diff --git a/splunk/smtp_tls_dashboard.xml b/splunk/smtp_tls_dashboard.xml new file mode 100644 index 0000000..9330fb1 --- /dev/null +++ b/splunk/smtp_tls_dashboard.xml @@ -0,0 +1,107 @@ +
+ +
+ + + + -7d@h + now + + + + + * + * + + + + * + * + + + + Any + tlsa + sts + no-policy-found + * + * + +
+ + + Reporting organizations + + + index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ +| rename policies{}.policy_domain as policy_domain +| rename policies{}.policy_type as policy_type +| rename policies{}.failed_session_count as failed_sessions +| rename policies{}.failure_details{}.failed_session_count as failed_sessions +| rename policies{}.successful_session_count as successful_sessions +| rename policies{}.failure_details{}.sending_mta_ip as sending_mta_ip +| rename policies{}.failure_details{}.receiving_ip as receiving_ip +| rename policies{}.failure_details{}.receiving_mx_hostname as receiving_mx_hostname +| rename policies{}.failure_details{}.result_type as failure_type +| fillnull value=0 failed_sessions +| stats sum(failed_sessions) as failed_sessions sum(successful_sessions) as successful_sessions by organization_name +| sort -successful_sessions 0 + $time.earliest$ + $time.latest$ + + + +
+ + + Domains + + + index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ +| rename policies{}.policy_domain as policy_domain +| rename policies{}.policy_type as policy_type +| rename policies{}.failed_session_count as failed_sessions +| rename policies{}.failure_details{}.failed_session_count as failed_sessions +| rename policies{}.successful_session_count as successful_sessions +| rename policies{}.failure_details{}.sending_mta_ip as sending_mta_ip +| rename policies{}.failure_details{}.receiving_ip as receiving_ip +| rename policies{}.failure_details{}.receiving_mx_hostname as receiving_mx_hostname +| rename policies{}.failure_details{}.result_type as failure_type +| fillnull value=0 failed_sessions +| stats sum(failed_sessions) as failed_sessions sum(successful_sessions) as successful_sessions by policy_domain +| sort -successful_sessions 0 + $time.earliest$ + $time.latest$ + + + +
+ + + + + Failure details + + + index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ policies{}.failure_details{}.result_type=* +| rename policies{}.policy_domain as policy_domain +| rename policies{}.policy_type as policy_type +| rename policies{}.failed_session_count as failed_sessions +| rename policies{}.failure_details{}.failed_session_count as failed_sessions +| rename policies{}.successful_session_count as successful_sessions +| rename policies{}.failure_details{}.sending_mta_ip as sending_mta_ip +| rename policies{}.failure_details{}.receiving_ip as receiving_ip +| rename policies{}.failure_details{}.receiving_mx_hostname as receiving_mx_hostname +| fillnull value=0 failed_sessions +| rename policies{}.failure_details{}.result_type as failure_type +| table _time organization_name policy_domain policy_type failed_sessions successful_sessions sending_mta_ip receiving_ip receiving_mx_hostname failure_type +| sort by -_time 0 + $time.earliest$ + $time.latest$ + + + +
+ + +