voidquark / grafana-dashboards Goto Github PK
View Code? Open in Web Editor NEWGrafana Dashboards Collection
Home Page: https://grafana.com/orgs/voidquark
License: MIT License
grafana-dashboards's People
Stargazers
Watchers
grafana-dashboards's Issues
Problem with query "Total Failed - Unique IP"
Hello,
I'm using this repository as part of my bachelor thesis (I quoted it) and when using the .json file for ssh logs I get the following error message:
Inspect: Total Failed - Unique IP
parse error at line 1, col 11: syntax error: unexpected ip, expecting IDENTIFIER or )
queries:
"expr": "count by (ip) (count_over_time({$label_name="$label_value", job="$job", instance="$instance"} |="sshd[" |": Invalid|: Connection closed by authenticating user|: Failed" |~".* from .*" | pattern <_> from <ip> port | error="" [$__interval]))
"expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> <ip> port` | __error__=\"\" [$__interval]))",
Would be possible to help find what I am doing wrong here?
complete .json
{
"datasource": {
"type": "loki",
"uid": "8tA2QbPVk"
},
"fieldConfig": {
"defaults": {
"mappings": [
{
"options": {
"match": "null",
"result": {
"index": 0,
"text": "0"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "purple",
"value": null
},
{
"color": "red",
"value": 1
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 3,
"x": 9,
"y": 1
},
"id": 21,
"options": {
"reduceOptions": {
"values": false,
"calcs": [],
"fields": ""
},
"orientation": "auto",
"textMode": "auto",
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto"
},
"pluginVersion": "9.4.7",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "8tA2QbPVk"
},
"editorMode": "code",
"expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" |~\".* from .*\" | pattern `<_> from <ip> port` | __error__=\"\" [$__interval]))",
"hide": false,
"legendFormat": "{{ ip }}",
"queryType": "range",
"refId": "A",
"resolution": 1
},
{
"datasource": {
"type": "loki",
"uid": "8tA2QbPVk"
},
"editorMode": "code",
"expr": "count by (ip) (count_over_time({$label_name=~\"$label_value\", job=~\"$job\", instance=~\"$instance\"} |=\"sshd[\" |~\": Invalid|: Connection closed by authenticating user|: Failed\" !~\".* from .*\" | pattern `<_> user <_> <ip> port` | __error__=\"\" [$__interval]))",
"hide": false,
"legendFormat": "{{ ip }}",
"queryType": "range",
"refId": "B"
}
],
"title": "Total Failed - Unique IP",
"transformations": [
{
"id": "labelsToFields",
"options": {
"mode": "columns",
"valueLabel": "ip"
}
},
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"178.40.119.51": false,
"194.154.240.221": false,
"label": true
},
"indexByName": {},
"renameByName": {
"value": "IP"
}
}
},
{
"id": "calculateField",
"options": {
"alias": "Unique IP",
"mode": "reduceRow",
"reduce": {
"include": [],
"reducer": "count"
},
"replaceFields": true
}
}
],
"type": "stat"
}
Kind regards,
Bruno
[BUG] [SSH Logs] Parse error : queries require at least one regexp or equality matcher that does not have an empty-compatible value.
Loki Version: [2.9.6]
Grafana Version: [10.4.1]
Promtail Version: [2.9.6]
Dashboard Name: [SSH Logs]
Hello. I'm using your SSH Logs dashboard and all the time getting the error:
Error
parse error : queries require at least one regexp or equality matcher that does not have an empty-compatible value. For instance, app=~".*" does not meet this requirement, but app=~".+" will
In my case promtail.conf looks like:
scrape_configs:
- job_name: system
static_configs:
- targets:
- localhost
labels:
job: messages
__path__: /var/log/messages
- job_name: audit
static_configs:
- targets:
- localhost
labels:
job: audit
__path__: /var/log/audit/*.log
- job_name: secure
static_configs:
- targets:
- localhost
labels:
job: secure
__path__: /var/log/secure
And in a grafana I chose all Label name, all Label Value and all Job
Could you please help me solve the problem?
For more than seven days, loki has not returned any results from these queries.
Good afternoon. My loki instance doesn't return results in more than 7 days for large queries.
I have tried all the loki configuration settings. Could you please provide your example loki config file?
please help to display a dashboard that doesn't show data
please help to display empty table results
Tested on:
RedHat Enterprise Linux (RHEL) 8
Grafana 9.3.6 Tested with Grafana version
Nextcloud 23.0.12
Error updating options: e.replace is not a function
First I want to say I'm totally new to Grafana. I've got Gitlab with built-in Grafana and a separate Loki-docker.
When opening the dashboard, I get 6 errors like this:
Templating [instance]
Error updating options: e.replace is not a function
And an empty dashboard.
Data seems to be received, according to the explorer:
Versions:
- Grafana v7.5.16 (c0e2ad126c) - this is what Gitlab provides... I secretly think this is the problem
- Loki
latestfrom Docker
Is there a way to fix this other than not using the Gitlab-version?
too many outstanding requests
At first: thanks for sharing your work!
I followed your howto ( https://voidquark.com/parsing-nextcloud-audit-logs-with-grafana-loki/ ) and successfully get nextcloud logs into Loki.
The dashboard works in general but often gives me: "Too many outstanding requests"
Could you share a working loki-config maybe, I wonder if I miss something there?
My environment:
- nc-26.0.5 in docker
- grafana/loki:2.8.4
- grafana/promtail:2.8.4
- grafana/grafana-oss:10.1.1
all hosted on Debian-12.1.
This is a rather small nextcloud-instance with ~50 users.
Additional thoughts:
- I managed to use the loki docker driver to directly pipe nextcloud-logs (type "syslog") into loki without writing and reading the logfiles (basically avoiding promtail). This looks like an improvement to me and might be worth a look. But the queries in the dashboard would have to be adjusted as well. I wonder if this might help to improve the overall perfomance.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.