Comment on page
Grafana Live Threat Monitoring
We can help you use your logs for live monitoring of you runreveal logs. We'll show you how to get the default RunReveal Threat Monitoring dashboard set up, and how to build custom dashboards.
Go to the RunReveal Grafana Plugin and install it to your grafana instance by clicking "Install plugin" under the Installation tab.
We still need to configure the RunReveal to authenticate with our API. Under
Home > Connections > Data sources, search for RunReveal.
Next you'll need an API token. There's two different ways to get an API token. If you have the CLI set up you can run the below command, paste the token into the Session Token section of the grafana dashboard, and click "Save & test".
If you haven't set up your CLI interface, you can generate this same token in the UI under the "Account" panel. Click "Generate Token" next to the API Tokens heading and copy/paste into the Session Token field in grafana.
From the data sources screen, select the "Dashboards" tab. On the Dashboards tab, click "Import"
You'll then see "RunReveal Default Dashboard" within your dashboards
This dashboard is maintained by us to help you quickly get up and running. If you'd like to see a revision history or see the detailed JSON specification of the dashboard that was just installed, this link has more information.
Within a grafana dashboard you can make a new panel and select the
runreveal_source datasource. Once you do that, you can make dashboards and panels using the same interface that the runreveal logs search interface works with.
Remember, Grafana works really well with timeseries data, and the RunReveal search interface supports the macros
$__fromTime $__toTime and $__timeInterval $__fromTime | Replaced by the starting time of the range of the panel casted to DateTime |
$__toTime | Replaced by the ending time of the range of the panel casted to DateTime |
$__timeInterval(columnName) | Replaced by a function calculating the interval based on window size, useful when grouping |