titan-iac/services/logging/opensearch-observability-objects.yaml

# services/logging/opensearch-observability-objects.yaml
# Generated by scripts/logging_render_observability.py --build
apiVersion: v1
kind: ConfigMap
metadata:
  name: opensearch-observability-objects
  namespace: logging
data:
  applications.json: |
    [
      {
        "name": "bstein-dev-home",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'bstein-dev-home'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "pegasus",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'pegasus'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "jellyfin",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'jellyfin'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "vaultwarden",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'vaultwarden'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "mailu",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'mailu-mailserver'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "nextcloud",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'nextcloud'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "gitea",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'gitea'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "jenkins",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'jenkins'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "harbor",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'harbor'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "vault",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'vault'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "keycloak",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'sso'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "flux-system",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'flux-system'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "comms",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "element-web",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'element-web'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "element-call",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'element-call'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "matrix-synapse",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'synapse'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "livekit",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'livekit'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "coturn",
        "description": "",
        "baseQuery": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'coturn'",
        "servicesEntities": [],
        "traceGroups": []
      },
      {
        "name": "lesavka",
        "description": "",
        "baseQuery": "source = journald-* | where _HOSTNAME = 'titan-jh'",
        "servicesEntities": [],
        "traceGroups": []
      }
    ]
  saved_queries.json: |
    [
      {
        "name": "kube logs",
        "description": "",
        "query": "source = kube-*",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "kube errors",
        "description": "",
        "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "journald logs",
        "description": "",
        "query": "source = journald-*",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "journald errors",
        "description": "",
        "query": "source = journald-* | where match(MESSAGE, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "bstein-dev-home logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'bstein-dev-home'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "bstein-dev-home errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'bstein-dev-home' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "pegasus logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'pegasus'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "pegasus errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'pegasus' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "jellyfin logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'jellyfin'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "jellyfin errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'jellyfin' and kubernetes.labels.app = 'jellyfin' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "vaultwarden logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'vaultwarden'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "vaultwarden errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'vaultwarden' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "mailu logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'mailu-mailserver'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "mailu errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'mailu-mailserver' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "nextcloud logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'nextcloud'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "nextcloud errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'nextcloud' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "gitea logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'gitea'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "gitea errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'gitea' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "jenkins logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'jenkins'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "jenkins errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'jenkins' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "harbor logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'harbor'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "harbor errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'harbor' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "vault logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'vault'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "vault errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'vault' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "keycloak logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'sso'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "keycloak errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'sso' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "flux-system logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'flux-system'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "flux-system errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'flux-system' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "comms logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "comms errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "element-web logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'element-web'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "element-web errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'element-web' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "element-call logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'element-call'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "element-call errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'element-call' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "matrix-synapse logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'synapse'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "matrix-synapse errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.container_name = 'synapse' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "livekit logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'livekit'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "livekit errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'livekit' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "coturn logs",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'coturn'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "coturn errors",
        "description": "",
        "query": "source = kube-* | where kubernetes.namespace_name = 'comms' and kubernetes.labels.app = 'coturn' | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "lesavka logs",
        "description": "",
        "query": "source = journald-* | where _HOSTNAME = 'titan-jh'",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "lesavka errors",
        "description": "",
        "query": "source = journald-* | where _HOSTNAME = 'titan-jh' | where match(MESSAGE, 'error|exception|fail')",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      }
    ]
  saved_visualizations.json: |
    [
      {
        "name": "[Kube] Logs per hour",
        "description": "",
        "query": "source = kube-* | stats count() as log_count by span(`@timestamp`, 1h)",
        "type": "line",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Kube] Errors per hour",
        "description": "",
        "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by span(`@timestamp`, 1h)",
        "type": "line",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Kube] Top namespaces",
        "description": "",
        "query": "source = kube-* | stats count() as log_count by kubernetes.namespace_name | sort - log_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Kube] Top error namespaces",
        "description": "",
        "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by kubernetes.namespace_name | sort - error_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Kube] Top pods",
        "description": "",
        "query": "source = kube-* | stats count() as log_count by kubernetes.pod_name | sort - log_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Kube] Top error pods",
        "description": "",
        "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by kubernetes.pod_name | sort - error_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Kube] Top nodes",
        "description": "",
        "query": "source = kube-* | stats count() as log_count by kubernetes.node_name | sort - log_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Journald] Top units",
        "description": "",
        "query": "source = journald-* | stats count() as log_count by _SYSTEMD_UNIT | sort - log_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      },
      {
        "name": "[Journald] Top error units",
        "description": "",
        "query": "source = journald-* | where match(MESSAGE, 'error|exception|fail') | stats count() as error_count by _SYSTEMD_UNIT | sort - error_count",
        "type": "bar",
        "selected_date_range": {
          "start": "now-24h",
          "end": "now",
          "text": ""
        },
        "selected_timestamp": {
          "name": "@timestamp",
          "type": "timestamp"
        },
        "selected_fields": {
          "text": "",
          "tokens": []
        }
      }
    ]