-
Notifications
You must be signed in to change notification settings - Fork 0
/
oldestalarms.sp
160 lines (137 loc) · 3.48 KB
/
oldestalarms.sp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
dashboard "turbot_oldest_alarms_report" {
title = "Turbot Oldest Alarms Report"
tags = {
service = "Turbot Oldest Alarms Report"
}
text {
value = "Oldest Turbot Controls that are in an Alarm State"
}
container {
card {
sql = query.turbot_oldest_alarms_1_month_count.sql
width = 2
}
card {
sql = query.turbot_oldest_alarms_3_month_count.sql
width = 2
}
card {
sql = query.turbot_oldest_alarms_6_month_count.sql
width = 2
}
card {
sql = query.turbot_oldest_alarms_12_month_count.sql
width = 2
}
card {
sql = query.turbot_oldest_alarms_over_1_year_count.sql
width = 2
}
card {
sql = query.turbot_oldest_alarms_total_count.sql
width = 2
}
}
text {
value = "List of Oldest Alarms (limited to 50)"
}
table {
sql = query.turbot_oldest_alarms.sql
}
}
query "turbot_oldest_alarms_1_month_count" {
sql = <<-EOQ
select
count(*) as "value",
'Alarms within 1 month old' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
turbot_control
where
filter = 'state:alarm stateChangeTimestamp:>=T-30d';
EOQ
}
query "turbot_oldest_alarms_3_month_count" {
sql = <<-EOQ
select
count(*) as "value",
'Alarms 1 to 3 months old' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
turbot_control
where
filter = 'state:alarm stateChangeTimestamp:<=T-30d stateChangeTimestamp:>=T-90d';
EOQ
}
query "turbot_oldest_alarms_6_month_count" {
sql = <<-EOQ
select
count(*) as "value",
'Alarms 3 to 6 months old' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
turbot_control
where
filter = 'state:alarm stateChangeTimestamp:<=T-90d stateChangeTimestamp:>=T-180d';
EOQ
}
query "turbot_oldest_alarms_12_month_count" {
sql = <<-EOQ
select
count(*) as "value",
'Alarms 6 to 12 months old' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
turbot_control
where
filter = 'state:alarm stateChangeTimestamp:<=T-180d stateChangeTimestamp:>=T-365d';
EOQ
}
query "turbot_oldest_alarms_over_1_year_count" {
sql = <<-EOQ
select
count(*) as "value",
'Alarms over 1 year old' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
turbot_control
where
filter = 'state:alarm stateChangeTimestamp:<=T-365d';
EOQ
}
query "turbot_oldest_alarms_total_count" {
sql = <<-EOQ
select
count(*) as "value",
'Total Alarms' as label,
case count(*) when 0 then 'ok' else 'alert' end as "type"
from
turbot_control
where
filter = 'state:alarm';
EOQ
}
query "turbot_oldest_alarms" {
sql = <<-EOQ
select
TO_CHAR(DATE_TRUNC('minute', timestamp), 'YYYY-MM-DD HH24:MI') as "last_updated",
control_type_trunk_title as "control_name",
state,
reason,
resource_trunk_title as "resource_name",
CASE
WHEN control_type_uri LIKE 'tmod:@turbot/aws-%' THEN 'AWS'
WHEN control_type_uri LIKE 'tmod:@turbot/azure-%' THEN 'Azure'
WHEN control_type_uri LIKE 'tmod:@turbot/gcp-%' THEN 'GCP'
ELSE 'Other'
END as "cloud_provider"
from
turbot_control
where
filter = 'state:alarm'
order by
"last_updated" asc
limit
50;
EOQ
}