jimfuqian/BB2-3466 Usabilities Improve in Splunk Dashboards: auth flow dashboard, api big stats dashboard #1292
Conversation
JFU-NAVA-PBC
changed the title
…improve-splunk-dashboards-usabilities
splunk/api_big_stats_dashboard.xml
Outdated
| <option name="charting.drilldown">none</option> | ||
| <option name="charting.layout.splitSeries">1</option> | ||
| <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option> | ||
| <option name="refresh.display">progressbar</option> | ||
| </chart> | ||
| </panel> | ||
| <panel> | ||
| <chart> | ||
| <title>Distribution of response codes</title> |
There was a problem hiding this comment.
In this section, what we're looking for is more like "percent of total responses that are 4xx errors, percentage that are 5xx errors, percentage that aren't errors", not broken down by each individual response code. Then in the 5xx/4xx, instead of response counts being that bar graph, if we could just see a number, that will help too, since that number is what is recorded in the audit. We want to avoid the need to add results together. If we need to see the breakdown of different types of errors, that will still be visible in the existing graph. Does that make sense?
There was a problem hiding this comment.
make sense, will make changes.
splunk/api_big_stats_dashboard.xml
Outdated
| @@ -350,61 +435,6 @@ | |||
| </table> | |||
| </panel> | |||
| </row> | |||
| <row> | |||
There was a problem hiding this comment.
Removing this looks good!
| @@ -421,7 +451,7 @@ | |||
| <title>ExplanationOfBenefit</title> | |||
| <chart> | |||
| <search> | |||
| <query>index=bluebutton source="/var/log/pyapps/perf_mon.log*" host=$bbEnv$ env=$bbEnvLabel$ $appNameExpr$ | search "message.ip_addr"="$bbIpAddr$" AND ("message.path"=".well-known/*" OR "message.path"="/$apiVersionsPattern$/*" OR "message.path"="*/admin/*") | spath output=html_code2 path="message.response_code" | where html_code2="200" | spath output=call_path path="message.path" | regex call_path="/v[12]/fhir/ExplanationOfBenefit/.*" | spath output=start_time path="message.start_time" | spath output=end_time path="message.end_time" | eval Response_Time=end_time-start_time | stats min(Response_Time) as RT_fastest avg(Response_Time) as RT_mean p95(Response_Time) as RT_p95 p99(Response_Time) as RT_p99 max(Response_Time) as RT_slowest by message.path </query> | |||
| <query>index=bluebutton source="/var/log/pyapps/perf_mon.log*" host=$bbEnv$ env=$bbEnvLabel$ $appNameExpr$ | search "message.ip_addr"="$bbIpAddr$" AND ("message.path"=".well-known/*" OR "message.path"="/$apiVersionsPattern$/*" OR "message.path"="*/admin/*") | spath output=html_code2 path="message.response_code" | where html_code2="200" | spath output=call_path path="message.path" | regex call_path="/v[12]/fhir/ExplanationOfBenefit/.*" | spath output=start_time path="message.start_time" | spath output=end_time path="message.end_time" | eval Response_Time=round((end_time-start_time)*1000,2) | stats min(Response_Time) as RT_fastest avg(Response_Time) as RT_mean p95(Response_Time) as RT_p95 p99(Response_Time) as RT_p99 max(Response_Time) as RT_slowest by message.path | eval RT_mean=round(RT_mean, 2)</query> | |||
There was a problem hiding this comment.
This panel needs to be renamed to say "milliseconds" instead of "seconds"
…improve-splunk-dashboards-usabilities
There was a problem hiding this comment.
This looks good, I think we can still remove the "5xx/4xx Responses Counts" sections, since that information is all available in the other bar chart, but either way, this covers what we need, so I'll mark approved! If you make any other adjustments and want another review, just let me know!
agree |
JFU-NAVA-PBC
deleted the
jimfuqian/BB2-3466-improve-splunk-dashboards-usabilities
branch
JIRA Ticket:
BB2-3466
What Does This PR Do?
What Should Reviewers Watch For?
The dashboards with the changes have been deploy to splunk, see "Validation" section for details
If you're reviewing this PR, please check for these things in particular:
Validation
The Dashboards with changes are deployed to Splunk side by side with their original:
Go to Splunk BB2 Dashboards landing: BB2 Splunk Dashboards
API BIG STATS:
API Big Stats Dashboard - Structured BB2-3466
AUTH FLOW:
BB2 Authorization Flow Dashboard BB2-3466
Note: For API Big Stats, use a large time range e.g. 24 hrs, 7 days, if there is no e.g. 5XX errors to visualize the charts....
What Security Implications Does This PR Have?
Please indicate if this PR does any of the following:
security engineer's approval.
Any Migrations?
etc)