<form theme="dark">
  <label>Cyber Fusion Center - Availability</label>
  <description>CIS Analytics | Corporate Information Security</description>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="mytime">
      <label>Select a Time Range</label>
      <default>
        <earliest>-60m@m</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>48 Hours to  24 Hours Data Source Check</title>
      <table>
        <search>
          <query>| inputlookup cfc_sourcetypes.csv
| eval DiffDeviceCount = round(((DeviceCount - DeviceCount_24)/DeviceCount_24)*100,2)
| eval DiffEventsCount = round(((Events - Events_24)/Events_24)*100,2)
| sort + DiffDeviceCount, + DiffEventsCount</query>
          <earliest>$mytime.earliest$</earliest>
          <latest>$mytime.latest$</latest>
        </search>
        <option name="count">10</option>
        <option name="drilldown">cell</option>
        <format type="color" field="DiffDeviceCount">
          <colorPalette type="list">[#DC4E41,#F1813F,#F8BE34,#B6C75A,#53A051]</colorPalette>
          <scale type="threshold">-50,-25,-5,0</scale>
        </format>
        <format type="color" field="DiffDeviceCount">
          <colorPalette type="list">[#DC4E41,#F1813F,#F8BE34,#B6C75A,#53A051]</colorPalette>
          <scale type="threshold">-50,-25,-5,0</scale>
        </format>
        <format type="color" field="DiffEventsCount">
          <colorPalette type="list">[#DC4E41,#F1813F,#F8BE34,#B6C75A,#53A051]</colorPalette>
          <scale type="threshold">-50,-25,-10,0</scale>
        </format>
        <drilldown>
          <set token="myindex">$row.index$</set>
          <set token="mystype">$row.sourcetype$</set>
        </drilldown>
      </table>
    </panel>
  </row>
  <row>
    <panel depends="$myindex$">
      <title>Event reporting to Splunk for $myindex$ index and Sourcetype: $mystype$ By host - (limit of 50)</title>
      <chart>
        <search>
          <query>| tstats count as EventCount WHERE index=$myindex$ sourcetype=$mystype$  BY host _time | timechart sum(EventCount) by host useother=f limit=50</query>
          <earliest>$mytime.earliest$</earliest>
          <latest>$mytime.latest$</latest>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">collapsed</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">line</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">bottom</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <link target="_self">/app/cisa_sh_moswos/investigate_node?form.mynode=$click.name2$</link>
        </drilldown>
      </chart>
    </panel>
    <panel depends="$myindex$">
      <title>Hostnames reporting data to $myindex$ index</title>
      <table>
        <search>
          <query>| tstats latest(_time) AS ps1 count AS ps2 WHERE index=$myindex$ BY host | eval ps4=now() | eval ps5= round((ps4-ps1)/60,2) | convert ctime(ps4)  | convert ctime(ps1)  | table host ps2 ps1 ps4 ps5 | sort - ps5 | rename ps1 as "Latest Event Time", ps2 as "N# Of Events (Last 24 Hrs)", ps4 as "Current Time", ps5 as "No Data For (Minutes)"</query>
          <earliest>$mytime.earliest$</earliest>
          <latest>$mytime.latest$</latest>
        </search>
        <option name="count">10</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="wrap">true</option>
        <drilldown>
          <link target="_self">/app/cisa_sh_moswos/investigate_node?form.mynode=$row.host$</link>
        </drilldown>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Event reporting to Splunk for Identified data feeds</title>
      <chart>
        <search>
          <query>| tstats count as EventCount WHERE (index=websense OR index=sep OR index=tanium OR index=sfg OR index=f5_dns OR index=msad OR index=checkpoint OR index=fireeye)   BY host sourcetype _time | timechart sum(EventCount) by sourcetype useother=f limit=50</query>
          <earliest>$mytime.earliest$</earliest>
          <latest>$mytime.latest$</latest>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">collapsed</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">column</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">stacked</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">all</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.placement">right</option>
        <option name="height">345</option>
        <option name="refresh.display">progressbar</option>
        <drilldown>
          <link target="_self">/app/cisa_sh_moswos/investigate_node?form.mynode=$click.name2$</link>
        </drilldown>
      </chart>
    </panel>
  </row>
</form>