{ "__inputs": [ { "name": "DS_POSTGRES", "label": "Postgres", "description": "", "type": "datasource", "pluginId": "postgres", "pluginName": "Postgres" } ], "__requires": [ { "type": "panel", "id": "barchart", "name": "Bar chart", "version": "" }, { "type": "panel", "id": "bargauge", "name": "Bar gauge", "version": "" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "8.1.2" }, { "type": "datasource", "id": "postgres", "name": "Postgres", "version": "1.0.0" }, { "type": "panel", "id": "piechart", "name": "Pie chart", "version": "" }, { "type": "panel", "id": "table", "name": "Table", "version": "" }, { "type": "panel", "id": "timeseries", "name": "Time series", "version": "" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "editable": true, "gnetId": null, "graphTooltip": 0, "id": null, "iteration": 1631130053746, "links": [], "panels": [ { "cacheTimeout": null, "datasource": "${DS_POSTGRES}", "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "displayName": "${__field.labels.response_type}", "mappings": [], "unit": "short" }, "overrides": [] }, "gridPos": { "h": 8, "w": 6, "x": 0, "y": 0 }, "id": 14, "interval": null, "links": [], "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "values": [ "value" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single" } }, "pluginVersion": "8.1.2", "repeatDirection": "v", "targets": [ { "format": "time_series", "group": [], "metricColumn": "none", "rawQuery": true, "rawSql": "SELECT t.response_type, max(t.request_Ts) as time, count(*) as cnt from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0)\n group by t.response_type\n order by time", "refId": "A", "select": [ [ { "params": [ "value" ], "type": "column" } ] ], "timeColumn": "time", "where": [ { "name": "$__timeFilter", "params": [], "type": "macro" } ] } ], "timeFrom": null, "timeShift": null, "title": "Query count by response type", "transformations": [], "type": "piechart" }, { "datasource": "${DS_POSTGRES}", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 8, "w": 6, "x": 6, "y": 0 }, "id": 16, "options": { "displayLabels": [], "legend": { "displayMode": "table", "placement": "right", "values": [ "value" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single" } }, "targets": [ { "format": "time_series", "group": [], "metricColumn": "none", "rawQuery": true, "rawSql": "SELECT max(t.request_ts) AS time,\n case when t.reason like 'BLOCKED%' then SPLIT_PART(SPLIT_PART(t.reason,'(',-1), ')',1) else '' end AS metric,\n count(t.reason) AS cnt\nFROM log_entries t\nWHERE t.response_type ='BLOCKED'\n AND $__timeFilter(t.request_Ts)\n AND t.client_name in ($client_name)\n AND (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0)\nGROUP BY 2\nORDER BY time", "refId": "A", "select": [ [ { "params": [ "duration_ms" ], "type": "column" } ] ], "table": "log_entries", "timeColumn": "request_ts", "timeColumnType": "timestamp", "where": [ { "name": "$__timeFilter", "params": [], "type": "macro" } ] } ], "title": "Blocked by Denylist", "type": "piechart" }, { "cacheTimeout": null, "datasource": "${DS_POSTGRES}", "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 0 }, "id": 13, "interval": null, "links": [], "options": { "displayMode": "gradient", "orientation": "horizontal", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": true }, "showUnfilled": true, "text": {} }, "pluginVersion": "8.1.2", "repeatDirection": "v", "targets": [ { "format": "table", "group": [], "metricColumn": "none", "rawQuery": true, "rawSql": "SELECT max(t.request_Ts) as time, t.client_name as metric, count(*) as cnt from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0)\n group by t.client_name\n order by 3 desc", "refId": "A", "select": [ [ { "params": [ "value" ], "type": "column" } ] ], "timeColumn": "time", "where": [ { "name": "$__timeFilter", "params": [], "type": "macro" } ] } ], "timeFrom": null, "timeShift": null, "title": "Query count by client", "transformations": [], "type": "bargauge" }, { "datasource": "${DS_POSTGRES}", "description": "Top 20 effective top level domain plus one more label", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisLabel": "", "axisPlacement": "auto", "axisSoftMin": 0, "fillOpacity": 67, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 2 }, "displayName": "count", "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 8 }, "id": 11, "options": { "barWidth": 0.26, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "hidden", "placement": "bottom" }, "orientation": "horizontal", "showValue": "never", "stacking": "none", "text": { "valueSize": 10 }, "tooltip": { "mode": "single" } }, "targets": [ { "format": "table", "group": [], "hide": false, "metricColumn": "question_name", "rawQuery": true, "rawSql": "SELECT t.effective_tldp as metric, count(*) as value from log_entries t \nWHERE $__timeFilter(t.request_Ts) \n and t.response_type in ($response_type) \n and t.client_name in ($client_name) \n and (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0) \n group by t.effective_tldp order by count(*) desc limit 20", "refId": "A", "select": [ [ { "params": [ "value" ], "type": "column" } ] ], "table": "log_entries", "timeColumn": "request_ts", "where": [] } ], "title": "Top 20 effective TLD+1", "type": "barchart" }, { "datasource": "${DS_POSTGRES}", "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisLabel": "", "axisPlacement": "auto", "axisSoftMin": 0, "fillOpacity": 67, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 2 }, "displayName": "count", "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "short" }, "overrides": [] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 8 }, "id": 8, "options": { "barWidth": 0.26, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "hidden", "placement": "bottom" }, "orientation": "horizontal", "showValue": "never", "stacking": "none", "text": { "valueSize": 10 }, "tooltip": { "mode": "single" } }, "targets": [ { "format": "table", "group": [], "hide": false, "metricColumn": "question_name", "rawQuery": true, "rawSql": "SELECT t.question_name as metric, count(*) as value from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0) \n group by t.question_name order by count(*) desc limit 20", "refId": "A", "select": [ [ { "params": [ "value" ], "type": "column" } ] ], "table": "log_entries", "timeColumn": "request_ts", "where": [] } ], "title": "Top 20 queried domains", "type": "barchart" }, { "datasource": "${DS_POSTGRES}", "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisLabel": "queries count", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "bars", "fillOpacity": 35, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineInterpolation": "linear", "lineStyle": { "fill": "solid" }, "lineWidth": 1, "pointSize": 12, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": 3600000, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "displayName": "${__field.labels.client_name}", "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 24, "x": 0, "y": 16 }, "id": 12, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right" }, "tooltip": { "mode": "single" } }, "pluginVersion": "8.1.2", "targets": [ { "format": "time_series", "group": [], "metricColumn": "none", "rawQuery": true, "rawSql": "SELECT\n $__timeGroupAlias(t.request_Ts, '30m'),\n t.client_name,\n count(*) as c\nFROM log_entries t\nWHERE\n $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0)\nGROUP BY 1,2\nORDER BY 1", "refId": "A", "select": [ [ { "params": [ "duration_ms" ], "type": "column" } ] ], "table": "log_entries", "timeColumn": "request_ts", "timeColumnType": "timestamp", "where": [ { "name": "$__timeFilter", "params": [], "type": "macro" } ] } ], "title": "Queries number per client (30m)", "type": "timeseries" }, { "datasource": "${DS_POSTGRES}", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisLabel": "", "axisPlacement": "auto", "barAlignment": -1, "drawStyle": "bars", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineInterpolation": "stepBefore", "lineStyle": { "fill": "solid" }, "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": true, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "line" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "dtdurationms" }, "overrides": [] }, "gridPos": { "h": 8, "w": 24, "x": 0, "y": 23 }, "id": 10, "options": { "legend": { "calcs": [], "displayMode": "hidden", "placement": "bottom" }, "tooltip": { "mode": "single" } }, "targets": [ { "format": "time_series", "group": [], "metricColumn": "none", "rawQuery": true, "rawSql": "SELECT\n EXTRACT(EPOCH from t.request_Ts) as time,\n t.duration_ms\nFROM log_entries t\nWHERE\n $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0)\nORDER BY request_ts", "refId": "A", "select": [ [ { "params": [ "duration_ms" ], "type": "column" } ] ], "table": "log_entries", "timeColumn": "request_ts", "timeColumnType": "timestamp", "where": [ { "name": "$__timeFilter", "params": [], "type": "macro" } ] } ], "title": "Query duration", "type": "timeseries" }, { "datasource": "${DS_POSTGRES}", "description": "Last 100 queries, newest on top", "fieldConfig": { "defaults": { "custom": { "align": null, "displayMode": "auto", "filterable": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "time" }, "properties": [ { "id": "unit", "value": "dateTimeAsIsoNoDateIfToday" } ] } ] }, "gridPos": { "h": 8, "w": 24, "x": 0, "y": 31 }, "id": 4, "options": { "showHeader": true }, "pluginVersion": "8.1.2", "targets": [ { "format": "table", "group": [], "metricColumn": "none", "rawQuery": true, "rawSql": "SELECT EXTRACT(EPOCH from t.request_Ts) as \"time\", \n t.client_ip as \"client IP\", \n t.client_name as \"client name\", \n t.duration_ms as \"duration in ms\", \n t.response_type as \"response type\", \n t.question_type as \"question type\", \n t.question_name as \"question name\", \n t.effective_tldp as \"effective TLD+1\", \n t.answer as \"answer\" from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length('$question') = 0 or POSITION(lower('$question') IN t.question_name) > 0) \n order by t.request_Ts desc limit 100", "refId": "A", "select": [ [ { "params": [ "value" ], "type": "column" } ] ], "timeColumn": "time", "where": [ { "name": "$__timeFilter", "params": [], "type": "macro" } ] } ], "timeFrom": null, "timeShift": null, "title": "Last queries", "type": "table" } ], "refresh": "", "schemaVersion": 30, "style": "dark", "tags": [], "templating": { "list": [ { "allValue": "", "current": {}, "datasource": "${DS_POSTGRES}", "definition": "select distinct client_name from log_entries", "description": null, "error": null, "hide": 0, "includeAll": true, "label": "Client name", "multi": true, "name": "client_name", "options": [], "query": "select distinct client_name from log_entries", "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, "tagValuesQuery": "", "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": null, "current": {}, "datasource": "${DS_POSTGRES}", "definition": "select distinct response_type from log_entries", "description": null, "error": null, "hide": 0, "includeAll": true, "label": "Response type", "multi": true, "name": "response_type", "options": [], "query": "select distinct response_type from log_entries", "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 1, "tagValuesQuery": "", "tagsQuery": "", "type": "query", "useTags": false }, { "current": { "selected": false, "text": "", "value": "" }, "description": null, "error": null, "hide": 0, "label": "Domain (contains)", "name": "question", "options": [ { "selected": true, "text": "", "value": "" } ], "query": "", "skipUrlSync": false, "type": "textbox" } ] }, "time": { "from": "now-24h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Blocky query", "uid": "AVmWSVWgz", "version": 3 }