Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Alarms dashboard. Modify exportAssets.py to export all references #117

Merged
merged 2 commits into from
Sep 23, 2019
Merged

Add Alarms dashboard. Modify exportAssets.py to export all references #117

merged 2 commits into from
Sep 23, 2019

Conversation

john-gress
Copy link

Schatzman
Schatzman suggested changes Sep 23, 2019
View reviewed changes
Copy link

@Schatzman Schatzman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review only, still testing but a couple of comments.

scripts/exportAssets.py Outdated
@@ -30,6 +30,16 @@ def check_elasticsearch_health():
logger.warning('[exportAssets.py] Caught HTTP exception: {0}'.format(err))
return False

def asset_object_received(response_json):
if response_json['hits']['total']['value'] == 1:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the response doesn't come back with the right structure, this function will throw an exception. Are there circumstances where this response might not contain ['hits']['total']['value']?

If you use the dict built-in get(), it will return None in the case of a missing key rather than throw an exception. Could do something like:

if response_json.get('hits'):
    if response_json['hits']['total']['value'] == 1:
            # do stuff

If 'hits' is in the response, then there better be total and value or ES is very broken...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to check for existence of hits.

scripts/exportAssets.py Outdated
panel_type = UTIL.safe_list_read(list_ob=db_panels_json[index], key='type')
panels_with_type[panel_id] = panel_type
return panels_with_type
def get_asset_references(asset_str):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We call the parameter for this function asset_str but then below on line 119 we assign its value to db_asset_json... Remove the assignment on line 119 and just call the param db_asset_json maybe?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Done.

craig-cogdill
craig-cogdill suggested changes Sep 23, 2019
View reviewed changes
resources/dashboard:Capture-Dashboard.json Outdated
@@ -44,8 +44,8 @@
"optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"Pcap Captured\",\"negate\":false,\"type\":\"phrase\",\"key\":\"Captured\",\"value\":\"true\",\"params\":{\"query\":true},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"Captured\":{\"query\":true,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"range\":{\"TimeStartRaw\":{\"gte\":\"1568688732\"}},\"meta\":{\"type\":\"range\",\"disabled\":false,\"negate\":false,\"alias\":\"Pcap Available on Disk\",\"key\":\"TimeStartRaw\",\"value\":\"1,566,770,100 to +\u221e\",\"params\":{\"gte\":\"1568688732\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"Pcap Written to Disk\",\"negate\":false,\"type\":\"phrase\",\"key\":\"Written\",\"value\":\"true\",\"params\":{\"query\":true},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match\":{\"Written\":{\"query\":true,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
"searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"Pcap Captured\",\"negate\":false,\"type\":\"phrase\",\"key\":\"Captured\",\"value\":\"true\",\"params\":{\"query\":true},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"Captured\":{\"query\":true,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"range\":{\"TimeStartRaw\":{\"gte\":\"1568951703\"}},\"meta\":{\"type\":\"range\",\"disabled\":false,\"negate\":false,\"alias\":\"Pcap Available on Disk\",\"key\":\"TimeStartRaw\",\"value\":\"1,566,770,100 to +\u221e\",\"params\":{\"gte\":\"1568688732\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"Pcap Written to Disk\",\"negate\":false,\"type\":\"phrase\",\"key\":\"Written\",\"value\":\"true\",\"params\":{\"query\":true},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match\":{\"Written\":{\"query\":true,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"time_zone\":\"America/Denver\"}}}}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and the File Reconstruction Dashboard currently have the captured timestamp of your dev box saved by default. We should change these references to TimeStartRaw: { gte: 0 } for the checked in versions.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Changes made.

@Schatzman
Copy link

Built and tested, looks great, all dashboards were there, no errors for the startup inserts in KibanaStartup.log after installing this rpm. Prior to this rpm I saw a couple of:

2019/09/23 09:52:42.226 DEBUG:  "POST /.kibana/_update/config:7.2.0 HTTP/1.1" 404 184
2019/09/23 09:52:42.227 WARNING:  [loadAssets.py] Failed to set default index pattern: 404 Client Error: Not Found

Which I believe you're already discussing with Craig.

👍

@john-gress john-gress merged commit 2e9968f into logrhythm:7.2.0_NM Sep 23, 2019
sperry94 pushed a commit that referenced this pull request Jan 30, 2020
@john-gress @sperry94
Merge pull request #117 from john-gress/add_alarms_dashboard_US314
156f8ed 
Add Alarms dashboard. Modify exportAssets.py to export all references
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@craig-cogdill craig-cogdill craig-cogdill approved these changes

@Schatzman Schatzman Schatzman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@john-gress @Schatzman @craig-cogdill