diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f8cddf96d13ec..05aefc1f903c2 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -538,6 +538,11 @@ plaid/assets/logs/ @DataDog/saa /box/manifest.json @DataDog/saas-integrations @DataDog/documentation /box/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/jamf_pro/ @DataDog/saas-integrations +/jamf_pro/*.md @DataDog/saas-integrations @DataDog/documentation +/jamf_pro/manifest.json @DataDog/saas-integrations @DataDog/documentation +/jamf_pro/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend + /proofpoint_tap/ @DataDog/saas-integrations /proofpoint_tap/*.md @DataDog/saas-integrations @DataDog/documentation /proofpoint_tap/manifest.json @DataDog/saas-integrations @DataDog/documentation diff --git a/.github/workflows/config/labeler.yml b/.github/workflows/config/labeler.yml index 90ded6cb660a1..33ec8db254911 100644 --- a/.github/workflows/config/labeler.yml +++ b/.github/workflows/config/labeler.yml @@ -323,6 +323,8 @@ integration/ivanti_connect_secure: - ivanti_connect_secure/**/* integration/ivanti_nzta: - ivanti_nzta/**/* +integration/jamf_pro: +- jamf_pro/**/* integration/jboss_wildfly: - jboss_wildfly/**/* integration/jmeter: diff --git a/jamf_pro/CHANGELOG.md b/jamf_pro/CHANGELOG.md new file mode 100644 index 0000000000000..53dcc721f96a9 --- /dev/null +++ b/jamf_pro/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - Jamf Pro + +## 1.0.0 / 2025-07-16 + +***Added***: + +* Initial Release \ No newline at end of file diff --git a/jamf_pro/README.md b/jamf_pro/README.md new file mode 100644 index 0000000000000..60008904bb557 --- /dev/null +++ b/jamf_pro/README.md @@ -0,0 +1,54 @@ +# Jamf Pro + +## Overview + +[Jamf Pro][1] is an Apple device management tool that helps organizations deploy, configure, and secure Macs, iPhones, and iPads. It enables automated setup, app management, and compliance for Apple devices at scale. + +Integrate Jamf Pro with Datadog to gain insights into [Events][2] using pre-built dashboard visualizations. Datadog uses its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. Additionally, integration includes ready-to-use Cloud SIEM detection rules for enhanced monitoring and security. + +## Setup + +### Configuration + +#### Webhook Configuration + +Configure the Datadog endpoint to forward Jamf Pro detections as logs to Datadog. + +1. Copy the generated URL inside the **Configuration** tab on the Datadog [Jamf Pro][3] tile. +2. In Jamf Pro, click **Settings** in the sidebar. +3. In the **Global** section, click **Webhooks**. +4. Click **New**. +5. Enter a display name for the webhook. +6. Enter a URL for the webhook generated in the above section. +7. Choose **None** from the Authentication Type dropdown. +8. Enter the connection timeout for the webhook. +9. Enter the read timeout for the webhook. +10. Choose **JSON** in Content Type. +11. Choose the event that will trigger the webhook in the Webhook Event dropdown. +12. Click **Save**. +13. Ensure the steps 3-11 are repeated for each of 22 event types, to ensure complete data collection coverage. + +## Data Collected + +### Logs + +| Format | Event Types | +| ------ | ----------- | +| JSON | Computer Added, Computer Check-In, Computer Inventory Completed, Computer Patch Policy Completed, Computer Policy Finished, Computer Push Capability Changed, Device Added To DEP, JSS Shutdown, JSS Startup, Mobile Device Check-In, Mobile Device Command Completed, Mobile Device Enrolled, Mobile Device Inventory Completed, Mobile Device Push Sent, Mobile Device Unenrolled, Patch Software Title Updated, Push Sent, Rest API Operation, SCEP Challenge, Smart Group Computer Membership Change, Smart Group Mobile Device Membership Change, Smart Group User Membership Change | + +### Metrics + +The Jamf Pro integration does not include any metrics. + +### Events + +The Jamf Pro integration does not include any events. + +## Support + +For any further assistance, contact [Datadog support][4]. + +[1]: https://www.jamf.com/products/jamf-pro/ +[2]: https://developer.jamf.com/jamf-pro/docs/webhooks-1 +[3]: /integrations/jamf-pro +[4]: https://docs.datadoghq.com/help/ diff --git a/jamf_pro/assets/dashboards/jamf_pro_computer_insights.json b/jamf_pro/assets/dashboards/jamf_pro_computer_insights.json new file mode 100644 index 0000000000000..0646f14e7830e --- /dev/null +++ b/jamf_pro/assets/dashboards/jamf_pro_computer_insights.json @@ -0,0 +1,4614 @@ +{ + "title": "Jamf Pro - Computer Insights", + "description": "This dashboard provides a comprehensive view of computer lifecycle events, including device additions, check-ins, inventory completions, patch and policy updates, and push capability changes across your managed computers.", + "widgets": [ + { + "id": 7786290606532641, + "definition": { + "type": "image", + "url": "https://resources.jamf.com/images/logos/Jamf-Pro-color.png?_gl=1*ak74mo*_gcl_au*MjI4MDE1MzcuMTc1MTUyODAwMA..*_ga*MTU0MzMwNjM3Ni4xNzUxNTI4MDAw*_ga_X3RD84REYK*czE3NTIwNDQ1NTIkbzckZzAkdDE3NTIwNDQ1NTMkajU5JGwwJGgw", + "url_dark_theme": "https://resources.jamf.com/images/logos/Jamf-Pro-color.png?_gl=1*ak74mo*_gcl_au*MjI4MDE1MzcuMTc1MTUyODAwMA..*_ga*MTU0MzMwNjM3Ni4xNzUxNTI4MDAw*_ga_X3RD84REYK*czE3NTIwNDQ1NTIkbzckZzAkdDE3NTIwNDQ1NTMkajU5JGwwJGgw", + "sizing": "contain", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 2889378903874205, + "definition": { + "type": "note", + "content": "This dashboard provides a comprehensive view of computer lifecycle events, including device additions, check-ins, inventory completions, patch and policy updates, and push capability changes across your managed computers.\n\nFor more information, see the [Jamf Pro Integration Documentation](https://docs.datadoghq.com/integrations/jamf_pro/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 1986741319569233, + "definition": { + "title": "Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2158384773991214, + "definition": { + "title": "Total Computer Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8796673470547575, + "definition": { + "title": "Computer Events over Time by Type", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@evt.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 1960899110267025, + "definition": { + "title": "Event Type Distribution", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@evt.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 7, + "height": 4 + } + }, + { + "id": 126644039185004, + "definition": { + "title": "Events by Location", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.building", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.room", + "limit": 25, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 7, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 7265620082642093, + "definition": { + "title": "User Overview", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.realName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.phone", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 7, + "width": 8, + "height": 4 + } + }, + { + "id": 5865768103277875, + "definition": { + "title": "Events by Department", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.department", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 5611533701849500, + "definition": { + "title": "Geo Distribution by Computer", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:(ComputerAdded OR ComputerCheckIn OR ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR ComputerPolicyFinished OR ComputerPushCapabilityChanged) $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "@event.computer.serialNumber" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count", + "metric": "@event.computer.serialNumber" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 16 + } + }, + { + "id": 2354649685246265, + "definition": { + "title": "Computer Added", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3444647360716148, + "definition": { + "title": "Total Computer Added", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4734009210948461, + "definition": { + "title": "Computer Added over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 1545030203509399, + "definition": { + "title": "Model Distribution of Added Computers", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 1226045950228217, + "definition": { + "title": "Computers Added by OS", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.osBuild", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 6338451773210642, + "definition": { + "title": "Added Computer Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 2587147605305776, + "definition": { + "title": "Computer Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.reportedIpAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.macAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 5354083203245135, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:ComputerAdded $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 19, + "width": 12, + "height": 1 + } + }, + { + "id": 2436754034094349, + "definition": { + "title": "Computer Check-In", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4277228253075553, + "definition": { + "title": "Total Computer Check-Ins", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8425414609989484, + "definition": { + "title": "Check-Ins over Time by Type", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.trigger", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 7070815791360265, + "definition": { + "title": "Check-Ins by Trigger Type", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.trigger", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 8755368005332821, + "definition": { + "title": "Check-In Activity by User", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.username", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 3595285272173024, + "definition": { + "title": "Most Active Computers", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 3910606318430437, + "definition": { + "title": "Most Active Models by Check-In Events", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 8, + "height": 4 + } + }, + { + "id": 6623953801082670, + "definition": { + "title": "Computer Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7555206128038471, + "definition": { + "title": "Computer Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.reportedIpAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.macAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 4056410961521926, + "definition": { + "title": "Check-Ins by OS", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.osBuild", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 15, + "width": 4, + "height": 4 + } + }, + { + "id": 6728226369093818, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:ComputerCheckIn $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 4, + "y": 15, + "width": 8, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 20, + "width": 12, + "height": 1 + } + }, + { + "id": 4088789695609614, + "definition": { + "title": "Computer Inventory Completed", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8018682278002297, + "definition": { + "title": "Total Inventory Submissions", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 6856919940344357, + "definition": { + "title": "Inventory Submissions over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 1295214622685032, + "definition": { + "title": "Top Computers by Inventory Submissions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 4357057871624898, + "definition": { + "title": "Inventory Submissions by Computer Model", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 5106415258436197, + "definition": { + "title": "Computer Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 7305765653213728, + "definition": { + "title": "Computer Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.reportedIpAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.macAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 3693494943775499, + "definition": { + "title": "Inventory Submissions by OS", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.osBuild", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 4, + "height": 4 + } + }, + { + "id": 7398524139356736, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:ComputerInventoryCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 4, + "y": 11, + "width": 8, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 21, + "width": 12, + "height": 1 + } + }, + { + "id": 1099538259600452, + "definition": { + "title": "Computer Policy Finished", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 668505315409459, + "definition": { + "title": "Total Executed Policies", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 2571722554729286, + "definition": { + "title": "Policy Execution over Time by Status", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.successful", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 2018528745114462, + "definition": { + "title": "Computers with Most Policy Executions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 58078099401633, + "definition": { + "title": "Policy Executions by Computer Model", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 7975438430581243, + "definition": { + "title": "Policy Executions by OS", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.osBuild", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 2384753348268906, + "definition": { + "title": "OS Versions of Computers with Failed Policies", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished @event.successful:false $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_red" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 4283394342358392, + "definition": { + "title": "Successful vs Failed Policies", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.successful", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "inline" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 1620198115097982, + "definition": { + "title": "Computer Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7766779996919639, + "definition": { + "title": "Computer Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.reportedIpAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.macAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 6179822674229562, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:ComputerPolicyFinished $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 22, + "width": 12, + "height": 1 + } + }, + { + "id": 649617226375759, + "definition": { + "title": "Computer Patch Policy Completed", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2357258635529493, + "definition": { + "title": "Total Patch Policy Executions", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 6914916220949328, + "definition": { + "title": "Patch Policy Executions over Time by Status", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.successful", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 6858892334181565, + "definition": { + "title": "Top Computers by Patch Executions", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 7519068624909526, + "definition": { + "title": "Patch Executions by Computer Model", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 5915051767731654, + "definition": { + "title": "Most Active Patch Policies", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.patchPolicyName", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 1224136946405154, + "definition": { + "title": "Patch Completions by Version Deployed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deployedVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 799955494819495, + "definition": { + "title": "Successful vs Failed Patch Executions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.successful", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "inline" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 8364660175835522, + "definition": { + "title": "Patch Executions by Action", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.eventActions.action", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 4, + "height": 4 + } + }, + { + "id": 6510058301129581, + "definition": { + "title": "Patch Executions by OS", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.osBuild", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 11, + "width": 4, + "height": 4 + } + }, + { + "id": 1991617590866407, + "definition": { + "title": "OS Versions of Computers with Failed Policies", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted @event.successful:false $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_red" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 11, + "width": 4, + "height": 4 + } + }, + { + "id": 5611866675543080, + "definition": { + "title": "Computer Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 15, + "width": 6, + "height": 4 + } + }, + { + "id": 8772697658766179, + "definition": { + "title": "Computer Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.reportedIpAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.macAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 15, + "width": 6, + "height": 4 + } + }, + { + "id": 1846070704827331, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:ComputerPatchPolicyCompleted $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 19, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 23, + "width": 12, + "height": 1 + } + }, + { + "id": 8918797265368325, + "definition": { + "title": "Computer Push Capability Changed", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2059956733431279, + "definition": { + "title": "Total Push Capability Changes", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 1923405479053058, + "definition": { + "title": "Push Capability Changes over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 639906229671786, + "definition": { + "title": "Top Computers by Push Capability Changes", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 7105179352393360, + "definition": { + "title": "Push Capability Change by Computer Model", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "hide_total": true, + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 8186438736467351, + "definition": { + "title": "Computer Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 2964905536131312, + "definition": { + "title": "Computer Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.reportedIpAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.macAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 7769085140656011, + "definition": { + "title": "Push Capability Change by OS", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.computer.osVersion", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.computer.osBuild", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 150, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 11, + "width": 4, + "height": 4 + } + }, + { + "id": 6832133639849651, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:ComputerPushCapabilityChanged $Event-Type $Device-Name $Model $IP-Address $OS-Version $User-Name $User-Email $Department $Building $Room", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 4, + "y": 11, + "width": 8, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 24, + "width": 12, + "height": 16 + } + } + ], + "template_variables": [ + { + "name": "Event-Type", + "prefix": "@evt.name", + "available_values": [], + "default": "*" + }, + { + "name": "Device-Name", + "prefix": "@computer.deviceName", + "available_values": [], + "default": "*" + }, + { + "name": "Model", + "prefix": "@event.computer.model", + "available_values": [], + "default": "*" + }, + { + "name": "IP-Address", + "prefix": "@network.client.ip", + "available_values": [], + "default": "*" + }, + { + "name": "OS-Version", + "prefix": "@computer.osVersion", + "available_values": [], + "default": "*" + }, + { + "name": "User-Name", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "User-Email", + "prefix": "@usr.email", + "available_values": [], + "default": "*" + }, + { + "name": "Department", + "prefix": "@computer.department", + "available_values": [], + "default": "*" + }, + { + "name": "Building", + "prefix": "@computer.building", + "available_values": [], + "default": "*" + }, + { + "name": "Room", + "prefix": "@event.computer.room", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/jamf_pro/assets/dashboards/jamf_pro_mobile_insights.json b/jamf_pro/assets/dashboards/jamf_pro_mobile_insights.json new file mode 100644 index 0000000000000..1d1fa470488cf --- /dev/null +++ b/jamf_pro/assets/dashboards/jamf_pro_mobile_insights.json @@ -0,0 +1,4251 @@ +{ + "title": "Jamf Pro - Mobile Insights", + "description": "This dashboard provides insights into mobile device activities.", + "widgets": [ + { + "id": 7768460652575278, + "definition": { + "type": "image", + "url": "https://resources.jamf.com/images/logos/Jamf-Pro-color.png", + "url_dark_theme": "https://resources.jamf.com/images/logos/Jamf-Pro-color.png", + "sizing": "contain", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 2889378903874205, + "definition": { + "type": "note", + "content": "This dashboard offers detailed monitoring of mobile device activity such as check-ins, command completions, enrollments, inventory updates, push notifications, and unenrollments across your mobile devices.\n\nFor more information, see the [Jamf Pro Integration Documentation](https://docs.datadoghq.com/integrations/jamf_pro/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 1466517895829553, + "definition": { + "title": "Mobile Device Check-In", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4962514815154849, + "definition": { + "title": "Total Check-Ins", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars", + "yaxis": {} + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8395758358137004, + "definition": { + "title": "Check-Ins over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 1849266180378491, + "definition": { + "title": "Top Devices by Check-In", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 4295339489547888, + "definition": { + "title": "Device Models by Checks-In", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 1412169323827063, + "definition": { + "title": "Top OS Version by Checks-In", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 6407388222074227, + "definition": { + "title": "Top Users by Checks-In", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 5437874755808645, + "definition": { + "title": "Top Location by Check-Ins", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.room", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 7030448787601767, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.wifiMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.bluetoothMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7310464144698335, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 8247552887369047, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:MobileDeviceCheckIn $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 20 + } + }, + { + "id": 7466972943876910, + "definition": { + "title": "Mobile Device Command Completed", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2362246116229992, + "definition": { + "title": "Total Commands Completed", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars", + "yaxis": {} + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 2337884603323462, + "definition": { + "title": "Commands Completed over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 7925924997979285, + "definition": { + "title": "Top Devices by Command Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 6348018305215726, + "definition": { + "title": "Device Models by Command Completed", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 6469121704914376, + "definition": { + "title": "Top OS Versions by Commands Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 2942818197606816, + "definition": { + "title": "Top Users by Commands Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 644026009965177, + "definition": { + "title": "Top Location by Command Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.room", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 5694120860580783, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.wifiMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.bluetoothMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 2010022303562820, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7522488440258182, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:MobileDeviceCommandCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 23, + "width": 12, + "height": 20 + } + }, + { + "id": 2642505076307956, + "definition": { + "title": "Mobile Device Enrolled", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 897355779114311, + "definition": { + "title": "Total Enrollments", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars", + "yaxis": {} + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 7737883967078936, + "definition": { + "title": "Enrollments over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 2875247149020627, + "definition": { + "title": "Top Enrolled Devices", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 6993304487667970, + "definition": { + "title": "Device Models by Enrollment", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 7697467569383340, + "definition": { + "title": "Top OS Versions by Enrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 6716898505290009, + "definition": { + "title": "Top Users by Enrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 2207958242436880, + "definition": { + "title": "Top Location by Enrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.room", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 8985717201273360, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.wifiMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.bluetoothMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 8556283345666108, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 3889747209505918, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:MobileDeviceEnrolled $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 43, + "width": 12, + "height": 20 + } + }, + { + "id": 8251222866084621, + "definition": { + "title": "Mobile Device Inventory Completed", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7793868746191693, + "definition": { + "title": "Total Inventory Completed", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars", + "yaxis": {} + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 1288241200166778, + "definition": { + "title": "Inventory Completed over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 8826566904695642, + "definition": { + "title": "Top Devices by Inventory Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 8071125236340734, + "definition": { + "title": "Device Models by Inventory Completed", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 5348906394297323, + "definition": { + "title": "Top OS Versions by Inventory Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 3063272906618858, + "definition": { + "title": "Top Users by Inventory Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 6140357312295534, + "definition": { + "title": "Top Location by Inventory Completed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.room", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 816000954635919, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.wifiMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.bluetoothMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7936946840056529, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7346544942130090, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:MobileDeviceInventoryCompleted $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 63, + "width": 12, + "height": 20 + } + }, + { + "id": 7843015299080608, + "definition": { + "title": "Mobile Device Push Sent", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 6710209849533608, + "definition": { + "title": "Total Push Sent", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars", + "yaxis": {} + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4631549542984683, + "definition": { + "title": "Push Sent over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 4527062755826642, + "definition": { + "title": "Top Devices by Push Sent", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 5348914825603226, + "definition": { + "title": "Device Models by Push Sent", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 3624531910651095, + "definition": { + "title": "Top OS Versions by Push Sent", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 866180009942880, + "definition": { + "title": "Top Users by Push Sent", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 1199566504500753, + "definition": { + "title": "Top Location by Push Sent", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.room", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 4189064431209801, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.wifiMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.bluetoothMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 8323600880801624, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7300474096597199, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:MobileDevicePushSent $Device-Name $OS-Version $User-Name $Room $Model-Display $IP-Address", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 83, + "width": 12, + "height": 20 + } + }, + { + "id": 3434279377726470, + "definition": { + "title": "Mobile Device Unenrolled", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8132787114892706, + "definition": { + "title": "Total Unenrollment", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "bars", + "yaxis": {} + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 7780151093363224, + "definition": { + "title": "Unenrollment over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 8528912537317403, + "definition": { + "title": "Top Devices by Unenrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 3479622753680432, + "definition": { + "title": "Device Models by Unenrollment", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 8, + "height": 4 + } + }, + { + "id": 3306745194408343, + "definition": { + "title": "Top OS Versions by Unenrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 2623135057153752, + "definition": { + "title": "Top Users by Unenrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 4, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 532421427978669, + "definition": { + "title": "Top Location by Unenrollment", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.room", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "orange" + } + }, + "layout": { + "x": 8, + "y": 7, + "width": 4, + "height": 4 + } + }, + { + "id": 8005693786013633, + "definition": { + "title": "Network Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.wifiMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.bluetoothMacAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 7713640468412486, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.modelDisplay", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.osVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 11, + "width": 6, + "height": 4 + } + }, + { + "id": 6537883512541748, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:MobileDeviceUnEnrolled $Device-Name $User-Name $Room $Model-Display $IP-Address", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 103, + "width": 12, + "height": 20 + } + } + ], + "template_variables": [ + { + "name": "Device-Name", + "prefix": "@event.deviceName", + "available_values": [], + "default": "*" + }, + { + "name": "Model-Display", + "prefix": "@event.modelDisplay", + "available_values": [], + "default": "*" + }, + { + "name": "IP-Address", + "prefix": "@network.client.ip", + "available_values": [], + "default": "*" + }, + { + "name": "OS-Version", + "prefix": "@event.osVersion", + "available_values": [], + "default": "*" + }, + { + "name": "User-Name", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "Room", + "prefix": "@event.room", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/jamf_pro/assets/dashboards/jamf_pro_system_server_and_miscellaneous_events.json b/jamf_pro/assets/dashboards/jamf_pro_system_server_and_miscellaneous_events.json new file mode 100644 index 0000000000000..23fe9ef43ea85 --- /dev/null +++ b/jamf_pro/assets/dashboards/jamf_pro_system_server_and_miscellaneous_events.json @@ -0,0 +1,4054 @@ +{ + "title": "Jamf Pro - System, Server & Miscellaneous Events", + "description": "- This dashboard provides key insights into system and server events, including DEP enrolments, server status, patch updates, push notifications, API activity, SCEP challenges, and smart group changes.", + "widgets": [ + { + "id": 1556295814255214, + "definition": { + "type": "image", + "url": "https://resources.jamf.com/images/logos/Jamf-Pro-color.png", + "url_dark_theme": "https://resources.jamf.com/images/logos/Jamf-Pro-color.png", + "sizing": "contain", + "has_background": false, + "has_border": false, + "vertical_align": "center", + "horizontal_align": "center" + }, + "layout": { + "x": 0, + "y": 0, + "width": 5, + "height": 3 + } + }, + { + "id": 2889378903874205, + "definition": { + "type": "note", + "content": "This dashboard provides key insights into system and server events, including DEP enrolments, server status, patch updates, push notifications, API activity, SCEP challenges, and smart group changes.\n\nFor more information, see the [Jamf Pro Integration Documentation](https://docs.datadoghq.com/integrations/jamf_pro/).\n\n**Tips**\n- Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n- Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 5, + "y": 0, + "width": 7, + "height": 3 + } + }, + { + "id": 6587367738483447, + "definition": { + "title": "JSSStartup Events", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4756832967556060, + "definition": { + "title": "Total Startup Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSStartup $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 1136599862709205, + "definition": { + "title": "Startup Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSStartup $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 5338835679480717, + "definition": { + "title": "Top Hosts with Most Startups", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSStartup $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.hostAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 709683903381808, + "definition": { + "title": "Top Institutions with Startups", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSStartup $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.institution", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 5187891067685170, + "definition": { + "title": "Top Web Application Paths", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSStartup $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.webApplicationPath", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 1809386725769697, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:JSSStartup $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 12 + } + }, + { + "id": 1041373237642509, + "definition": { + "title": "JSSShutdown Events", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 8264330240003900, + "definition": { + "title": "Total Shutdown Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSShutdown $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 5095327370232777, + "definition": { + "title": "Shutdown Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSShutdown $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 4397485200105, + "definition": { + "title": "Top Hosts with Most Shutdowns", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSShutdown $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.hostAddress", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 5539335342934801, + "definition": { + "title": "Top Institutions with Shutdowns", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSShutdown $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.institution", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 7660750918304062, + "definition": { + "title": "Top Web Application Paths", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:JSSShutdown $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.webApplicationPath", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 3742825823669412, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:JSSShutdown $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 12 + } + }, + { + "id": 590610033472300, + "definition": { + "title": "Device Added To DEP", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7258880698576712, + "definition": { + "title": "Total Devices Added to DEP", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:DeviceAddedToDEP $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 5904990093089740, + "definition": { + "title": "Devices Added to DEP over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "time": {}, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:DeviceAddedToDEP $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 2678011050690009, + "definition": { + "title": "Events by DEP Instance Id", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:DeviceAddedToDEP $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.deviceEnrollmentProgramInstanceId", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 8796272836607896, + "definition": { + "title": "Top Device Models", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:DeviceAddedToDEP $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.model", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 4441016140328812, + "definition": { + "title": "Devices by Asset Tag", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:DeviceAddedToDEP $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.assetTag", + "limit": 15, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 15, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 4 + } + }, + { + "id": 2332597400630849, + "definition": { + "title": "Device Summary", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:DeviceAddedToDEP $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.model", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.assetTag", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.description", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 7, + "width": 12, + "height": 4 + } + }, + { + "id": 7295959290875453, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:DeviceAddedToDEP $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 27, + "width": 12, + "height": 16 + } + }, + { + "id": 1986741319569233, + "definition": { + "title": "Patch Software Title Updated", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2158384773991214, + "definition": { + "title": "Total Patch Software Tile Update Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PatchSoftwareTitleUpdated $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8796673470547575, + "definition": { + "title": "Patch Updates Title Updates Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "horizontal", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PatchSoftwareTitleUpdated $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 2331724078922907, + "definition": { + "title": "Distribution of Events by Software Versions", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PatchSoftwareTitleUpdated $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.latestVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 6, + "height": 4 + } + }, + { + "id": 2360507324135861, + "definition": { + "title": "Update Frequency by Software Title", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PatchSoftwareTitleUpdated $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 6, + "y": 3, + "width": 6, + "height": 4 + } + }, + { + "id": 8392169578456813, + "definition": { + "title": "Software Update Report URLs", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PatchSoftwareTitleUpdated $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.latestVersion", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.reportUrls", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "number", + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 5578339587247255, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:PatchSoftwareTitleUpdated $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 43, + "width": 12, + "height": 12 + } + }, + { + "id": 7472615045725675, + "definition": { + "title": "Push Sent", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1791332953006851, + "definition": { + "title": "Total Push Sent Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PushSent $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 4454760187112760, + "definition": { + "title": "Push Sent Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PushSent $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 3284594206739009, + "definition": { + "title": "Top Push Notification Types", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:PushSent $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.type", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "dog_classic" + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 5, + "height": 4 + } + }, + { + "id": 5281440803403244, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:PushSent $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 5, + "y": 3, + "width": 7, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 55, + "width": 12, + "height": 8 + } + }, + { + "id": 7643723378223168, + "definition": { + "title": "Rest API Operation", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 5790730638006372, + "definition": { + "title": "Total Rest API Operations", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 5086918381285995, + "definition": { + "title": "Rest API Operations over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 5183802938084151, + "definition": { + "title": "Rest API Operations Failure Rate", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query2 * 100 / query1" + } + ], + "queries": [ + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation @event.operationSuccessful:false $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + }, + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 2728891920375429, + "definition": { + "title": "Top API Operations by User", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query2" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 7862104744062574, + "definition": { + "title": "Top Users by Failed API Operations Failure Rate", + "title_size": "16", + "title_align": "left", + "time": {}, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation @event.operationSuccessful:false $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + }, + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "white_on_red" + } + ], + "formulas": [ + { + "number_format": { + "unit": { + "type": "canonical_unit", + "unit_name": "percent" + } + }, + "formula": "query1 * 100 / query2" + } + ], + "sort": { + "count": 20, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 3, + "width": 4, + "height": 3 + } + }, + { + "id": 2515552451986998, + "definition": { + "title": "Distribution of Events by Method Type", + "title_size": "16", + "title_align": "left", + "time": {}, + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:RestAPIOperation $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@http.method", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "style": { + "palette": "datadog16" + }, + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "inline" + } + }, + "layout": { + "x": 0, + "y": 6, + "width": 5, + "height": 4 + } + }, + { + "id": 2625362102937175, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:RestAPIOperation $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 5, + "y": 6, + "width": 7, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 63, + "width": 12, + "height": 1 + } + }, + { + "id": 8703217150860968, + "definition": { + "title": "SCEP Challenge", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4252003874964560, + "definition": { + "title": "Total SCEP Challenge Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8258737203562769, + "definition": { + "title": "SCEP Challenge Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 8185802306692820, + "definition": { + "title": "Top Username", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query2" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 5768927736689426, + "definition": { + "title": "Top Email", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query2" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 3, + "width": 3, + "height": 4 + } + }, + { + "id": 4542154249753960, + "definition": { + "title": "User Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@usr.email", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.targetUser.realname", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 3, + "width": 6, + "height": 4 + } + }, + { + "id": 2256509659720273, + "definition": { + "title": "Top Device Name", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.targetDevice.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query2" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 7, + "width": 3, + "height": 4 + } + }, + { + "id": 5440470891528410, + "definition": { + "title": "Top Device Product", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query2", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.targetDevice.product", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query2" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 7, + "width": 3, + "height": 4 + } + }, + { + "id": 6897640296029898, + "definition": { + "title": "Device Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SCEPChallenge $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@event.targetDevice.deviceName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.targetDevice.product", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@event.targetDevice.serialNumber", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "alias": "Count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 7, + "width": 6, + "height": 4 + } + }, + { + "id": 2567857960679280, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:SCEPChallenge $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 11, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 64, + "width": 12, + "height": 16 + } + }, + { + "id": 6534732907973232, + "definition": { + "title": "Smart Group Computer Membership Change", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 538785804896649, + "definition": { + "title": "Total Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SmartGroupComputerMembershipChange $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 6783712360989044, + "definition": { + "title": "Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SmartGroupComputerMembershipChange $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 4718887544229927, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:SmartGroupComputerMembershipChange $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 80, + "width": 12, + "height": 8 + } + }, + { + "id": 2221879114974349, + "definition": { + "title": "Smart Group Mobile Device Membership Change", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7938398550989512, + "definition": { + "title": "Total Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SmartGroupMobileDeviceMembershipChange $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 1655925542358637, + "definition": { + "title": "Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SmartGroupComputerMembershipChange $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 858619428769440, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:SmartGroupMobileDeviceMembershipChange $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 88, + "width": 12, + "height": 1 + } + }, + { + "id": 4014280501230622, + "definition": { + "title": "Smart Group User Membership Change", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 3808237372235816, + "definition": { + "title": "Total Events", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SmartGroupUserMembershipChange $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#85a8e0" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "yaxis": {}, + "type": "bars" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 3, + "height": 3 + } + }, + { + "id": 8825703499485337, + "definition": { + "title": "Events over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "Events", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:jamf-pro service:SmartGroupUserMembershipChange $Event-Type" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 3, + "y": 0, + "width": 9, + "height": 3 + } + }, + { + "id": 3975928502816411, + "definition": { + "title": "Event Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:jamf-pro service:SmartGroupUserMembershipChange $Event-Type", + "indexes": [], + "storage": "hot" + }, + "columns": [ + { + "field": "status_line", + "width": "auto" + }, + { + "field": "timestamp", + "width": "auto" + }, + { + "field": "content", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 3, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 89, + "width": 12, + "height": 1 + } + }, + { + "id": 3872840220825617, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1935823782019407, + "definition": { + "type": "note", + "content": "\nDatadog Cloud SIEM analyzes and correlates Jamf Pro events to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](/security). ", + "background_color": "blue", + "font_size": "14", + "text_align": "center", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 2838545000487511, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:jamf-pro status:critical" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 3717777437287234, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:jamf-pro status:high" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2, + "timeseries_background": { + "type": "area" + } + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 7275481291543390, + "definition": { + "title": "Critical Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#bc303c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:jamf-pro status:critical" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 4, + "y": 1, + "width": 8, + "height": 4 + } + }, + { + "id": 8961431386208176, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:jamf-pro status:medium" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 4100479654823669, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#ffb52b", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:jamf-pro status:low" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 3263148473824677, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#84c1e0", + "palette": "custom_bg", + "value": 0 + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:jamf-pro status:info" + } + } + ], + "response_format": "scalar" + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 3145796658083314, + "definition": { + "title": "High Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#d33043", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:jamf-pro status:high" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 6878383441591823, + "definition": { + "title": "Medium Security Signals", + "type": "toplist", + "requests": [ + { + "conditional_formats": [ + { + "comparator": ">", + "custom_bg_color": "#e5a21c", + "palette": "custom_bg", + "value": 0 + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:jamf-pro status:medium" + } + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": {} + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 90, + "width": 12, + "height": 10 + } + } + ], + "template_variables": [ + { + "name": "Event-Type", + "prefix": "@evt.name", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/jamf_pro/assets/logs/jamf-pro.yaml b/jamf_pro/assets/logs/jamf-pro.yaml new file mode 100644 index 0000000000000..bf6545a6abcd5 --- /dev/null +++ b/jamf_pro/assets/logs/jamf-pro.yaml @@ -0,0 +1,246 @@ +id: jamf-pro +metric_id: jamf-pro +backend_only: false +facets: + - groups: + - Event + name: Event Name + path: evt.name + source: log + - groups: + - Web Access + name: Method + path: http.method + source: log + - groups: + - Geoip + name: City Name + path: network.client.geoip.city.name + source: log + - groups: + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name + source: log + - groups: + - Web Access + name: Client IP + path: network.client.ip + source: log + - groups: + - User + name: User Email + path: usr.email + source: log + - groups: + - User + name: User ID + path: usr.id + source: log + - groups: + - User + name: User Name + path: usr.name + source: log +pipeline: + type: pipeline + name: Jamf Pro + enabled: true + filter: + query: source:jamf-pro + processors: + - type: service-remapper + name: Define `webhook.webhookEvent` as the official service of the log + enabled: true + sources: + - webhook.webhookEvent + - type: date-remapper + name: Define `webhook.eventTimestamp` as the official date of the log + enabled: true + sources: + - webhook.eventTimestamp + - type: attribute-remapper + name: Map `webhook.webhookEvent` to `evt.name` + enabled: true + sources: + - webhook.webhookEvent + sourceType: attribute + target: evt.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: pipeline + name: Attribute remapping for `ComputerAdded`, `ComputerInventoryCompleted` and + `ComputerPushCapabilityChanged` Events + enabled: true + filter: + query: "@evt.name:(ComputerAdded OR ComputerInventoryCompleted OR + ComputerPushCapabilityChanged)" + processors: + - type: attribute-remapper + name: Map `event` to `event.computer` + enabled: true + sources: + - event + sourceType: attribute + target: event.computer + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: pipeline + name: Attribute Remapping for `SCEPChallenge` Events + enabled: true + filter: + query: "@evt.name:SCEPChallenge" + processors: + - type: attribute-remapper + name: Map `event.targetUser.uid` to `usr.id` + enabled: true + sources: + - event.targetUser.uid + sourceType: attribute + target: usr.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `event.targetUser.username` to `usr.name` + enabled: true + sources: + - event.targetUser.username + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `event.targetUser.email` to `usr.email` + enabled: true + sources: + - event.targetUser.email + sourceType: attribute + target: usr.email + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: pipeline + name: Attribute Remapping for `RestAPIOperations` Events + enabled: true + filter: + query: "@evt.name:RestAPIOperations" + processors: + - type: attribute-remapper + name: Map `event.restAPIOperationType` to `http.method` + enabled: true + sources: + - event.restAPIOperationType + sourceType: attribute + target: http.method + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: pipeline + name: Parse Computer Events + enabled: true + filter: + query: "@evt.name:(ComputerAdded OR ComputerCheckIn OR + ComputerInventoryCompleted OR ComputerPatchPolicyCompleted OR + ComputerPolicyFinished OR ComputerPushCapabilityChanged)" + processors: + - type: attribute-remapper + name: Map `event.computer.username` to `usr.name` + enabled: true + sources: + - event.computer.username + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `event.computer.emailAddress` to `usr.email` + enabled: true + sources: + - event.computer.emailAddress + sourceType: attribute + target: usr.email + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `event.computer.ipAddress` to `network.client.ip` + enabled: true + sources: + - event.computer.ipAddress + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: geo-ip-parser + name: Extract geolocation information + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: pipeline + name: Parse Mobile Events + enabled: true + filter: + query: "@evt.name:(MobileDeviceCheckIn OR MobileDeviceCommandCompleted OR + MobileDeviceEnrolled OR MobileDeviceInventoryCompleted OR + MobileDevicePushSent OR MobileDeviceUnenrolled)" + processors: + - type: attribute-remapper + name: Map `event.username` to `usr.name` + enabled: true + sources: + - event.username + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `event.ipAddress` to `network.client.ip` + enabled: true + sources: + - event.ipAddress + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: geo-ip-parser + name: Extract geolocation information + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing diff --git a/jamf_pro/assets/logs/jamf-pro_tests.yaml b/jamf_pro/assets/logs/jamf-pro_tests.yaml new file mode 100644 index 0000000000000..bc36d768c382a --- /dev/null +++ b/jamf_pro/assets/logs/jamf-pro_tests.yaml @@ -0,0 +1,386 @@ +id: "jamf-pro" +tests: + - + sample: |- + { + "webhook" : { + "name" : "Computer Added Webhook", + "id" : 6010, + "webhookEvent" : "ComputerAdded", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "osBuild" : "22F82", + "serialNumber" : "C02X1234JHD5", + "managementId" : "com.jamf.management.12345678-1234-5678-1234-567812345678", + "ipAddress" : "192.168.1.100", + "deviceName" : "John-Doe-MBP", + "building" : "Headquarters - Floor 3", + "jssID" : 12345, + "reportedIpAddress" : "203.0.113.45", + "room" : "3A-101", + "userDirectoryID" : "A1B2C3D4", + "realName" : "John Doe", + "emailAddress" : "john.doe@example.com", + "macAddress" : "00:1a:2b:3c:4d:5f", + "osVersion" : "13.4.1", + "alternateMacAddress" : "00:1a:2b:3c:4d:5e", + "phone" : "+1 (555) 123-4567", + "model" : "MacBook Pro (16-inch, 2023)", + "position" : "Senior Software Engineer", + "department" : "Engineering", + "udid" : "123e4567-e89b-12d3-a456-426614174000", + "username" : "jdoe" + } + } + result: + custom: + event: + computer: + alternateMacAddress: "00:1a:2b:3c:4d:5e" + building: "Headquarters - Floor 3" + department: "Engineering" + deviceName: "John-Doe-MBP" + jssID: 12345 + macAddress: "00:1a:2b:3c:4d:5f" + managementId: "com.jamf.management.12345678-1234-5678-1234-567812345678" + model: "MacBook Pro (16-inch, 2023)" + osBuild: "22F82" + osVersion: "13.4.1" + phone: "+1 (555) 123-4567" + position: "Senior Software Engineer" + realName: "John Doe" + reportedIpAddress: "203.0.113.45" + room: "3A-101" + serialNumber: "C02X1234JHD5" + udid: "123e4567-e89b-12d3-a456-426614174000" + userDirectoryID: "A1B2C3D4" + evt: + name: "ComputerAdded" + network: + client: + geoip: {} + ip: "192.168.1.100" + usr: + email: "john.doe@example.com" + name: "jdoe" + webhook: + eventTimestamp: 1752237458000 + id: 6010 + name: "Computer Added Webhook" + message: |- + { + "webhook" : { + "name" : "Computer Added Webhook", + "id" : 6010, + "webhookEvent" : "ComputerAdded", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "osBuild" : "22F82", + "serialNumber" : "C02X1234JHD5", + "managementId" : "com.jamf.management.12345678-1234-5678-1234-567812345678", + "ipAddress" : "192.168.1.100", + "deviceName" : "John-Doe-MBP", + "building" : "Headquarters - Floor 3", + "jssID" : 12345, + "reportedIpAddress" : "203.0.113.45", + "room" : "3A-101", + "userDirectoryID" : "A1B2C3D4", + "realName" : "John Doe", + "emailAddress" : "john.doe@example.com", + "macAddress" : "00:1a:2b:3c:4d:5f", + "osVersion" : "13.4.1", + "alternateMacAddress" : "00:1a:2b:3c:4d:5e", + "phone" : "+1 (555) 123-4567", + "model" : "MacBook Pro (16-inch, 2023)", + "position" : "Senior Software Engineer", + "department" : "Engineering", + "udid" : "123e4567-e89b-12d3-a456-426614174000", + "username" : "jdoe" + } + } + service: "ComputerAdded" + tags: + - "source:LOGS_SOURCE" + timestamp: 1752237458000 + - + sample: |- + { + "webhook" : { + "name" : "SCEP Challenge Webhook", + "id" : 8010, + "webhookEvent" : "SCEPChallenge", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "scepServerUrl" : "https://scep.example.com/mbp-certs", + "targetDevice" : { + "modelDisplay" : "16-inch MacBook Pro (2021)", + "product" : "MacBookPro18,3", + "osBuild" : "22G80", + "serialNumber" : "C07X1234JHD6", + "osVersion" : "13.6", + "bluetoothMacAddress" : "99:AA:BB:CC:DD:EE", + "model" : "MacBookPro18,3", + "udid" : "J0123456-7ABC-DEF8-9012-3456ABCDEF78", + "deviceName" : "Patricia's MacBook Pro", + "version" : "13.6", + "wifiMacAddress" : "99:AA:BB:CC:DD:EF" + }, + "payloadTypes" : [ "com.apple.security.scep" ], + "payloadIdentifier" : "com.example.mbp.scep", + "targetUser" : { + "uid" : "1010", + "phone" : "+15554329876", + "departmentID" : 1000, + "dn" : "uid=pmartinez,ou=users,dc=example,dc=com", + "position" : "Manager", + "uuid" : "d0e1f2a3-b4c5-6789", + "email" : "patricia.martinez@example.com", + "room" : "1010", + "username" : "pmartinez", + "buildingID" : 1, + "realname" : "Patricia Martinez" + } + } + } + result: + custom: + event: + payloadIdentifier: "com.example.mbp.scep" + payloadTypes: + - "com.apple.security.scep" + scepServerUrl: "https://scep.example.com/mbp-certs" + targetDevice: + bluetoothMacAddress: "99:AA:BB:CC:DD:EE" + deviceName: "Patricia's MacBook Pro" + model: "MacBookPro18,3" + modelDisplay: "16-inch MacBook Pro (2021)" + osBuild: "22G80" + osVersion: "13.6" + product: "MacBookPro18,3" + serialNumber: "C07X1234JHD6" + udid: "J0123456-7ABC-DEF8-9012-3456ABCDEF78" + version: "13.6" + wifiMacAddress: "99:AA:BB:CC:DD:EF" + targetUser: + buildingID: 1 + departmentID: 1000 + dn: "uid=pmartinez,ou=users,dc=example,dc=com" + phone: "+15554329876" + position: "Manager" + realname: "Patricia Martinez" + room: "1010" + uuid: "d0e1f2a3-b4c5-6789" + evt: + name: "SCEPChallenge" + usr: + email: "patricia.martinez@example.com" + id: "1010" + name: "pmartinez" + webhook: + eventTimestamp: 1752237458000 + id: 8010 + name: "SCEP Challenge Webhook" + message: |- + { + "webhook" : { + "name" : "SCEP Challenge Webhook", + "id" : 8010, + "webhookEvent" : "SCEPChallenge", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "scepServerUrl" : "https://scep.example.com/mbp-certs", + "targetDevice" : { + "modelDisplay" : "16-inch MacBook Pro (2021)", + "product" : "MacBookPro18,3", + "osBuild" : "22G80", + "serialNumber" : "C07X1234JHD6", + "osVersion" : "13.6", + "bluetoothMacAddress" : "99:AA:BB:CC:DD:EE", + "model" : "MacBookPro18,3", + "udid" : "J0123456-7ABC-DEF8-9012-3456ABCDEF78", + "deviceName" : "Patricia's MacBook Pro", + "version" : "13.6", + "wifiMacAddress" : "99:AA:BB:CC:DD:EF" + }, + "payloadTypes" : [ "com.apple.security.scep" ], + "payloadIdentifier" : "com.example.mbp.scep", + "targetUser" : { + "uid" : "1010", + "phone" : "+15554329876", + "departmentID" : 1000, + "dn" : "uid=pmartinez,ou=users,dc=example,dc=com", + "position" : "Manager", + "uuid" : "d0e1f2a3-b4c5-6789", + "email" : "patricia.martinez@example.com", + "room" : "1010", + "username" : "pmartinez", + "buildingID" : 1, + "realname" : "Patricia Martinez" + } + } + } + service: "SCEPChallenge" + tags: + - "source:LOGS_SOURCE" + timestamp: 1752237458000 + - + sample: |- + { + "webhook" : { + "name" : "Rest API Operation Webhook", + "id" : 7010, + "webhookEvent" : "RestAPIOperation", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "operationSuccessful" : true, + "restAPIOperationType" : "UPDATE", + "objectTypeName" : "Patch Policy", + "objectName" : "Security Updates", + "authorizedUsername" : "jane.doe", + "objectID" : 10001 + } + } + result: + custom: + event: + authorizedUsername: "jane.doe" + objectID: 10001 + objectName: "Security Updates" + objectTypeName: "Patch Policy" + operationSuccessful: true + restAPIOperationType: "UPDATE" + evt: + name: "RestAPIOperation" + webhook: + eventTimestamp: 1752237458000 + id: 7010 + name: "Rest API Operation Webhook" + message: |- + { + "webhook" : { + "name" : "Rest API Operation Webhook", + "id" : 7010, + "webhookEvent" : "RestAPIOperation", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "operationSuccessful" : true, + "restAPIOperationType" : "UPDATE", + "objectTypeName" : "Patch Policy", + "objectName" : "Security Updates", + "authorizedUsername" : "jane.doe", + "objectID" : 10001 + } + } + service: "RestAPIOperation" + tags: + - "source:LOGS_SOURCE" + timestamp: 1752237458000 + - + sample: |- + { + "webhook" : { + "name" : "Mobile Device Check In Webhook", + "id" : 9010, + "webhookEvent" : "MobileDeviceCheckIn", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "modelDisplay" : "iPhone 13 Pro Max", + "mdmCommandUUID" : "d2a5f8a2-3e2b-4b4a-8a1d-8e1e2a3b4c5d", + "product" : "iPhone 13 Pro Max", + "osBuild" : "20F71", + "serialNumber" : "C39F12345678", + "managementId" : "549c8e89-d215-4a2e-806b-f054eb9c8430", + "ipAddress" : "192.168.1.100", + "mdmCommand" : "MobileDeviceCheckIn", + "deviceName" : "iPhone 13 Pro Max", + "version" : "16.5", + "jssID" : 11, + "room" : "Conference Room A", + "userDirectoryID" : "1001", + "wifiMacAddress" : "W4:F6:2C:5A:2A:91", + "osVersion" : "16.5", + "icciID" : "12345678901234567890", + "bluetoothMacAddress" : "F8:B1:DD:76:77:43", + "imei" : "358123456789012", + "model" : "iPhone14,3", + "udid" : "82b53ce7dklsjflksjhnfkljhdlasjhlkas", + "username" : "johndoe" + } + } + result: + custom: + event: + bluetoothMacAddress: "F8:B1:DD:76:77:43" + deviceName: "iPhone 13 Pro Max" + icciID: "12345678901234567890" + imei: "358123456789012" + jssID: 11 + managementId: "549c8e89-d215-4a2e-806b-f054eb9c8430" + mdmCommand: "MobileDeviceCheckIn" + mdmCommandUUID: "d2a5f8a2-3e2b-4b4a-8a1d-8e1e2a3b4c5d" + model: "iPhone14,3" + modelDisplay: "iPhone 13 Pro Max" + osBuild: "20F71" + osVersion: "16.5" + product: "iPhone 13 Pro Max" + room: "Conference Room A" + serialNumber: "C39F12345678" + udid: "82b53ce7dklsjflksjhnfkljhdlasjhlkas" + userDirectoryID: "1001" + version: "16.5" + wifiMacAddress: "W4:F6:2C:5A:2A:91" + evt: + name: "MobileDeviceCheckIn" + network: + client: + geoip: {} + ip: "192.168.1.100" + usr: + name: "johndoe" + webhook: + eventTimestamp: 1752237458000 + id: 9010 + name: "Mobile Device Check In Webhook" + message: |- + { + "webhook" : { + "name" : "Mobile Device Check In Webhook", + "id" : 9010, + "webhookEvent" : "MobileDeviceCheckIn", + "eventTimestamp" : 1752237458000 + }, + "event" : { + "modelDisplay" : "iPhone 13 Pro Max", + "mdmCommandUUID" : "d2a5f8a2-3e2b-4b4a-8a1d-8e1e2a3b4c5d", + "product" : "iPhone 13 Pro Max", + "osBuild" : "20F71", + "serialNumber" : "C39F12345678", + "managementId" : "549c8e89-d215-4a2e-806b-f054eb9c8430", + "ipAddress" : "192.168.1.100", + "mdmCommand" : "MobileDeviceCheckIn", + "deviceName" : "iPhone 13 Pro Max", + "version" : "16.5", + "jssID" : 11, + "room" : "Conference Room A", + "userDirectoryID" : "1001", + "wifiMacAddress" : "W4:F6:2C:5A:2A:91", + "osVersion" : "16.5", + "icciID" : "12345678901234567890", + "bluetoothMacAddress" : "F8:B1:DD:76:77:43", + "imei" : "358123456789012", + "model" : "iPhone14,3", + "udid" : "82b53ce7dklsjflksjhnfkljhdlasjhlkas", + "username" : "johndoe" + } + } + service: "MobileDeviceCheckIn" + tags: + - "source:LOGS_SOURCE" + timestamp: 1752237458000 \ No newline at end of file diff --git a/jamf_pro/manifest.json b/jamf_pro/manifest.json new file mode 100644 index 0000000000000..cb20029d6beb2 --- /dev/null +++ b/jamf_pro/manifest.json @@ -0,0 +1,45 @@ +{ + "manifest_version": "2.0.0", + "app_uuid": "02ca0a87-f9e7-46e3-989d-9ac8b3654ac4", + "app_id": "jamf-pro", + "display_on_public_website": false, + "tile": { + "overview": "README.md#Overview", + "configuration": "README.md#Setup", + "support": "README.md#Support", + "changelog": "CHANGELOG.md", + "description": "Gain insights into Jamf Pro events.", + "title": "Jamf Pro", + "media": [], + "classifier_tags": [ + "Category::Log Collection", + "Category::Security", + "Submitted Data Type::Logs", + "Offering::Integration" + ] + }, + "assets": { + "integration": { + "auto_install": false, + "source_type_id": 52026787, + "source_type_name": "Jamf Pro", + "events": { + "creates_events": false + } + }, + "dashboards": { + "Jamf Pro - Computer Insights": "assets/dashboards/jamf_pro_computer_insights.json", + "Jamf Pro - Mobile Insights": "assets/dashboards/jamf_pro_mobile_insights.json", + "Jamf Pro - System, Server & Miscellaneous Events": "assets/dashboards/jamf_pro_system_server_and_miscellaneous_events.json" + }, + "logs": { + "source": "jamf-pro" + } + }, + "author": { + "support_email": "help@datadoghq.com", + "name": "Datadog", + "homepage": "https://www.datadoghq.com", + "sales_email": "info@datadoghq.com" + } +}