Closed fribse closed 2 years ago
Here's a Timelion query that might help get you started:
.es(q='_index:dmarc-* AND NOT (auth_dkim_result.keyword:pass AND policy_dkim.keyword:pass) OR (auth_spf_result.keyword:pass AND policy_spf.keyword:pass)',metric=sum:count).label('Fail').color(#4455ff).yaxis(2,min=0).lines(fill=1,width=3), .es(q='_index:dmarc-* AND (auth_dkim_result.keyword:pass AND policy_dkim.keyword:pass) OR (auth_spf_result.keyword:pass AND policy_spf.keyword:pass)',metric=sum:count).label('Pass').color(#44ee66).yaxis(2,min=0).lines(fill=1,width=5),
.es(q='_index:dmarc-* AND NOT (auth_dkim_result.keyword:pass AND policy_dkim.keyword:pass) OR (auth_spf_result.keyword:pass AND policy_spf.keyword:pass)',metric=sum:count).divide(.es(q='_index:dmarc-* AND (auth_dkim_result.keyword:pass AND policy_dkim.keyword:pass) OR (auth_spf_result.keyword:pass AND policy_spf.keyword:pass)',metric=sum:count)).label('Failure Rate').color(orange).yaxis(units=percent,min=0,max=1).points(radius=10,fill=7)
Hi @jertel
I'm still using your excellent work, unfortunately I had a crash and a bad backup, so I'm starting over on everything with DMarc. Do you know a good Kibana dashboard for the DMarc records?