{ "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "datasource", "uid": "grafana" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "description": "Grafana dashboard for Falco output events", "editable": true, "fiscalYearStartMonth": 0, "gnetId": 17319, "graphTooltip": 0, "id": 18, "links": [], "liveNow": false, "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 18, "panels": [], "title": "Overview", "type": "row" }, { "datasource": { "type": "loki", "uid": "${datasource}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1000 }, { "color": "orange", "value": 5000 }, { "color": "red", "value": 10000 } ] } }, "overrides": [] }, "gridPos": { "h": 9, "w": 4, "x": 0, "y": 1 }, "id": 22, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showPercentChange": false, "textMode": "auto", "wideLayout": true }, "pluginVersion": "11.2.0", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum(count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[$__range]))", "hide": false, "queryType": "instant", "refId": "B" } ], "title": "Total Events", "type": "stat" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 9, "w": 6, "x": 4, "y": 1 }, "id": 12, "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[$__range]))", "legendFormat": "{{source}}", "refId": "A" } ], "title": "Sources", "type": "piechart" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [ { "matcher": { "id": "byName", "options": "Critical" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Error" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Warning" }, "properties": [ { "id": "color", "value": { "fixedColor": "orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Notice" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Informational" }, "properties": [ { "id": "color", "value": { "fixedColor": "blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Debug" }, "properties": [ { "id": "color", "value": { "fixedColor": "purple", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 6, "x": 10, "y": 1 }, "id": 9, "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (priority) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[$__range]))", "legendFormat": "{{priority}}", "refId": "A" } ], "title": "Priorities", "type": "piechart" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 9, "w": 8, "x": 16, "y": 1 }, "id": 13, "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "8.5.3", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[$__range]))", "legendFormat": "{{rule}}", "refId": "A" } ], "title": "Rules", "type": "piechart" }, { "datasource": { "type": "loki", "uid": "${datasource}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "bars", "fillOpacity": 10, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineStyle": { "fill": "solid" }, "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 12, "w": 12, "x": 0, "y": 10 }, "id": 14, "options": { "legend": { "calcs": [ "lastNotNull", "mean", "min", "max" ], "displayMode": "table", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "none" } }, "pluginVersion": "8.5.3", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by (priority) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[1m]))", "legendFormat": "{{priority}}", "queryType": "range", "refId": "A", "resolution": 1 } ], "title": "Events rate", "type": "timeseries" }, { "datasource": { "default": false, "type": "loki", "uid": "${datasource}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": false, "inspect": false }, "mappings": [], "min": 0, "noValue": "No Rule Violations from Pods", "thresholds": { "mode": "absolute", "steps": [ { "color": "orange", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Rule Violations" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } } ] } ] }, "gridPos": { "h": 12, "w": 12, "x": 12, "y": 10 }, "id": 16, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Rule Violations" } ] }, "pluginVersion": "11.2.0", "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "editorMode": "code", "expr": "sum by (pod) (count_over_time({app=\"falcosidekick\"}[$__range]))", "hide": false, "legendFormat": "", "queryType": "range", "refId": "B" } ], "title": "Top $top Pods", "transformations": [ { "id": "reduce", "options": { "labelsToFields": true, "reducers": [ "lastNotNull" ] } }, { "id": "sortBy", "options": { "fields": {}, "sort": [ { "desc": true, "field": "Last *" } ] } }, { "id": "limit", "options": { "limitField": "$top" } }, { "id": "organize", "options": { "excludeByName": { "Field": true, "Time": true }, "includeByName": {}, "indexByName": { "Time": 0, "Value #B": 3, "k8s_ns": 1, "k8s_pod_name": 2 }, "renameByName": { "Last *": "Rule Violations", "Total": "Rule Violations", "Value #B": "Rule Violations", "k8s_ns": "Namespace", "k8s_pod": "Pod", "k8s_pod_name": "Pod" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "bars", "fillOpacity": 80, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "stacking": { "group": "A", "mode": "normal" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 14 }, "id": 30, "options": { "legend": { "calcs": [ "sum" ], "displayMode": "table", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[1m]))", "legendFormat": "{{hostname}}", "refId": "A" } ], "title": "Events by Host", "type": "timeseries" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "drawStyle": "bars", "fillOpacity": 80, "stacking": { "group": "A", "mode": "normal" } }, "mappings": [] }, "overrides": [ { "matcher": { "id": "byName", "options": "Critical" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Error" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Warning" }, "properties": [ { "id": "color", "value": { "fixedColor": "orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Notice" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Informational" }, "properties": [ { "id": "color", "value": { "fixedColor": "blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Debug" }, "properties": [ { "id": "color", "value": { "fixedColor": "purple", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 14 }, "id": 31, "options": { "legend": { "calcs": [ "sum" ], "displayMode": "table", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (priority) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=~\"$severity\"}[1m]))", "legendFormat": "{{priority}}", "refId": "A" } ], "title": "Events by Priority", "type": "timeseries" }, { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 30 }, "id": 100, "panels": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 12, "w": 24, "x": 0, "y": 31 }, "id": 101, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "{rule=~\".+\", hostname=~\"$host\", priority=\"Critical\"} | json | line_format \"🔴 [{{.hostname}}] {{.rule}} | {{.output_fields_proc_cmdline}}\"", "refId": "A" } ], "title": "Critical Events", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 50 }, { "color": "orange", "value": 200 }, { "color": "red", "value": 500 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 1 }, "id": 102, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname, source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Critical\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Events by Host and Source", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "hostname": "Host", "source": "Source" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 500 }, { "color": "red", "value": 1000 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 1 }, "id": 103, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Critical\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Top Rules", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "rule": "Rule" } } } ], "type": "table" } ], "title": "🔴 Critical", "type": "row" }, { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 32 }, "id": 110, "panels": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 12, "w": 24, "x": 0, "y": 33 }, "id": 111, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "{rule=~\".+\", hostname=~\"$host\", priority=\"Error\"} | json | line_format \"🟠 [{{.hostname}}] {{.rule}} | {{.output_fields_proc_cmdline}}\"", "refId": "A" } ], "title": "Error Events", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 50 }, { "color": "orange", "value": 200 }, { "color": "red", "value": 500 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 1 }, "id": 112, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname, source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Error\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Events by Host and Source", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "hostname": "Host", "source": "Source" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 500 }, { "color": "red", "value": 1000 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 1 }, "id": 113, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Error\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Top Rules", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "rule": "Rule" } } } ], "type": "table" } ], "title": "🟠 Error", "type": "row" }, { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 34 }, "id": 120, "panels": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 12, "w": 24, "x": 0, "y": 35 }, "id": 121, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "{rule=~\".+\", hostname=~\"$host\", priority=\"Warning\"} | json | line_format \"🟡 [{{.hostname}}] {{.rule}} | {{.output_fields_proc_cmdline}}\"", "refId": "A" } ], "title": "Warning Events", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 50 }, { "color": "orange", "value": 200 }, { "color": "red", "value": 500 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 1 }, "id": 122, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname, source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Warning\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Events by Host and Source", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "hostname": "Host", "source": "Source" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 500 }, { "color": "red", "value": 1000 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 1 }, "id": 123, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Warning\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Top Rules", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "rule": "Rule" } } } ], "type": "table" } ], "title": "🟡 Warning", "type": "row" }, { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 36 }, "id": 130, "panels": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 12, "w": 24, "x": 0, "y": 37 }, "id": 131, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "{rule=~\".+\", hostname=~\"$host\", priority=\"Notice\"} | json | line_format \"🔵 [{{.hostname}}] {{.rule}} | {{.output_fields_proc_cmdline}}\"", "refId": "A" } ], "title": "Notice Events", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 50 }, { "color": "orange", "value": 200 }, { "color": "red", "value": 500 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 1 }, "id": 132, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname, source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Notice\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Events by Host and Source", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "hostname": "Host", "source": "Source" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 500 }, { "color": "red", "value": 1000 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 1 }, "id": 133, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Notice\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Top Rules", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "rule": "Rule" } } } ], "type": "table" } ], "title": "🔵 Notice", "type": "row" }, { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 38 }, "id": 140, "panels": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 12, "w": 24, "x": 0, "y": 39 }, "id": 141, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "{rule=~\".+\", hostname=~\"$host\", priority=\"Informational\"} | json | line_format \"💠 [{{.hostname}}] {{.rule}} | {{.output_fields_proc_cmdline}}\"", "refId": "A" } ], "title": "Informational Events", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 50 }, { "color": "orange", "value": 200 }, { "color": "red", "value": 500 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 1 }, "id": 142, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname, source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Informational\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Events by Host and Source", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "hostname": "Host", "source": "Source" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 500 }, { "color": "red", "value": 1000 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 1 }, "id": 143, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Informational\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Top Rules", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "rule": "Rule" } } } ], "type": "table" } ], "title": "💠 Informational", "type": "row" }, { "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 40 }, "id": 150, "panels": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "gridPos": { "h": 12, "w": 24, "x": 0, "y": 41 }, "id": 151, "options": { "dedupStrategy": "signature", "enableLogDetails": true, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "{rule=~\".+\", hostname=~\"$host\", priority=\"Debug\"} | json | line_format \"🟣 [{{.hostname}}] {{.rule}} | {{.output_fields_proc_cmdline}}\"", "refId": "A" } ], "title": "Debug Events", "type": "logs" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 50 }, { "color": "orange", "value": 200 }, { "color": "red", "value": 500 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 1 }, "id": 152, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (hostname, source) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Debug\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Events by Host and Source", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "hostname": "Host", "source": "Source" } } } ], "type": "table" }, { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 80 }, { "id": "custom.cellOptions", "value": { "type": "color-background-solid" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 500 }, { "color": "red", "value": 1000 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 1 }, "id": 153, "options": { "cellHeight": "sm", "footer": { "enablePagination": true, "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Count" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "expr": "sum by (rule) (count_over_time({rule=~\".+\", hostname=~\"$host\", priority=\"Debug\"}[$__range]))", "instant": true, "range": false, "refId": "A" } ], "title": "Top Rules", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "renameByName": { "Value": "Count", "rule": "Rule" } } } ], "type": "table" } ], "title": "🟣 Debug", "type": "row" } ], "refresh": "", "schemaVersion": 39, "tags": [ "Security", "Runtime" ], "templating": { "list": [ { "current": {}, "hide": 0, "includeAll": false, "label": "Datasource", "multi": false, "name": "datasource", "options": [], "query": "loki", "queryValue": "", "refresh": 1, "regex": "", "skipUrlSync": false, "type": "datasource" }, { "current": { "selected": false, "text": "app=\"falcosidekick\"", "value": "app=\"falcosidekick\"" }, "description": "LogQL filter to get only Falco logs.", "hide": 2, "includeAll": false, "multi": false, "name": "filter_falco_logs", "options": [ { "selected": true, "text": "app=\"falcosidekick\"", "value": "app=\"falcosidekick\"" } ], "query": "app=\"falcosidekick\"", "skipUrlSync": false, "type": "custom" }, { "current": {}, "datasource": { "type": "loki", "uid": "${datasource}" }, "definition": "", "hide": 0, "includeAll": true, "label": "Priority", "multi": true, "name": "priority", "options": [], "query": { "label": "priority", "refId": "LokiVariableQueryEditor-VariableQuery", "stream": "{$filter_falco_logs}", "type": 1 }, "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, "type": "query" }, { "current": { "selected": false, "text": "10", "value": "10" }, "description": "this variable is only for the Top Panel!", "hide": 0, "includeAll": false, "label": "Top", "multi": false, "name": "top", "options": [ { "selected": false, "text": "5", "value": "5" }, { "selected": true, "text": "10", "value": "10" }, { "selected": false, "text": "20", "value": "20" }, { "selected": false, "text": "50", "value": "50" } ], "query": "5,10,20,50", "queryValue": "", "skipUrlSync": false, "type": "custom" }, { "current": { "selected": true, "text": "", "value": "" }, "description": "this variable is only for the Logs Panel!", "hide": 0, "label": "Search-Pattern", "name": "searchpattern", "options": [ { "selected": true, "text": "", "value": "" } ], "query": "", "skipUrlSync": false, "type": "textbox" }, { "current": { "selected": true, "text": "All", "value": "$__all" }, "datasource": { "type": "loki", "uid": "P8E80F9AEF21F6940" }, "definition": "label_values({rule=~\".+\"}, hostname)", "hide": 0, "includeAll": true, "multi": true, "name": "host", "options": [], "query": "label_values({rule=~\".+\"}, hostname)", "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, "type": "query" }, { "current": { "selected": true, "text": "All", "value": "$__all" }, "hide": 0, "includeAll": true, "multi": true, "name": "severity", "options": [ { "selected": false, "text": "Emergency", "value": "Emergency" }, { "selected": false, "text": "Alert", "value": "Alert" }, { "selected": false, "text": "Critical", "value": "Critical" }, { "selected": false, "text": "Error", "value": "Error" }, { "selected": false, "text": "Warning", "value": "Warning" }, { "selected": false, "text": "Notice", "value": "Notice" }, { "selected": false, "text": "Informational", "value": "Informational" }, { "selected": false, "text": "Debug", "value": "Debug" } ], "query": "Emergency,Alert,Critical,Error,Warning,Notice,Informational,Debug", "skipUrlSync": false, "type": "custom" } ] }, "time": { "from": "now-24h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Falco", "uid": "ozk-flc-mon", "version": 21, "weekStart": "" }