{ "__inputs": [], "__elements": {}, "__requires": [ { "type": "panel", "id": "barchart", "name": "Bar chart", "version": "" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "9.5.12" }, { "type": "datasource", "id": "grafana-azure-monitor-datasource", "name": "Azure Monitor", "version": "1.0.0" }, { "type": "panel", "id": "stat", "name": "Stat", "version": "" }, { "type": "panel", "id": "table", "name": "Table", "version": "" }, { "type": "panel", "id": "text", "name": "Text", "version": "" }, { "type": "panel", "id": "timeseries", "name": "Time series", "version": "" } ], "description": "Dashboard visualizing Syslog records collected by Azure Monitor", "editable": true, "id": null, "links": [], "liveNow": false, "panels": [ { "description": "", "gridPos": { "h": 7, "w": 24, "x": 0, "y": 3 }, "id": 18, "options": { "code": { "language": "plaintext", "showLineNumbers": false, "showMiniMap": false }, "content": "This dashboard visualizes Syslog data collected by Azure Monitor - Container Insights. Read more in the Syslog documentation here: [aka.ms/CISyslog](https://aka.ms/CISyslog). \n\nIn case of issues, please ensure that \n1. An [Azure Monitor data source is configured](https://grafana.com/docs/grafana/latest/datasources/azure-monitor/#configure-the-data-source).\n2. [Syslog is enabled](https://aka.ms/cisyslog#how-to-enable-syslog) in Container Insights \n3. You have chosen an *LAWorkspace* and *ClusterName* above which have Syslog data flowing. *Subscription* is selected automatically. \n4. The time range is correct \n\nRead more here: [aka.ms/CISyslogGrafana](https://aka.ms/CISyslogGrafana)", "mode": "markdown" }, "title": "Syslog ", "type": "text" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "red", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 0, "y": 10 }, "id": 7, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"emergency\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Emergency", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "red", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 3, "y": 10 }, "id": 8, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"alert\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Alert", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "red", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 6, "y": 10 }, "id": 6, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"error\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Errors", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "red", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 9, "y": 10 }, "id": 10, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"warning\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Warnings", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "red", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 4, "x": 12, "y": 10 }, "id": 9, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"critical\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Critical", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "green", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 16, "y": 10 }, "id": 11, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"notice\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Notice", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "green", "mode": "fixed" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 5, "x": 19, "y": 10 }, "id": 12, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": ["lastNotNull"], "fields": "", "values": false }, "textMode": "auto" }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where SeverityLevel == \"info\"\r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize TotalErrors = count()\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Informational", "type": "stat" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 15, "w": 12, "x": 0, "y": 14 }, "id": 17, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize SyslogMessages = count() by bin(TimeGenerated, 30m), SeverityLevel\r\n| order by TimeGenerated asc, SeverityLevel\r\n| render barchart with (kind=stacked)", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Records by Time ", "type": "timeseries" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "yellow", "mode": "fixed" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 15, "w": 12, "x": 12, "y": 14 }, "id": 4, "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "horizontal", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize Count = count() by ProcessName\r\n| order by Count desc ", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Records by ProcessName", "type": "barchart" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "fieldConfig": { "defaults": { "color": { "fixedColor": "yellow", "mode": "fixed" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 14, "w": 12, "x": 0, "y": 29 }, "id": 13, "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize Count = count() by Facility\r\n", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Records by FacilityName", "type": "barchart" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "description": "", "fieldConfig": { "defaults": { "color": { "fixedColor": "yellow", "mode": "fixed" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "left", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 14, "w": 12, "x": 12, "y": 29 }, "id": 14, "options": { "barRadius": 0, "barWidth": 1, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "horizontal", "showValue": "always", "stacking": "none", "tooltip": { "mode": "multi", "sort": "none" }, "xField": "HostName", "xTickLabelRotation": 0, "xTickLabelSpacing": 100 }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| summarize Count = count() by HostName", "resources": ["$LAWorkspace"], "resultFormat": "time_series" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Syslog Records by HostName", "type": "barchart" }, { "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "continuous-YlRd" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [ { "options": { "error": { "color": "red", "index": 0 }, "info": { "color": "green", "index": 1 } }, "type": "value" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Facility" }, "properties": [ { "id": "custom.width", "value": 85 } ] }, { "matcher": { "id": "byName", "options": "SeverityLevel" }, "properties": [ { "id": "custom.width", "value": 134 } ] }, { "matcher": { "id": "byName", "options": "ProcessName" }, "properties": [ { "id": "custom.width", "value": 135 } ] }, { "matcher": { "id": "byName", "options": "TimeGenerated" }, "properties": [ { "id": "custom.width", "value": 181 } ] }, { "matcher": { "id": "byName", "options": "Computer" }, "properties": [ { "id": "custom.width", "value": 301 } ] } ] }, "gridPos": { "h": 18, "w": 24, "x": 0, "y": 43 }, "id": 16, "options": { "cellHeight": "sm", "footer": { "countRows": false, "enablePagination": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true, "sortBy": [] }, "targets": [ { "azureLogAnalytics": { "query": "Syslog \r\n| where _ResourceId == tolower(\"$Cluster\")\r\n| top 50 by TimeGenerated desc\r\n| project TimeGenerated, Facility, SeverityLevel, ProcessName, SyslogMessage\r\n", "resources": ["$LAWorkspace"], "resultFormat": "table" }, "azureMonitor": { "allowedTimeGrainsMs": [], "timeGrain": "auto" }, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "queryType": "Azure Log Analytics", "refId": "A" } ], "title": "Last 50 Syslog Records - Click any row to access full list", "type": "table" } ], "refresh": false, "schemaVersion": 38, "style": "dark", "tags": [], "templating": { "list": [ { "current": { "selected": false, "text": "Azure Monitor", "value": "Azure Monitor" }, "hide": 0, "includeAll": false, "label": "DataSource", "multi": false, "name": "DataSource", "options": [], "query": "grafana-azure-monitor-datasource", "queryValue": "", "refresh": 1, "regex": "", "skipUrlSync": false, "type": "datasource" }, { "current": {}, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "definition": "", "hide": 0, "includeAll": false, "label": "Subscription", "multi": false, "name": "Subscription", "options": [], "query": { "azureLogAnalytics": { "query": "", "resources": [] }, "queryType": "Azure Subscriptions", "refId": "A" }, "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "type": "query" }, { "current": {}, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "definition": "", "hide": 2, "includeAll": false, "label": "Log Analytics Workspace", "multi": false, "name": "LAWorkspace", "options": [], "query": { "azureLogAnalytics": { "query": "", "resources": [] }, "azureResourceGraph": { "query": "Resources \r\n| where type =~ 'microsoft.containerservice/managedclusters'\r\n| where id == \"$Cluster\"\r\n| extend props = parse_json(properties)\r\n| extend lawResourceId = tostring(props.addonProfiles.omsAgent.config.logAnalyticsWorkspaceResourceID)\r\n| extend LAWS = iff(isnotempty(lawResourceId), lawResourceId, tostring(props.addonProfiles.omsagent.config.logAnalyticsWorkspaceResourceID))\r\n| project LAWS\r\n\r\n" }, "queryType": "Azure Resource Graph", "refId": "A", "subscriptions": ["$Subscription"] }, "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "type": "query" }, { "current": {}, "datasource": { "type": "grafana-azure-monitor-datasource", "uid": "${DataSource}" }, "definition": "", "hide": 0, "includeAll": false, "label": "Cluster", "multi": false, "name": "Cluster", "options": [], "query": { "azureLogAnalytics": { "query": "", "resources": [] }, "azureResourceGraph": { "query": "Resources\r\n| where type =~ 'microsoft.containerservice/managedclusters'" }, "queryType": "Azure Resource Graph", "refId": "A", "subscriptions": ["e98d0648-f21a-417d-8470-db17aab036a7", "$Subscription"] }, "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "type": "query" } ] }, "timepicker": {}, "timezone": "", "title": "Azure Monitor / Container Insights / Syslog", "uid": "db3b95d2-501d-4624-a262-1214577651a7", "version": 2 }