diff --git a/dashboards/splunk/smtp_tls_dashboard.xml b/dashboards/splunk/smtp_tls_dashboard.xml index 04492b9..442fe66 100644 --- a/dashboards/splunk/smtp_tls_dashboard.xml +++ b/dashboards/splunk/smtp_tls_dashboard.xml @@ -1,7 +1,20 @@
+ + + index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ policies{}.policy_type=$policy_type$ +| rename policies{}.policy_domain as policy_domain +| rename policies{}.policy_type as policy_type +| rename policies{}.failed_session_count as failed_sessions +| rename policies{}.successful_session_count as successful_sessions +| fillnull value=0 failed_sessions successful_sessions + | table * + + $time_range.earliest$ + $time_range.latest$ +
- + -7d@h @@ -32,17 +45,10 @@ Reporting organizations - - index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ policies{}.policy_type=$policy_type$ -| rename policies{}.policy_domain as policy_domain -| rename policies{}.policy_type as policy_type -| rename policies{}.failed_session_count as failed_sessions -| rename policies{}.successful_session_count as successful_sessions -| fillnull value=0 failed_sessions successful_sessions + + | stats sum(successful_sessions) as successful_sessions sum(failed_sessions) as failed_sessions by organization_name | sort -successful_sessions 0 - $time.earliest$ - $time.latest$ @@ -51,17 +57,10 @@ Domains
- - index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ policies{}.policy_type=$policy_type$ -| rename policies{}.policy_domain as policy_domain -| rename policies{}.policy_type as policy_type -| rename policies{}.failed_session_count as failed_sessions -| rename policies{}.successful_session_count as successful_sessions -| fillnull value=0 failed_sessions successful_sessions + + | stats sum(successful_sessions) as successful_sessions sum(failed_sessions) as failed_sessions by policy_domain, policy_type | sort -successful_sessions 0 - $time.earliest$ - $time.latest$ @@ -72,21 +71,11 @@ Failure details
- - index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ policies{}.policy_type=$policy_type$ policies{}.failure_details{}.result_type=* -| rename policies{}.policy_domain as policy_domain -| rename policies{}.policy_type as policy_type -| rename policies{}.failure_details{}.failed_session_count as failed_sessions -| rename policies{}.failure_details{}.sending_mta_ip as sending_mta_ip -| rename policies{}.failure_details{}.receiving_ip as receiving_ip -| rename policies{}.failure_details{}.receiving_mx_hostname as receiving_mx_hostname -| rename policies{}.failure_details{}.result_type as failure_type -| fillnull value=0 failed_sessions + + | stats sum(failed_sessions) as failed_sessions by organization_name, policy_domain, policy_type, failure_type, sending_mta_ip, receiving_ip, receiving_mx_hostname -| where failed_sessions>0 +| where failed_sessions>0 | sort -failed_sessions 0 - $time.earliest$ - $time.latest$