search

afaisman / Test

0 stars 0 forks source link

Sp #11

Open afaisman opened 4 months ago

afaisman commented 4 months ago

`

-24h@h now All Regions us-east-1 us-east-2 us-west-1 us-west-2 * All Clusters rttr-p11-eks1 rttr-p13-eks1 * All Namespaces p11-model-1 p11-realtime-1 p11-realtime-2 p11-asr-1 p11-asr-2 p11-synthetic-1 p13-model-1 p13-realtime-1 p13-realtime-2 p13-asr-1 p13-asr-2 p13-synthetic-1 * All Watermark Scale ImmediateScale TransactionBegin TransactionEnd DefineTransactionIdPrefix Watcher * All Deployments synthetic-tests asr1 asr2 transcribe-engine summarization-model-1 * * All 0 1 *
Events index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepertimestamp>(?<housekeepertimestamp>[^<]+)</housekeepertimestamp>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<weekday>(?<weekday>[^<]+)</weekday>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<eventRetCode>(?<eventRetCode>[^<]+)</eventRetCode>.*?</LogEntry>endend" | rename weekday as dow, eventRetCode as ret_code, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, currentnumberofpods as cur_pods, targetpercentage as target_per, housekeepermessage as msg, transaction_id as tid, housekeeperoperation as op_type | search namespace_name=$namespace_filter$ | table housekeepertimestamp, dow, tid, op_type, ret_code, msg $row.transaction_id$
Non-zero Return Code index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepertimestamp>(?<housekeepertimestamp>[^<]+)</housekeepertimestamp>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<weekday>(?<weekday>[^<]+)</weekday>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<eventRetCode>(?<eventRetCode>[^<]+)</eventRetCode>.*?</LogEntry>endend" | rename weekday as dow, eventRetCode as ret_code, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, currentnumberofpods as cur_pods, targetpercentage as target_per, housekeepermessage as msg, transaction_id as tid | timechart count by ret_code Logs index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | search meta_region=$regions_filter$ | search cluster_name=$clusters_filter$ | search namespace_name=$namespace_filter$ | search housekeeperoperation=$operation_filter$ | search observeddeployment=$deployment_filter$ | eval formatted_time=strftime(_time, "%A") | rename formatted_time as tm, housekeepermessage as msg, transaction_id as tid | table _time, tm, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid

`

afaisman commented 4 months ago

`

-24h@h now All Regions us-east-1 us-east-2 us-west-1 us-west-2 * All Clusters rttr-p11-eks1 rttr-p13-eks1 * All Namespaces p11-model-1 p11-realtime-1 p11-realtime-2 p11-asr-1 p11-asr-2 p11-synthetic-1 p13-model-1 p13-realtime-1 p13-realtime-2 p13-asr-1 p13-asr-2 p13-synthetic-1 * All Watermark Scale ImmediateScale TransactionBegin TransactionEnd DefineTransactionIdPrefix Watcher * All Deployments synthetic-tests asr1 asr2 transcribe-engine summarization-model-1 * All 0 1 *
Events index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepertimestamp>(?<housekeepertimestamp>[^<]+)</housekeepertimestamp>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<weekday>(?<weekday>[^<]+)</weekday>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<eventRetCode>(?<eventRetCode>[^<]+)</eventRetCode>.*?</LogEntry>endend" | search meta_region=$regions_filter$ | search cluster_name=$clusters_filter$ | search namespace_name=$namespace_filter$ | search housekeeperoperation=$operation_filter$ | search observeddeployment=$deployment_filter$ | search eventRetCode=$ret_code_filter$ | eval formatted_time=strftime(_time, "%A, %d %b %Y %H:%M:%S") | rename weekday as dow, formatted_time as tm, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, housekeeperoperation as op, currentnumberofpods as cur_pods, targetpercentage as target_perc, housekeepermessage as msg, transaction_id as tid, housekeepertimestamp as nsm_time | table nsm_time, dow, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid
Logs index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | search meta_region=$regions_filter$ | search cluster_name=$clusters_filter$ | search namespace_name=$namespace_filter$ | search housekeeperoperation=$operation_filter$ | search observeddeployment=$deployment_filter$ | eval formatted_time=strftime(_time, "%A") | rename weekday as dow, formatted_time as tm, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, housekeeperoperation as op, currentnumberofpods as cur_pods, targetpercentage as target_perc, housekeepermessage as msg, transaction_id as tid, housekeepertimestamp as nsm_time | table nsm_time, dow, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid

`

afaisman commented 4 months ago

'''

-24h@h now All Regions us-east-1 us-east-2 us-west-1 us-west-2 * All Clusters rttr-p11-eks1 rttr-p13-eks1 * All Namespaces p11-model-1 p11-realtime-1 p11-realtime-2 p11-asr-1 p11-asr-2 p11-synthetic-1 p13-model-1 p13-realtime-1 p13-realtime-2 p13-asr-1 p13-asr-2 p13-synthetic-1 * All Watermark Scale ImmediateScale TransactionBegin TransactionEnd DefineTransactionIdPrefix Watcher * All Deployments synthetic-tests asr1 asr2 transcribe-engine summarization-model-1 * All 0 1 *
Events index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepertimestamp>(?<housekeepertimestamp>[^<]+)</housekeepertimestamp>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<weekday>(?<weekday>[^<]+)</weekday>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<eventRetCode>(?<eventRetCode>[^<]+)</eventRetCode>.*?</LogEntry>endend" | search meta_region=$regions_filter$ | search cluster_name=$clusters_filter$ | search namespace_name=$namespace_filter$ | search housekeeperoperation=$operation_filter$ | search observeddeployment=$deployment_filter$ | search eventRetCode=$ret_code_filter$ | eval formatted_time=strftime(_time, "%A, %d %b %Y %H:%M:%S") | rename weekday as dow, formatted_time as tm, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, housekeeperoperation as op, currentnumberofpods as cur_pods, targetpercentage as target_perc, housekeepermessage as msg, transaction_id as tid, housekeepertimestamp as nsm_time | table nsm_time, dow, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid
Logs index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs earliest=$time1.earliest$ latest=$time1.latest$ search_by_me | rex field=_raw "\"pod_name\":\"(?<pod_name>[^\"]+)\"" | rex field=_raw "\"cluster_name\":\"(?<cluster_name>[^\"]+)\"" | rex field=_raw "\"namespace_name\":\"(?<namespace_name>[^\"]+)\"" | rex field=_raw "beginbegin<LogEntry>.*?<housekeeperoperation>(?<housekeeperoperation>[^<]+)</housekeeperoperation>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<observeddeployment>(?<observeddeployment>[^<]+)</observeddeployment>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<currentnumberofpods>(?<currentnumberofpods>[^<]+)</currentnumberofpods>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<targetpercentage>(?<targetpercentage>[^<]+)</targetpercentage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<housekeepermessage>(?<housekeepermessage>[^<]+)</housekeepermessage>.*?</LogEntry>endend" | rex field=_raw "beginbegin<LogEntry>.*?<transaction_id>(?<transaction_id>[^<]+)</transaction_id>.*?</LogEntry>endend" | search meta_region=$regions_filter$ | search cluster_name=$clusters_filter$ | search namespace_name=$namespace_filter$ | search housekeeperoperation=$operation_filter$ | search observeddeployment=$deployment_filter$ | eval formatted_time=strftime(_time, "%A") | rename weekday as dow, formatted_time as tm, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, housekeeperoperation as op, currentnumberofpods as cur_pods, targetpercentage as target_perc, housekeepermessage as msg, transaction_id as tid, housekeepertimestamp as nsm_time | table nsm_time, dow, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid

'''

afaisman commented 4 months ago 
<form version="1.1" theme="dark">
  <label>104120 - Namespace Manager - 1</label>
  <fieldset submitButton="false">
    <input type="time" token="time1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="regions_filter">
      <label>Region</label>
      <choice value="*">All Regions</choice>
      <choice value="us-east-1">us-east-1</choice>
      <choice value="us-east-2">us-east-2</choice>
      <choice value="us-west-1">us-west-1</choice>
      <choice value="us-west-2">us-west-2</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="clusters_filter">
      <label>Cluster</label>
      <choice value="*">All Clusters</choice>
      <choice value="rttr-p11-eks1">rttr-p11-eks1</choice>
      <choice value="rttr-p13-eks1">rttr-p13-eks1</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="namespace_filter">
      <label>Namespace</label>
      <choice value="*">All Namespaces</choice>
      <choice value="p11-model-1">p11-model-1</choice>
      <choice value="p11-realtime-1">p11-realtime-1</choice>
      <choice value="p11-realtime-2">p11-realtime-2</choice>
      <choice value="p11-asr-1">p11-asr-1</choice>
      <choice value="p11-asr-2">p11-asr-2</choice>
      <choice value="p11-synthetic-1">p11-synthetic-1</choice>
      <choice value="p13-model-1">p13-model-1</choice>
      <choice value="p13-realtime-1">p13-realtime-1</choice>
      <choice value="p13-realtime-2">p13-realtime-2</choice>
      <choice value="p13-asr-1">p13-asr-1</choice>
      <choice value="p13-asr-2">p13-asr-2</choice>
      <choice value="p13-synthetic-1">p13-synthetic-1</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="operation_filter">
      <label>Operation Type</label>
      <choice value="*">All</choice>
      <choice value="Watermark">Watermark</choice>
      <choice value="Scale">Scale</choice>
      <choice value="ImmediateScale">ImmediateScale</choice>
      <choice value="TransactionBegin">TransactionBegin</choice>
      <choice value="TransactionEnd">TransactionEnd</choice>
      <choice value="DefineTransactionIdPrefix">DefineTransactionIdPrefix</choice>
      <choice value="Watcher">Watcher</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="deployment_filter">
      <label>Deployment</label>
      <choice value="*">All Deployments</choice>
      <choice value="synthetic-tests">synthetic-tests</choice>
      <choice value="asr1">asr1</choice>
      <choice value="asr2">asr2</choice>
      <choice value="transcribe-engine">transcribe-engine</choice>
      <choice value="summarization-model-1">summarization-model-1</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="ret_code_filter">
      <label>Return code</label>
      <choice value="*">All</choice>
      <choice value="0">0</choice>
      <choice value="1">1</choice>
      <default>*</default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <title>Events</title>
        <search>
          <query>index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs  earliest=$time1.earliest$ latest=$time1.latest$ search_by_me
                        | rex field=_raw "\"pod_name\":\"(?&lt;pod_name&gt;[^\"]+)\""
                        | rex field=_raw "\"cluster_name\":\"(?&lt;cluster_name&gt;[^\"]+)\""
                        | rex field=_raw "\"namespace_name\":\"(?&lt;namespace_name&gt;[^\"]+)\""
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;housekeepertimestamp&gt;(?&lt;housekeepertimestamp&gt;[^&lt;]+)&lt;/housekeepertimestamp&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;weekday&gt;(?&lt;weekday&gt;[^&lt;]+)&lt;/weekday&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;housekeeperoperation&gt;(?&lt;housekeeperoperation&gt;[^&lt;]+)&lt;/housekeeperoperation&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;observeddeployment&gt;(?&lt;observeddeployment&gt;[^&lt;]+)&lt;/observeddeployment&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;currentnumberofpods&gt;(?&lt;currentnumberofpods&gt;[^&lt;]+)&lt;/currentnumberofpods&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;targetpercentage&gt;(?&lt;targetpercentage&gt;[^&lt;]+)&lt;/targetpercentage&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;housekeepermessage&gt;(?&lt;housekeepermessage&gt;[^&lt;]+)&lt;/housekeepermessage&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;transaction_id&gt;(?&lt;transaction_id&gt;[^&lt;]+)&lt;/transaction_id&gt;.*?&lt;/LogEntry&gt;endend"
                        | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;eventRetCode&gt;(?&lt;eventRetCode&gt;[^&lt;]+)&lt;/eventRetCode&gt;.*?&lt;/LogEntry&gt;endend"
                        | search meta_region=$regions_filter$
                        | search cluster_name=$clusters_filter$
                        | search namespace_name=$namespace_filter$
                        | search housekeeperoperation=$operation_filter$
                        | search observeddeployment=$deployment_filter$
                        | search eventRetCode=$ret_code_filter$
                        | eval formatted_time=strftime(_time, "%A, %d %b %Y %H:%M:%S")
                        | rename weekday as dow, formatted_time as tm, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, housekeeperoperation as op, currentnumberofpods as cur_pods, targetpercentage as target_perc, housekeepermessage as msg, transaction_id as tid, housekeepertimestamp as nsm_time
                        | table nsm_time, dow, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid </query>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <event>
        <title>Logs</title>
        <search>
          <query>index=cloudwatchlogs sourcetype=aws:eks_containers app_id=cloudwatchlogs  earliest=$time1.earliest$ latest=$time1.latest$ search_by_me 
            | rex field=_raw "\"pod_name\":\"(?&lt;pod_name&gt;[^\"]+)\""
            | rex field=_raw "\"cluster_name\":\"(?&lt;cluster_name&gt;[^\"]+)\""
            | rex field=_raw "\"namespace_name\":\"(?&lt;namespace_name&gt;[^\"]+)\""
            | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;housekeeperoperation&gt;(?&lt;housekeeperoperation&gt;[^&lt;]+)&lt;/housekeeperoperation&gt;.*?&lt;/LogEntry&gt;endend"
            | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;observeddeployment&gt;(?&lt;observeddeployment&gt;[^&lt;]+)&lt;/observeddeployment&gt;.*?&lt;/LogEntry&gt;endend"
            | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;currentnumberofpods&gt;(?&lt;currentnumberofpods&gt;[^&lt;]+)&lt;/currentnumberofpods&gt;.*?&lt;/LogEntry&gt;endend"
            | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;targetpercentage&gt;(?&lt;targetpercentage&gt;[^&lt;]+)&lt;/targetpercentage&gt;.*?&lt;/LogEntry&gt;endend"
            | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;housekeepermessage&gt;(?&lt;housekeepermessage&gt;[^&lt;]+)&lt;/housekeepermessage&gt;.*?&lt;/LogEntry&gt;endend"
            | rex field=_raw "beginbegin&lt;LogEntry&gt;.*?&lt;transaction_id&gt;(?&lt;transaction_id&gt;[^&lt;]+)&lt;/transaction_id&gt;.*?&lt;/LogEntry&gt;endend"
            | search meta_region=$regions_filter$ 
            | search cluster_name=$clusters_filter$
            | search namespace_name=$namespace_filter$ 
            | search housekeeperoperation=$operation_filter$
            | search observeddeployment=$deployment_filter$
            | eval formatted_time=strftime(_time, "%A")
            | rename weekday as dow, formatted_time as tm, meta_region as region, cluster_name as cluster, namespace_name as ns, observeddeployment as depl, housekeeperoperation as op, currentnumberofpods as cur_pods, targetpercentage as target_perc, housekeepermessage as msg, transaction_id as tid, housekeepertimestamp as nsm_time    
            | table nsm_time, dow, region, cluster, ns, depl, op, cur_pods, target_per, msg, tid </query>
        </search>
        <option name="list.drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </event>
    </panel>
  </row>

</form>