diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 892f33c1521..b934f13eb62 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -96,7 +96,7 @@ /packages/microsoft_defender_endpoint @elastic/security-external-integrations /packages/microsoft_dhcp @elastic/security-external-integrations /packages/microsoft @elastic/security-external-integrations -/packages/microsoft_sqlserver @elastic/security-external-integrations +/packages/microsoft_sqlserver @elastic/security-external-integrations @elastic/obs-service-integrations /packages/mimecast @elastic/security-external-integrations /packages/modsecurity @elastic/security-external-integrations /packages/mongodb @elastic/obs-service-integrations diff --git a/packages/microsoft_sqlserver/_dev/build/docs/README.md b/packages/microsoft_sqlserver/_dev/build/docs/README.md index 830fa5f5e83..9916c29739d 100644 --- a/packages/microsoft_sqlserver/_dev/build/docs/README.md +++ b/packages/microsoft_sqlserver/_dev/build/docs/README.md @@ -1,16 +1,27 @@ # Microsoft SQL Server Integration -The Microsoft SQL Server integration package allows you to search, observe and visualize the SQL Server audit events through Elasticsearch. +The Microsoft SQL Server integration package allows you to search, observe and visualize the SQL Server audit logs and metrics through Elasticsearch. + Auditing an instance of the SQL Server Database Engine or an individual database involves tracking and logging events that occur on the Database Engine. SQL Server audit lets you create server audits, which can contain server audit specifications for server level events, and database audit specifications for database level events. See: [SQL Server Audit page](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine?view=sql-server-ver15) for more information on SQL Server auditing. +`performance` metrics gathers the list of performance objects available on that server. Each server will have a different list of performance objects depending on the installed software. +`transaction_log` metrics collects all usage stats and the total space usage. + +## Named Instance + +Microsoft SQL Server has a feature that allows running multiple databases on the same host (or clustered hosts) with separate settings. Edit the instance port and provide the named instance port to connect to the named instance and collect metrics. +See: [Instruction on how to configure server to listen Named Instance port](https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15) + ## Compatibility -The package collects audit events from the event log. Other log sources such as file are not supported. +The package collects `performance` and `transaction_log` metrics, and `audit` events from the event log. Other log sources such as file are not supported. ## Configuration +### audit + There are several levels of auditing for SQL Server, depending on government or standards requirements for your installation. The SQL Server Audit feature enables you to audit server-level and database-level groups of events and individual events. See: [SQL Server Audit Action Groups and Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions?view=sql-server-ver15) for more information on the different audit levels. @@ -19,14 +30,45 @@ See: [Instructions on how to enable auditing for SQL Server](https://docs.micros >Note: For the integration package to be able to read and send audit events the event target must be configured to be Windows event log. -### Audit Events +### audit events Enable to collect SQL Server audit events from the specified windows event log channel. +### performance metrics + +Collects the `performance` counter metrics. Dynamic counter feature provides flexibility to collect metrics by providing the counter name as an input. + +See: [Instructions about each performance counter metrics](https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-os-performance-counters-transact-sql?view=sql-server-ver15 +) + +### transaction_log metrics + +Collects system level `transaction_log` metrics information for SQL Server instance. + +See: [Instructions and the operations supported by transaction log](https://docs.microsoft.com/en-us/sql/relational-databases/logs/the-transaction-log-sql-server?view=sql-server-ver15) + ## Logs -### Audit +### audit The SQL Server audit dataset provides events from the configured Windows event log channel. All SQL Server audit specific fields are available in the `sqlserver.audit` field group. {{fields "audit"}} + +## Metrics + +### performance + +The Microsoft SQL Server `performance` dataset provides metrics from the performance counter table. All `performance` metrics will be available in `sqlserver.metrics` field group. + +{{event "performance"}} + +{{fields "performance"}} + +### transaction_log + +The Microsoft SQL Server `transaction_log` dataset provides metrics from the log space usage and log stats tables of the system databases. All `transaction_log` metrics will be available in `sqlserver.metrics` field group. + +{{event "transaction_log"}} + +{{fields "transaction_log"}} \ No newline at end of file diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index 901c6726050..11f354c2672 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -1,5 +1,9 @@ # newer versions go on top - +- version: "1.1.1" + changes: + - description: Added transaction log datastream + type: enhancement + link: https://github.com/elastic/integrations/pull/3395 - version: "1.1.0" changes: - description: Added performance datastream diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/_dev/test/system/test-transaction-config.yml b/packages/microsoft_sqlserver/data_stream/transaction_log/_dev/test/system/test-transaction-config.yml new file mode 100644 index 00000000000..f5c4089b9cc --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/_dev/test/system/test-transaction-config.yml @@ -0,0 +1,5 @@ +vars: + hosts: + - "{{Hostname}}" + username: sa + password: 1234_asdf diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/agent/stream/stream.yml.hbs b/packages/microsoft_sqlserver/data_stream/transaction_log/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..4b8036ddd24 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/agent/stream/stream.yml.hbs @@ -0,0 +1,33 @@ +metricsets: ["query"] +# Specify hosts in the below format. TODO:hosts need to be updated to support multiple entries. +hosts: + - sqlserver://{{username}}:{{password}}@{{hosts}}:{{port}} +period: {{period}} +driver: mssql +raw_data.enabled: true +# Collect the transaction logs from the system database +sql_queries: + - query: "SELECT name As 'database_name', database_id FROM sys.databases WHERE database_id=1;" + response_format: table + - query: "SELECT 'master' As database_name, database_id,total_log_size_mb,active_log_size_mb,log_backup_time,log_since_last_log_backup_mb,log_since_last_checkpoint_mb,log_recovery_size_mb FROM sys.dm_db_log_stats(1) master" + response_format: table + - query: "SELECT 'master' As 'database_name', total_log_size_in_bytes As total_log_size_bytes, used_log_space_in_bytes As used_log_space_bytes, used_log_space_in_percent As used_log_space_pct, log_space_in_bytes_since_last_backup FROM sys.dm_db_log_space_usage master" + response_format: table + - query: "SELECT name As 'database_name', database_id FROM sys.databases WHERE database_id=2;" + response_format: table + - query: "SELECT 'tempdb' As 'database_name', database_id,total_log_size_mb,active_log_size_mb As active_log_size,log_backup_time,log_since_last_log_backup_mb, log_since_last_checkpoint_mb,log_recovery_size_mb FROM sys.dm_db_log_stats(2) tempdb" + response_format: table + - query: "SELECT 'tempdb' As 'database_name', total_log_size_in_bytes As total_log_size_bytes, used_log_space_in_bytes As used_log_space_bytes, used_log_space_in_percent As used_log_space_pct, log_space_in_bytes_since_last_backup FROM sys.dm_db_log_space_usage tempdb" + response_format: table + - query: "SELECT name As 'database_name', database_id FROM sys.databases WHERE database_id=3;" + response_format: table + - query: "SELECT 'model' As 'database_name', database_id,total_log_size_mb,active_log_size_mb As active_log_size,log_backup_time,log_since_last_log_backup_mb, log_since_last_checkpoint_mb,log_recovery_size_mb FROM sys.dm_db_log_stats(3) model" + response_format: table + - query: "SELECT 'model' As 'database_name', total_log_size_in_bytes As total_log_size_bytes, used_log_space_in_bytes As used_log_space_bytes, used_log_space_in_percent As used_log_space_pct, log_space_in_bytes_since_last_backup FROM sys.dm_db_log_space_usage model" + response_format: table + - query: "SELECT name As 'database_name', database_id FROM sys.databases WHERE database_id=4;" + response_format: table + - query: "SELECT 'msdb' As 'database_name', database_id,total_log_size_mb,active_log_size_mb As active_log_size,log_backup_time,log_since_last_log_backup_mb, log_since_last_checkpoint_mb,log_recovery_size_mb FROM sys.dm_db_log_stats(4) msdb" + response_format: table + - query: "SELECT 'msdb' As 'database_name', total_log_size_in_bytes As total_log_size_bytes, used_log_space_in_bytes As used_log_space_bytes, used_log_space_in_percent As used_log_space_pct, log_space_in_bytes_since_last_backup FROM sys.dm_db_log_space_usage msdb" + response_format: table diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sqlserver/data_stream/transaction_log/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..7c8708dfa52 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,75 @@ +--- +description: Pipeline for processing mssql transaction_log +processors: +- remove: + field: sql.driver + ignore_failure: true + ignore_missing: true +- remove: + field: sql.query + ignore_failure: true + ignore_missing: true +- rename: + field: sql + target_field: mssql + ignore_missing: true + ignore_failure: true +- rename: + field: mssql.metrics.log_since_last_checkpoint_mb + target_field: mssql.metrics.log_since_last_checkpoint + ignore_missing: true + ignore_failure: true +- rename: + field: mssql.metrics.log_recovery_size_mb + target_field: mssql.metrics.log_recovery_size + ignore_missing: true + ignore_failure: true +- rename: + field: mssql.metrics.total_log_size_mb + target_field: mssql.metrics.total_log_size + ignore_missing: true + ignore_failure: true +- rename: + field: mssql.metrics.active_log_size_mb + target_field: mssql.metrics.active_log_size + ignore_missing: true + ignore_failure: true +- rename: + field: mssql.metrics.log_since_last_log_backup_mb + target_field: mssql.metrics.log_since_last_log_backup + ignore_missing: true + ignore_failure: true +- script: + lang: painless + source: ctx.mssql.metrics.log_since_last_checkpoint = Math.round(ctx.mssql.metrics.log_since_last_checkpoint * params.scale) + params: + scale: 1048576 + if: ctx.mssql.metrics.log_since_last_checkpoint != null +- script: + lang: painless + source: ctx.mssql.metrics.log_recovery_size = Math.round(ctx.mssql.metrics.log_recovery_size * params.scale) + params: + scale: 1048576 + if: ctx.mssql.metrics.log_recovery_size != null +- script: + lang: painless + source: ctx.mssql.metrics.total_log_size = Math.round(ctx.mssql.metrics.total_log_size * params.scale) + params: + scale: 1048576 + if: ctx.mssql.metrics.total_log_size != null +- script: + lang: painless + source: ctx.mssql.metrics.active_log_size = Math.round(ctx.mssql.metrics.active_log_size * params.scale) + params: + scale: 1048576 + if: ctx.mssql.metrics.active_log_size != null +- script: + lang: painless + source: ctx.mssql.metrics.log_since_last_log_backup = Math.round(ctx.mssql.metrics.log_since_last_log_backup * params.scale) + params: + scale: 1048576 + if: ctx.mssql.metrics.log_since_last_log_backup != null +on_failure: +- set: + field: error.message + value: "{{ _ingest.on_failure_message }}" diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/fields/base-fields.yml b/packages/microsoft_sqlserver/data_stream/transaction_log/fields/base-fields.yml new file mode 100644 index 00000000000..14017be5fb2 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/fields/base-fields.yml @@ -0,0 +1,8 @@ +- name: data_stream.type + external: ecs +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/fields/ecs.yml b/packages/microsoft_sqlserver/data_stream/transaction_log/fields/ecs.yml new file mode 100644 index 00000000000..007e1303291 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/fields/ecs.yml @@ -0,0 +1,6 @@ +- external: ecs + name: ecs.version +- external: ecs + name: service.address +- external: ecs + name: service.type diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/fields/fields.yml b/packages/microsoft_sqlserver/data_stream/transaction_log/fields/fields.yml new file mode 100644 index 00000000000..1b66b396434 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/fields/fields.yml @@ -0,0 +1,62 @@ +- name: mssql + type: group + release: beta + fields: + - name: metrics + type: group + fields: + - name: database_id + type: long + dimension: true + description: Unique ID of the database inside MSSQL. + - name: database_name + type: keyword + description: Name of the database. + - name: log_since_last_checkpoint + type: long + unit: byte + metric_type: gauge + description: Log size in bytes since last checkpoint log sequence number (LSN). + - name: log_recovery_size + type: long + unit: byte + metric_type: gauge + description: Log size in bytes since log recovery log sequence number (LSN). + - name: total_log_size + type: long + unit: byte + metric_type: counter + description: Total log size. + - name: log_backup_time + type: date + description: Last transaction log backup time. + - name: active_log_size + type: long + unit: byte + metric_type: counter + description: Total active transaction log size in bytes. + - name: log_since_last_log_backup + type: long + unit: byte + metric_type: gauge + description: Log file size since last backup in bytes. + - name: used_log_space_pct + type: float + unit: percent + metric_type: gauge + description: A percentage of the occupied size of the log as a percent of the total log size. + - name: used_log_space_bytes + type: long + unit: byte + metric_type: gauge + description: The occupied size of the log in bytes. + - name: log_space_in_bytes_since_last_backup + type: long + unit: byte + metric_type: gauge + description: The amount of space used since the last log backup in bytes. + - name: total_log_size_bytes + type: long + unit: byte + metric_type: counter + description: Total transaction log size in bytes. diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/manifest.yml b/packages/microsoft_sqlserver/data_stream/transaction_log/manifest.yml new file mode 100644 index 00000000000..3f3b27e23b6 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/manifest.yml @@ -0,0 +1,16 @@ +type: metrics +title: Microsoft SQL Server transaction_log metrics +release: beta +streams: + - input: sql/metrics + enabled: false + vars: + - name: period + type: text + title: Period + multi: false + required: true + show_user: true + default: 60s + title: Microsoft SQL Server transaction_log metrics + description: Collect Microsoft SQL Server transaction_log metrics diff --git a/packages/microsoft_sqlserver/data_stream/transaction_log/sample_event.json b/packages/microsoft_sqlserver/data_stream/transaction_log/sample_event.json new file mode 100644 index 00000000000..908ca329490 --- /dev/null +++ b/packages/microsoft_sqlserver/data_stream/transaction_log/sample_event.json @@ -0,0 +1,47 @@ +{ + "@timestamp": "2022-06-08T10:20:14.787809Z", + "mssql": { + "metrics": { + "database_name": "msdb", + "database_id": 1, + "used_log_space_bytes": 41.17647171020508, + "log_space_in_bytes_since_last_backup": 397312, + "total_log_size_bytes": 2088960, + "used_log_space_pct": 860160 + } + }, + "metricset": { + "period": 10000, + "name": "query" + }, + "agent": { + "id": "e7b17c22-4223-46c3-b982-ff0d570b5fa6", + "ephemeral_id": "d1a76cf4-2463-478a-a474-36e771218467", + "type": "metricbeat", + "version": "8.3.0" + }, + "service": { + "address": "54.90.251.237:1433", + "type": "sql" + }, + "elastic_agent": { + "id": "e7b17c22-4223-46c3-b982-ff0d570b5fa6", + "version": "8.3.0", + "snapshot": true + }, + "event": { + "duration": 5595352584, + "agent_id_status": "verified", + "ingested": "2022-05-23T10:20:21Z", + "module": "sql", + "dataset": "microsoft_sqlserver.transaction_log" + }, + "data_stream": { + "namespace": "default", + "type": "metrics", + "dataset": "microsoft_sqlserver.transaction_log" + }, + "ecs": { + "version": "8.0.0" + } +} \ No newline at end of file diff --git a/packages/microsoft_sqlserver/docs/README.md b/packages/microsoft_sqlserver/docs/README.md index ccc8b0d7b41..d1a96da2f67 100644 --- a/packages/microsoft_sqlserver/docs/README.md +++ b/packages/microsoft_sqlserver/docs/README.md @@ -1,16 +1,27 @@ # Microsoft SQL Server Integration -The Microsoft SQL Server integration package allows you to search, observe and visualize the SQL Server audit events through Elasticsearch. +The Microsoft SQL Server integration package allows you to search, observe and visualize the SQL Server audit logs and metrics through Elasticsearch. + Auditing an instance of the SQL Server Database Engine or an individual database involves tracking and logging events that occur on the Database Engine. SQL Server audit lets you create server audits, which can contain server audit specifications for server level events, and database audit specifications for database level events. See: [SQL Server Audit page](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine?view=sql-server-ver15) for more information on SQL Server auditing. +`performance` metrics gathers the list of performance objects available on that server. Each server will have a different list of performance objects depending on the installed software. +`transaction_log` metrics collects all usage stats and the total space usage. + +## Named Instance + +Microsoft SQL Server has a feature that allows running multiple databases on the same host (or clustered hosts) with separate settings. Edit the instance port and provide the named instance port to connect to the named instance and collect metrics. +See: [Instruction on how to configure server to listen Named Instance port](https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-server-to-listen-on-a-specific-tcp-port?view=sql-server-ver15) + ## Compatibility -The package collects audit events from the event log. Other log sources such as file are not supported. +The package collects `performance` and `transaction_log` metrics, and `audit` events from the event log. Other log sources such as file are not supported. ## Configuration +### audit + There are several levels of auditing for SQL Server, depending on government or standards requirements for your installation. The SQL Server Audit feature enables you to audit server-level and database-level groups of events and individual events. See: [SQL Server Audit Action Groups and Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions?view=sql-server-ver15) for more information on the different audit levels. @@ -19,13 +30,26 @@ See: [Instructions on how to enable auditing for SQL Server](https://docs.micros >Note: For the integration package to be able to read and send audit events the event target must be configured to be Windows event log. -### Audit Events +### audit events Enable to collect SQL Server audit events from the specified windows event log channel. +### performance metrics + +Collects the `performance` counter metrics. Dynamic counter feature provides flexibility to collect metrics by providing the counter name as an input. + +See: [Instructions about each performance counter metrics](https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-os-performance-counters-transact-sql?view=sql-server-ver15 +) + +### transaction_log metrics + +Collects system level `transaction_log` metrics information for SQL Server instance. + +See: [Instructions and the operations supported by transaction log](https://docs.microsoft.com/en-us/sql/relational-databases/logs/the-transaction-log-sql-server?view=sql-server-ver15) + ## Logs -### Audit +### audit The SQL Server audit dataset provides events from the configured Windows event log channel. All SQL Server audit specific fields are available in the `sqlserver.audit` field group. @@ -154,3 +178,204 @@ The SQL Server audit dataset provides events from the configured Windows event l | winlog.user_data | The event specific data. This field is mutually exclusive with `event_data`. | object | | winlog.version | The version number of the event's definition. | long | + +## Metrics + +### performance + +The Microsoft SQL Server `performance` dataset provides metrics from the performance counter table. All `performance` metrics will be available in `sqlserver.metrics` field group. + +An example event for `performance` looks as following: + +```json +{ + "@timestamp": "2022-06-08T13:35:05.558Z", + "agent": { + "ephemeral_id": "16ad2de8-8ba3-496f-98d1-cbe19441c168", + "id": "848cea0e-c052-49b3-983d-64e13d3b9a6f", + "name": "docker-fleet-agent", + "type": "metricbeat", + "version": "8.3.0" + }, + "cloud": { + "account": {}, + "instance": { + "id": "b30e45e6-7900-4900-8d67-e37cb13374bc", + "name": "obs-int-windows-dev" + }, + "machine": { + "type": "Standard_D16ds_v5" + }, + "provider": "azure", + "region": "CentralIndia", + "service": { + "name": "Virtual Machines" + } + }, + "data_stream": { + "dataset": "microsoft_sqlserver.performance", + "namespace": "ep", + "type": "metrics" + }, + "ecs": { + "version": "8.0.0" + }, + "elastic_agent": { + "id": "848cea0e-c052-49b3-983d-64e13d3b9a6f", + "snapshot": true, + "version": "8.3.0" + }, + "event": { + "agent_id_status": "verified", + "dataset": "microsoft_sqlserver.performance", + "duration": 7151724, + "ingested": "2022-06-08T13:35:06Z", + "module": "sql" + }, + "host": { + "architecture": "x86_64", + "containerized": true, + "hostname": "docker-fleet-agent", + "ip": [ + "172.18.0.4" + ], + "mac": [ + "02:42:ac:12:00:04" + ], + "name": "docker-fleet-agent", + "os": { + "codename": "focal", + "family": "debian", + "kernel": "5.10.16.3-microsoft-standard-WSL2", + "name": "Ubuntu", + "platform": "ubuntu", + "type": "linux", + "version": "20.04.4 LTS (Focal Fossa)" + } + }, + "metricset": { + "name": "query", + "period": 60000 + }, + "mssql": { + "metrics": { + "user_connections": 1 + } + }, + "service": { + "address": "elastic-package-service-microsoft_sqlserver-1:1433", + "type": "sql" + } +} +``` + +**Exported fields** + +| Field | Description | Type | Metric Type | +|---|---|---|---| +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | +| mssql.metrics.active_temp_tables | Number of temporary tables/table variables in use. | long | | +| mssql.metrics.batch_requests_per_sec | Number of Transact-SQL command batches received per second. This statistic is affected by all constraints (such as I/O, number of users, cache size, complexity of requests, and so on). High batch requests mean good throughput. | float | gauge | +| mssql.metrics.buffer_cache_hit_ratio | The ratio is the total number of cache hits divided by the total number of cache lookups over the last few thousand page accesses. After a long period of time, the ratio moves very little. Because reading from the cache is much less expensive than reading from disk, you want this ratio to be high. | double | | +| mssql.metrics.buffer_checkpoint_pages_per_sec | Indicates the number of pages flushed to disk per second by a checkpoint or other operation that require all dirty pages to be flushed. | float | gauge | +| mssql.metrics.buffer_database_pages | Indicates the number of pages in the buffer pool with database content. | long | | +| mssql.metrics.buffer_page_life_expectancy | Indicates the number of seconds a page will stay in the buffer pool without references (in seconds). | long | | +| mssql.metrics.buffer_target_pages | Ideal number of pages in the buffer pool. | long | | +| mssql.metrics.compilations_per_sec | Number of SQL compilations per second. Indicates the number of times the compile code path is entered. Includes compiles caused by statement-level recompilations in SQL Server. After SQL Server user activity is stable, this value reaches a steady state. | float | gauge | +| mssql.metrics.connection_reset_per_sec | Total number of logins started per second from the connection pool. | float | gauge | +| mssql.metrics.dynamic_counter.name | Dynamic counter name is given by user. | keyword | | +| mssql.metrics.dynamic_counter.value | Dynamic counter value is fetched from performance table for the dynamic counter name which is provided by user. | long | | +| mssql.metrics.lock_waits_per_sec | Number of lock requests per second that required the caller to wait. | float | gauge | +| mssql.metrics.logins_per_sec | Total number of logins started per second. This does not include pooled connections. | float | gauge | +| mssql.metrics.logouts_per_sec | Total number of logout operations started per second. | float | gauge | +| mssql.metrics.page_splits_per_sec | Number of page splits per second that occur as the result of overflowing index pages. | float | gauge | +| mssql.metrics.re_compilations_per_sec | Number of statement recompiles per second. Counts the number of times statement recompiles are triggered. Generally, you want the recompiles to be low. | float | gauge | +| mssql.metrics.transactions | Total number of transactions | long | | +| mssql.metrics.user_connections | Total number of user connections. | long | | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | + + +### transaction_log + +The Microsoft SQL Server `transaction_log` dataset provides metrics from the log space usage and log stats tables of the system databases. All `transaction_log` metrics will be available in `sqlserver.metrics` field group. + +An example event for `transaction_log` looks as following: + +```json +{ + "@timestamp": "2022-06-08T10:20:14.787809Z", + "mssql": { + "metrics": { + "database_name": "msdb", + "database_id": 1, + "used_log_space_bytes": 41.17647171020508, + "log_space_in_bytes_since_last_backup": 397312, + "total_log_size_bytes": 2088960, + "used_log_space_pct": 860160 + } + }, + "metricset": { + "period": 10000, + "name": "query" + }, + "agent": { + "id": "e7b17c22-4223-46c3-b982-ff0d570b5fa6", + "ephemeral_id": "d1a76cf4-2463-478a-a474-36e771218467", + "type": "metricbeat", + "version": "8.3.0" + }, + "service": { + "address": "54.90.251.237:1433", + "type": "sql" + }, + "elastic_agent": { + "id": "e7b17c22-4223-46c3-b982-ff0d570b5fa6", + "version": "8.3.0", + "snapshot": true + }, + "event": { + "duration": 5595352584, + "agent_id_status": "verified", + "ingested": "2022-05-23T10:20:21Z", + "module": "sql", + "dataset": "microsoft_sqlserver.transaction_log" + }, + "data_stream": { + "namespace": "default", + "type": "metrics", + "dataset": "microsoft_sqlserver.transaction_log" + }, + "ecs": { + "version": "8.0.0" + } +} +``` + +**Exported fields** + +| Field | Description | Type | Unit | Metric Type | +|---|---|---|---|---| +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | | | +| mssql.metrics.active_log_size | Total active transaction log size in bytes. | long | byte | counter | +| mssql.metrics.database_id | Unique ID of the database inside MSSQL. | long | | | +| mssql.metrics.database_name | Name of the database. | keyword | | | +| mssql.metrics.log_backup_time | Last transaction log backup time. | date | | | +| mssql.metrics.log_recovery_size | Log size in bytes since log recovery log sequence number (LSN). | long | byte | gauge | +| mssql.metrics.log_since_last_checkpoint | Log size in bytes since last checkpoint log sequence number (LSN). | long | byte | gauge | +| mssql.metrics.log_since_last_log_backup | Log file size since last backup in bytes. | long | byte | gauge | +| mssql.metrics.log_space_in_bytes_since_last_backup | The amount of space used since the last log backup in bytes. | long | byte | gauge | +| mssql.metrics.total_log_size | Total log size. | long | byte | counter | +| mssql.metrics.total_log_size_bytes | Total transaction log size in bytes. | long | byte | counter | +| mssql.metrics.used_log_space_bytes | The occupied size of the log in bytes. | long | byte | gauge | +| mssql.metrics.used_log_space_pct | A percentage of the occupied size of the log as a percent of the total log size. | float | percent | gauge | +| service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | | +| service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | | | diff --git a/packages/microsoft_sqlserver/img/sqlserver-transaction-dashboard.png b/packages/microsoft_sqlserver/img/sqlserver-transaction-dashboard.png index 9486af435be..41b51ea3b90 100644 Binary files a/packages/microsoft_sqlserver/img/sqlserver-transaction-dashboard.png and b/packages/microsoft_sqlserver/img/sqlserver-transaction-dashboard.png differ diff --git a/packages/microsoft_sqlserver/kibana/dashboard/microsoft_sqlserver-18d66970-1fb4-11e9-8a4d-eb34d2834f6b.json b/packages/microsoft_sqlserver/kibana/dashboard/microsoft_sqlserver-18d66970-1fb4-11e9-8a4d-eb34d2834f6b.json new file mode 100644 index 00000000000..3f6dc176e73 --- /dev/null +++ b/packages/microsoft_sqlserver/kibana/dashboard/microsoft_sqlserver-18d66970-1fb4-11e9-8a4d-eb34d2834f6b.json @@ -0,0 +1,781 @@ +{ + "attributes": { + "description": "An overview of the transaction log of each database in a Microsoft SQL Server instance", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "controls": [ + { + "fieldName": "mssql.metrics.database_name", + "id": "1654252440058", + "indexPatternRefName": "control_54848bf4-7be8-47d5-9456-745b7e7e41ce_0_index_pattern", + "label": "Database Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "", + "type": "input_control_vis", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "54848bf4-7be8-47d5-9456-745b7e7e41ce", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "54848bf4-7be8-47d5-9456-745b7e7e41ce", + "title": "Database Selector [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1569a491-ab74-45b7-bb0f-f25736d8fff2", + "index_pattern_ref_name": "metrics_033d2eb9-9d99-4c61-9d87-5410f2fa6607_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "d77d5f8f-c5ba-49f7-94cf-1317312584be", + "label": "Total Log Space Usage [Metrics Microsoft SqlServer]", + "line_width": 1, + "metrics": [ + { + "field": "mssql.metrics.total_log_size_bytes", + "id": "db45fa88-df7c-46ed-8a45-ef9e8f11a2c2", + "type": "avg" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "01", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "stacked", + "steps": 0, + "terms_field": "mssql.metrics.database_name", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "033d2eb9-9d99-4c61-9d87-5410f2fa6607", + "w": 18, + "x": 12, + "y": 0 + }, + "panelIndex": "033d2eb9-9d99-4c61-9d87-5410f2fa6607", + "title": "Total Log Space Usage [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "efb35b3a-5ea1-4c58-ad29-357a5d53afb9", + "index_pattern_ref_name": "metrics_ecca4f7b-5846-4659-a8a3-844276779869_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "percent", + "id": "fcc0ab77-f30c-417b-b91a-dc0eecc0d4e0", + "label": "Percentage of Used Space [Metrics Microsoft SqlServer]", + "line_width": "1", + "metrics": [ + { + "field": "mssql.metrics.used_log_space_pct", + "id": "0b1a9a76-45ed-4968-910a-d4c05d169c47", + "type": "avg" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "01", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "stacked", + "terms_field": "mssql.metrics.database_name", + "terms_order_by": "_count", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 12, + "i": "ecca4f7b-5846-4659-a8a3-844276779869", + "w": 18, + "x": 30, + "y": 0 + }, + "panelIndex": "ecca4f7b-5846-4659-a8a3-844276779869", + "title": "Percentage of Used Space [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1569a491-ab74-45b7-bb0f-f25736d8fff2", + "index_pattern_ref_name": "metrics_41b881a5-df21-4ef0-90c6-9906a0107f5e_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "d77d5f8f-c5ba-49f7-94cf-1317312584be", + "label": "Used log space [Metrics Microsoft SqlServer]", + "line_width": 1, + "metrics": [ + { + "field": "mssql.metrics.used_log_space_bytes", + "id": "db45fa88-df7c-46ed-8a45-ef9e8f11a2c2", + "type": "avg" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "01", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "stacked", + "steps": 0, + "terms_field": "mssql.metrics.database_name", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 16, + "i": "41b881a5-df21-4ef0-90c6-9906a0107f5e", + "w": 23, + "x": 0, + "y": 12 + }, + "panelIndex": "41b881a5-df21-4ef0-90c6-9906a0107f5e", + "title": "Used Space [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1569a491-ab74-45b7-bb0f-f25736d8fff2", + "index_pattern_ref_name": "metrics_d065062d-1b53-4cd1-80db-462b58e97632_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "d77d5f8f-c5ba-49f7-94cf-1317312584be", + "label": "Log space size since last backup [Metrics Microsoft SqlServer]", + "line_width": 1, + "metrics": [ + { + "field": "mssql.metrics.log_space_in_bytes_since_last_backup", + "id": "db45fa88-df7c-46ed-8a45-ef9e8f11a2c2", + "type": "avg" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "1", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "stacked", + "steps": 0, + "terms_field": "mssql.metrics.database_name", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 16, + "i": "d065062d-1b53-4cd1-80db-462b58e97632", + "w": 25, + "x": 23, + "y": 12 + }, + "panelIndex": "d065062d-1b53-4cd1-80db-462b58e97632", + "title": "Log Space Since Last Backup [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1569a491-ab74-45b7-bb0f-f25736d8fff2", + "index_pattern_ref_name": "metrics_ed535f03-9d86-4021-9d47-c315a012aceb_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "d77d5f8f-c5ba-49f7-94cf-1317312584be", + "label": "Recovery size [Metrics Microsoft SqlServer]", + "line_width": 1, + "metrics": [ + { + "field": "mssql.metrics.log_recovery_size", + "id": "db45fa88-df7c-46ed-8a45-ef9e8f11a2c2", + "type": "avg" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "1", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "mssql.metrics.database_name", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 16, + "i": "ed535f03-9d86-4021-9d47-c315a012aceb", + "w": 23, + "x": 0, + "y": 28 + }, + "panelIndex": "ed535f03-9d86-4021-9d47-c315a012aceb", + "title": "Recovery Size [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1569a491-ab74-45b7-bb0f-f25736d8fff2", + "index_pattern_ref_name": "metrics_1c270f8b-8e64-410d-a5e4-a4cc45c4fa2c_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "d77d5f8f-c5ba-49f7-94cf-1317312584be", + "label": "Transaction log size since last checkpoint [Metrics Microsoft SqlServer]", + "line_width": 1, + "metrics": [ + { + "field": "mssql.metrics.log_since_last_checkpoint", + "id": "db45fa88-df7c-46ed-8a45-ef9e8f11a2c2", + "type": "avg" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "1", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "mssql.metrics.database_name", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 16, + "i": "1c270f8b-8e64-410d-a5e4-a4cc45c4fa2c", + "w": 25, + "x": 23, + "y": 28 + }, + "panelIndex": "1c270f8b-8e64-410d-a5e4-a4cc45c4fa2c", + "title": "Log Size Since Last Checkpoint [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "1569a491-ab74-45b7-bb0f-f25736d8fff2", + "index_pattern_ref_name": "metrics_af6dc077-868f-460c-bc8a-11019b087898_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "d77d5f8f-c5ba-49f7-94cf-1317312584be", + "label": "Active size [Metrics Microsoft SqlServer]", + "line_width": 1, + "metrics": [ + { + "field": "mssql.metrics.active_log_size", + "id": "db45fa88-df7c-46ed-8a45-ef9e8f11a2c2", + "type": "avg" + } + ], + "offset_time": "", + "override_index_pattern": 0, + "palette": { + "name": "gradient", + "params": { + "colors": [ + "#68BC00", + "rgb(0, 0, 0)" + ], + "gradient": true + }, + "type": "palette" + }, + "point_size": "1", + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_color_mode": null, + "split_mode": "terms", + "stacked": "none", + "steps": 0, + "terms_field": "mssql.metrics.database_name", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "timeseries", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + } + }, + "gridData": { + "h": 16, + "i": "af6dc077-868f-460c-bc8a-11019b087898", + "w": 23, + "x": 0, + "y": 44 + }, + "panelIndex": "af6dc077-868f-460c-bc8a-11019b087898", + "title": "Active Log Size [Metrics Microsoft SqlServer]", + "type": "visualization", + "version": "8.3.0" + } + ], + "timeRestore": false, + "title": "[Metrics Microsoft SQL Server] Transaction log", + "version": 1 + }, + "coreMigrationVersion": "8.3.0", + "id": "microsoft_sqlserver-18d66970-1fb4-11e9-8a4d-eb34d2834f6b", + "migrationVersion": { + "dashboard": "8.3.0" + }, + "references": [ + { + "id": "metrics-*", + "name": "54848bf4-7be8-47d5-9456-745b7e7e41ce:control_54848bf4-7be8-47d5-9456-745b7e7e41ce_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "033d2eb9-9d99-4c61-9d87-5410f2fa6607:metrics_033d2eb9-9d99-4c61-9d87-5410f2fa6607_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ecca4f7b-5846-4659-a8a3-844276779869:metrics_ecca4f7b-5846-4659-a8a3-844276779869_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "41b881a5-df21-4ef0-90c6-9906a0107f5e:metrics_41b881a5-df21-4ef0-90c6-9906a0107f5e_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d065062d-1b53-4cd1-80db-462b58e97632:metrics_d065062d-1b53-4cd1-80db-462b58e97632_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ed535f03-9d86-4021-9d47-c315a012aceb:metrics_ed535f03-9d86-4021-9d47-c315a012aceb_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1c270f8b-8e64-410d-a5e4-a4cc45c4fa2c:metrics_1c270f8b-8e64-410d-a5e4-a4cc45c4fa2c_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "af6dc077-868f-460c-bc8a-11019b087898:metrics_af6dc077-868f-460c-bc8a-11019b087898_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "dashboard" +} \ No newline at end of file diff --git a/packages/microsoft_sqlserver/manifest.yml b/packages/microsoft_sqlserver/manifest.yml index ced93470ed6..e42fcbb2d61 100644 --- a/packages/microsoft_sqlserver/manifest.yml +++ b/packages/microsoft_sqlserver/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_sqlserver title: "Microsoft SQL Server" -version: 1.1.0 +version: 1.1.1 license: basic description: Collect events from Microsoft SQL Server with Elastic Agent type: integration