Compare commits
3 Commits
b46d5d5233
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
9b565ead55 | ||
|
|
b46e03552b | ||
|
|
e808ea9623 |
@@ -53,7 +53,7 @@
|
|||||||
},
|
},
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"expr": "count(rate(container_last_seen{name=~\"$container|.*\",name!=\"\"}[5m]))",
|
"expr": "count((time() - container_last_seen{name=~\"$container|.*\",name!=\"\"}) < 120)",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -409,7 +409,7 @@
|
|||||||
},
|
},
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"expr": "(container_memory_usage_bytes{name=~\"$container|.*\",name!=\"\"} / container_spec_memory_limit_bytes{name=~\"$container|.*\",name!=\"\"}) * 100",
|
"expr": "100 * (container_memory_usage_bytes{name=~\"$container|.*\",name!=\"\"} / container_spec_memory_limit_bytes{name=~\"$container|.*\",name!=\"\"}) and on(name) (container_spec_memory_limit_bytes{name=~\"$container|.*\",name!=\"\"} > 0)",
|
||||||
"legendFormat": "{{name}}",
|
"legendFormat": "{{name}}",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -169,7 +169,7 @@
|
|||||||
{
|
{
|
||||||
"editorMode": "code",
|
"editorMode": "code",
|
||||||
"exemplar": false,
|
"exemplar": false,
|
||||||
"expr": "irate(node_pressure_irq_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])",
|
"expr": "irate(node_pressure_irq_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) or vector(0)",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"instant": true,
|
"instant": true,
|
||||||
"legendFormat": "Irq",
|
"legendFormat": "Irq",
|
||||||
@@ -3392,7 +3392,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"editorMode": "code",
|
"editorMode": "code",
|
||||||
"expr": "rate(node_pressure_irq_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])",
|
"expr": "rate(node_pressure_irq_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) or vector(0)",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"legendFormat": "IRQ - Full",
|
"legendFormat": "IRQ - Full",
|
||||||
"range": true,
|
"range": true,
|
||||||
|
|||||||
@@ -185,7 +185,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 2\\d{2} ` [5m]))",
|
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 2\\d{2} ` [5m])) or vector(0)",
|
||||||
"legendFormat": "2xx 成功",
|
"legendFormat": "2xx 成功",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
},
|
},
|
||||||
@@ -194,7 +194,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 3\\d{2} ` [5m]))",
|
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 3\\d{2} ` [5m])) or vector(0)",
|
||||||
"legendFormat": "3xx 重定向",
|
"legendFormat": "3xx 重定向",
|
||||||
"refId": "B"
|
"refId": "B"
|
||||||
},
|
},
|
||||||
@@ -203,7 +203,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 4\\d{2} ` [5m]))",
|
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 4\\d{2} ` [5m])) or vector(0)",
|
||||||
"legendFormat": "4xx 用戶端錯誤",
|
"legendFormat": "4xx 用戶端錯誤",
|
||||||
"refId": "C"
|
"refId": "C"
|
||||||
},
|
},
|
||||||
@@ -212,7 +212,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 5\\d{2} ` [5m]))",
|
"expr": "sum(rate({service_name=\"proxy/traefik-access\"} |~ ` 5\\d{2} ` [5m])) or vector(0)",
|
||||||
"legendFormat": "5xx 伺服器錯誤",
|
"legendFormat": "5xx 伺服器錯誤",
|
||||||
"refId": "D"
|
"refId": "D"
|
||||||
}
|
}
|
||||||
@@ -282,7 +282,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "(sum(rate({service_name=\"proxy/traefik-access\"} |~ ` [45]\\d{2} ` [5m])) / sum(rate({service_name=\"proxy/traefik-access\"} [5m]))) * 100",
|
"expr": "(sum(rate({service_name=\"proxy/traefik-access\"} |~ ` [45]\\d{2} ` [5m])) / clamp_min(sum(rate({service_name=\"proxy/traefik-access\"} [5m])), 1e-9)) * 100",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -414,11 +414,11 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "{service_name=\"proxy/traefik-access\"} |~ ` [45]\\d{2} `",
|
"expr": "{service_name=\"proxy/traefik-access\"}",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"title": "🔝 錯誤請求 (4xx/5xx)",
|
"title": "🔝 最近請求 (Traefik Access)",
|
||||||
"type": "logs"
|
"type": "logs"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -36,7 +36,7 @@
|
|||||||
},
|
},
|
||||||
"id": 1,
|
"id": 1,
|
||||||
"options": {
|
"options": {
|
||||||
"content": "# TrueNAS Audit Overview\\n\\nNative TrueNAS audit events forwarded via remote syslog and ingested to Loki as `job=truenas_syslog`.\\n\\nUse filters above to focus by host and service.",
|
"content": "# TrueNAS Audit Overview\n\nNative TrueNAS audit events from remote syslog, parsed in Alloy, and stored in Loki as `job=\"truenas_syslog\"`.\n\n[Open Audit Logs Panel](#/viewPanel=4)\n\n## Quick Checks\n```bash\n# dns host (receiver)\nsudo systemctl status alloy --no-pager\nsudo tail -n 50 /var/log/truenas/truenas-syslog.log\n\n# truenas host (sender)\nmidclt call system.advanced.config | jq '{syslogserver,syslog_transport,syslog_audit,syslog_tls_certificate,sed_user}'\n```\n",
|
||||||
"mode": "markdown"
|
"mode": "markdown"
|
||||||
},
|
},
|
||||||
"pluginVersion": "12.2.1",
|
"pluginVersion": "12.2.1",
|
||||||
@@ -104,7 +104,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" [5m]))",
|
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"$svc\\\"}[5m]))",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -195,7 +195,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" |~ \\\"(?i)(\\\\\\\"success\\\\\\\": false|FAILED|denied|invalid)\\\" [5m]))",
|
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"$svc\\\",success=\\\"false\\\"}[5m]))",
|
||||||
"legendFormat": "Failures",
|
"legendFormat": "Failures",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
},
|
},
|
||||||
@@ -204,7 +204,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"(SUDO|SYSTEM)\\\\\\\"\\\" [5m]))",
|
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"SUDO|SYSTEM\\\"}[5m]))",
|
||||||
"legendFormat": "Privileged Actions",
|
"legendFormat": "Privileged Actions",
|
||||||
"refId": "B"
|
"refId": "B"
|
||||||
}
|
}
|
||||||
@@ -236,7 +236,7 @@
|
|||||||
"type": "loki",
|
"type": "loki",
|
||||||
"uid": "ef1qnibjxb5z4a"
|
"uid": "ef1qnibjxb5z4a"
|
||||||
},
|
},
|
||||||
"expr": "{job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\"",
|
"expr": "{job=\\\"truenas_syslog\\\",host=~\\\"$host\\\",svc=~\\\"$svc\\\"}",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -277,8 +277,8 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "svc",
|
"name": "svc",
|
||||||
"type": "custom",
|
"type": "query",
|
||||||
"query": "SMB,SYSTEM,SUDO,MIDDLEWARE",
|
"query": "label_values({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"}, svc)",
|
||||||
"includeAll": true,
|
"includeAll": true,
|
||||||
"allValue": ".*",
|
"allValue": ".*",
|
||||||
"multi": false,
|
"multi": false,
|
||||||
@@ -286,7 +286,14 @@
|
|||||||
"text": "All",
|
"text": "All",
|
||||||
"value": "$__all",
|
"value": "$__all",
|
||||||
"selected": true
|
"selected": true
|
||||||
}
|
},
|
||||||
|
"datasource": {
|
||||||
|
"type": "loki",
|
||||||
|
"uid": "ef1qnibjxb5z4a"
|
||||||
|
},
|
||||||
|
"definition": "label_values({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"}, svc)",
|
||||||
|
"refresh": 1,
|
||||||
|
"sort": 1
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -111,7 +111,7 @@
|
|||||||
"pluginVersion": "12.2.1",
|
"pluginVersion": "12.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"expr": "(\n sum(increase(unbound_cache_hits_total[15m])) +\n sum(increase(redis_keyspace_hits_total[15m]))\n)\n/\n(\n sum(increase(unbound_cache_hits_total[15m])) +\n sum(increase(unbound_cache_misses_total[15m])) +\n sum(increase(redis_keyspace_hits_total[15m])) +\n sum(increase(redis_keyspace_misses_total[15m]))\n)",
|
"expr": "(sum(rate(unbound_cache_hits_total[30m])) + sum(rate(redis_keyspace_hits_total[30m]))) / clamp_min((sum(rate(unbound_cache_hits_total[30m])) + sum(rate(unbound_cache_misses_total[30m])) + sum(rate(redis_keyspace_hits_total[30m])) + sum(rate(redis_keyspace_misses_total[30m]))), 1e-9)",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@@ -1001,7 +1001,7 @@
|
|||||||
{
|
{
|
||||||
"direction": "backward",
|
"direction": "backward",
|
||||||
"editorMode": "code",
|
"editorMode": "code",
|
||||||
"expr": "topk(10, sum by (domain) (count_over_time({job=\"unbound\"} [5m])))",
|
"expr": "topk(10, sum by (domain) (count_over_time({job=\"unbound\"} | pattern \"<_> <_> reply: <_> <domain> <_> <_> <_> <_> <_> <_>\" [5m])))",
|
||||||
"queryType": "instant",
|
"queryType": "instant",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
@@ -1162,7 +1162,7 @@
|
|||||||
"pluginVersion": "12.2.1",
|
"pluginVersion": "12.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"expr": "sum by (instance) (rate(unbound_cache_hits_total[5m])) /\n(\n sum by (instance) (rate(unbound_cache_hits_total[5m])) +\n sum by (instance) (rate(unbound_cache_misses_total[5m]))\n)",
|
"expr": "sum by (instance) (rate(unbound_cache_hits_total[30m])) / clamp_min((sum by (instance) (rate(unbound_cache_hits_total[30m])) + sum by (instance) (rate(unbound_cache_misses_total[30m]))), 1e-9)",
|
||||||
"legendFormat": "{{instance}}",
|
"legendFormat": "{{instance}}",
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user