[ { "name": "[Kube] Logs per hour", "description": "", "query": "source = kube-* | stats count() as log_count by span(`@timestamp`, 1h)", "type": "line", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Errors per hour", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by span(`@timestamp`, 1h)", "type": "line", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top namespaces", "description": "", "query": "source = kube-* | stats count() as log_count by kubernetes.namespace_name | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top error namespaces", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by kubernetes.namespace_name | sort - error_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top pods", "description": "", "query": "source = kube-* | stats count() as log_count by kubernetes.pod_name | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top error pods", "description": "", "query": "source = kube-* | where match(log, 'error|exception|fail') or match(message, 'error|exception|fail') | stats count() as error_count by kubernetes.pod_name | sort - error_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Kube] Top nodes", "description": "", "query": "source = kube-* | stats count() as log_count by kubernetes.node_name | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Journald] Top units", "description": "", "query": "source = journald-* | stats count() as log_count by _SYSTEMD_UNIT | sort - log_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } }, { "name": "[Journald] Top error units", "description": "", "query": "source = journald-* | where match(MESSAGE, 'error|exception|fail') | stats count() as error_count by _SYSTEMD_UNIT | sort - error_count", "type": "bar", "selected_date_range": { "start": "now-24h", "end": "now", "text": "" }, "selected_timestamp": { "name": "@timestamp", "type": "timestamp" }, "selected_fields": { "text": "", "tokens": [] } } ]