parsedmarc/dashboards/splunk/smtp_tls_dashboard.xml

<form version="1.1" theme="dark">
  <label>SMTP TLS Reporting</label>
  <search id="base_search">
    <query>
      index=email sourcetype=smtp:tls organization_name=$organization_name$ policies{}.policy_domain=$policy_domain$ policies{}.policy_type=$policy_type$
| rename policies{}.policy_domain as policy_domain
| rename policies{}.policy_type as policy_type
| rename policies{}.failed_session_count as failed_sessions
| rename policies{}.successful_session_count as successful_sessions
| fillnull value=0 failed_sessions successful_sessions
      | table *
    </query>
    <earliest>$time_range.earliest$</earliest>
    <latest>$time_range.latest$</latest>
  </search>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="time_range">
      <label></label>
      <default>
        <earliest>-7d@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="organization_name" searchWhenChanged="true">
      <label>Organization name</label>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>
    <input type="text" token="policy_domain">
      <label>Policy domain</label>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>
    <input type="dropdown" token="policy_type" searchWhenChanged="true">
      <label>Policy type</label>
      <choice value="*">Any</choice>
      <choice value="tlsa">tlsa</choice>
      <choice value="sts">sts</choice>
      <choice value="no-policy-found">no-policy-found</choice>
      <default>*</default>
      <initialValue>*</initialValue>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Reporting organizations</title>
      <table>
        <search base="base_search">
          <query>
| stats sum(successful_sessions) as successful_sessions sum(failed_sessions) as failed_sessions by organization_name
| sort -successful_sessions 0</query>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
    <panel>
      <title>Domains</title>
      <table>
        <search base="base_search">
          <query>
| stats sum(successful_sessions) as successful_sessions sum(failed_sessions) as failed_sessions by policy_domain, policy_type
| sort -successful_sessions 0</query>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Failure details</title>
      <table>
        <search base="base_search">
          <query>
| stats sum(failed_sessions) as failed_sessions by organization_name, policy_domain, policy_type, failure_type, sending_mta_ip, receiving_ip, receiving_mx_hostname
| where failed_sessions&gt;0
| sort -failed_sessions 0</query>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>