diff --git a/Packs/Veeam/.pack-ignore b/Packs/Veeam/.pack-ignore index 691a3a71cfc1..c949eca45895 100644 --- a/Packs/Veeam/.pack-ignore +++ b/Packs/Veeam/.pack-ignore @@ -92,7 +92,4 @@ ignore=RM100 ignore=GR103 [file:classifier-Veeam_Backup_&_Replication_RESTAPI.json] -ignore=GR103 - -[file:1_0_1.md] -ignore=RN113,RN114 \ No newline at end of file +ignore=GR103 \ No newline at end of file diff --git a/Packs/Veeam/README.md b/Packs/Veeam/README.md index d013c5d199fb..2d652a45f808 100644 --- a/Packs/Veeam/README.md +++ b/Packs/Veeam/README.md @@ -1,14 +1,8 @@ -# Overview - -Secure backup is critical to your cyber resilience. [Veeam Data Platform](https://www.veeam.com/products/veeam-data-platform.html) provides comprehensive capabilities to extend the principles of Zero Trust to data backup and recovery including Proactive Threat Hunting, Immutability Everywhere, and Secure Access. - -<~XSOAR> -Using the data received from Veeam Backup & Replication and Veeam ONE REST APIs, the app creates custom incidents related to malware detection and the health state of the backup infrastructure components. These incidents can be managed through the built-in Veeam Incident dashboard and resolved manually or automatically with built-in Veeam playbooks. - -The content pack includes: +The Veeam App for Palo Alto Networks XSOAR allows Veeam Data Platform Advanced and Premium customers to combine the automation and orchestration features of Cortex XSOAR with a simple and powerful [Veeam Data Platform](https://www.veeam.com/products/veeam-data-platform.html) that goes beyond backup, providing businesses with reliable data protection, seamless recovery, and streamlined data management. Using the data received from Veeam Backup & Replication and Veeam ONE REST APIs the Veeam App creates custom incidents related to malware detection and the health state of the backup infrastructure components. These incidents can be managed through built-in Veeam Incident Dashboard and resolved manually or automatically with built-in Veeam playbooks. +The pack includes: - Veeam Incident Dashboard: an overview of all API activities and incidents handled by the Veeam App -- Leverage custom incident types and fields related to malware detection and the health state of the backup infrastructure components +- Leverage custom incident types and fields related to malware detection and health state of the backup infrastructure components - Predefined incident classifiers and incoming mappers for incident types - Ingestion of the most important security alerts and detections: - Configuration Backup State @@ -23,37 +17,4 @@ The content pack includes: # Documentation -[Veeam Helpcenter User Guide](https://helpcenter.veeam.com/docs/security_plugins_xsoar/guide/) - -# Screenshots - -![The XSOAR Dashboard](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/doc_files/Veeam_XSOAR_Dashboard.png) - -![Veeam - Start Instant VM Recovery Automatically](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/doc_files/Veeam_XSOAR_Playbooks.png) - -<~XSIAM> -This app allows Veeam Data Platform Advanced and Premium users to monitor various security activities in their Veeam backup infrastructure for: - -- Veeam Backup & Replication events. -- Alarms triggered by Veeam ONE. - -The app gets information from the event forwarding capabilities via syslog servers integrated with Veeam Backup & Replication and Veeam ONE, parses the data and displays it on the Veeam Data Platform Monitoring dashboard. For events and alarms with Medium, High and Critical severity, the app generates alerts and displays them on the Veeam Security Activities dashboard. - -The content pack includes: - -- Built-in dashboards to monitor job statuses and security activities on a daily basis. -- Built-in reports. -- Multiple data source support. - -# Documentation - -[Veeam Helpcenter User Guide](https://helpcenter.veeam.com/docs/security_plugins_xsiam/guide/) - -The documentation also includes examples of correlation rules for Veeam security activities. - -# Screenshots - -![The Security Dashboard](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard_image.png) - -![The Moitoring Dashboard](https://raw.githubusercontent.com/demisto/content/master/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard_image.png) - +[Veeam App for Palo Alto XSOAR User Guide](https://helpcenter.veeam.com/docs/security_plugins_xsoar/guide/) \ No newline at end of file diff --git a/Packs/Veeam/ReleaseNotes/1_0_2.md b/Packs/Veeam/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..3846053685e7 --- /dev/null +++ b/Packs/Veeam/ReleaseNotes/1_0_2.md @@ -0,0 +1 @@ +***Reverted changes released on previous version (1.0.1) due to technical issues.*** diff --git a/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard.json b/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard.json deleted file mode 100644 index 96fde8fcb760..000000000000 --- a/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard.json +++ /dev/null @@ -1,2265 +0,0 @@ -{ - "dashboards_data": [ - { - "name": "Veeam Data Platform Monitoring", - "description": "Aggregated information about jobs run on Veeam Backup & Replication servers.", - "status": "ENABLED", - "layout": [ - { - "id": "row-6854", - "data": [ - { - "key": "xql_1715774699200", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 413, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n_jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n_host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobResultCode = \"2\", 1)) as _failed\r\n| fields _failed\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _failed ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_failed" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _jobResultCode=\"2\"\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715776054053", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 413, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"150\",\"151\")\r\n| alter \r\n _transferredGb=to_float(arrayindex(regextract(_raw_log, \"TransferredGb\\=\\\"(\\d*\\.?\\d*)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp sum(_transferredGb) as _totalTransferredGb\r\n| replacenull _totalTransferredGb = 0\r\n| fields _totalTransferredGb\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _totalTransferredGb dataunit = \"GB\" ", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_totalTransferredGb" - } - }, - { - "command": { - "op": "=", - "name": "dataunit", - "value": "\"GB\"" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"150\",\"151\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _transferredGb=to_float(arrayindex(regextract(_raw_log, \"TransferredGb\\=\\\"(\\d*\\.?\\d*)\\\"\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _transferredGb as `Transferred Data (GB)`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-8486", - "data": [ - { - "key": "xql_1715780123485", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 531, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"790\",\"194\",\"490\",\"451\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter \r\n_jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"),\r\n _instanceId in (\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n_day=date_floor(_time ,\"d\"),\r\n_host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobResultCode = \"0\", 1)) as Success, \r\n count(if(_jobResultCode = \"1\", 1)) as Warning,\r\n count(if(_jobResultCode = \"2\", 1)) as Failed, \r\n count(if(_jobResultCode = \"3\", 1)) as Working by _day\r\n| fields Success, Warning, Failed, Working, _day\r\n| sort asc _day\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Success,Warning,Failed,Working seriescolor(\"Success\",\"#00D15F\") seriescolor(\"Working\",\"#0084D1\") seriescolor(\"Warning\",\"#FF8F2E\") seriescolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Success,Warning,Failed,Working" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Working", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Warning", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "seriescolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"790\",\"194\",\"490\",\"451\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _day=date_floor(_time ,\"d\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _day = to_timestamp($x_axis.value, \"MILLIS\") and _jobResult = $y_axis.name \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-4523", - "data": [ - { - "key": "xql_1715780383232", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 531, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"390\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter \r\n_jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n_day=date_floor(_time ,\"d\"),\r\n_host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobResultCode = \"0\", 1)) as Success, \r\n count(if(_jobResultCode = \"1\", 1)) as Warning,\r\n count(if(_jobResultCode = \"2\", 1)) as Failed, \r\n count(if(_jobResultCode = \"3\", 1)) as Working by _day\r\n| fields Success, Warning, Failed, Working, _day\r\n| sort asc _day\r\n\r\n\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Success,Warning,Failed,Working seriescolor(\"Success\",\"#00D15F\") seriescolor(\"Working\",\"#0084D1\") seriescolor(\"Warning\",\"#FF8F2E\") seriescolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Success,Warning,Failed,Working" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Working", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Warning", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "seriescolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"390\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _day=date_floor(_time ,\"d\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _day = to_timestamp($x_axis.value, \"MILLIS\") and _jobResult = $y_axis.name \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-446", - "data": [ - { - "key": "xql_1715780485921", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 603, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"40700\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResult=arrayindex(regextract(_raw_log, \"Result\\:\\ ([^.]*)\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _jobResult as `State`\r\n| limit 100", - "entityType": "xql-widget-table-3505ac26-ab2f-4520-bf63-1c6d60a86ffb", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": null, - "columnWidth": null - } - } - } - ] - }, - { - "id": "row-3185", - "data": [ - { - "key": "xql_1715780632686", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 291, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") valuecolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715780719907", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 291, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(if(\r\n _instanceId=\"790\", regextract(_raw_log, \"param4\\=\\\"(\\d+)\\\"\"), \r\n \"1\"=\"1\", regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\")), 0))\r\n| filter _jobTypeCode = \"0\" AND _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") valuecolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobTypeCode = \"0\" AND _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715780786267", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 291, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"790\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"790\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-7730", - "data": [ - { - "key": "xql_1715780875011", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 280, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"36022\",\"36026\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715780917449", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 280, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"151\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"151\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715780965590", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 280, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"490\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=arrayindex(regextract(_raw_log , \"JobType\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _jobTypeCode=\"13003\" and _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"490\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobTypeCode=\"13003\" and _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-1357", - "data": [ - { - "key": "xql_1715781014094", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 285, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(if(\r\n _instanceId=\"790\", regextract(_raw_log, \"param4\\=\\\"(\\d+)\\\"\"), \r\n \"1\"=\"1\", regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\")), 0))\r\n| filter _jobTypeCode = \"1\" AND _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobTypeCode = \"1\" AND _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715781071150", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 285, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"490\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"490\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715781165935", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 285, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"194\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"194\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _jobResult = $x_axis.value \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-7460", - "data": [ - { - "key": "xql_1715781224440", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 407, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($hosts)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"60\",\"HPE StoreOnce Replication Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`\r\n| limit 100", - "entityType": "xql-widget-table-90464939-772a-4a1b-bbdf-40efb2f53009", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": null, - "columnWidth": null - } - } - } - ] - }, - { - "id": "row-6508", - "data": [ - { - "key": "xql_1715781311118", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 546, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter \r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _day=date_floor(_time ,\"d\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobTypeCode in (\"1\",\"50\"), 1)) as _replicationJob,\r\n count(if(_jobTypeCode = \"3\", 1)) as _sureBackupJob,\r\n count(if(_jobTypeCode in (\"0\",\"14000\"), 1)) as _backupJob,\r\n count(if(_jobTypeCode = \"8\", 1)) as _quickMigration,\r\n count(if(_jobTypeCode = \"22\", 1)) as _rescanJob,\r\n count(if(_jobTypeCode = \"24\", 1)) as _fileToTapeJob,\r\n count(if(_jobTypeCode = \"28\", 1)) as _backupToTapeJob,\r\n count(if(_jobTypeCode = \"52\", 1)) as _msSQLLogBackupJob,\r\n count(if(_jobTypeCode = \"54\", 1)) as _oracleLogBackupJob,\r\n count(if(_jobTypeCode = \"60\", 1)) as _HPEStoreOnceReplicationJob,\r\n count(if(_jobTypeCode in (\"2\",\"51\",\"63\",\"65\",\"70\"), 1)) as _backupCopyJob,\r\n count(if(_jobTypeCode = \"74\", 1)) as _postgreSQLLogBackupJob,\r\n count(if(_jobTypeCode = \"100\", 1)) as _configurationBackupJob,\r\n count(if(_jobTypeCode = \"104\", 1)) as _configurationDatabaseMaintenanceJob,\r\n count(if(_jobTypeCode in (\"202\",\"290\"), 1)) as _restoreJob,\r\n count(if(_jobTypeCode = \"203\", 1)) as _undoFailoverPlan,\r\n count(if(_jobTypeCode = \"316\", 1)) as _cdpPolicy,\r\n count(if(_jobTypeCode in (\"4000\",\"12000\",\"12003\"), 1)) as _agentBackupJobBS,\r\n count(if(_jobTypeCode = \"12002\", 1)) as _agentBackupJobBP,\r\n count(if(_jobTypeCode = \"13000\", 1)) as _fileBackupJob,\r\n count(if(_jobTypeCode = \"13003\", 1)) as _fileBackupCopyJob,\r\n count(if(_jobTypeCode = \"15000\", 1)) as _storageSnapshotSnapshotOnlyJob,\r\n count(if(_jobTypeCode = \"15001\", 1)) as _storageSnapshotBackupJob,\r\n count(if(_jobTypeCode = \"15002\", 1)) as _storageSnapshotCopyJob,\r\n count(if(_jobTypeCode = \"15004\", 1)) as _storageSnapshotRestoreSession,\r\n count(if(_jobTypeCode = \"18000\", 1)) as _archiveTierBackupJob,\r\n count(if(_jobTypeCode = \"18001\", 1)) as _archiveTierRestoreSession,\r\n count(if(_jobTypeCode = \"18002\", 1)) as _archiveDownloadSession,\r\n count(if(_jobTypeCode = \"18003\", 1)) as _archiveTierSynchronizationJob,\r\n count(if(_jobTypeCode = \"18004\", 1)) as _archiveTierBackupCopyJob,\r\n count(if(_jobTypeCode = \"18005\", 1)) as _archiveTierArchivingJob,\r\n count(if(_jobTypeCode = \"18006\", 1)) as _publishDiskSession,\r\n count(if(_jobTypeCode = \"18008\", 1)) as _objectStorageRepositorySynchronizationJob,\r\n count(if(_jobTypeCode = \"24002\", 1)) as _guestOSFileRestoreSession,\r\n count(if(_jobTypeCode in (\"33000\", \"33001\"), 1)) as _sureBackupScanOnly\r\n by _day\r\n| sort asc _day\r\n\r\n\r\n\r\n\n| view graph type = column subtype = stacked xaxis = _day yaxis = _replicationJob,_sureBackupJob,_backupJob,_fileBackupJob,_quickMigration,_rescanJob,_fileToTapeJob,_backupToTapeJob,_msSQLLogBackupJob,_oracleLogBackupJob,_HPEStoreOnceReplicationJob,_backupCopyJob,_postgreSQLLogBackupJob,_configurationDatabaseMaintenanceJob,_configurationBackupJob,_restoreJob,_undoFailoverPlan,_cdpPolicy,_agentBackupJobBS,_agentBackupJobBP,_fileBackupCopyJob,_storageSnapshotSnapshotOnlyJob,_storageSnapshotBackupJob,_storageSnapshotCopyJob,_storageSnapshotRestoreSession,_archiveTierBackupJob,_archiveTierRestoreSession,_archiveDownloadSession,_archiveTierSynchronizationJob,_archiveTierBackupCopyJob,_archiveTierArchivingJob,_publishDiskSession,_objectStorageRepositorySynchronizationJob,_guestOSFileRestoreSession,_sureBackupScanOnly seriestitle(\"_replicationJob\",\"Replication Job\") seriestitle(\"_sureBackupJob\",\"SureBackup Job\") seriestitle(\"_backupJob\",\"Backup Job\") seriestitle(\"_quickMigration\",\"Quick Migration\") seriestitle(\"_rescanJob\",\"Rescan Job\") seriestitle(\"_fileToTapeJob\",\"File to Tape Job\") seriestitle(\"_backupToTapeJob\",\"Backup to Tape Job\") seriestitle(\"_msSQLLogBackupJob\",\"MS SQL Log Backup Job\") seriestitle(\"_oracleLogBackupJob\",\"Oracle Log Backup Job\") seriestitle(\"_HPEStoreOnceReplicationJob\",\"HPE StoreOnce Replication Job\") seriestitle(\"_backupCopyJob\",\"Backup Copy Job\") seriestitle(\"_postgreSQLLogBackupJob\",\"PostgreSQL Log Backup Job\") seriestitle(\"_configurationBackupJob\",\"Configuration Backup Job\") seriestitle(\"_configurationDatabaseMaintenanceJob\",\"Configuration Database Maintenance Job\") seriestitle(\"_restoreJob\",\"Restore Job\") seriestitle(\"_undoFailoverPlan\",\"Undo Failover Plan\") seriestitle(\"_cdpPolicy\",\"CDP Policy\") seriestitle(\"_agentBackupJobBS\",\"Agent Backup Job (Backup Server)\") seriestitle(\"_agentBackupJobBP\",\"Agent Backup Job (Backup Policy)\") seriestitle(\"_fileBackupJob\",\"File Backup Job\") seriestitle(\"_fileBackupCopyJob\",\"File Backup Copy Job\") seriestitle(\"_storageSnapshotSnapshotOnlyJob\",\"Storage Snapshot Snapshot-Only Job\") seriestitle(\"_storageSnapshotBackupJob\",\"Storage Snapshot Backup Job\") seriestitle(\"_storageSnapshotCopyJob\",\"Storage Snapshot Copy Job\") seriestitle(\"_storageSnapshotRestoreSession\",\"Storage Snapshot Restore Session\") seriestitle(\"_archiveTierBackupJob\",\"Archive Tier Backup Job\") seriestitle(\"_archiveTierRestoreSession\",\"Archive Tier Restore Session\") seriestitle(\"_archiveDownloadSession\",\"Archive Download Session\") seriestitle(\"_archiveTierSynchronizationJob\",\"Archive Tier Synchronization Job\") seriestitle(\"_archiveTierBackupCopyJob\",\"Archive Tier Backup Copy Job\") seriestitle(\"_archiveTierArchivingJob\",\"Archive Tier Archiving Job\") seriestitle(\"_publishDiskSession\",\"Publish Disk Session\") seriestitle(\"_objectStorageRepositorySynchronizationJob\",\"Object Storage Repository Synchronization Job\") seriestitle(\"_guestOSFileRestoreSession\",\"Guest OS File Restore Session\") seriestitle(\"_sureBackupScanOnly\",\"SureBackup Scan only\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "column", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "stacked" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_replicationJob,_sureBackupJob,_backupJob,_fileBackupJob,_quickMigration,_rescanJob,_fileToTapeJob,_backupToTapeJob,_msSQLLogBackupJob,_oracleLogBackupJob,_HPEStoreOnceReplicationJob,_backupCopyJob,_postgreSQLLogBackupJob,_configurationDatabaseMaintenanceJob,_configurationBackupJob,_restoreJob,_undoFailoverPlan,_cdpPolicy,_agentBackupJobBS,_agentBackupJobBP,_fileBackupCopyJob,_storageSnapshotSnapshotOnlyJob,_storageSnapshotBackupJob,_storageSnapshotCopyJob,_storageSnapshotRestoreSession,_archiveTierBackupJob,_archiveTierRestoreSession,_archiveDownloadSession,_archiveTierSynchronizationJob,_archiveTierBackupCopyJob,_archiveTierArchivingJob,_publishDiskSession,_objectStorageRepositorySynchronizationJob,_guestOSFileRestoreSession,_sureBackupScanOnly" - } - }, - { - "func": { - "args": [ "_replicationJob", "Replication Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_sureBackupJob", "SureBackup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_backupJob", "Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_quickMigration", "Quick Migration" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_rescanJob", "Rescan Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_fileToTapeJob", "File to Tape Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_backupToTapeJob", "Backup to Tape Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_msSQLLogBackupJob", "MS SQL Log Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_oracleLogBackupJob", "Oracle Log Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_HPEStoreOnceReplicationJob", "HPE StoreOnce Replication Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_backupCopyJob", "Backup Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_postgreSQLLogBackupJob", "PostgreSQL Log Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_configurationBackupJob", "Configuration Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_configurationDatabaseMaintenanceJob", "Configuration Database Maintenance Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_restoreJob", "Restore Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_undoFailoverPlan", "Undo Failover Plan" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_cdpPolicy", "CDP Policy" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_agentBackupJobBS", "Agent Backup Job (Backup Server)" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_agentBackupJobBP", "Agent Backup Job (Backup Policy)" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_fileBackupJob", "File Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_fileBackupCopyJob", "File Backup Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotSnapshotOnlyJob", "Storage Snapshot Snapshot-Only Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotBackupJob", "Storage Snapshot Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotCopyJob", "Storage Snapshot Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotRestoreSession", "Storage Snapshot Restore Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierBackupJob", "Archive Tier Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierRestoreSession", "Archive Tier Restore Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveDownloadSession", "Archive Download Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierSynchronizationJob", "Archive Tier Synchronization Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierBackupCopyJob", "Archive Tier Backup Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierArchivingJob", "Archive Tier Archiving Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_publishDiskSession", "Publish Disk Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_objectStorageRepositorySynchronizationJob", "Object Storage Repository Synchronization Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_guestOSFileRestoreSession", "Guest OS File Restore Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_sureBackupScanOnly", "SureBackup Scan only" ], - "name": "seriestitle" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _day=date_floor(_time ,\"d\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobTypeColumn=if(\r\n _jobTypeCode in (\"1\",\"50\"), \"_replicationJob\",\r\n _jobTypeCode = \"3\", \"_sureBackupJob\",\r\n _jobTypeCode in (\"0\",\"14000\"), \"_backupJob\",\r\n _jobTypeCode = \"8\", \"_quickMigration\",\r\n _jobTypeCode = \"22\", \"_rescanJob\",\r\n _jobTypeCode = \"24\", \"_fileToTapeJob\",\r\n _jobTypeCode = \"28\", \"_backupToTapeJob\",\r\n _jobTypeCode = \"52\", \"_msSQLLogBackupJob\",\r\n _jobTypeCode = \"54\", \"_oracleLogBackupJob\",\r\n _jobTypeCode in (\"2\",\"51\",\"63\",\"65\",\"70\"), \"_backupCopyJob\",\r\n _jobTypeCode = \"74\", \"_postgreSQLLogBackupJob\",\r\n _jobTypeCode = \"100\", \"_configurationBackupJob\",\r\n _jobTypeCode = \"104\", \"_configurationDatabaseMaintenanceJob\",\r\n _jobTypeCode in (\"202\",\"290\"), \"_restoreJob\",\r\n _jobTypeCode = \"203\", \"_undoFailoverPlan\",\r\n _jobTypeCode = \"316\", \"_cdpPolicy\",\r\n _jobTypeCode in (\"4000\",\"12000\",\"12003\"), \"_agentBackupJobBS\",\r\n _jobTypeCode = \"12002\", \"_agentBackupJobBP\",\r\n _jobTypeCode = \"13000\", \"_fileBackupJob\",\r\n _jobTypeCode = \"13003\", \"_fileBackupCopyJob\",\r\n _jobTypeCode = \"15000\", \"_storageSnapshotSnapshotOnlyJob\",\r\n _jobTypeCode = \"15001\", \"_storageSnapshotBackupJob\",\r\n _jobTypeCode = \"15002\", \"_storageSnapshotCopyJob\",\r\n _jobTypeCode = \"15004\", \"_storageSnapshotRestoreSession\",\r\n _jobTypeCode = \"18000\", \"_archiveTierBackupJob\",\r\n _jobTypeCode = \"18001\", \"_archiveTierRestoreSession\",\r\n _jobTypeCode = \"18002\", \"_archiveDownloadSession\",\r\n _jobTypeCode = \"18003\", \"_archiveTierSynchronizationJob\",\r\n _jobTypeCode = \"18004\", \"_archiveTierBackupCopyJob\",\r\n _jobTypeCode = \"18005\", \"_archiveTierArchivingJob\",\r\n _jobTypeCode = \"18006\", \"_publishDiskSession\",\r\n _jobTypeCode = \"18008\", \"_objectStorageRepositorySynchronizationJob\",\r\n _jobTypeCode = \"24002\", \"_guestOSFileRestoreSession\",\r\n _jobTypeCode in (\"33000\", \"33001\"), \"_sureBackupScanOnly\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"60\",\"HPE StoreOnce Replication Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| filter _day = to_timestamp($x_axis.value, \"MILLIS\") and _jobTypeColumn = $y_axis.name \r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": null, - "columnWidth": null - } - } - } - ] - } - ], - "default_dashboard_id": 1, - "global_id": "9b572c78d0f645ada74ca06c1273b13f", - "metadata": { - "params": [ - { - "name": "hosts", - "type": "DYNAMIC", - "title": "Data Sources", - "value": [], - "executionID": "2621c18a328f43_625872_inv", - "valueOptions": [], - "investigation": { - "ttl": "0", - "source": "investigation", - "timeframe": { "relativeTime": 86400000 }, - "input_dict": { - "xql": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\",\"40700\")\r\n| alter \r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| dedup _host \r\n| fields\r\n _host\r\n// | alter testyair = _host \r\n// | fields testyair ", - "tenants": [], - "schedule": null, - "query_editor": "xql", - "notification_link": "xql/xql-search/_EXECUTION_ID_", - "run_in_background": false, - "query_definition_name": "XQL-QUERY-139051" - }, - "dashboard_id": null - }, - "investigationError": null, - "filterComponentType": "MULTI_SELECT", - "investigationColumn": "_host" - } - ] - } - } - ], - "widgets_data": [ - { - "widget_key": "xql_1715774699200", - "title": "Failed Jobs", - "creation_time": 1727085252616, - "description": "The total amount of jobs finished with the Failed status.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n_jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n_host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobResultCode = \"2\", 1)) as _failed\r\n| fields _failed\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _failed ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_failed" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715776054053", - "title": "Transferred Data", - "creation_time": 1727085256050, - "description": "The total amount of transferred data.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"150\",\"151\")\r\n| alter \r\n _transferredGb=to_float(arrayindex(regextract(_raw_log, \"TransferredGb\\=\\\"(\\d*\\.?\\d*)\\\"\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp sum(_transferredGb) as _totalTransferredGb\r\n| replacenull _totalTransferredGb = 0\r\n| fields _totalTransferredGb\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _totalTransferredGb dataunit = \"GB\" ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_totalTransferredGb" - } - }, - { - "command": { - "op": "=", - "name": "dataunit", - "value": "\"GB\"" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780123485", - "title": "Backup and Copy Jobs: Daily Report", - "creation_time": 1727085252027, - "description": "Daily statistics on finished backup and backup copy jobs.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"790\",\"194\",\"490\",\"451\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter \r\n_jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"),\r\n _instanceId in (\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n_day=date_floor(_time ,\"d\"),\r\n_host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobResultCode = \"0\", 1)) as Success, \r\n count(if(_jobResultCode = \"1\", 1)) as Warning,\r\n count(if(_jobResultCode = \"2\", 1)) as Failed, \r\n count(if(_jobResultCode = \"3\", 1)) as Working by _day\r\n| fields Success, Warning, Failed, Working, _day\r\n| sort asc _day\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Success,Warning,Failed,Working seriescolor(\"Success\",\"#00D15F\") seriescolor(\"Working\",\"#0084D1\") seriescolor(\"Warning\",\"#FF8F2E\") seriescolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Success,Warning,Failed,Working" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Working", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Warning", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "seriescolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780383232", - "title": "SureBackup Jobs: Daily Report", - "creation_time": 1727085255663, - "description": "Daily statistics on finished SureBackup jobs.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"390\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter \r\n_jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n_day=date_floor(_time ,\"d\"),\r\n_host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobResultCode = \"0\", 1)) as Success, \r\n count(if(_jobResultCode = \"1\", 1)) as Warning,\r\n count(if(_jobResultCode = \"2\", 1)) as Failed, \r\n count(if(_jobResultCode = \"3\", 1)) as Working by _day\r\n| fields Success, Warning, Failed, Working, _day\r\n| sort asc _day\r\n\r\n\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Success,Warning,Failed,Working seriescolor(\"Success\",\"#00D15F\") seriescolor(\"Working\",\"#0084D1\") seriescolor(\"Warning\",\"#FF8F2E\") seriescolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Success,Warning,Failed,Working" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Working", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Warning", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "seriescolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780485921", - "title": "Latest Configuration Backups", - "creation_time": 1727085254196, - "description": "Information about the latest configuration backup job run on each Veeam Backup & Replication server.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"40700\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResult=arrayindex(regextract(_raw_log, \"Result\\:\\ ([^.]*)\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _jobResult as `State`\r\n| limit 100", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": { - "_id": "{\"pinned\":null,\"width\":287,\"hide\":true}", - "_tag": "{\"pinned\":null,\"width\":114,\"hide\":true}", - "_vendor": "{\"pinned\":null,\"width\":1434,\"hide\":true}", - "_product": "{\"pinned\":null,\"width\":159,\"hide\":true}", - "_raw_log": "{\"pinned\":null,\"width\":700,\"hide\":false}", - "_insert_time": "{\"pinned\":null,\"width\":187,\"hide\":true}", - "COL_66ba12fe11b24b94b2f254085c605f3a": "{\"pinned\":null,\"width\":249,\"hide\":false}" - }, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780632686", - "title": "All Jobs", - "creation_time": 1727085251591, - "description": "The breakdown of all finished jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") valuecolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780719907", - "title": "VM Backup Jobs", - "creation_time": 1727085256413, - "description": "The breakdown of finished VM backup jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(if(\r\n _instanceId=\"790\", regextract(_raw_log, \"param4\\=\\\"(\\d+)\\\"\"), \r\n \"1\"=\"1\", regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\")), 0))\r\n| filter _jobTypeCode = \"0\" AND _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") valuecolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780786267", - "title": "Agent Jobs", - "creation_time": 1727085251098, - "description": "The breakdown of finished Veeam Agent jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"790\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780875011", - "title": "Enterprise Plug-in Jobs", - "creation_time": 1727085252313, - "description": "The breakdown of finished enterprise plug-in jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"36022\",\"36026\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780917449", - "title": "File Backup Jobs", - "creation_time": 1727085252964, - "description": "The breakdown of finished file backup jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"151\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715780965590", - "title": "File Backup Copy Jobs", - "creation_time": 1727085252807, - "description": "The breakdown of finished file backup copy jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"490\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _jobTypeCode=arrayindex(regextract(_raw_log , \"JobType\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _jobTypeCode=\"13003\" and _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715781014094", - "title": "Replication Jobs", - "creation_time": 1727085255402, - "description": "The breakdown of finished replication jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(if(\r\n _instanceId=\"790\", regextract(_raw_log, \"param4\\=\\\"(\\d+)\\\"\"), \r\n \"1\"=\"1\", regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\")), 0))\r\n| filter _jobTypeCode = \"1\" AND _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715781071150", - "title": "Backup Copy Jobs", - "creation_time": 1727085252170, - "description": "The breakdown of finished backup copy jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"490\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715781165935", - "title": "Tape Jobs", - "creation_time": 1727085255840, - "description": "The breakdown of finished tape jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"194\")\r\n| alter \r\n _jobResultCode=arrayindex(regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\"), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715781224440", - "title": "Latest Finished Jobs", - "creation_time": 1727085254989, - "description": "Detailed information about the latest finished jobs on each Veeam Backup & Replication server.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($hosts)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"60\",\"HPE StoreOnce Replication Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`\r\n| limit 100", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": { - "_id": "{\"pinned\":null,\"width\":294,\"hide\":true,\"order\":2}", - "Date": "{\"pinned\":null,\"width\":186,\"hide\":false,\"order\":0}", - "_tag": "{\"pinned\":null,\"width\":114,\"hide\":true,\"order\":6}", - "State": "{\"pinned\":null,\"width\":135,\"hide\":true,\"order\":1}", - "_vendor": "{\"pinned\":null,\"width\":521,\"hide\":true,\"order\":7}", - "_product": "{\"pinned\":null,\"width\":159,\"hide\":true,\"order\":4}", - "_raw_log": "{\"pinned\":null,\"width\":700,\"hide\":false,\"order\":5}", - "_insert_time": "{\"pinned\":null,\"width\":186,\"hide\":true,\"order\":3}", - "action-buttons": "{\"pinned\":\"right\",\"width\":184,\"hide\":false,\"order\":11}" - }, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715781311118", - "title": "Finished Jobs by Type", - "creation_time": 1727085253939, - "description": "Daily statistics on finished jobs by type.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter \r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _day=date_floor(_time ,\"d\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_jobTypeCode in (\"1\",\"50\"), 1)) as _replicationJob,\r\n count(if(_jobTypeCode = \"3\", 1)) as _sureBackupJob,\r\n count(if(_jobTypeCode in (\"0\",\"14000\"), 1)) as _backupJob,\r\n count(if(_jobTypeCode = \"8\", 1)) as _quickMigration,\r\n count(if(_jobTypeCode = \"22\", 1)) as _rescanJob,\r\n count(if(_jobTypeCode = \"24\", 1)) as _fileToTapeJob,\r\n count(if(_jobTypeCode = \"28\", 1)) as _backupToTapeJob,\r\n count(if(_jobTypeCode = \"52\", 1)) as _msSQLLogBackupJob,\r\n count(if(_jobTypeCode = \"54\", 1)) as _oracleLogBackupJob,\r\n count(if(_jobTypeCode = \"60\", 1)) as _HPEStoreOnceReplicationJob,\r\n count(if(_jobTypeCode in (\"2\",\"51\",\"63\",\"65\",\"70\"), 1)) as _backupCopyJob,\r\n count(if(_jobTypeCode = \"74\", 1)) as _postgreSQLLogBackupJob,\r\n count(if(_jobTypeCode = \"100\", 1)) as _configurationBackupJob,\r\n count(if(_jobTypeCode = \"104\", 1)) as _configurationDatabaseMaintenanceJob,\r\n count(if(_jobTypeCode in (\"202\",\"290\"), 1)) as _restoreJob,\r\n count(if(_jobTypeCode = \"203\", 1)) as _undoFailoverPlan,\r\n count(if(_jobTypeCode = \"316\", 1)) as _cdpPolicy,\r\n count(if(_jobTypeCode in (\"4000\",\"12000\",\"12003\"), 1)) as _agentBackupJobBS,\r\n count(if(_jobTypeCode = \"12002\", 1)) as _agentBackupJobBP,\r\n count(if(_jobTypeCode = \"13000\", 1)) as _fileBackupJob,\r\n count(if(_jobTypeCode = \"13003\", 1)) as _fileBackupCopyJob,\r\n count(if(_jobTypeCode = \"15000\", 1)) as _storageSnapshotSnapshotOnlyJob,\r\n count(if(_jobTypeCode = \"15001\", 1)) as _storageSnapshotBackupJob,\r\n count(if(_jobTypeCode = \"15002\", 1)) as _storageSnapshotCopyJob,\r\n count(if(_jobTypeCode = \"15004\", 1)) as _storageSnapshotRestoreSession,\r\n count(if(_jobTypeCode = \"18000\", 1)) as _archiveTierBackupJob,\r\n count(if(_jobTypeCode = \"18001\", 1)) as _archiveTierRestoreSession,\r\n count(if(_jobTypeCode = \"18002\", 1)) as _archiveDownloadSession,\r\n count(if(_jobTypeCode = \"18003\", 1)) as _archiveTierSynchronizationJob,\r\n count(if(_jobTypeCode = \"18004\", 1)) as _archiveTierBackupCopyJob,\r\n count(if(_jobTypeCode = \"18005\", 1)) as _archiveTierArchivingJob,\r\n count(if(_jobTypeCode = \"18006\", 1)) as _publishDiskSession,\r\n count(if(_jobTypeCode = \"18008\", 1)) as _objectStorageRepositorySynchronizationJob,\r\n count(if(_jobTypeCode = \"24002\", 1)) as _guestOSFileRestoreSession,\r\n count(if(_jobTypeCode in (\"33000\", \"33001\"), 1)) as _sureBackupScanOnly\r\n by _day\r\n| sort asc _day\r\n\r\n\r\n\r\n\n| view graph type = column subtype = stacked xaxis = _day yaxis = _replicationJob,_sureBackupJob,_backupJob,_fileBackupJob,_quickMigration,_rescanJob,_fileToTapeJob,_backupToTapeJob,_msSQLLogBackupJob,_oracleLogBackupJob,_HPEStoreOnceReplicationJob,_backupCopyJob,_postgreSQLLogBackupJob,_configurationDatabaseMaintenanceJob,_configurationBackupJob,_restoreJob,_undoFailoverPlan,_cdpPolicy,_agentBackupJobBS,_agentBackupJobBP,_fileBackupCopyJob,_storageSnapshotSnapshotOnlyJob,_storageSnapshotBackupJob,_storageSnapshotCopyJob,_storageSnapshotRestoreSession,_archiveTierBackupJob,_archiveTierRestoreSession,_archiveDownloadSession,_archiveTierSynchronizationJob,_archiveTierBackupCopyJob,_archiveTierArchivingJob,_publishDiskSession,_objectStorageRepositorySynchronizationJob,_guestOSFileRestoreSession,_sureBackupScanOnly seriestitle(\"_replicationJob\",\"Replication Job\") seriestitle(\"_sureBackupJob\",\"SureBackup Job\") seriestitle(\"_backupJob\",\"Backup Job\") seriestitle(\"_quickMigration\",\"Quick Migration\") seriestitle(\"_rescanJob\",\"Rescan Job\") seriestitle(\"_fileToTapeJob\",\"File to Tape Job\") seriestitle(\"_backupToTapeJob\",\"Backup to Tape Job\") seriestitle(\"_msSQLLogBackupJob\",\"MS SQL Log Backup Job\") seriestitle(\"_oracleLogBackupJob\",\"Oracle Log Backup Job\") seriestitle(\"_HPEStoreOnceReplicationJob\",\"HPE StoreOnce Replication Job\") seriestitle(\"_backupCopyJob\",\"Backup Copy Job\") seriestitle(\"_postgreSQLLogBackupJob\",\"PostgreSQL Log Backup Job\") seriestitle(\"_configurationBackupJob\",\"Configuration Backup Job\") seriestitle(\"_configurationDatabaseMaintenanceJob\",\"Configuration Database Maintenance Job\") seriestitle(\"_restoreJob\",\"Restore Job\") seriestitle(\"_undoFailoverPlan\",\"Undo Failover Plan\") seriestitle(\"_cdpPolicy\",\"CDP Policy\") seriestitle(\"_agentBackupJobBS\",\"Agent Backup Job (Backup Server)\") seriestitle(\"_agentBackupJobBP\",\"Agent Backup Job (Backup Policy)\") seriestitle(\"_fileBackupJob\",\"File Backup Job\") seriestitle(\"_fileBackupCopyJob\",\"File Backup Copy Job\") seriestitle(\"_storageSnapshotSnapshotOnlyJob\",\"Storage Snapshot Snapshot-Only Job\") seriestitle(\"_storageSnapshotBackupJob\",\"Storage Snapshot Backup Job\") seriestitle(\"_storageSnapshotCopyJob\",\"Storage Snapshot Copy Job\") seriestitle(\"_storageSnapshotRestoreSession\",\"Storage Snapshot Restore Session\") seriestitle(\"_archiveTierBackupJob\",\"Archive Tier Backup Job\") seriestitle(\"_archiveTierRestoreSession\",\"Archive Tier Restore Session\") seriestitle(\"_archiveDownloadSession\",\"Archive Download Session\") seriestitle(\"_archiveTierSynchronizationJob\",\"Archive Tier Synchronization Job\") seriestitle(\"_archiveTierBackupCopyJob\",\"Archive Tier Backup Copy Job\") seriestitle(\"_archiveTierArchivingJob\",\"Archive Tier Archiving Job\") seriestitle(\"_publishDiskSession\",\"Publish Disk Session\") seriestitle(\"_objectStorageRepositorySynchronizationJob\",\"Object Storage Repository Synchronization Job\") seriestitle(\"_guestOSFileRestoreSession\",\"Guest OS File Restore Session\") seriestitle(\"_sureBackupScanOnly\",\"SureBackup Scan only\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "column", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "stacked" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_replicationJob,_sureBackupJob,_backupJob,_fileBackupJob,_quickMigration,_rescanJob,_fileToTapeJob,_backupToTapeJob,_msSQLLogBackupJob,_oracleLogBackupJob,_HPEStoreOnceReplicationJob,_backupCopyJob,_postgreSQLLogBackupJob,_configurationDatabaseMaintenanceJob,_configurationBackupJob,_restoreJob,_undoFailoverPlan,_cdpPolicy,_agentBackupJobBS,_agentBackupJobBP,_fileBackupCopyJob,_storageSnapshotSnapshotOnlyJob,_storageSnapshotBackupJob,_storageSnapshotCopyJob,_storageSnapshotRestoreSession,_archiveTierBackupJob,_archiveTierRestoreSession,_archiveDownloadSession,_archiveTierSynchronizationJob,_archiveTierBackupCopyJob,_archiveTierArchivingJob,_publishDiskSession,_objectStorageRepositorySynchronizationJob,_guestOSFileRestoreSession,_sureBackupScanOnly" - } - }, - { - "func": { - "args": [ "_replicationJob", "Replication Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_sureBackupJob", "SureBackup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_backupJob", "Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_quickMigration", "Quick Migration" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_rescanJob", "Rescan Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_fileToTapeJob", "File to Tape Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_backupToTapeJob", "Backup to Tape Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_msSQLLogBackupJob", "MS SQL Log Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_oracleLogBackupJob", "Oracle Log Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_HPEStoreOnceReplicationJob", "HPE StoreOnce Replication Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_backupCopyJob", "Backup Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_postgreSQLLogBackupJob", "PostgreSQL Log Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_configurationBackupJob", "Configuration Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_configurationDatabaseMaintenanceJob", "Configuration Database Maintenance Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_restoreJob", "Restore Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_undoFailoverPlan", "Undo Failover Plan" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_cdpPolicy", "CDP Policy" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_agentBackupJobBS", "Agent Backup Job (Backup Server)" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_agentBackupJobBP", "Agent Backup Job (Backup Policy)" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_fileBackupJob", "File Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_fileBackupCopyJob", "File Backup Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotSnapshotOnlyJob", "Storage Snapshot Snapshot-Only Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotBackupJob", "Storage Snapshot Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotCopyJob", "Storage Snapshot Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_storageSnapshotRestoreSession", "Storage Snapshot Restore Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierBackupJob", "Archive Tier Backup Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierRestoreSession", "Archive Tier Restore Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveDownloadSession", "Archive Download Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierSynchronizationJob", "Archive Tier Synchronization Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierBackupCopyJob", "Archive Tier Backup Copy Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_archiveTierArchivingJob", "Archive Tier Archiving Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_publishDiskSession", "Publish Disk Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_objectStorageRepositorySynchronizationJob", "Object Storage Repository Synchronization Job" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_guestOSFileRestoreSession", "Guest OS File Restore Session" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_sureBackupScanOnly", "SureBackup Scan only" ], - "name": "seriestitle" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - } - ], - "fromVersion": "8.4.0" -} \ No newline at end of file diff --git a/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard_image.png b/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard_image.png deleted file mode 100644 index 63621a81608a..000000000000 Binary files a/Packs/Veeam/XSIAMDashboards/Veeam_Data_Platform_Monitoring_Dashboard_image.png and /dev/null differ diff --git a/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard.json b/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard.json deleted file mode 100644 index c81fbffa215a..000000000000 --- a/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard.json +++ /dev/null @@ -1,1512 +0,0 @@ -{ - "dashboards_data": [ - { - "name": "Veeam Security Activities", - "description": "Aggregated information about security activities on Veeam Backup & Replication and Veeam ONE servers.", - "status": "ENABLED", - "layout": [ - { - "id": "row-2323", - "data": [ - { - "key": "xql_1715781920209", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 400, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter _status=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId ) as _count by _status\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _status yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_status" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "Critical", "#D10000" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "High", "#FF8F2E" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Medium", "#0084D1" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Information", "#00D15F" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| filter _severity = $x_axis.value \r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715782110514", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 400, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - }, - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0),\r\n _oneInstanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n OR _oneInstanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter _host=if(_instanceId != null, arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0), \r\n _oneInstanceId != null, arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0))\r\n| filter _host in ($vbr_hosts) OR _host in ($one_hosts)\r\n| comp count(1) as _count\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - }, - { - "key": "xql_1719488295523", - "data": { - "type": "Custom XQL", - "width": 33.333333333333336, - "height": 400, - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| comp count(_instanceId ) as _count by _severity\r\n\r\n\r\n\r\n| view graph type = pie subtype = full xaxis = _severity yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_severity" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "\"Critical\"", "\"#D10000\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"High\"", "\"#FF8F2E\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Medium\"", "\"#0084D1\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Information\"", "\"#00D15F\"" ], - "name": "valuecolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| filter _severity = $x_axis.value \r\n| sort desc _time\r\n| fields _host as `Data Source`, _time as `Date`, _alarmName as `Alarm Name`, _severity as `Severity`, _alarmType as `Alarm Type`, _description as `Message Details`, _statusOld as `Previous Status`, _statusNew as `Current Status`, _objectName as `Object Name`, _objectPath as `Object Path`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-6498", - "data": [ - { - "key": "xql_1715782213232", - "data": { - "type": "Custom XQL", - "width": 25, - "height": 400, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715782338600", - "data": { - "type": "Custom XQL", - "width": 25, - "height": 400, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1715782276516", - "data": { - "type": "Custom XQL", - "width": 25, - "height": 400, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1719493861066", - "data": { - "type": "Custom XQL", - "width": 25, - "height": 400, - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| comp count(_instanceId ) as _count by _alarmName\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _alarmName yaxis = _count ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_alarmName" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| filter _alarmName = $x_axis.value \r\n| sort desc _time\r\n| fields _host as `Data Source`, _time as `Date`, _alarmName as `Alarm Name`, _severity as `Severity`, _alarmType as `Alarm Type`, _description as `Message Details`, _statusOld as `Previous Status`, _statusNew as `Current Status`, _objectName as `Object Name`, _objectPath as `Object Path`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - }, - { - "id": "row-772", - "data": [ - { - "key": "xql_1715782419912", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 570, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n_day=date_floor(_time ,\"d\")\r\n| filter _host in ($vbr_hosts)\r\n| comp \r\n count(if(_instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), 1)) as Critical, \r\n count(if(_instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), 1)) as High,\r\n count(if(_instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), 1)) as Medium,\r\n count(if(_instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), 1)) as Information by _day\r\n| sort asc _day\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Critical,High,Medium,Information seriescolor(\"Critical\",\"#D10000\") seriescolor(\"Medium\",\"#0084D1\") seriescolor(\"High\",\"#FF8F2E\") seriescolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Critical,High,Medium,Information" - } - }, - { - "func": { - "args": [ "Critical", "#D10000" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Medium", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "High", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Information", "#00D15F" ], - "name": "seriescolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter\r\n _day=date_floor(_time ,\"d\"),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| filter _day = to_timestamp($x_axis.value, \"MILLIS\") AND _severity = $y_axis.name \r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - }, - { - "key": "xql_1719484549012", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 570, - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| alter _day=date_floor(_time ,\"d\"),\r\n _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| comp \r\n count(if(_severity = \"Critical\", 1)) as Critical, \r\n count(if(_severity = \"High\", 1)) as High,\r\n count(if(_severity = \"Medium\", 1)) as Medium,\r\n count(if(_severity = \"Information\", 1)) as Information by _day\r\n| sort asc _day\r\n\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Critical,High,Medium,Information seriescolor(\"Critical\",\"#D10000\") seriescolor(\"Medium\",\"#0084D1\") seriescolor(\"High\",\"#FF8F2E\") seriescolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Critical,High,Medium,Information" - } - }, - { - "func": { - "args": [ "Critical", "#D10000" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Medium", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "High", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Information", "#00D15F" ], - "name": "seriescolor" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter\r\n _day=date_floor(_time ,\"d\"),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| filter _day = to_timestamp($x_axis.value, \"MILLIS\") AND _severity = $y_axis.name \r\n| sort desc _time\r\n| fields _host as `Data Source`, _time as `Date`, _alarmName as `Alarm Name`, _severity as `Severity`, _alarmType as `Alarm Type`, _description as `Message Details`, _statusOld as `Previous Status`, _statusNew as `Current Status`, _objectName as `Object Name`, _objectPath as `Object Path`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - } - } - ] - }, - { - "id": "row-799", - "data": [ - { - "key": "xql_1715782512114", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 570, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| filter _host in ($vbr_hosts) \r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "entityType": "xql-widget-table-e56e365c-5f88-4e5c-b983-6653dfc566e0", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - } - }, - { - "key": "xql_1719413377594", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 570, - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| filter _host in ($one_hosts)\r\n| sort desc _time\r\n| fields _host as `Data Source`, _time as `Date`, _alarmName as `Alarm Name`, _severity as `Severity`, _alarmType as `Alarm Type`, _description as `Message Details`, _statusOld as `Previous Status`, _statusNew as `Current Status`, _objectName as `Object Name`, _objectPath as `Object Path`\r\n| limit 100", - "entityType": "xql-widget-table-a5d3d14d-bf13-4220-a9f0-6c5dbdbbe376", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - } - } - ] - }, - { - "id": "row-7402", - "data": [ - { - "key": "xql_1721205591354", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 418, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _day=date_floor(_time ,\"d\"),\r\n _operationId=arrayindex(regextract(_raw_log, \"OperationId\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_operationId = \"0\", 1)) as _MDAEnabled,\r\n count(if(_operationId = \"1\", 1)) as _MDADisabled,\r\n count(if(_operationId = \"100\", 1)) as _MDABackupDeletion,\r\n count(if(_operationId = \"101\", 1)) as _MDALogBackupDeletion,\r\n count(if(_operationId = \"102\", 1)) as _MDAConfigurationBackupDeletion,\r\n count(if(_operationId = \"103\", 1)) as _MDAAdminApproval,\r\n count(if(_operationId = \"104\", 1)) as _MDASanSnapshotDeletion,\r\n count(if(_operationId = \"105\", 1)) as _MDAInfraItemDeletion,\r\n count(if(_operationId = \"106\", 1)) as _MDAServiceProviderDeletion,\r\n count(if(_operationId = \"107\", 1)) as _MDAStorageDeletion,\r\n count(if(_operationId = \"108\", 1)) as _MDAVbrSecuritySettingsChange,\r\n count(if(_operationId = \"10000\", 1)) as _MDAStaticInfo by _day\r\n| sort asc _day\r\n\r\n\n| view graph type = column subtype = stacked xaxis = _day yaxis = _MDAEnabled,_MDADisabled,_MDABackupDeletion,_MDALogBackupDeletion,_MDAConfigurationBackupDeletion,_MDAAdminApproval,_MDASanSnapshotDeletion,_MDAInfraItemDeletion,_MDAServiceProviderDeletion,_MDAStorageDeletion,_MDAVbrSecuritySettingsChange,_MDAStaticInfo seriestitle(\"_MDAEnabled\",\"Four-eyes authorization has been enabled\") seriestitle(\"_MDADisabled\",\"Four-eyes authorization has been disabled\") seriestitle(\"_MDABackupDeletion\",\"Delete backup\") seriestitle(\"_MDALogBackupDeletion\",\"Delete log backup\") seriestitle(\"_MDAConfigurationBackupDeletion\",\"Delete configuration backup\") seriestitle(\"_MDAAdminApproval\",\"Disable four-eyes authorization\") seriestitle(\"_MDASanSnapshotDeletion\",\"Delete snapshot\") seriestitle(\"_MDAInfraItemDeletion\",\"Delete infrastructure object\") seriestitle(\"_MDAServiceProviderDeletion\",\"Delete service provider\") seriestitle(\"_MDAStorageDeletion\",\"Delete storage\") seriestitle(\"_MDAVbrSecuritySettingsChange\",\"Update Veeam Backup & Replication security settings\") seriestitle(\"_MDAStaticInfo\",\"Other operations\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "column", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "stacked" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_MDAEnabled,_MDADisabled,_MDABackupDeletion,_MDALogBackupDeletion,_MDAConfigurationBackupDeletion,_MDAAdminApproval,_MDASanSnapshotDeletion,_MDAInfraItemDeletion,_MDAServiceProviderDeletion,_MDAStorageDeletion,_MDAVbrSecuritySettingsChange,_MDAStaticInfo" - } - }, - { - "func": { - "args": [ "_MDAEnabled", "Four-eyes authorization has been enabled" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDADisabled", "Four-eyes authorization has been disabled" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDABackupDeletion", "Delete backup" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDALogBackupDeletion", "Delete log backup" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAConfigurationBackupDeletion", "Delete configuration backup" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAAdminApproval", "Disable four-eyes authorization" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDASanSnapshotDeletion", "Delete snapshot" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAInfraItemDeletion", "Delete infrastructure object" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAServiceProviderDeletion", "Delete service provider" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAStorageDeletion", "Delete storage" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAVbrSecuritySettingsChange", "Update Veeam Backup & Replication security settings" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAStaticInfo", "Other operations" ], - "name": "seriestitle" - } - } - ] - }, - "drilldown_config": { - "actionData": { - "timeRange": "widget_timeframe", - "xqlPhrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _day=date_floor(_time ,\"d\"),\r\n _operationId=arrayindex(regextract(_raw_log, \"OperationId\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _operationColumn=if(\r\n _operationId = \"0\", \"_MDAEnabled\",\r\n _operationId = \"1\", \"_MDADisabled\",\r\n _operationId = \"100\", \"_MDABackupDeletion\",\r\n _operationId = \"101\", \"_MDALogBackupDeletion\",\r\n _operationId = \"102\", \"_MDAConfigurationBackupDeletion\",\r\n _operationId = \"103\", \"_MDAAdminApproval\",\r\n _operationId = \"104\", \"_MDASanSnapshotDeletion\",\r\n _operationId = \"105\", \"_MDAInfraItemDeletion\",\r\n _operationId = \"106\", \"_MDAServiceProviderDeletion\",\r\n _operationId = \"107\", \"_MDAStorageDeletion\",\r\n _operationId = \"108\", \"_MDAVbrSecuritySettingsChange\",\r\n _operationId = \"10000\", \"_MDAStaticInfo\"),\r\n _operation = if(\r\n _operationId = \"0\", \"Four-eyes authorization has been enabled\",\r\n _operationId = \"1\", \"Four-eyes authorization has been disabled\",\r\n _operationId = \"100\", \"Delete backup\",\r\n _operationId = \"101\", \"Delete log backup\",\r\n _operationId = \"102\", \"Delete configuration backup\",\r\n _operationId = \"103\", \"Disable four-eyes authorization\",\r\n _operationId = \"104\", \"Delete snapshot\",\r\n _operationId = \"105\", \"Delete infrastructure object\",\r\n _operationId = \"106\", \"Delete service provider\",\r\n _operationId = \"107\", \"Delete storage\",\r\n _operationId = \"108\", \"Update Veeam Backup & Replication security settings\",\r\n _operationId = \"10000\", \"Other operations\"),\r\n _user=arrayindex(regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=\"Critical\"\r\n| filter _day = to_timestamp($x_axis.value, \"MILLIS\") and _operationColumn = $y_axis.name\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "timePicker": [], - "openInNewTab": true - }, - "actionType": "open_xql_search" - } - } - } - ] - } - ], - "default_dashboard_id": 1, - "global_id": "fe984e4ee65345ea837a955d65a6c3f2", - "metadata": { - "params": [ - { - "name": "vbr_hosts", - "type": "DYNAMIC", - "title": "Veeam Backup & Replication Data Sources", - "value": [], - "executionID": "9543fce53c9543_624792_inv", - "valueOptions": [], - "investigation": { - "ttl": "0", - "source": "investigation", - "timeframe": { "relativeTime": 2592000000 }, - "input_dict": { - "xql": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter \r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| dedup _host \r\n| fields\r\n _host", - "tenants": [], - "schedule": null, - "query_editor": "xql", - "notification_link": "xql/xql-search/_EXECUTION_ID_", - "run_in_background": false, - "query_definition_name": "XQL-QUERY-139162" - }, - "dashboard_id": null - }, - "investigationError": null, - "filterComponentType": "MULTI_SELECT", - "investigationColumn": "_host" - }, - { - "name": "one_hosts", - "type": "DYNAMIC", - "title": "Veeam One Data Sources", - "value": [], - "executionID": "b2328d3344e64f_624793_inv", - "valueOptions": [], - "investigation": { - "ttl": "0", - "source": "investigation", - "timeframe": { "relativeTime": 2592000000 }, - "input_dict": { - "xql": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _oneInstanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _oneInstanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\")\r\n| alter \r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0)\r\n| dedup _host \r\n| fields\r\n _host", - "tenants": [], - "schedule": null, - "query_editor": "xql", - "notification_link": "xql/xql-search/_EXECUTION_ID_", - "run_in_background": false, - "query_definition_name": "XQL-QUERY-139163" - }, - "dashboard_id": null - }, - "investigationError": null, - "filterComponentType": "MULTI_SELECT", - "investigationColumn": "_host" - } - ] - } - } - ], - "widgets_data": [ - { - "widget_key": "xql_1715781920209", - "title": "Veeam Backup & Replication Security Events", - "creation_time": 1727085304736, - "description": "The total amount of Veeam Backup & Replication security events.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter _status=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId ) as _count by _status\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _status yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_status" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "Critical", "#D10000" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "High", "#FF8F2E" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Medium", "#0084D1" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Information", "#00D15F" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782110514", - "title": "All Security Activities", - "creation_time": 1727085302876, - "description": "The total amount of security events created on Veeam Backup & Replication servers and alarms triggered on Veeam ONE servers.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - }, - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0),\r\n _oneInstanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n OR _oneInstanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter _host=if(_instanceId != null, arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0), \r\n _oneInstanceId != null, arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0))\r\n| filter _host in ($vbr_hosts) OR _host in ($one_hosts)\r\n| comp count(1) as _count\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782213232", - "title": "Marked as Infected", - "creation_time": 1727085304545, - "description": "The total amount of Veeam Backup & Replication objects marked as Infected.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782276516", - "title": "Marked as Suspicious", - "creation_time": 1727085304626, - "description": "The total amount of Veeam Backup & Replication objects marked as Suspicious.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782338600", - "title": "Four-Eyes Authorization Events", - "creation_time": 1727085303502, - "description": "The total amount of Veeam Backup & Replication four-eyes authorization events.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782419912", - "title": "Daily Veeam Backup & Replication Security Events", - "creation_time": 1727085303120, - "description": "Daily statistics on Veeam Backup & Replication security events by severity level.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n_day=date_floor(_time ,\"d\")\r\n| filter _host in ($vbr_hosts)\r\n| comp \r\n count(if(_instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), 1)) as Critical, \r\n count(if(_instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), 1)) as High,\r\n count(if(_instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), 1)) as Medium,\r\n count(if(_instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), 1)) as Information by _day\r\n| sort asc _day\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Critical,High,Medium,Information seriescolor(\"Critical\",\"#D10000\") seriescolor(\"Medium\",\"#0084D1\") seriescolor(\"High\",\"#FF8F2E\") seriescolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Critical,High,Medium,Information" - } - }, - { - "func": { - "args": [ "Critical", "#D10000" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Medium", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "High", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Information", "#00D15F" ], - "name": "seriescolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782512114", - "title": "Latest Veeam Backup & Replication Security Events", - "creation_time": 1727085304210, - "description": "Information about the latest security events triggered on each Veeam Backup & Replication server.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| filter _host in ($vbr_hosts) \r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1719413377594", - "title": "Latest Veeam One Alarms", - "creation_time": 1727085304464, - "description": "Information about the latest alarms triggered on each Veeam ONE server.", - "data": { - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| filter _host in ($one_hosts)\r\n| sort desc _time\r\n| fields _host as `Data Source`, _time as `Date`, _alarmName as `Alarm Name`, _severity as `Severity`, _alarmType as `Alarm Type`, _description as `Message Details`, _statusOld as `Previous Status`, _statusNew as `Current Status`, _objectName as `Object Name`, _objectPath as `Object Path`\r\n| limit 100", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1719484549012", - "title": "Daily Veeam One Alarms", - "creation_time": 1727085303425, - "description": "Daily statistics on Veeam ONE alarms by severity level.", - "data": { - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| alter _day=date_floor(_time ,\"d\"),\r\n _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| comp \r\n count(if(_severity = \"Critical\", 1)) as Critical, \r\n count(if(_severity = \"High\", 1)) as High,\r\n count(if(_severity = \"Medium\", 1)) as Medium,\r\n count(if(_severity = \"Information\", 1)) as Information by _day\r\n| sort asc _day\r\n\r\n\r\n\r\n\n| view graph type = area subtype = standard show_percentage = `false` xaxis = _day yaxis = Critical,High,Medium,Information seriescolor(\"Critical\",\"#D10000\") seriescolor(\"Medium\",\"#0084D1\") seriescolor(\"High\",\"#FF8F2E\") seriescolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "area", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "show_percentage", - "value": "false" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "Critical,High,Medium,Information" - } - }, - { - "func": { - "args": [ "Critical", "#D10000" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Medium", "#0084D1" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "High", "#FF8F2E" ], - "name": "seriescolor" - } - }, - { - "func": { - "args": [ "Information", "#00D15F" ], - "name": "seriescolor" - } - } - ] - }, - "gridRawStorageInfo": { - "sort": null, - "coldefs": {}, - "rowHeight": "{\"rowHeight\":\"regular\",\"gridRowsHeight\":\"medium-row\"}", - "columnWidth": null - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1719488295523", - "title": "Veeam ONE Alarms", - "creation_time": 1727085304948, - "description": "The total amount of Veeam ONE alarms.", - "data": { - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| comp count(_instanceId ) as _count by _severity\r\n\r\n\r\n\r\n| view graph type = pie subtype = full xaxis = _severity yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_severity" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "\"Critical\"", "\"#D10000\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"High\"", "\"#FF8F2E\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Medium\"", "\"#0084D1\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Information\"", "\"#00D15F\"" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1719493861066", - "title": "Veeam One Alarms by Name", - "creation_time": 1727085305148, - "description": "The breakdown of Veeam ONE alarms by name.", - "data": { - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| comp count(_instanceId ) as _count by _alarmName\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _alarmName yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_alarmName" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1721205591354", - "title": "Four-Eyes Authorization Events\u00a0by Operation", - "creation_time": 1727085303785, - "description": "The breakdown of Veeam Backup & Replication four-eyes authorization events by operation.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0))\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _day=date_floor(_time ,\"d\"),\r\n _operationId=arrayindex(regextract(_raw_log, \"OperationId\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($hosts)\r\n| comp \r\n count(if(_operationId = \"0\", 1)) as _MDAEnabled,\r\n count(if(_operationId = \"1\", 1)) as _MDADisabled,\r\n count(if(_operationId = \"100\", 1)) as _MDABackupDeletion,\r\n count(if(_operationId = \"101\", 1)) as _MDALogBackupDeletion,\r\n count(if(_operationId = \"102\", 1)) as _MDAConfigurationBackupDeletion,\r\n count(if(_operationId = \"103\", 1)) as _MDAAdminApproval,\r\n count(if(_operationId = \"104\", 1)) as _MDASanSnapshotDeletion,\r\n count(if(_operationId = \"105\", 1)) as _MDAInfraItemDeletion,\r\n count(if(_operationId = \"106\", 1)) as _MDAServiceProviderDeletion,\r\n count(if(_operationId = \"107\", 1)) as _MDAStorageDeletion,\r\n count(if(_operationId = \"108\", 1)) as _MDAVbrSecuritySettingsChange,\r\n count(if(_operationId = \"10000\", 1)) as _MDAStaticInfo by _day\r\n| sort asc _day\r\n\r\n\n| view graph type = column subtype = stacked xaxis = _day yaxis = _MDAEnabled,_MDADisabled,_MDABackupDeletion,_MDALogBackupDeletion,_MDAConfigurationBackupDeletion,_MDAAdminApproval,_MDASanSnapshotDeletion,_MDAInfraItemDeletion,_MDAServiceProviderDeletion,_MDAStorageDeletion,_MDAVbrSecuritySettingsChange,_MDAStaticInfo seriestitle(\"_MDAEnabled\",\"Four-eyes authorization has been enabled\") seriestitle(\"_MDADisabled\",\"Four-eyes authorization has been disabled\") seriestitle(\"_MDABackupDeletion\",\"Delete backup\") seriestitle(\"_MDALogBackupDeletion\",\"Delete log backup\") seriestitle(\"_MDAConfigurationBackupDeletion\",\"Delete configuration backup\") seriestitle(\"_MDAAdminApproval\",\"Disable four-eyes authorization\") seriestitle(\"_MDASanSnapshotDeletion\",\"Delete snapshot\") seriestitle(\"_MDAInfraItemDeletion\",\"Delete infrastructure object\") seriestitle(\"_MDAServiceProviderDeletion\",\"Delete service provider\") seriestitle(\"_MDAStorageDeletion\",\"Delete storage\") seriestitle(\"_MDAVbrSecuritySettingsChange\",\"Update Veeam Backup & Replication security settings\") seriestitle(\"_MDAStaticInfo\",\"Other operations\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "column", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "stacked" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_day" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_MDAEnabled,_MDADisabled,_MDABackupDeletion,_MDALogBackupDeletion,_MDAConfigurationBackupDeletion,_MDAAdminApproval,_MDASanSnapshotDeletion,_MDAInfraItemDeletion,_MDAServiceProviderDeletion,_MDAStorageDeletion,_MDAVbrSecuritySettingsChange,_MDAStaticInfo" - } - }, - { - "func": { - "args": [ "_MDAEnabled", "Four-eyes authorization has been enabled" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDADisabled", "Four-eyes authorization has been disabled" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDABackupDeletion", "Delete backup" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDALogBackupDeletion", "Delete log backup" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAConfigurationBackupDeletion", "Delete configuration backup" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAAdminApproval", "Disable four-eyes authorization" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDASanSnapshotDeletion", "Delete snapshot" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAInfraItemDeletion", "Delete infrastructure object" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAServiceProviderDeletion", "Delete service provider" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAStorageDeletion", "Delete storage" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAVbrSecuritySettingsChange", "Update Veeam Backup & Replication security settings" ], - "name": "seriestitle" - } - }, - { - "func": { - "args": [ "_MDAStaticInfo", "Other operations" ], - "name": "seriestitle" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - } - ], - "fromVersion": "8.4.0" - } \ No newline at end of file diff --git a/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard_image.png b/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard_image.png deleted file mode 100644 index e2b5911b7741..000000000000 Binary files a/Packs/Veeam/XSIAMDashboards/Veeam_Security_Activities_Dashboard_image.png and /dev/null differ diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_failed_multi-factor_authentication_events_for_the_last_24h.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_failed_multi-factor_authentication_events_for_the_last_24h.json deleted file mode 100644 index aa6df031fd3d..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_failed_multi-factor_authentication_events_for_the_last_24h.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam failed multi-factor authentication events for the last 24h", - "report_description": "Provides an overview of failed Veeam Backup & Replication multi-factor authentication events created for the last 24 hours.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All failed multi-factor authentication events for the last 24h", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of failed Veeam Backup & Replication multi-factor authentication events created for the last 24 hours.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-8151", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Failed Multi-Factor Authentication Events by User", - "width": 100, - "height": 250, - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"40205\")\r\n| alter _user=arrayindex(regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), 0)\r\n| comp count(_instanceId ) as _count by _user\r\n| fields _count, _user\r\n\r\n| view graph type = pie subtype = full xaxis = _user yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_user" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - } - ] - }, - { - "id": "row-8361", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Latest Failed Multi-Factor Authentication Events", - "width": 100, - "height": 845, - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"40205\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=\"High\",\r\n _user=arrayindex(regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { "relativeTime": 86400000 }, - "global_id": "c5e709240d634a42ad404f34a972f6bb", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "fromVersion": "8.4.0", - "widgets_data": [] - } \ No newline at end of file diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_finished_jobs_for_the_last_24h.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_finished_jobs_for_the_last_24h.json deleted file mode 100644 index 93e8800c20a0..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_finished_jobs_for_the_last_24h.json +++ /dev/null @@ -1,172 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam finished jobs for the last 24h", - "report_description": "Provides an overview of Veeam Backup & Replication jobs finished for the last 24 hours.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All finished jobs for the last 24h", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of Veeam Backup & Replication jobs finished for the last 24 hours.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-7564", - "data": [ - { - "key": "xql_1715780632686", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 288, - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") valuecolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "valuecolor" - } - } - ] - } - } - } - ] - }, - { - "id": "row-2577", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "width": 100, - "height": 445, - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _jobTypeCode=if(\r\n _instanceId=\"290\", \"290\", arrayindex(regextract(_raw_log, \"JobType\\=\\\"(\\d+)\\\"\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter \r\n _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\"),\r\n _jobType=if(\r\n _jobTypeCode = \"1\",\"Replication Job\",\r\n _jobTypeCode = \"2\",\"Backup Copy Job\",\r\n _jobTypeCode = \"3\",\"SureBackup Job\",\r\n _jobTypeCode = \"0\",\"Backup Job\",\r\n _jobTypeCode = \"8\",\"Quick Migration\",\r\n _jobTypeCode = \"22\",\"Rescan Job\",\r\n _jobTypeCode = \"24\",\"File to Tape Job\",\r\n _jobTypeCode = \"28\",\"Backup to Tape Job\",\r\n _jobTypeCode = \"50\",\"Replication Job\",\r\n _jobTypeCode = \"51\",\"Backup Copy Job\",\r\n _jobTypeCode = \"52\",\"MS SQL Log Backup Job\",\r\n _jobTypeCode = \"54\",\"Oracle Log Backup Job\",\r\n _jobTypeCode = \"60\",\"HPE StoreOnce Replication Job\",\r\n _jobTypeCode = \"63\",\"Backup Copy Job\",\r\n _jobTypeCode = \"65\",\"Backup Copy Job\",\r\n _jobTypeCode = \"70\",\"Backup Copy Job\",\r\n _jobTypeCode = \"74\",\"PostgreSQL Log Backup Job\",\r\n _jobTypeCode = \"100\",\"Configuration Backup Job\",\r\n _jobTypeCode = \"104\",\"Configuration Database Maintenance Job\",\r\n _jobTypeCode = \"202\",\"Restore Job\",\r\n _jobTypeCode = \"203\",\"Undo Failover Plan\",\r\n _jobTypeCode = \"290\",\"Restore Job\",\r\n _jobTypeCode = \"316\",\"CDP Policy\",\r\n _jobTypeCode = \"4000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12000\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"12002\",\"Agent Backup Job (Backup Policy)\",\r\n _jobTypeCode = \"12003\",\"Agent Backup Job (Backup Server)\",\r\n _jobTypeCode = \"13000\",\"File Backup job\",\r\n _jobTypeCode = \"13003\",\"File Backup Copy Job\",\r\n _jobTypeCode = \"14000\",\"Backup Job\",\r\n _jobTypeCode = \"15000\",\"Storage Snapshot Snapshot-Only Job\",\r\n _jobTypeCode = \"15001\",\"Storage Snapshot Backup Job\",\r\n _jobTypeCode = \"15002\",\"Storage Snapshot Copy Job\",\r\n _jobTypeCode = \"15004\",\"Storage Snapshot Restore Session\",\r\n _jobTypeCode = \"18000\",\"Archive Tier Backup Job\",\r\n _jobTypeCode = \"18001\",\"Archive Tier Restore Session\",\r\n _jobTypeCode = \"18002\",\"Archive Download Session\",\r\n _jobTypeCode = \"18003\",\"Archive Tier Synchronization Job\",\r\n _jobTypeCode = \"18004\",\"Archive Tier Backup Copy Job\",\r\n _jobTypeCode = \"18005\",\"Archive Tier Archiving Job\",\r\n _jobTypeCode = \"18006\",\"Publish Disk Session\",\r\n _jobTypeCode = \"18008\",\"Object Storage Repository Synchronization Job\",\r\n _jobTypeCode = \"24002\",\"Guest OS File Restore Session\",\r\n _jobTypeCode = \"33000\",\"SureBackup Scan only\",\r\n _jobTypeCode = \"33001\",\"SureBackup Scan only\")\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _description as `Message Details`, _jobType as `Job Type`, _jobResult as `State`", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { "relativeTime": 86400000 }, - "global_id": "94d08a79708c489b9ded64d9e9b4546e", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "fromVersion": "8.4.0", - "widgets_data": [ - { - "widget_key": "xql_1715780632686", - "title": "All Jobs", - "creation_time": 1727085251591, - "description": "The breakdown of all finished jobs by state.", - "data": { - "params": [ - { - "name": "hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"190\",\"290\",\"150\",\"151\",\"790\",\"194\",\"490\",\"451\",\"390\",\"36022\",\"36026\")\r\n| alter \r\n _jobResultCode=arrayindex(if(\r\n _instanceId in (\"790\"), regextract(_raw_log, \"param3\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"36022\",\"36026\",\"290\"), regextract(_raw_log, \"Result\\=\\\"(\\d+)\\\"\"), \r\n _instanceId in (\"150\",\"151\",\"451\"), regextract(_raw_log, \"Status\\=\\\"(\\d+)\\\"\"), \r\n regextract(_raw_log, \"JobResult\\=\\\"(\\d+)\\\"\")), 0),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($hosts)\r\n| alter _jobResult=if(\r\n _jobResultCode = \"0\", \"Success\",\r\n _jobResultCode = \"1\", \"Warning\",\r\n _jobResultCode = \"2\", \"Failed\",\r\n _jobResultCode = \"3\", \"Working\")\r\n| comp\r\n count(_instanceId) as _jobsByResult by _jobResult \r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _jobResult yaxis = _jobsByResult valuecolor(\"Success\",\"#00D15F\") valuecolor(\"Failed\",\"#D10000\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_jobResult" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_jobsByResult" - } - }, - { - "func": { - "args": [ "Success", "#00D15F" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "Failed", "#D10000" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - } - ] -} \ No newline at end of file diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_four-eyes_authorization_events_for_the_last_24h.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_four-eyes_authorization_events_for_the_last_24h.json deleted file mode 100644 index ca00bb1ed9fc..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_four-eyes_authorization_events_for_the_last_24h.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam four-eyes authorization events for the last 24h", - "report_description": "Provides an overview of Veeam Backup & Replication four-eyes authorization events created for the last 24 hours.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All four-eyes authorization events for the last 24h", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of Veeam Backup & Replication four-eyes authorization events created for the last 24 hours.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-3556", - "data": [ - { - "key": "xql_1715782338600", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 349, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - }, - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Four-Eyes Authorization Events by Type", - "width": 50, - "height": 349, - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in ( \"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _operation=arrayindex(regextract(_raw_log, \"Operation\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| comp count(_instanceId ) as _count by _operation\r\n| view graph type = pie subtype = full xaxis = _operation yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_operation" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - } - ] - }, - { - "id": "row-6294", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Latest\u00a0Four-Eyes Authorization Events", - "width": 100, - "height": 844, - "params": [], - "phrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in ( \"42402\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=\"Critical\",\r\n _user=arrayindex(regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`\r\n", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { "relativeTime": 86400000 }, - "global_id": "96bfe2191cd64b818682ecbf6c94b55b", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "fromVersion": "8.4.0", - "widgets_data": [ - { - "widget_key": "xql_1715782338600", - "title": "Four-Eyes Authorization Events", - "creation_time": 1727085303502, - "description": "The total amount of Veeam Backup & Replication four-eyes authorization events.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - } - ] - } \ No newline at end of file diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_malware_detection_events_for_the_last_24h.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_malware_detection_events_for_the_last_24h.json deleted file mode 100644 index 0fbf1d9b0ac3..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_malware_detection_events_for_the_last_24h.json +++ /dev/null @@ -1,248 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam malware detection events for the last 24h", - "report_description": "Provides an overview of Veeam Backup & Replication malware detection events created for the last 24 hours.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All malware detection events for the last 24h", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of Veeam Backup & Replication malware detection events created for the last 24 hours.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-6109", - "data": [ - { - "key": "xql_1715782213232", - "data": { - "type": "Custom XQL", - "width": 33.333332, - "height": 366, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - }, - { - "key": "xql_1715782276516", - "data": { - "type": "Custom XQL", - "width": 33.333332, - "height": 366, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - }, - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Malware Detection Events by Type", - "width": null, - "height": 366, - "params": [], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\", \"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0),\r\n _type=if(_instanceId = \"42220\", \"Infected\", \"Suspicious\")\r\n| comp count(_instanceId) as _count by _type\r\n| view graph type = pie subtype = full xaxis = _type yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_type" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - } - ] - }, - { - "id": "row-4448", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Latest Malware Detection Events", - "width": 100, - "height": 848, - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\", \"42220\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=\"Critical\",\r\n _user=arrayindex(regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _instanceId as `Event ID`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { "relativeTime": 86400000 }, - "global_id": "e4ace68a9e854adea581c694d85fb2fc", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "fromVersion":"8.4.0", - "widgets_data": [ - { - "widget_key": "xql_1715782213232", - "title": "Marked as Infected", - "creation_time": 1727085304545, - "description": "The total amount of Veeam Backup & Replication objects marked as Infected.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782276516", - "title": "Marked as Suspicious", - "creation_time": 1727085304626, - "description": "The total amount of Veeam Backup & Replication objects marked as Suspicious.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - } - ] - } \ No newline at end of file diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_security_events_for_the_last_7_days.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_security_events_for_the_last_7_days.json deleted file mode 100644 index 1cf505d7fa7e..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_security_events_for_the_last_7_days.json +++ /dev/null @@ -1,479 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam security events for the last 7 days", - "report_description": "Provides an overview of Veeam Backup \u0026 Replication security events created for the last 7 days.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All security events for the last 7 days", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of Veeam Backup \u0026 Replication security events created for the last 7 days.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-1298", - "data": [ - { - "key": "xql_1715781920209", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 324, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter _status=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId ) as _count by _status\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _status yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { - "relativeTime": 604800000 - }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_status" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ - "Critical", - "#D10000" - ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ - "High", - "#FF8F2E" - ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ - "Medium", - "#0084D1" - ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ - "Information", - "#00D15F" - ], - "name": "valuecolor" - } - } - ] - } - } - }, - { - "key": "xql_1715782338600", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 324, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { - "relativeTime": 604800000 - }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - } - ] - }, - { - "id": "row-7115", - "data": [ - { - "key": "xql_1715782213232", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 324, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { - "relativeTime": 604800000 - }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - }, - { - "key": "xql_1715782276516", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 324, - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { - "relativeTime": 604800000 - }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - } - ] - }, - { - "id": "row-5571", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Latest Security Events", - "width": 100, - "height": 843, - "phrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"\u003c\\d+\u003e1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "time_frame": { - "relativeTime": 604800000 - }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { - "relativeTime": 604800000 - }, - "global_id": "fbd5ec931030499886b595b972d9c3bc", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "fromVersion": "8.4.0", - "widgets_data": [ - { - "widget_key": "xql_1715781920209", - "title": "Veeam Backup \u0026 Replication Security Events", - "creation_time": 1727085304736, - "description": "The total amount of Veeam Backup \u0026 Replication security events.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\",\"42220\",\"25500\",\"26100\",\"28100\",\"28970\",\"29800\",\"30100\",\"30400\",\"31500\",\"31600\",\"31700\",\"31800\",\"31900\",\"40204\",\"40400\",\"40500\",\"40600\",\"42260\",\"42270\",\"42302\",\"23090\",\"23420\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"28980\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"41402\",\"115\",\"31210\",\"31400\",\"40201\",\"40205\",\"40206\",\"41610\",\"41800\",\"41810\",\"42230\",\"42301\",\"42401\",\"42402\",\"42404\",\"42405\",\"21224\",\"26110\",\"31200\",\"36013\",\"42210\",\"42403\",\"42500\",\"27000\",\"24060\",\"24030\",\"24050\",\"24070\",\"24040\",\"42290\")\r\n| alter _status=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\",\r\n _instanceId in (\"24040\",\"24060\",\"24070\",\"26100\",\"26110\",\"28100\",\"28970\",\"29800\",\"31210\",\"36013\",\"40500\"), \"Medium\",\r\n _instanceId in (\"24020\",\"30400\",\"30500\",\"31500\",\"31600\",\"41610\",\"42210\",\"42230\",\"42270\",\"42404\",\"42500\"), \"Information\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId ) as _count by _status\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _status yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { - "relativeTime": 86400000 - }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_status" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ - "Critical", - "#D10000" - ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ - "High", - "#FF8F2E" - ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ - "Medium", - "#0084D1" - ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ - "Information", - "#00D15F" - ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ - "veeam_*" - ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782213232", - "title": "Marked as Infected", - "creation_time": 1727085304545, - "description": "The total amount of Veeam Backup \u0026 Replication objects marked as Infected.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42220\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { - "relativeTime": 86400000 - }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ - "veeam_*" - ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782276516", - "title": "Marked as Suspicious", - "creation_time": 1727085304626, - "description": "The total amount of Veeam Backup \u0026 Replication objects marked as Suspicious.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"41600\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { - "relativeTime": 86400000 - }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ - "veeam_*" - ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1715782338600", - "title": "Four-Eyes Authorization Events", - "creation_time": 1727085303502, - "description": "The total amount of Veeam Backup \u0026 Replication four-eyes authorization events.", - "data": { - "params": [ - { - "name": "vbr_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"42402\")\r\n| alter _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| filter _host in ($vbr_hosts)\r\n| comp count(_instanceId) as _count\r\n\r\n\r\n\r\n\r\n\n| view graph type = single subtype = standard yaxis = _count ", - "time_frame": { - "relativeTime": 86400000 - }, - "viewOptions": { - "type": "single", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "standard" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ - "veeam_*" - ], - "query_uses_library": false - } - } - ] -} \ No newline at end of file diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_security_events_with_Critical_and_High_severity_for_the_last_24h.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_security_events_with_Critical_and_High_severity_for_the_last_24h.json deleted file mode 100644 index 92637f0bb98c..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_security_events_with_Critical_and_High_severity_for_the_last_24h.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam security events with Critical and High severity for the last 24h", - "report_description": "Provides an overview of Veeam Backup & Replication security events with Critical and High severity created for the last 24 hours.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All security events with Critical and High severity for the last 24h", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of Veeam Backup & Replication security events with Critical and High severity created for the last 24 hours.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-6854", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "All Security Events", - "width": 100, - "height": 285, - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\",\r\n\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\")\r\n| alter _status=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\", \"\"),\r\n _host=arrayindex(regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"), 0)\r\n| comp count(_instanceId ) as _count by _status\r\n\r\n| view graph type = pie subtype = full xaxis = _status yaxis = _count valuecolor(\"Critical\",\"#ec0101\") valuecolor(\"High\",\"#e77f23\")", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_status" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "\"Critical\"", "\"#ec0101\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"High\"", "\"#e77f23\"" ], - "name": "valuecolor" - } - } - ] - } - } - } - ] - }, - { - "id": "row-7848", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Latest Security Events", - "width": 100, - "height": 844, - "params": [], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"instanceId\\=(\\d+)\\s\"), 0)\r\n| filter _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\",\r\n\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=regextract(_raw_log , \"\\s(\\S+)\\s(?:Veeam_MP|Veeam_Backup)\"),\r\n _description=arrayindex(regextract(_raw_log, \"Description\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _severity=if(\r\n _instanceId in (\"21224\",\"23090\",\"25500\",\"28200\",\"28980\",\"29900\",\"30200\",\"31400\",\"31800\",\"32200\",\"40201\",\"40204\",\"40206\",\"41402\",\"41600\",\"41800\",\"41810\",\"42220\",\"42301\",\"42401\",\"42402\"), \"Critical\", \r\n _instanceId in (\"115\",\"23420\",\"24030\",\"24050\",\"24080\",\"27000\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"30100\",\"31200\",\"31700\",\"31900\",\"32120\",\"40205\",\"40400\",\"40600\",\"42260\",\"42280\",\"42290\",\"42302\",\"42405\"), \"High\", \"\"),\r\n _user=arrayindex(if(\r\n _instanceId in (\"40201\",\"42402\",\"42404\",\"42405\",\"40204\",\"40400\",\"40500\",\"40600\",\"40700\",\"42400\",\"42401\",\"42403\"), regextract(_raw_log, \"fullName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"36013\"), regextract(_raw_log, \"InitiatorName\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"41800\",\"41810\"), regextract(_raw_log, \"param3\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"23090\",\"23420\",\"41402\"), regextract(_raw_log, \"param6\\=\\\"([^\\\"]*)\\\"\"),\r\n _instanceId in (\"40205\",\"40206\",\"41610\",\"42301\",\"24080\",\"28200\",\"28500\",\"28920\",\"28950\",\"29120\",\"29150\",\"29900\",\"30200\",\"30500\",\"32120\",\"32200\",\"25500\",\"28100\",\"29800\",\"31600\",\"31700\",\"31800\",\"31900\",\"42260\",\"42270\",\"42280\",\"42302\",\"30100\",\"30400\",\"31500\",\"31210\",\"31400\",\"41600\", \"31200\",\"28970\",\"28980\",\"42230\",\"42220\",\"42290\"), regextract(_raw_log, \"UserName\\=\\\"([^\\\"]*)\\\"\"), \r\n regextract(_raw_log, \"user\\=\\\"([^\\\"]*)\\\"\")\r\n ), 0)\r\n| sort desc _time\r\n| fields\r\n _host as `Data Source`, _time as `Date`, _user as `User`, _description as `Message Details`, _severity as `Severity`", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { "relativeTime": 86400000 }, - "global_id": "5582a3167bab421595e9e9df9b257457", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "fromVersion": "8.4.0", - "widgets_data": [] - } \ No newline at end of file diff --git a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_triggered_alarms_for_the_last_7_days.json b/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_triggered_alarms_for_the_last_7_days.json deleted file mode 100644 index 165c72d5c28e..000000000000 --- a/Packs/Veeam/XSIAMReports/Veeam_All_Veeam_triggered_alarms_for_the_last_7_days.json +++ /dev/null @@ -1,285 +0,0 @@ -{ - "templates_data": [ - { - "report_name": "All Veeam triggered alarms for the last 7 days", - "report_description": "Provides an overview of Veeam ONE alarms triggered for the last 7 days.", - "layout": [ - { - "id": "Row 1", - "data": [ - { - "key": "header", - "data": { - "name": "All triggered alarms for the last 7 days", - "type": "", - "width": 100, - "height": 140, - "tenantId": "2209138820274", - "description": "Provides an overview of Veeam ONE alarms triggered for the last 7 days.", - "customerName": "Veeam Software Corporation (Tech Partner Only)" - } - } - ] - }, - { - "id": "row-4068", - "data": [ - { - "key": "xql_1719488295523", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 400, - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| comp count(_instanceId ) as _count by _severity\r\n\r\n\r\n\r\n| view graph type = pie subtype = full xaxis = _severity yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_severity" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "\"Critical\"", "\"#D10000\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"High\"", "\"#FF8F2E\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Medium\"", "\"#0084D1\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Information\"", "\"#00D15F\"" ], - "name": "valuecolor" - } - } - ] - } - } - }, - { - "key": "xql_1719493861066", - "data": { - "type": "Custom XQL", - "width": 50, - "height": 400, - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| comp count(_instanceId ) as _count by _alarmName\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _alarmName yaxis = _count ", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_alarmName" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - } - } - ] - }, - { - "id": "row-209", - "data": [ - { - "key": "xql", - "data": { - "type": "Custom XQL", - "title": "Latest Triggered Alarms", - "width": 100, - "height": 844, - "phrase": " dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0),\r\n _day=date_floor(_time ,\"d\")\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _time= parse_timestamp(\"%FT%H:%M:%E6S%Ez\", arrayindex(regextract(_raw_log, \"<\\d+>1\\s+(\\S+)\\s\"), 0)),\r\n _host=arrayindex(regextract(_raw_log , \"(?:\\d+:\\d+:\\d+\\s+|\\d+-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[\\+\\-]\\d{2}:\\d{2}\\s)(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| sort desc _time\r\n| fields _host as `Data Source`, _time as `Date`, _alarmName as `Alarm Name`, _severity as `Severity`, _alarmType as `Alarm Type`, _description as `Message Details`, _statusOld as `Previous Status`, _statusNew as `Current Status`, _objectName as `Object Name`, _objectPath as `Object Path`", - "time_frame": { "relativeTime": 604800000 }, - "viewOptions": { - "type": "table", - "commands": [] - } - } - } - ] - } - ], - "default_template_id": 1, - "time_frame": { "relativeTime": 604800000 }, - "global_id": "e32e26a18441477599887e9e96068a11", - "time_offset": 10800, - "metadata": "{\"params\": []}" - } - ], - "widgets_data": [ - { - "widget_key": "xql_1719488295523", - "title": "Veeam ONE Alarms", - "creation_time": 1727085304948, - "description": "The total amount of Veeam ONE alarms.", - "data": { - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| alter _severity=if(\r\n _instanceId in (\"364\",\"391\",\"365\",\"370\",\"314\",\"331\",\"403\",\"342\",\"315\",\"332\",\"344\"), \"Critical\", \r\n _instanceId in (\"395\",\"369\",\"376\",\"377\",\"316\",\"381\",\"378\"), \"Medium\")\r\n| comp count(_instanceId ) as _count by _severity\r\n\r\n\r\n\r\n| view graph type = pie subtype = full xaxis = _severity yaxis = _count valuecolor(\"Critical\",\"#D10000\") valuecolor(\"High\",\"#FF8F2E\") valuecolor(\"Medium\",\"#0084D1\") valuecolor(\"Information\",\"#00D15F\") ", - "time_frame": { "relativeTime": 2592000000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_severity" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - }, - { - "func": { - "args": [ "\"Critical\"", "\"#D10000\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"High\"", "\"#FF8F2E\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Medium\"", "\"#0084D1\"" ], - "name": "valuecolor" - } - }, - { - "func": { - "args": [ "\"Information\"", "\"#00D15F\"" ], - "name": "valuecolor" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - }, - { - "widget_key": "xql_1719493861066", - "title": "Veeam One Alarms by Name", - "creation_time": 1727085305148, - "description": "The breakdown of Veeam ONE alarms by name.", - "data": { - "params": [ - { - "name": "one_hosts", - "value": "*" - } - ], - "phrase": "dataset in (veeam_*) \r\n| filter _vendor=\"Veeam\"\r\n| alter \r\n _instanceId=arrayindex(regextract(_raw_log, \"predefined_alarm_id\\=\\\"(\\d+)\\\"\"),0)\r\n| filter _instanceId in (\"395\", \"364\", \"369\", \"391\", \"365\", \"370\", \"314\", \"331\", \"376\", \"377\", \"403\", \"316\", \"342\", \"381\", \"315\", \"332\", \"344\", \"378\")\r\n| alter\r\n _host=arrayindex(regextract(_raw_log , \"<\\d+>\\d\\s+\\S+\\s+(\\S+)\\s\"), 0),\r\n _description=arrayindex(regextract(_raw_log, \"alarm_details\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmName=arrayindex(regextract(_raw_log, \"alarm_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _alarmType=arrayindex(regextract(_raw_log, \"alarm_type\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectName=arrayindex(regextract(_raw_log, \"object_name\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusNew=arrayindex(regextract(_raw_log, \"status_new\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _statusOld=arrayindex(regextract(_raw_log, \"status_old\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0),\r\n _objectPath=arrayindex(regextract(_raw_log, \"object_path\\=\\\"([^\\\"]*)(?:\\\"|$)\"),0)\r\n| filter _host in ($one_hosts)\r\n| comp count(_instanceId ) as _count by _alarmName\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\n| view graph type = pie subtype = full xaxis = _alarmName yaxis = _count ", - "time_frame": { "relativeTime": 86400000 }, - "viewOptions": { - "type": "pie", - "commands": [ - { - "command": { - "op": "=", - "name": "subtype", - "value": "full" - } - }, - { - "command": { - "op": "=", - "name": "xaxis", - "value": "_alarmName" - } - }, - { - "command": { - "op": "=", - "name": "yaxis", - "value": "_count" - } - } - ] - } - }, - "support_time_range": true, - "additional_info": { - "query_tables": [ "veeam_*" ], - "query_uses_library": false - } - } - ] -} \ No newline at end of file diff --git a/Packs/Veeam/doc_files/Veeam_XSOAR_Dashboard.png b/Packs/Veeam/doc_files/Veeam_XSOAR_Dashboard.png deleted file mode 100644 index 77385ec74b6d..000000000000 Binary files a/Packs/Veeam/doc_files/Veeam_XSOAR_Dashboard.png and /dev/null differ diff --git a/Packs/Veeam/doc_files/Veeam_XSOAR_Playbooks.png b/Packs/Veeam/doc_files/Veeam_XSOAR_Playbooks.png deleted file mode 100644 index f4c58c778091..000000000000 Binary files a/Packs/Veeam/doc_files/Veeam_XSOAR_Playbooks.png and /dev/null differ diff --git a/Packs/Veeam/pack_metadata.json b/Packs/Veeam/pack_metadata.json index 1fcea6d8bfe0..bb3e25eaa6d5 100644 --- a/Packs/Veeam/pack_metadata.json +++ b/Packs/Veeam/pack_metadata.json @@ -1,8 +1,8 @@ { - "name": "Veeam App", - "description": "The Veeam Apps allow Veeam Data Platform Advanced and Premium customers to combine the automation and orchestration features of the Cortex product suite with a simple and powerful Veeam Data Platform that goes beyond backup providing businesses with reliable data protection, seamless recovery, and streamlined data management.", + "name": "Veeam App for Palo Alto Networks XSOAR", + "description": "Veeam content pack for Cortex XSOAR.", "support": "partner", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Veeam Software", "url": "https://www.veeam.com/support.html", "email": "paloaltoappsupport@veeam.com", @@ -13,9 +13,7 @@ "useCases": [], "keywords": [], "marketplaces": [ - "xsoar", - "marketplacev2" + "xsoar" ], - "defaultDataSource": "VBR REST API", "githubUser": [] } \ No newline at end of file