diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 3bde43454..e52dfb1fd 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -76,6 +76,7 @@ /fluentbit/ @zhenyami /flume/ @KealanMaas /gatekeeper/ @arapulido ara.pulido@datadoghq.com +/gigamon/ @Mrudula-Oruganti-Gigamon /gitea/ @FlorentClarret /go_pprof_scraper/ @nsrip-dd /gnatsd/ @stephenprater @jaredhoyt dev@goldstar.com @@ -483,6 +484,7 @@ /gitea/assets/dashboards @FlorentClarret @DataDog/documentation @DataDog/reporting-and-sharing @DataDog/agent-integrations /gitea/assets/monitors @FlorentClarret @DataDog/documentation @DataDog/alerting-product @DataDog/agent-integrations +/gigamon/assets/logs/ @Mrudula-Oruganti-Gigamon @DataDog/logs-backend /gnatsd_streaming/*metadata.csv @stephenprater @jaredhoyt dev@goldstar.com @DataDog/documentation /gnatsd_streaming/manifest.json @stephenprater @jaredhoyt dev@goldstar.com @DataDog/documentation /gnatsd_streaming/README.md @stephenprater @jaredhoyt dev@goldstar.com @DataDog/documentation diff --git a/gigamon/CHANGELOG.md b/gigamon/CHANGELOG.md new file mode 100644 index 000000000..9178cf308 --- /dev/null +++ b/gigamon/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Gigamon + +## 1.0.0 / 2024-10-04 + +***Added***: + +* Initial Release diff --git a/gigamon/README.md b/gigamon/README.md new file mode 100644 index 000000000..a593dd0a4 --- /dev/null +++ b/gigamon/README.md @@ -0,0 +1,39 @@ +# Gigamon + +## Overview +[Gigamon][1] Application Metadata Intelligence (AMI) empowers your Observability, Security Information and Event Management (SIEM), and Network Performance Monitoring tools with critical metadata attributes across thousands of business, consumer, and IT applications and services. Get deep application visibility to quickly pinpoint performance bottlenecks, quality issues, and potential network security risks. Gigamon's AMI helps you monitor and manage complex digital applications for your digital transformation initiatives. This can be achieved through the Gigamon Solution by sending the AMI metadata to Datadog. Some benefits to highlight are Rich Actionable Insights, Boost Security Posture, etc. + +## Setup +Gigamon sends AMI metadata [AMX][2] to the Datadog API using HTTP `POST`. + +### Installation + +GigaVUE V Series Node is a virtual machine running in the customer's infrastructure which processes and distributes network traffic. Gigamon Application Metadata Exporter (AMX) converts the output from the AMI in CEF format into JSON and sends it to Datadog. The AMX application can be deployed only on a V Series Node and can be connected to AMI running on a physical node or a virtual machine. The AMX application and the AMI are managed by GigaVUE-FM. + +1. After you install AMX in your environment, create a monitoring session in [FM][3]. +2. Edit the exporter and provide the following required fields: + a. Alias: Name of the exporter (String). + b. Ingestor: Specify the Port as "514" and Type as "ami". + c. Cloud Tool Exports: Create a new exporter tool by selecting '+' and add details as shown in the following diagram: + ![1](https://raw.githubusercontent.com/DataDog/integrations-extras/master/gigamon/images/images/gigamon1.png) + ![2](https://raw.githubusercontent.com/DataDog/integrations-extras/master/gigamon/images/images/gigamon2.png) + + +## Data Collected + +### Metadata Attributes +Gigamon deep packet inspection extracts 7500+ application metadata attributes and forwards them to Datadog. Gigamon Application Metadata Protobook provides a complete list of supported protocols and their attributes. These protocols can also be viewed as groups by Tags, Family, and Classification method. + +Gigamon AMX converts the output from the AMI in CEF format into JSON and sends it to Datadog. + +You can access the Application Metadata Protobook from the [GigaVUE FM][4]. + +## Troubleshooting +Need help? Contact [Gigamon Support][5]. + +[1]: http://gigamon.com +[2]: https://docs.gigamon.com/doclib66/Content/GV-Cloud-V-Series-Applications/AMX_intro.html +[3]: https://docs.gigamon.com/doclib66/Content/GigaVUE_Cloud_Suites.html?tocpath=GigaVUE%20Cloud%20Suite%7C_____0 +[4]: https://docs.gigamon.com/doclib66/Content/GV-GigaSMART/Application%20Protocol%20Bundle.html +[5]: https://www.gigamon.com/support/support-and-services/contact-support.html + diff --git a/gigamon/assets/dashboards/gigamon_overview.json b/gigamon/assets/dashboards/gigamon_overview.json new file mode 100644 index 000000000..7d7dda049 --- /dev/null +++ b/gigamon/assets/dashboards/gigamon_overview.json @@ -0,0 +1,2922 @@ +{ + "title": "Gigamon Overview", + "description": "This dashboard provides overview a high-level overview of Gigamon's Deep Observability to display different applications, Rogue activities, Security postures, Troubleshooting Network traffic and Suspicious Activities.", + "widgets": [ + { + "id": 8182222210725779, + "definition": { + "title": "Gigamon Overview", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3152073490592164, + "definition": { + "type": "image", + "url": "https://raw.githubusercontent.com/Mrudula-Oruganti-Gigamon/integrations-extras/master/gigamon/images/final%20logo.svg", + "sizing": "fill", + "has_background": true, + "has_border": true, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 2 + } + }, + { + "id": 2339152323368686, + "definition": { + "type": "note", + "content": "This dashboard provides a high-level overview of Gigamon’s Deep Observability to display different applications, Rogue activities, Security postures, Troubleshooting Network traffic and Suspicious Activities. \n\n", + "background_color": "blue", + "font_size": "16", + "text_align": "center", + "vertical_align": "top", + "show_tick": true, + "tick_pos": "25%", + "tick_edge": "bottom", + "has_padding": true + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 2 + } + }, + { + "id": 1734710857721680, + "definition": { + "type": "note", + "content": "Further reading: \n1. Application Metadata Intelligence (AMI) empowers your Observability, Security Information and Event Management (SIEM), and Network Performance Monitoring tools with critical metadata attributes across thousands of business, consumer, and IT applications and services. \n2. Gigamon's AMI helps you monitor and manage complex digital applications for your digital transformation initiatives. \n3. This can be achieved through the Gigamon Solution by sending the AMI metadata to Datadog.\n4. Some benefits to highlight are Rich Actionable Insights, Boost Security Posture, etc. To know more, Click [here](https://docs.gigamon.com/doclib66/Content/GV-Cloud-V-Series-Applications/AMX_intro.html). ", + "background_color": "orange", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "75%", + "tick_edge": "top", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 2, + "width": 12, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 6 + } + }, + { + "id": 1383861626021082, + "definition": { + "title": "DNS Details", + "background_color": "vivid_yellow", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 572263807309523, + "definition": { + "title": "DNS Response times ", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "response_format": "timeseries", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dns_response_time", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "style": { + "palette": "classic" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 3469118238325912, + "definition": { + "title": "Top DNS queries", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "search": { + "query": "" + }, + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@src_ip", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@dst_ip", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@dns_query", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@dns_host", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 7479220948489064, + "definition": { + "title": "DNS Host Type", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "a", + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "search": { + "query": "source:gigamon @dns_host:*" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dns_host", + "limit": 10, + "should_exclude_missing": true, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 0, + "y": 2, + "width": 12, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 6, + "width": 12, + "height": 6 + } + }, + { + "id": 7517105921201743, + "definition": { + "title": "Web Application details", + "background_color": "vivid_orange", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4650698518609459, + "definition": { + "title": "Http Methods seen", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_method", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 1886605252975338, + "definition": { + "title": "Web Server performance", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_server", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + }, + { + "facet": "@http_rtt", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + }, + { + "facet": "@src_ip", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + }, + { + "facet": "@dst_ip", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + } + ] + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "formula": "query1" + } + ] + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 2 + } + }, + { + "id": 4827677953357939, + "definition": { + "title": "Web Access method info", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "search": { + "query": "" + }, + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_method", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@src_ip", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@dst_ip", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + }, + { + "facet": "@http_uri", + "limit": 5, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 2, + "width": 6, + "height": 2 + } + }, + { + "id": 7576585332307746, + "definition": { + "title": "HTTP URLs Accessed", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src_ip", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + }, + { + "facet": "@dst_ip", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + }, + { + "facet": "@http_uri_full", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + }, + { + "facet": "@http_rtt", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 5 + } + ] + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "formula": "query1" + } + ] + } + ] + }, + "layout": { + "x": 6, + "y": 2, + "width": 6, + "height": 2 + } + } + ] + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 5 + } + }, + { + "id": 3446463347271401, + "definition": { + "title": "SMB Details", + "background_color": "green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 6150141742201989, + "definition": { + "title": "SMB logins", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@smb_login", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 465878956982110, + "definition": { + "title": "SMB Versions seen on Network", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@smb_version", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 25, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "scaling": "absolute" + } + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 17, + "width": 12, + "height": 4 + } + }, + { + "id": 7856301779454967, + "definition": { + "title": "SSL Details", + "background_color": "blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3195144451877296, + "definition": { + "title": "Suspicious Usage", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "@app_name:(bittorrent OR *min*)" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@app_name", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + }, + { + "facet": "@src_ip", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + }, + { + "facet": "@dst_ip", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "formula": "query1" + } + ] + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 1453663274722350, + "definition": { + "title": "Compression schemes", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_content_encoding", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 3 + } + }, + { + "id": 2059080547535968, + "definition": { + "title": "Top 10 Cipher suites", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@ssl_cipher_suite_id", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 6, + "y": 3, + "width": 6, + "height": 3 + } + }, + { + "id": 1585396899898200, + "definition": { + "title": "TLS Version", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@ssl_protocol_version", + "limit": 2, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "-@ssl_protocol_version:771 -@ssl_protocol_version:772" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 2, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 6, + "y": 6, + "width": 6, + "height": 3 + } + }, + { + "id": 1774790598181452, + "definition": { + "title": "Expired SSL Certificates", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@src_ip", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@dst_ip", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@ssl_validity_not_after", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@ssl_issuer", + "limit": 5, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "" + }, + "storage": "hot" + } + ], + "sort": { + "count": 625, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "formula": "query1" + } + ] + } + ] + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 21, + "width": 12, + "height": 14 + } + }, + { + "id": 6339501929036073, + "definition": { + "title": "Applications Details", + "background_color": "vivid_green", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8750256876312612, + "definition": { + "title": "Application Overview", + "type": "treemap", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@app_name", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "-@app_name:snmp -@app_name:Classification-unknown -@app_name:http @app_name:*" + } + } + ], + "response_format": "scalar", + "style": { + "palette": "semantic" + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 60431138310985, + "definition": { + "title": "Media type (http Mime)", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_mime_type", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 4087252166246586, + "definition": { + "title": "IP Versions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "style": { + "palette": "classic" + }, + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@ip_version", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ] + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 6, + "height": 3 + } + }, + { + "id": 3973368678927273, + "definition": { + "title": "Traffic Volume", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "response_format": "timeseries", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src_bytes", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + }, + { + "facet": "@dst_bytes", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "style": { + "palette": "dog_classic", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 6, + "y": 4, + "width": 6, + "height": 3 + } + }, + { + "id": 5686090246127629, + "definition": { + "title": "Client Software", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_user_agent", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "" + } + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 6000, + "palette": "white_on_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 2 + } + }, + { + "id": 4242276978674381, + "definition": { + "title": "DHCP message types seen", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "search": { + "query": "" + }, + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@dhcp_message_type", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + }, + { + "data_source": "logs", + "name": "query2", + "search": { + "query": "" + }, + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1 + query2" + } + ] + } + ], + "type": "sunburst" + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 621832198909910, + "definition": { + "title": "Server Software", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "search": { + "query": "" + }, + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "name": "query1", + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_server_agent", + "sort": { + "aggregation": "count", + "order": "desc" + }, + "limit": 10 + } + ] + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 0, + "y": 9, + "width": 6, + "height": 2 + } + }, + { + "id": 5475040985875677, + "definition": { + "title": "Flow End Reason", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "a", + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "search": { + "query": "" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@end_reason", + "limit": 10, + "should_exclude_missing": true, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 3 + } + }, + { + "id": 1740161475726170, + "definition": { + "title": "Total number of unanswered SYN", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@tcp_flag_syn", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "@tcp_flag_syn:1" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "type": "sunburst" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 6443899280877788, + "definition": { + "title": "Top 10 Source", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "a", + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "search": { + "query": "-@src_ip:172.16.18.51" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src_ip", + "limit": 10, + "should_exclude_missing": true, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 0, + "y": 14, + "width": 6, + "height": 3 + } + }, + { + "id": 2452546857498648, + "definition": { + "title": "Total number of unanswered SYN ACK", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@tcp_flag_synack", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "@tcp_flag_synack:1" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "type": "sunburst" + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 4 + } + }, + { + "id": 5598903342585400, + "definition": { + "title": "Top 10 Destination", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@src_ip", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + }, + "should_exclude_missing": true + } + ], + "search": { + "query": "-@dst_ip:172.16.18.51" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 0, + "y": 17, + "width": 6, + "height": 4 + } + }, + { + "id": 4683212103774970, + "definition": { + "title": "Sessions with Retransmission", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@tcp_retransmission_bytes", + "limit": 250, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "@tcp_retransmission_bytes" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "type": "sunburst" + }, + "layout": { + "x": 6, + "y": 19, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 24, + "is_column_break": true + } + }, + { + "id": 6457096984164463, + "definition": { + "title": "HTTP Details", + "background_color": "vivid_purple", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3673368443711708, + "definition": { + "title": "HTTP RTT", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_rtt", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@app_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:gigamon" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 4 + } + }, + { + "id": 2088938622096568, + "definition": { + "title": "Network Latency", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@tcp_rtt", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@app_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:gigamon" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 4, + "width": 12, + "height": 3 + } + }, + { + "id": 3378126820635107, + "definition": { + "title": "Application Latency", + "type": "treemap", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@tcp_rtt_app" + }, + "group_by": [ + { + "facet": "@app_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@tcp_rtt_app" + } + } + ], + "search": { + "query": "source:gigamon" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ] + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 5 + } + }, + { + "id": 1748344417518578, + "definition": { + "title": "HTTP User Agent", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "cardinality", + "metric": "@http_user_agent" + }, + "group_by": [ + { + "facet": "@app_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@http_user_agent" + } + }, + { + "facet": "@http_user_agent", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@http_user_agent" + } + }, + { + "facet": "@http2_user_agent", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "cardinality", + "metric": "@http_user_agent" + } + } + ], + "search": { + "query": "" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 12, + "width": 12, + "height": 4 + } + }, + { + "id": 8903669053620083, + "definition": { + "title": "HTTP Stats", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@app_name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@http_uri_full", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@http_rtt", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + }, + { + "facet": "@http_uri_path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:gigamon" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "text_formats": [], + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 16, + "width": 12, + "height": 6 + } + }, + { + "id": 7100938724708856, + "definition": { + "title": "HTTP Error Code", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "response_format": "timeseries", + "queries": [ + { + "name": "a", + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "search": { + "query": "source:gigamon @http_code:>=400 @http_code:<=500" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_code", + "limit": 10, + "should_exclude_missing": true, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "style": { + "palette": "dog_classic" + }, + "display_type": "bars" + } + ] + }, + "layout": { + "x": 0, + "y": 22, + "width": 4, + "height": 2 + } + }, + { + "id": 552484404372978, + "definition": { + "title": "HTTP Method", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "a", + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "search": { + "query": "source:gigamon @http_method:*" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_method", + "limit": 10, + "should_exclude_missing": true, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 4, + "y": 22, + "width": 4, + "height": 2 + } + }, + { + "id": 4312942145870433, + "definition": { + "title": "HTTP Content Type", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "a", + "data_source": "logs", + "compute": { + "aggregation": "count" + }, + "search": { + "query": "source:gigamon @http_content_type:*" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http_content_type", + "limit": 10, + "should_exclude_missing": true, + "sort": { + "aggregation": "count", + "order": "desc" + } + } + ], + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ] + }, + "layout": { + "x": 8, + "y": 22, + "width": 4, + "height": 2 + } + }, + { + "id": 986505225501718, + "definition": { + "title": "Top 10 HTTP Response Code", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_code", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + }, + "should_exclude_missing": true + } + ], + "search": { + "query": "source:gigamon @http_code:*" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 4, + "height": 2 + } + }, + { + "id": 5195968195324698, + "definition": { + "title": "Top 10 v1 API Count", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_uri_path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:gigamon @http_uri_path:*v1*" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 24, + "width": 4, + "height": 2 + } + }, + { + "id": 4618983271314292, + "definition": { + "title": "Total API Count", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "a", + "limit": { + "order": "desc" + } + } + ], + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_uri_path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:gigamon @http_uri_path:*" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 8, + "y": 24, + "width": 4, + "height": 2 + } + }, + { + "id": 6156267679948350, + "definition": { + "title": "Top 10 v2 API Count", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_uri_path", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:gigamon @http_uri_path:*v2*" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 26, + "width": 4, + "height": 2 + } + }, + { + "id": 7001998217150697, + "definition": { + "title": "Unauthorized User Agent", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "logs", + "name": "a", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@http_user_agent", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + }, + "should_exclude_missing": true + } + ], + "search": { + "query": "source:gigamon -@http_user_agent:Mozilla*" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "a" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 4, + "y": 26, + "width": 7, + "height": 3 + } + } + ] + }, + "layout": { + "x": 0, + "y": 24, + "width": 12, + "height": 1 + } + }, + { + "id": 7205253529556850, + "definition": { + "title": "Web Traffic", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "response_format": "scalar", + "queries": [ + { + "data_source": "logs", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@app_name", + "limit": 100, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "@app_name:(http OR https OR http2)" + } + } + ], + "sort": { + "count": 100, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "semantic" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + } + ], + "template_variables": [], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed", + "tags": [] +} \ No newline at end of file diff --git a/gigamon/assets/logs/gigamon.yaml b/gigamon/assets/logs/gigamon.yaml new file mode 100644 index 000000000..0bfea3f09 --- /dev/null +++ b/gigamon/assets/logs/gigamon.yaml @@ -0,0 +1,409 @@ +id: gigamon +metric_id: gigamon +backend_only: false +facets: + - groups: + - DNS + name: Question Name + path: dns.question.name + source: log + - groups: + - DNS + name: Answer Type + path: dns.answer.type + source: log + - groups: + - Web Access + name: URL Path + path: http.url_details.path + source: log + - groups: + - Web Access + name: URL Host + path: http.url_details.host + source: log + - groups: + - Web Access + name: Version + path: http.version + source: log + - groups: + - Web Access + name: Method + path: http.method + source: log + - groups: + - Web Access + name: OS + path: http.useragent_details.os.family + source: log + - groups: + - Web Access + name: Client Port + path: network.client.port + source: log + - groups: + - Web Access + name: Destination Port + path: network.destination.port + source: log + - groups: + - Web Access + name: Client IP + path: network.client.ip + source: log + - groups: + - Web Access + name: Destination IP + path: network.destination.ip + source: log + - facetType: list + groups: + - gigamon + name: App Id + path: gigamon.app_id + source: log + type: integer + - facetType: list + groups: + - gigamon + name: Application Name + path: gigamon.app_name + source: log + type: string + - facetType: list + groups: + - gigamon + name: Destination MAC Address + path: gigamon.dst_mac + source: log + type: string + - facetType: list + groups: + - gigamon + name: Destination Packets + path: gigamon.dst_packets + source: log + type: integer + - facetType: list + groups: + - gigamon + name: DNS TTL + path: gigamon.dns_ttl + source: log + type: string + - facetType: list + groups: + - gigamon + name: IP Version + path: gigamon.ip_version + source: log + type: string + - facetType: list + groups: + - gigamon + name: Source MAC address + path: gigamon.src_mac + source: log + type: string + - facetType: list + groups: + - gigamon + name: Source Packets + path: gigamon.src_packets + source: log + type: integer + - facetType: list + groups: + - gigamon + name: SSL Cipher Suite ID + path: gigamon.ssl_cipher_suite_id + source: log + type: string + - facetType: list + groups: + - gigamon + name: SSL Common Name + path: gigamon.ssl_common_name + source: log + type: string + - facetType: list + groups: + - gigamon + name: SSL Issuer + path: gigamon.ssl_issuer + source: log + type: string + - facetType: list + groups: + - gigamon + name: SSL Validity Not After + path: gigamon.ssl_validity_not_after + source: log + type: string + - facetType: list + groups: + - gigamon + name: SSL Validity Not Before + path: gigamon.ssl_validity_not_before + source: log + type: string +pipeline: + type: pipeline + name: gigamon + enabled: true + filter: + query: "source:gigamon" + processors: + - type: grok-parser + name: "Grok Parser : Parsing 'ts' timestamp" + enabled: true + source: ts + samples: + - Wed Jul 31 12:05:39 2024 + grok: + supportRules: "" + matchRules: command_parser %{date("EEE MMM dd HH:mm:ss yyyy"):ts} + - type: date-remapper + name: Define `ts` as the official date of the log + enabled: true + sources: + - ts + - type: attribute-remapper + name: Map `dns_query` to `dns.question.name` + enabled: true + sources: + - dns_query + sourceType: attribute + target: dns.question.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dns_host_type` to `dns.answer.type` + enabled: true + sources: + - dns_host_type + sourceType: attribute + target: dns.answer.type + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `http_uri_full` to `http.url_details.path` + enabled: true + sources: + - http_uri_full + sourceType: attribute + target: http.url_details.path + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `http_host` to `http.url_details.host` + enabled: true + sources: + - http_host + sourceType: attribute + target: http.url_details.host + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `http_version` to `http.version` + enabled: true + sources: + - http_version + sourceType: attribute + target: http.version + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `http_method` to `http.method` + enabled: true + sources: + - http_method + sourceType: attribute + target: http.method + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: user-agent-parser + name: Map `http_user_agent` to `http.useragent_details.os.family` + enabled: true + sources: + - http_user_agent + target: http.useragent_details.os.family + encoded: false + combineVersionDetails: false + - type: attribute-remapper + name: Map `src_port` to `network.client.port` + enabled: true + sources: + - src_port + sourceType: attribute + target: network.client.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dst_port` to `network.destination.port` + enabled: true + sources: + - dst_port + sourceType: attribute + target: network.destination.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `src_ip` to `network.client.ip` + enabled: true + sources: + - src_ip + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dst_ip` to `network.destination.ip` + enabled: true + sources: + - dst_ip + sourceType: attribute + target: network.destination.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `app_id` to `gigamon.app_id` + enabled: true + sources: + - app_id + sourceType: attribute + target: gigamon.app_id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ssl_cipher_suite_id` to `gigamon.ssl_cipher_suite_id` + enabled: true + sources: + - ssl_cipher_suite_id + sourceType: attribute + target: gigamon.ssl_cipher_suite_id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ssl_issuer` to `gigamon.ssl_issuer` + enabled: true + sources: + - ssl_issuer + sourceType: attribute + target: gigamon.ssl_issuer + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ssl_common_name` to `gigamon.ssl_common_name` + enabled: true + sources: + - ssl_common_name + sourceType: attribute + target: gigamon.ssl_common_name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ssl_validity_not_after` to `gigamon.ssl_validity_not_after` + enabled: true + sources: + - ssl_validity_not_after + sourceType: attribute + target: gigamon.ssl_validity_not_after + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ssl_validity_not_before` to `gigamon.ssl_validity_not_before` + enabled: true + sources: + - ssl_validity_not_before + sourceType: attribute + target: gigamon.ssl_validity_not_before + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `ip_version` to `gigamon.ip_version` + enabled: true + sources: + - ip_version + sourceType: attribute + target: gigamon.ip_version + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dst_packets` to `gigamon.dst_packets` + enabled: true + sources: + - dst_packets + sourceType: attribute + target: gigamon.dst_packets + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `src_packets` to `gigamon.src_packets` + enabled: true + sources: + - src_packets + sourceType: attribute + target: gigamon.src_packets + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `app_name` to `gigamon.app_name` + enabled: true + sources: + - app_name + sourceType: attribute + target: gigamon.app_name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dns_ttl` to `gigamon.dns_ttl` + enabled: true + sources: + - dns_ttl + sourceType: attribute + target: gigamon.dns_ttl + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dst_mac` to `gigamon.dst_mac` + enabled: true + sources: + - dst_mac + sourceType: attribute + target: gigamon.dst_mac + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `src_mac` to `gigamon.src_mac` + enabled: true + sources: + - src_mac + sourceType: attribute + target: gigamon.src_mac + targetType: attribute + preserveSource: false + overrideOnConflict: false diff --git a/gigamon/assets/logs/gigamon_tests.yaml b/gigamon/assets/logs/gigamon_tests.yaml new file mode 100644 index 000000000..f566d1e65 --- /dev/null +++ b/gigamon/assets/logs/gigamon_tests.yaml @@ -0,0 +1,432 @@ +id: "gigamon" +tests: + - + sample: |- + { + "ssl_common_name" : "10.203.41.158", + "generator" : "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9", + "src_packets" : "13", + "seq_num" : "18045114", + "dst_ip" : "10.203.41.158", + "device_inbound_interface" : "0", + "src_ip" : "10.203.41.4", + "ssl_validity_not_after" : "2029-05-2613:01:03", + "intf_name" : "0", + "protocol" : "6", + "ip_version" : "4", + "vendor" : "Gigamon", + "src_bytes" : "2728", + "id" : "3844000378249019393", + "app_id" : "4962", + "dst_bytes" : "5045", + "src_mac" : "00:0c:29:3d:5c:e6", + "sys_up_time_first" : "36697", + "ssl_cipher_suite_id" : "49200", + "end_reason" : "3", + "ssl_validity_not_before" : "2024-05-26 13:01:03", + "end_time" : "2024:08:29 10:49:40.735", + "version" : "6.6.00", + "dst_mac" : "ec:2a:72:22:8a:fa", + "ssl_issuer" : "CA", + "ddsource" : "gigamon", + "src_port" : "55861", + "start_time" : "2024:08:29 10:49:40.710", + "app_name" : "Unknown ssl", + "egress_intf_id" : "0", + "dst_port" : "9080", + "dst_packets" : "11", + "sys_up_time_last" : "36722", + "ts" : "Thu Aug 29 10:49:40 2024" + } + result: + custom: + ddsource: "gigamon" + device_inbound_interface: "0" + dst_bytes: "5045" + egress_intf_id: "0" + end_reason: "3" + end_time: "2024:08:29 10:49:40.735" + generator: "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9" + gigamon: + app_id: "4962" + app_name: "Unknown ssl" + dst_mac: "ec:2a:72:22:8a:fa" + dst_packets: "11" + ip_version: "4" + src_mac: "00:0c:29:3d:5c:e6" + src_packets: "13" + ssl_cipher_suite_id: "49200" + ssl_common_name: "10.203.41.158" + ssl_issuer: "CA" + ssl_validity_not_after: "2029-05-2613:01:03" + ssl_validity_not_before: "2024-05-26 13:01:03" + id: "3844000378249019393" + intf_name: "0" + network: + client: + ip: "10.203.41.4" + port: "55861" + destination: + ip: "10.203.41.158" + port: "9080" + protocol: "6" + seq_num: "18045114" + src_bytes: "2728" + start_time: "2024:08:29 10:49:40.710" + sys_up_time_first: "36697" + sys_up_time_last: "36722" + ts: 1724928580000 + vendor: "Gigamon" + version: "6.6.00" + message: |- + { + "ssl_common_name" : "10.203.41.158", + "generator" : "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9", + "src_packets" : "13", + "seq_num" : "18045114", + "dst_ip" : "10.203.41.158", + "device_inbound_interface" : "0", + "src_ip" : "10.203.41.4", + "ssl_validity_not_after" : "2029-05-2613:01:03", + "intf_name" : "0", + "protocol" : "6", + "ip_version" : "4", + "vendor" : "Gigamon", + "src_bytes" : "2728", + "id" : "3844000378249019393", + "app_id" : "4962", + "dst_bytes" : "5045", + "src_mac" : "00:0c:29:3d:5c:e6", + "sys_up_time_first" : "36697", + "ssl_cipher_suite_id" : "49200", + "end_reason" : "3", + "ssl_validity_not_before" : "2024-05-26 13:01:03", + "end_time" : "2024:08:29 10:49:40.735", + "version" : "6.6.00", + "dst_mac" : "ec:2a:72:22:8a:fa", + "ssl_issuer" : "CA", + "ddsource" : "gigamon", + "src_port" : "55861", + "start_time" : "2024:08:29 10:49:40.710", + "app_name" : "Unknown ssl", + "egress_intf_id" : "0", + "dst_port" : "9080", + "dst_packets" : "11", + "sys_up_time_last" : "36722", + "ts" : "Thu Aug 29 10:49:40 2024" + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1724928580000 + - + sample: |- + { + "dns_host_raw" : "766373612e766d776172652e636f6d2e63646e2e636c6f7564666c6172652e6e6574", + "dns_query" : "vcsa.vmware.com", + "generator" : "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9", + "dns_class" : "1", + "seq_num" : "18085532", + "dst_ip" : "10.200.50.11", + "device_inbound_interface" : "0", + "src_ip" : "10.203.41.3", + "intf_name" : "0", + "protocol" : "17", + "ip_version" : "4", + "dns_opcode" : "0", + "vendor" : "Gigamon", + "src_bytes" : "86", + "dns_qdcount" : "1", + "dns_transaction_id" : "18011", + "dns_host_type" : "OPT", + "id" : "3844000450554626049", + "app_id" : "32", + "dst_bytes" : "166", + "src_mac" : "00:0c:29:fc:7c:fc", + "sys_up_time_first" : "354805", + "dns_flags" : "256", + "end_reason" : "2", + "dns_host_addr" : "162.159.140.167", + "end_time" : "2024:08:29 12:14:38.862", + "version" : "6.6.00", + "dns_response_time" : "0.000561", + "dst_mac" : "00:00:0c:9f:f7:f8", + "dns_host_class" : "1", + "ddsource" : "gigamon", + "dns_name" : "vcsa.vmware.com.cdn.cloudflare.net", + "dns_reply_code" : "0", + "src_port" : "33975", + "start_time" : "2024:08:29 2:14:38.861", + "app_name" : "dns", + "dns_query_type" : "1", + "dns_ttl" : "81", + "dns_host" : "vcsa.vmware.com.cdn.cloudflare.net", + "dns_arcount" : "2", + "egress_intf_id" : "0", + "dst_port" : "53", + "dst_packets" : "1", + "sys_up_time_last" : "354806", + "ts" : "Thu Aug 29 12:15:39 2024" + } + result: + custom: + ddsource: "gigamon" + device_inbound_interface: "0" + dns: + answer: + type: "OPT" + question: + name: "vcsa.vmware.com" + dns_arcount: "2" + dns_class: "1" + dns_flags: "256" + dns_host: "vcsa.vmware.com.cdn.cloudflare.net" + dns_host_addr: "162.159.140.167" + dns_host_class: "1" + dns_host_raw: "766373612e766d776172652e636f6d2e63646e2e636c6f7564666c6172652e6e6574" + dns_name: "vcsa.vmware.com.cdn.cloudflare.net" + dns_opcode: "0" + dns_qdcount: "1" + dns_query_type: "1" + dns_reply_code: "0" + dns_response_time: "0.000561" + dns_transaction_id: "18011" + dst_bytes: "166" + egress_intf_id: "0" + end_reason: "2" + end_time: "2024:08:29 12:14:38.862" + generator: "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9" + gigamon: + app_id: "32" + app_name: "dns" + dns_ttl: "81" + dst_mac: "00:00:0c:9f:f7:f8" + dst_packets: "1" + ip_version: "4" + src_mac: "00:0c:29:fc:7c:fc" + id: "3844000450554626049" + intf_name: "0" + network: + client: + ip: "10.203.41.3" + port: "33975" + destination: + ip: "10.200.50.11" + port: "53" + protocol: "17" + seq_num: "18085532" + src_bytes: "86" + start_time: "2024:08:29 2:14:38.861" + sys_up_time_first: "354805" + sys_up_time_last: "354806" + ts: 1724933739000 + vendor: "Gigamon" + version: "6.6.00" + message: |- + { + "dns_host_raw" : "766373612e766d776172652e636f6d2e63646e2e636c6f7564666c6172652e6e6574", + "dns_query" : "vcsa.vmware.com", + "generator" : "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9", + "dns_class" : "1", + "seq_num" : "18085532", + "dst_ip" : "10.200.50.11", + "device_inbound_interface" : "0", + "src_ip" : "10.203.41.3", + "intf_name" : "0", + "protocol" : "17", + "ip_version" : "4", + "dns_opcode" : "0", + "vendor" : "Gigamon", + "src_bytes" : "86", + "dns_qdcount" : "1", + "dns_transaction_id" : "18011", + "dns_host_type" : "OPT", + "id" : "3844000450554626049", + "app_id" : "32", + "dst_bytes" : "166", + "src_mac" : "00:0c:29:fc:7c:fc", + "sys_up_time_first" : "354805", + "dns_flags" : "256", + "end_reason" : "2", + "dns_host_addr" : "162.159.140.167", + "end_time" : "2024:08:29 12:14:38.862", + "version" : "6.6.00", + "dns_response_time" : "0.000561", + "dst_mac" : "00:00:0c:9f:f7:f8", + "dns_host_class" : "1", + "ddsource" : "gigamon", + "dns_name" : "vcsa.vmware.com.cdn.cloudflare.net", + "dns_reply_code" : "0", + "src_port" : "33975", + "start_time" : "2024:08:29 2:14:38.861", + "app_name" : "dns", + "dns_query_type" : "1", + "dns_ttl" : "81", + "dns_host" : "vcsa.vmware.com.cdn.cloudflare.net", + "dns_arcount" : "2", + "egress_intf_id" : "0", + "dst_port" : "53", + "dst_packets" : "1", + "sys_up_time_last" : "354806", + "ts" : "Thu Aug 29 12:15:39 2024" + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1724933739000 + - + sample: |- + { + "http_uri_path" : "\\/", + "generator" : "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9", + "src_packets" : "6", + "http_host" : "connectivity-check.ubuntu.com", + "seq_num" : "18085527", + "dst_ip" : "91.189.91.49", + "device_inbound_interface" : "0", + "http_user_agent" : "Mozilla\\/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit\\/534. 10 (KHTML, like Gecko) Chrome\\/8.0.552.237 Safari\\/534.10", + "src_ip" : "10.203.43.1", + "intf_name" : "0", + "protocol" : "6", + "http_uri_path_decoded" : "\\/", + "http_method" : "GET", + "http_request_size" : "87", + "ip_version" : "4", + "vendor" : "Gigamon", + "http_server_agent" : "nginx\\/1.14.0 (Ubuntu)", + "src_bytes" : "491", + "http_uri_raw" : "\\/", + "http_uri_decoded" : "\\/", + "id" : "3844000451458498561", + "app_id" : "3006", + "dst_bytes" : "461", + "src_mac" : "00:50:56:b3:a4:e1", + "sys_up_time_first" : "412146", + "http_uri" : "\\/", + "end_reason" : "3", + "end_time" : "2024:08:29 12:15:36.997", + "http_version" : "1.1", + "version" : "6.6.00", + "dst_mac" : "00:00:0c:9f:f7:f8", + "ddsource" : "gigamon", + "src_port" : "55856", + "http_uri_full" : "\\/", + "start_time" : "2024:08:29 12:15:36.202", + "app_name" : "ubuntu", + "http_code" : "204", + "egress_intf_id" : "0", + "dst_port" : "80", + "dst_packets" : "4", + "http_server" : "connectivity-check.ubuntu.com", + "sys_up_time_last" : "412941", + "ts" : "Thu Aug 29 12:15:37 2024" + } + result: + custom: + ddsource: "gigamon" + device_inbound_interface: "0" + dst_bytes: "461" + egress_intf_id: "0" + end_reason: "3" + end_time: "2024:08:29 12:15:36.997" + generator: "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9" + gigamon: + app_id: "3006" + app_name: "ubuntu" + dst_mac: "00:00:0c:9f:f7:f8" + dst_packets: "4" + ip_version: "4" + src_mac: "00:50:56:b3:a4:e1" + src_packets: "6" + http: + method: "GET" + url_details: + host: "connectivity-check.ubuntu.com" + path: "\\/" + useragent_details: + os: + family: + browser: + family: "Other" + device: + category: "Desktop" + family: "Other" + os: + family: "Windows" + major: "7" + version: "1.1" + http_code: "204" + http_request_size: "87" + http_server: "connectivity-check.ubuntu.com" + http_server_agent: "nginx\\/1.14.0 (Ubuntu)" + http_uri: "\\/" + http_uri_decoded: "\\/" + http_uri_path: "\\/" + http_uri_path_decoded: "\\/" + http_uri_raw: "\\/" + http_user_agent: "Mozilla\\/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit\\/534. 10 (KHTML, like Gecko) Chrome\\/8.0.552.237 Safari\\/534.10" + id: "3844000451458498561" + intf_name: "0" + network: + client: + ip: "10.203.43.1" + port: "55856" + destination: + ip: "91.189.91.49" + port: "80" + protocol: "6" + seq_num: "18085527" + src_bytes: "491" + start_time: "2024:08:29 12:15:36.202" + sys_up_time_first: "412146" + sys_up_time_last: "412941" + ts: 1724933737000 + vendor: "Gigamon" + version: "6.6.00" + message: |- + { + "http_uri_path" : "\\/", + "generator" : "gs_apps_appInst9_423330e5-4a3d-f203-14cb-b6642e5054e9", + "src_packets" : "6", + "http_host" : "connectivity-check.ubuntu.com", + "seq_num" : "18085527", + "dst_ip" : "91.189.91.49", + "device_inbound_interface" : "0", + "http_user_agent" : "Mozilla\\/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit\\/534. 10 (KHTML, like Gecko) Chrome\\/8.0.552.237 Safari\\/534.10", + "src_ip" : "10.203.43.1", + "intf_name" : "0", + "protocol" : "6", + "http_uri_path_decoded" : "\\/", + "http_method" : "GET", + "http_request_size" : "87", + "ip_version" : "4", + "vendor" : "Gigamon", + "http_server_agent" : "nginx\\/1.14.0 (Ubuntu)", + "src_bytes" : "491", + "http_uri_raw" : "\\/", + "http_uri_decoded" : "\\/", + "id" : "3844000451458498561", + "app_id" : "3006", + "dst_bytes" : "461", + "src_mac" : "00:50:56:b3:a4:e1", + "sys_up_time_first" : "412146", + "http_uri" : "\\/", + "end_reason" : "3", + "end_time" : "2024:08:29 12:15:36.997", + "http_version" : "1.1", + "version" : "6.6.00", + "dst_mac" : "00:00:0c:9f:f7:f8", + "ddsource" : "gigamon", + "src_port" : "55856", + "http_uri_full" : "\\/", + "start_time" : "2024:08:29 12:15:36.202", + "app_name" : "ubuntu", + "http_code" : "204", + "egress_intf_id" : "0", + "dst_port" : "80", + "dst_packets" : "4", + "http_server" : "connectivity-check.ubuntu.com", + "sys_up_time_last" : "412941", + "ts" : "Thu Aug 29 12:15:37 2024" + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1724933737000 diff --git a/gigamon/assets/service_checks.json b/gigamon/assets/service_checks.json new file mode 100644 index 000000000..fe51488c7 --- /dev/null +++ b/gigamon/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/gigamon/images/final logo.svg b/gigamon/images/final logo.svg new file mode 100644 index 000000000..2d146f652 --- /dev/null +++ b/gigamon/images/final logo.svg @@ -0,0 +1 @@ +Print-Gigamon-Orange-Logo \ No newline at end of file diff --git a/gigamon/images/gd1.png b/gigamon/images/gd1.png new file mode 100644 index 000000000..2d9c80160 Binary files /dev/null and b/gigamon/images/gd1.png differ diff --git a/gigamon/images/gd2.png b/gigamon/images/gd2.png new file mode 100644 index 000000000..f0ab645be Binary files /dev/null and b/gigamon/images/gd2.png differ diff --git a/gigamon/images/gd3.png b/gigamon/images/gd3.png new file mode 100644 index 000000000..072f944e6 Binary files /dev/null and b/gigamon/images/gd3.png differ diff --git a/gigamon/images/gigamon1.png b/gigamon/images/gigamon1.png new file mode 100644 index 000000000..838ea1bc0 Binary files /dev/null and b/gigamon/images/gigamon1.png differ diff --git a/gigamon/images/gigamon2.png b/gigamon/images/gigamon2.png new file mode 100644 index 000000000..1f05f33bd Binary files /dev/null and b/gigamon/images/gigamon2.png differ diff --git a/gigamon/images/gigamondashboard.png b/gigamon/images/gigamondashboard.png new file mode 100644 index 000000000..f291d1829 Binary files /dev/null and b/gigamon/images/gigamondashboard.png differ diff --git a/gigamon/manifest.json b/gigamon/manifest.json new file mode 100644 index 000000000..2657f973c --- /dev/null +++ b/gigamon/manifest.json @@ -0,0 +1,72 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "041cf2fe-f391-4d8b-930c-b700c648c683", + "app_id": "gigamon", + "display_on_public_website": true, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Deep observability into all application traffic across cloud, virtual, and physical infrastructure", + "title": "Gigamon", + "media": [ + { + "media_type": "image", + "caption": "Gigamon Dashboard for Datadog", + "image_url": "images/gd1.png" + }, + { + "media_type": "image", + "caption": "Gigamon Dashboard for Datadog", + "image_url": "images/gd2.png" + }, + { + "media_type": "image", + "caption": "Gigamon Dashboard for Datadog", + "image_url": "images/gd3.png" + }, + { + "media_type": "image", + "caption": "Gigamon Dashboard for Datadog", + "image_url": "images/gigamondashboard.png" + } + ], + "classifier_tags": [ + "Category::AWS", + "Category::Azure", + "Category::Network", + "Category::Security", + "Category::Kubernetes", + "Category::Containers", + "Category::Google Cloud", + "Supported OS::Linux", + "Supported OS::Windows", + "Offering::Integration", + "Submitted Data Type::Logs" + ] + }, + "assets": { + "integration": { + "source_type_name": "gigamon", + "configuration": {}, + "events": { + "creates_events": false + }, + "service_checks": { + "metadata_path": "assets/service_checks.json" + }, + "source_type_id": 17453472, + "auto_install": true + }, + "dashboards": { + "Gigamon Dashboard": "assets/dashboards/gigamon_overview.json" + } + }, + "author": { + "support_email": "alliances@gigamon.com", + "name": "Gigamon", + "homepage": "https://gigamon.com", + "sales_email": "sales@gigamon.com" + } +}