": "date_histogram" } ], + "datasource": { + "type": "elasticsearch", + "uid": "${ESdataSource}" + }, "dsType": "elasticsearch", + "hide": false, "metrics": [ { - "$$hashKey": "object:972", - "field": "select field", + "hide": false, "id": "1", "type": "count" } ], - "query": "interface:$iface AND src_ip:$src_ip AND action:\"block\"", + "query": "interface:$iface AND src_ip:$src_ip AND action:\"block\" AND source:$Host", "refId": "A", "timeField": "timestamp" } @@ -1119,6 +1148,7 @@ }, { "datasource": { + "type": "elasticsearch", "uid": "${ESdataSource}" }, "fieldConfig": { @@ -1184,6 +1214,10 @@ "type": "terms" } ], + "datasource": { + "type": "elasticsearch", + "uid": "${ESdataSource}" + }, "dsType": "elasticsearch", "metrics": [ { @@ -1193,7 +1227,7 @@ "type": "count" } ], - "query": "action:\"block\" AND interface:$iface AND src_ip:$src_ip AND dst_port:$dst_port", + "query": "action:\"block\" AND interface:$iface AND src_ip:$src_ip AND dst_port:$dst_port and source:$Host", "refId": "A", "target": "", "timeField": "timestamp" @@ -1205,6 +1239,7 @@ }, { "datasource": { + "type": "elasticsearch", "uid": "${ESdataSource}" }, "fieldConfig": { @@ -1284,6 +1319,10 @@ "type": "date_histogram" } ], + "datasource": { + "type": "elasticsearch", + "uid": "${ESdataSource}" + }, "dsType": "elasticsearch", "metrics": [ { @@ -1293,7 +1332,7 @@ "type": "count" } ], - "query": "interface:$iface AND src_ip:$src_ip AND dst_port:$dst_port AND action:\"block\"", + "query": "interface:$iface AND src_ip:$src_ip AND dst_port:$dst_port AND action:\"block\" AND source:$Host", "refId": "A", "target": "", "timeField": "timestamp" @@ -1396,7 +1435,7 @@ "type": "count" } ], - "query": "interface:$iface AND src_ip:$src_ip AND action:\"block\"", + "query": "interface:$iface AND src_ip:$src_ip AND action:\"block\" AND source:$Host", "refId": "A", "timeField": "timestamp" } @@ -1423,6 +1462,7 @@ "dashLength": 10, "dashes": false, "datasource": { + "type": "influxdb", "uid": "${dataSource}" }, "fill": 1, @@ -1463,6 +1503,10 @@ "steppedLine": false, "targets": [ { + "datasource": { + "type": "influxdb", + "uid": "${dataSource}" + }, "query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) =>\r\n r.host =~ /^${Host:regex}$/ and\r\n r.gateway_name =~ /^${Gateway:regex}$/ and\r\n r._measurement == \"gateways\" and\r\n r._field == \"delay\"\r\n )", "refId": "A" } @@ -1546,7 +1590,7 @@ "mode": "absolute", "steps": [ { - "color": "#ffffff", + "color": "text", "value": null } ] @@ -1774,7 +1818,7 @@ "mode": "absolute", "steps": [ { - "color": "#ffffff", + "color": "text", "value": null } ] @@ -1812,7 +1856,7 @@ "type": "influxdb", "uid": "${dataSource}" }, - "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -30s)\r\n |> filter(fn: (r) =>\r\n r._measurement == \"gateways\" and\r\n r._field =~ /gwdescr|source|monitor|status|gateway_name|interface/\r\n )\r\n |> last()\r\n |> map(fn: (r) => ({_value:r._value, _time:r._time, _field:r._field}))", + "query": "from(bucket: v.defaultBucket)\r\n |> range(start: -30s)\r\n |> filter(fn: (r) =>\r\n r.host =~ /^${Host:regex}$/ and\r\n r._measurement == \"gateways\" and\r\n r._field =~ /gwdescr|source|monitor|status|gateway_name|interface/\r\n )\r\n |> last()\r\n |> map(fn: (r) => ({_value:r._value, _time:r._time, _field:r._field}))", "refId": "A" } ], @@ -1907,7 +1951,7 @@ "mode": "absolute", "steps": [ { - "color": "#fffffffc", + "color": "text", "value": null }, { @@ -2433,7 +2477,7 @@ "mode": "absolute", "steps": [ { - "color": "#fffffffc", + "color": "text", "value": null }, { @@ -2581,7 +2625,11 @@ "id": "organize", "options": { "excludeByName": {}, - "indexByName": {}, + "indexByName": { + "Time": 0, + "bytes_recv": 1, + "bytes_sent": 2 + }, "renameByName": { "bytes_recv": "Bits Recv", "bytes_sent": "Bits Sent" @@ -2791,8 +2839,8 @@ "excludeByName": {}, "indexByName": { "Time": 0, - "bytes_recv": 2, - "bytes_sent": 1 + "bytes_recv": 1, + "bytes_sent": 2 }, "renameByName": { "bytes_recv": "Bytes Recv - This Month", @@ -2917,7 +2965,7 @@ } } ], - "refresh": "10s", + "refresh": "", "schemaVersion": 34, "style": "dark", "tags": [ @@ -2928,7 +2976,7 @@ "list": [ { "current": { - "selected": false, + "selected": true, "text": "InfluxDB", "value": "InfluxDB" }, @@ -3090,7 +3138,7 @@ }, { "current": { - "selected": true, + "selected": false, "text": [ "All" ], @@ -3204,6 +3252,35 @@ "skipUrlSync": false, "sort": 0, "type": "query" + }, + { + "allValue": "*", + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, + "datasource": { + "type": "elasticsearch", + "uid": "${ESdataSource}" + }, + "definition": "{\"find\": \"terms\", \"field\": \"dst_ip\", \"query\": \"interface:$iface\", \"timestamp\": {\n\"timestamp\" : \"now-$__Interval_ms\"\n}}", + "hide": 0, + "includeAll": true, + "label": "FW_Destination IP", + "multi": true, + "name": "dst_ip", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"dst_ip\", \"query\": \"interface:$iface\", \"timestamp\": {\n\"timestamp\" : \"now-$__Interval_ms\"\n}}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" } ] }, @@ -3220,6 +3297,6 @@ "timezone": "", "title": "OPNsense", "uid": "suTmk8c7k", - "version": 372, + "version": 398, "weekStart": "" }