Check Your Work
If you'd like to take a look at our dashboard and compare it to what you created feel free to download our
SBX Sample Dashboard JSON file and import it using the instructions in the Importing Dashboards section.
Can't download the file?
Replace the contents of the JSON Editor with the below JSON snippet.
{
"elements": [
{
"horizontalChart": false,
"config": {
"horizontalChart": false,
"field": "provider_type",
"multiselect": true,
"defaultValue": "*"
},
"search": {
"type": "inline",
"query": "dataset=\"$vt_datasets\"\n | project provider.type\n | distinct provider_type\n | sort by provider_type asc",
"earliest": "-1h",
"latest": "now"
},
"id": "8a7pu14p9",
"inputId": "provider_type",
"type": "input.dropdown",
"layout": {
"x": 0,
"y": 0,
"w": 2,
"h": 2
},
"title": "Provider Types"
},
{
"horizontalChart": false,
"config": {
"defaultValue": {
"earliest": "-1h",
"latest": "now",
"timezone": "local"
},
"horizontalChart": false
},
"id": "9suaprvoh",
"inputId": "timepicker",
"type": "input.timerange",
"layout": {
"x": 2,
"y": 0,
"w": 2,
"h": 2
},
"title": "Time Range"
},
{
"config": {
"markdown": "# TME Sandbox Dashboard\n---\n### Learning Cribl Search\n\nThis dashboard was made as an exercise to learn to how to create Cribl Search Dashboards. It includes details of datasets found in our Cribl Search instance. \n\n### Analytics\n - Datasets\n - Dataset Providers\n - Dataset Sizes"
},
"id": "zil0berz1",
"layout": {
"x": 0,
"y": 0,
"w": 5,
"h": 3
},
"variant": "markdown",
"type": "markdown.default"
},
{
"horizontalChart": false,
"config": {
"onClickAction": {
"type": "None"
},
"showRowNumbers": false,
"colorPalette": 0,
"colorPaletteReversed": false,
"customData": {
"trellis": false,
"connectNulls": "Leave gaps",
"stack": false,
"dataFields": [
"_time",
"id",
"dataset",
"query",
"status",
"timeStarted",
"type"
]
},
"xAxis": {
"labelOrientation": 0,
"position": "Bottom"
},
"yAxis": {
"position": "Left",
"scale": "Linear",
"splitLine": true
},
"legend": {
"position": "Right",
"truncate": true
},
"horizontalChart": false,
"timestats": false
},
"search": {
"type": "inline",
"query": "dataset=\"$vt_jobs\"\n | project _time, id, dataset=resolvedDatasets, query, status, timeStarted, timeCompleted, type",
"earliest": "$timepicker.earliest",
"latest": "$timepicker.latest",
"timezone": "$timepicker.timezone"
},
"id": "0x201o9y2",
"layout": {
"x": 0,
"y": 0,
"w": 4,
"h": 2
},
"type": "list.events",
"title": "Jobs",
"hidePanel": true
},
{
"config": {
"markdown": "### Check out other Cribl Search Sandboxes\n\n|Sandbox|Description|\n|:-----:|:--------:|\n|[**Cribl Search Overview**](https://sandbox.cribl.io/course/overview-search)|An introduction to _searching-in-place_ with Cribl Search|\n|[**Cribl Search Data Sources**](https://sandbox.cribl.io/course/search-data-sources)|Learn to _connect data sources_ to Cribl Search|\n|[**Cribl Search Operators**](https://sandbox.cribl.io/course/search-operators)|Learn the KQL-based _Cribl Search language_|\n|[**Cribl Search Dashboards**](https://sandbox.cribl.io/course/search-dashboards)|Learn to _visualize data_ using Cribl Search|"
},
"id": "zg0ib973k",
"layout": {
"x": 5,
"y": 0,
"w": 7,
"h": 3
},
"variant": "markdown",
"type": "markdown.default"
},
{
"horizontalChart": false,
"config": {
"colorPalette": 0,
"colorPaletteReversed": false,
"customData": {
"summarizeOthers": false,
"dataFields": [
"provider_type",
"datasets"
],
"seriesCount": 1
},
"legend": {
"position": "None",
"truncate": true
},
"onClickAction": {
"type": "None"
},
"horizontalChart": false,
"xAxis": {
"labelOrientation": 0,
"position": "Bottom"
},
"yAxis": {
"position": "Left",
"scale": "Linear",
"splitLine": true
},
"timestats": false,
"axis": {
"xAxis": "provider_type",
"yAxis": [
"datasets"
]
}
},
"search": {
"type": "inline",
"earliest": "-1h",
"latest": "now",
"query": "dataset=\"$vt_datasets\" id in (\"cribl*\", \"default*\") provider.type in($provider_type$)\n| summarize datasets=dcount(id) by provider.type",
"timezone": "local"
},
"id": "xgkso2nye",
"type": "chart.pie",
"layout": {
"x": 0,
"y": 3,
"w": 4,
"h": 4
},
"title": "Datasets per Provider"
},
{
"horizontalChart": false,
"config": {
"colorPalette": 0,
"colorPaletteReversed": false,
"customData": {
"trellis": false,
"connectNulls": "Leave gaps",
"stack": true,
"dataFields": [
"datasetType",
"cribl_internal_logs",
"cribl_lookups",
"cribl_search_sample",
"cribl_logs",
"cribl_metrics"
],
"seriesCount": 5
},
"xAxis": {
"labelOrientation": 0,
"position": "Bottom",
"name": "Dataset Types"
},
"yAxis": {
"position": "Left",
"scale": "Linear",
"splitLine": true,
"name": "Dataset Size %"
},
"legend": {
"position": "Bottom",
"truncate": true
},
"onClickAction": {
"type": "Add value to dashboard input",
"selectedDashboardId": "rel9fmg5o",
"selectedInputId": "dataset"
},
"showRowNumbers": false,
"timestats": false,
"horizontalChart": false,
"axis": {
"xAxis": "datasetType",
"yAxis": [
"cribl_internal_logs",
"cribl_lookups",
"cribl_search_sample",
"cribl_logs",
"cribl_metrics"
]
}
},
"search": {
"type": "inline",
"earliest": "-1h",
"latest": "now",
"query": ".show objects(cribl_*, default_*)\n | eventstats type_total=sum(size) by datasetType\n | summarize size=sum(size), total=max(type_total) by dataset, datasetType\n | extend pct=round(size/total, 2)*100\n | pivot pct over dataset by datasetType",
"timezone": "local"
},
"id": "tot8t4sjo",
"type": "chart.bar",
"layout": {
"x": 4,
"y": 3,
"w": 4,
"h": 4
},
"title": "Datasets by Type & Size"
},
{
"horizontalChart": false,
"config": {
"colorThresholds": {
"thresholds": [
{
"color": "#45850B",
"threshold": 30
},
{
"color": "#EFDB23",
"threshold": 70
},
{
"color": "#B20000",
"threshold": 100
}
]
},
"legend": {
"position": "Right",
"truncate": true
},
"colorPalette": 0,
"colorPaletteReversed": false,
"customData": {
"trellis": false,
"connectNulls": "Leave gaps",
"stack": false,
"dataFields": [
"avg_dur_sec"
],
"seriesCount": 1
},
"xAxis": {
"labelOrientation": 0,
"position": "Bottom"
},
"yAxis": {
"position": "Left",
"scale": "Linear",
"splitLine": true
},
"onClickAction": {
"type": "None"
},
"horizontalChart": false,
"timestats": false,
"applyThreshold": true,
"axis": {
"xAxis": "avg_dur_sec",
"yAxis": []
}
},
"search": {
"type": "inline",
"query": " | where status == \"completed\"\n | extend startTime = unixtime_milliseconds_todatetime(timeStarted), \n endTime = unixtime_milliseconds_todatetime(timeCompleted),\n duration = endTime - startTime\n | summarize avg_dur_sec = round(avg(duration), 2)",
"earliest": 0,
"latest": "now"
},
"id": "c5s643slo",
"layout": {
"x": 8,
"y": 3,
"w": 4,
"h": 4
},
"type": "chart.gauge",
"title": "Avg Search Runtime",
"parentSearchId": "0x201o9y2"
},
{
"horizontalChart": false,
"config": {
"colorPalette": 0,
"colorPaletteReversed": false,
"customData": {
"trellis": false,
"connectNulls": "Leave gaps",
"stack": false,
"dataFields": [
"_time",
"$vt_datasets",
"$vt_jobs",
"cribl_edge_appscope_events",
"cribl_edge_appscope_metrics",
"cribl_edge_kubernetes_logs",
"cribl_edge_logs",
"cribl_edge_metrics",
"cribl_edge_prometheus_scraper",
"cribl_edge_spool",
"cribl_edge_state",
"cribl_edge_system_logs",
"cribl_internal_logs",
"cribl_logs",
"cribl_lookups",
"cribl_metrics",
"cribl_search_sample",
"default_events",
"default_logs",
"default_metrics",
"default_spans",
"$vt_results"
],
"seriesCount": 21
},
"xAxis": {
"labelOrientation": 0,
"position": "Bottom"
},
"yAxis": {
"position": "Left",
"scale": "Linear",
"splitLine": true
},
"legend": {
"position": "Right",
"truncate": true
},
"onClickAction": {
"type": "None"
},
"horizontalChart": false,
"timestats": true,
"axis": {
"xAxis": "_time",
"yAxis": [
"$vt_datasets",
"$vt_jobs",
"cribl_edge_appscope_events",
"cribl_edge_appscope_metrics",
"cribl_edge_kubernetes_logs",
"cribl_edge_logs",
"cribl_edge_metrics",
"cribl_edge_prometheus_scraper",
"cribl_edge_spool",
"cribl_edge_state",
"cribl_edge_system_logs",
"cribl_internal_logs",
"cribl_logs",
"cribl_lookups",
"cribl_metrics",
"cribl_search_sample",
"default_events",
"default_logs",
"default_metrics",
"default_spans",
"$vt_results"
]
}
},
"search": {
"type": "inline",
"query": "dataset=\"$vt_jobs\"\n | project _time, id, dataset=resolvedDatasets\n | mv-expand dataset\n | timestats searches=dcount(id) by dataset",
"earliest": "$timepicker.earliest",
"latest": "$timepicker.latest",
"timezone": "$timepicker.timezone"
},
"id": "g8sjn862n",
"layout": {
"x": 0,
"y": 7,
"w": 12,
"h": 4
},
"type": "chart.area",
"title": "Searches by Dataset"
},
{
"horizontalChart": false,
"config": {
"onClickAction": {
"type": "Add value to dashboard input",
"selectedDashboardId": "6e275m11f",
"selectedInputId": "dataset"
},
"showRowNumbers": true,
"colorPalette": 0,
"colorPaletteReversed": false,
"customData": {
"trellis": false,
"connectNulls": "Leave gaps",
"stack": false,
"dataFields": [
"dataset",
"description"
]
},
"xAxis": {
"labelOrientation": 0,
"position": "Bottom"
},
"yAxis": {
"position": "Left",
"scale": "Linear",
"splitLine": true
},
"legend": {
"position": "Right",
"truncate": true
},
"horizontalChart": false,
"timestats": false
},
"search": {
"type": "inline",
"query": "dataset=\"$vt_datasets\" id in (\"cribl*\", \"default*\") provider.type in($provider_type$)\n| project dataset=id, description",
"earliest": "-1h",
"latest": "now"
},
"id": "6r68mkik7",
"layout": {
"x": 0,
"y": 11,
"w": 12,
"h": 4
},
"type": "list.table",
"title": "Datasets"
}
]
}