From 3e4f5310059c020be69ce71aa33bb2ea0e919733 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 7 Nov 2024 03:31:28 +0000 Subject: [PATCH] assets,site/content: daily assets regeneration --- assets/windows-active-directory/alerts.yaml | 23 +++++------ .../dashboards/activedirectory | 40 +++++++++---------- .../windows-active-directory/dashboards/logs | 26 ++++++------ assets/windows/dashboards/overview | 5 ++- assets/windows/dashboards/system | 8 ++-- .../windows-active-directory/_index.md | 23 +++++------ 6 files changed, 63 insertions(+), 62 deletions(-) diff --git a/assets/windows-active-directory/alerts.yaml b/assets/windows-active-directory/alerts.yaml index 24ae470..64f2e57 100644 --- a/assets/windows-active-directory/alerts.yaml +++ b/assets/windows-active-directory/alerts.yaml @@ -7,7 +7,7 @@ groups: CPU usage on host {{ $labels.instance }} is above 90%. The current value is {{ $value | printf "%.2f" }}%. summary: High CPU usage on Windows host. expr: | - 100 - (avg without (mode, core) (rate(windows_cpu_time_total{job=~"integrations/windows_exporter", mode="idle"}[2m])) * 100) > 90 + 100 - (avg without (mode, core) (rate(windows_cpu_time_total{job=~".*windows.*", mode="idle"}[2m])) * 100) > 90 for: 15m keep_firing_for: 5m labels: @@ -18,9 +18,9 @@ groups: Memory usage on host {{ $labels.instance }} is above 90%. The current value is {{ $value | printf "%.2f" }}%. summary: High memory usage on Windows host. expr: | - 100 - ((windows_os_physical_memory_free_bytes{job=~"integrations/windows_exporter"} + 100 - ((windows_os_physical_memory_free_bytes{job=~".*windows.*"} / - windows_cs_physical_memory_bytes{job=~"integrations/windows_exporter"}) * 100) > 90 + windows_cs_physical_memory_bytes{job=~".*windows.*"}) * 100) > 90 for: 15m keep_firing_for: 5m labels: @@ -31,7 +31,7 @@ groups: Volume {{ $labels.volume }} is almost full on host {{ $labels.instance }}, more than 90% of space is used. The current volume utilization is {{ $value | printf "%.2f" }}%. summary: Disk is almost full on Windows host. expr: | - 100 - ((windows_logical_disk_free_bytes{job=~"integrations/windows_exporter"} ) / (windows_logical_disk_size_bytes{job=~"integrations/windows_exporter"})) * 100 > 90 + 100 - ((windows_logical_disk_free_bytes{job=~".*windows.*"} ) / (windows_logical_disk_size_bytes{job=~".*windows.*"})) * 100 > 90 for: 15m keep_firing_for: 5m labels: @@ -42,7 +42,7 @@ groups: Windows service {{ $labels.name }} is not in healthy state, currently in '{{ $labels.status }}'. summary: Windows service is not healthy. expr: | - windows_service_status{job=~"integrations/windows_exporter", status!~"starting|stopping|ok"} > 0 + windows_service_status{job=~".*windows.*", status!~"starting|stopping|ok"} > 0 for: 5m labels: severity: critical @@ -52,7 +52,7 @@ groups: Windows disk {{ $labels.name }} is not in healthy state, currently in '{{ $labels.status }}' status. summary: Windows physical disk is not healthy. expr: | - windows_disk_drive_status{job=~"integrations/windows_exporter", status="OK"} != 1 + windows_disk_drive_status{job=~".*windows.*", status="OK"} != 1 for: 5m labels: severity: critical @@ -62,7 +62,7 @@ groups: Round-trip time of NTP client on instance {{ $labels.instance }} is greater than 1 second. Delay is {{ $value }} sec. summary: NTP client delay. expr: | - windows_time_ntp_round_trip_delay_seconds{job=~"integrations/windows_exporter"} > 1 + windows_time_ntp_round_trip_delay_seconds{job=~".*windows.*"} > 1 for: 5m keep_firing_for: 5m labels: @@ -73,7 +73,7 @@ groups: NTP time offset for instance {{ $labels.instance }} is greater than 1 second. Offset is {{ $value }} sec. summary: NTP time offset is too large. expr: | - windows_time_computed_time_offset_seconds{job=~"integrations/windows_exporter"} > 1 + windows_time_computed_time_offset_seconds{job=~".*windows.*"} > 1 for: 5m keep_firing_for: 5m labels: @@ -85,8 +85,7 @@ groups: summary: There is a high number of pending replication operations in Active Directory. A high number of pending operations sustained over a period of time can indicate a problem with replication. - expr: "windows_ad_replication_pending_operations{job=~\"integrations/windows_exporter\"} - >= 50 \n" + expr: "windows_ad_replication_pending_operations{job=~\".*windows.*\"} >= 50 \n" for: 10m keep_firing_for: 5m labels: @@ -98,7 +97,7 @@ groups: summary: There are a number of replication synchronization request failures. These can cause authentication failures, outdated information being propagated across domain controllers, and potentially data loss or inconsistencies. - expr: "increase(windows_ad_replication_sync_requests_schema_mismatch_failure_total{job=~\"integrations/windows_exporter\"}[5m]) + expr: "increase(windows_ad_replication_sync_requests_schema_mismatch_failure_total{job=~\".*windows.*\"}[5m]) > 0 \n" for: 5m keep_firing_for: 5m @@ -112,7 +111,7 @@ groups: summary: There is a high number of password changes. This may indicate unauthorized changes or attacks. expr: | - increase(windows_ad_sam_password_changes_total{job=~"integrations/windows_exporter"}[5m]) > 25 + increase(windows_ad_sam_password_changes_total{job=~".*windows.*"}[5m]) > 25 for: 5m labels: keep_firing_for: 24h diff --git a/assets/windows-active-directory/dashboards/activedirectory b/assets/windows-active-directory/dashboards/activedirectory index 1a64cdc..a5c6d42 100644 --- a/assets/windows-active-directory/dashboards/activedirectory +++ b/assets/windows-active-directory/dashboards/activedirectory @@ -7,7 +7,7 @@ "uid": "${loki_datasource}" }, "enable": true, - "expr": "{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\", channel=\"System\", level=\"Critical\"} | json", + "expr": "{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\", channel=\"System\", level=\"Critical\"} | json", "hide": true, "iconColor": "light-purple", "name": "Critical system event", @@ -21,7 +21,7 @@ "uid": "${datasource}" }, "enable": true, - "expr": "windows_system_system_up_time{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}*1000 > $__from < $__to", + "expr": "windows_system_system_up_time{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}*1000 > $__from < $__to", "hide": true, "iconColor": "light-yellow", "name": "Reboot", @@ -35,7 +35,7 @@ "uid": "${loki_datasource}" }, "enable": true, - "expr": "{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\", source=\"Service Control Manager\", level=\"Error\"} |= \"terminated\" | json", + "expr": "{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\", source=\"Service Control Manager\", level=\"Error\"} |= \"terminated\" | json", "hide": true, "iconColor": "light-orange", "name": "Service failed", @@ -51,7 +51,7 @@ "includeVars": true, "keepTime": true, "tags": [ - "active-directory" + "windows" ], "title": "All Windows Active Directory dashboards", "type": "dashboards" @@ -95,7 +95,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "sum(windows_ad_replication_pending_operations{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"})", + "expr": "sum(windows_ad_replication_pending_operations{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"})", "legendFormat": "Operations" } ], @@ -139,7 +139,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "sum(windows_ad_directory_service_threads{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"})", + "expr": "sum(windows_ad_directory_service_threads{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"})", "legendFormat": "Directory service threads" } ], @@ -159,7 +159,7 @@ }, "id": 3, "options": { - "alertInstanceLabelFilter": "job=~\"integrations/windows_exporter\",job=~\"${job:regex}\",instance=~\"${instance:regex}\"" + "alertInstanceLabelFilter": "job=~\".*windows.*\",job=~\"${job:regex}\",instance=~\"${instance:regex}\"" }, "pluginVersion": "v10.0.0", "title": "Windows Active Directory alerts", @@ -202,7 +202,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "sum(windows_ad_replication_pending_synchronizations{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"})", + "expr": "sum(windows_ad_replication_pending_synchronizations{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"})", "legendFormat": "Operations" } ], @@ -251,7 +251,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_binds_total{bind_method=~\"ldap\", job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_binds_total{bind_method=~\"ldap\", job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}}" } ], @@ -300,7 +300,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_directory_operations_total{origin=~\"ldap\", job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_directory_operations_total{origin=~\"ldap\", job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}} - {{ operation }}" } ], @@ -565,7 +565,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_binds_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_binds_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}} - {{ operation }}" } ], @@ -721,7 +721,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_replication_data_intrasite_bytes_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval]) * 8", + "expr": "rate(windows_ad_replication_data_intrasite_bytes_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval]) * 8", "legendFormat": "{{instance}} - {{ direction }}" } ], @@ -776,7 +776,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_replication_data_intersite_bytes_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval]) * 8", + "expr": "rate(windows_ad_replication_data_intersite_bytes_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval]) * 8", "legendFormat": "{{instance}} - {{ direction }}" } ], @@ -829,7 +829,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_replication_inbound_objects_updated_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_replication_inbound_objects_updated_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}} objects" }, { @@ -837,7 +837,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_replication_inbound_properties_updated_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_replication_inbound_properties_updated_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}} properties" } ], @@ -972,7 +972,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_database_operations_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_database_operations_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}} - {{ operation }}" } ], @@ -1083,7 +1083,7 @@ "type": "prometheus", "uid": "${datasource}" }, - "expr": "rate(windows_ad_database_operations_total{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", + "expr": "rate(windows_ad_database_operations_total{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}[$__rate_interval])", "legendFormat": "{{instance}} - {{ operation }}" } ], @@ -1094,7 +1094,7 @@ "refresh": "1m", "schemaVersion": 36, "tags": [ - "active-directory" + "windows" ], "templating": { "list": [ @@ -1114,7 +1114,7 @@ "label": "Job", "multi": true, "name": "job", - "query": "label_values(windows_ad_directory_service_threads{job=~\"integrations/windows_exporter\"}, job)", + "query": "label_values(windows_ad_directory_service_threads{job=~\".*windows.*\"}, job)", "refresh": 2, "sort": 1, "type": "query" @@ -1128,7 +1128,7 @@ "label": "Instance", "multi": true, "name": "instance", - "query": "label_values(windows_ad_directory_service_threads{job=~\"integrations/windows_exporter\",job=~\"$job\"}, instance)", + "query": "label_values(windows_ad_directory_service_threads{job=~\".*windows.*\",job=~\"$job\"}, instance)", "refresh": 2, "sort": 1, "type": "query" diff --git a/assets/windows-active-directory/dashboards/logs b/assets/windows-active-directory/dashboards/logs index f5ff4d6..ab005fa 100644 --- a/assets/windows-active-directory/dashboards/logs +++ b/assets/windows-active-directory/dashboards/logs @@ -7,7 +7,7 @@ "uid": "${loki_datasource}" }, "enable": true, - "expr": "{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\", channel=\"System\", level=\"Critical\"} | json", + "expr": "{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\", channel=\"System\", level=\"Critical\"} | json", "hide": true, "iconColor": "light-purple", "name": "Critical system event", @@ -21,7 +21,7 @@ "uid": "${datasource}" }, "enable": true, - "expr": "windows_system_system_up_time{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}*1000 > $__from < $__to", + "expr": "windows_system_system_up_time{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}*1000 > $__from < $__to", "hide": true, "iconColor": "light-yellow", "name": "Reboot", @@ -35,7 +35,7 @@ "uid": "${loki_datasource}" }, "enable": true, - "expr": "{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\", source=\"Service Control Manager\", level=\"Error\"} |= \"terminated\" | json", + "expr": "{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\", source=\"Service Control Manager\", level=\"Error\"} |= \"terminated\" | json", "hide": true, "iconColor": "light-orange", "name": "Service failed", @@ -51,7 +51,7 @@ "includeVars": true, "keepTime": true, "tags": [ - "active-directory" + "windows" ], "title": "All Windows Active Directory dashboards", "type": "dashboards" @@ -204,7 +204,7 @@ "type": "loki", "uid": "${loki_datasource}" }, - "expr": "sum by (level) (count_over_time({job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\",keywords=~\"$keywords\",level=~\"$level\"}\n|~ \"$regex_search\"\n| json | __error__=``\n[$__interval]))\n", + "expr": "sum by (level) (count_over_time({job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\",keywords=~\"$keywords\",level=~\"$level\"}\n|~ \"$regex_search\"\n| json | __error__=``\n[$__interval]))\n", "legendFormat": "{{ level }}" } ], @@ -246,7 +246,7 @@ "type": "loki", "uid": "${loki_datasource}" }, - "expr": "{job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\",keywords=~\"$keywords\",level=~\"$level\"} \n|~ \"$regex_search\"\n| json | __error__=``\n| label_format timestamp=\"{{__timestamp__}}\"\n| drop channel_extracted,source_extracted,computer_extracted,level_extracted,keywords_extracted\n| line_format `{{ if eq \"[[instance]]\" \".*\" }}{{ alignLeft 25 .instance}}|{{end}}{{alignLeft 12 .channel }}| {{ alignLeft 25 .source}}| {{ .message }}`\n\n" + "expr": "{job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\",keywords=~\"$keywords\",level=~\"$level\"} \n|~ \"$regex_search\"\n| json | __error__=``\n| label_format timestamp=\"{{__timestamp__}}\"\n| drop channel_extracted,source_extracted,computer_extracted,level_extracted,keywords_extracted\n| line_format `{{ if eq \"[[instance]]\" \".*\" }}{{ alignLeft 25 .instance}}|{{end}}{{alignLeft 12 .channel }}| {{ alignLeft 25 .source}}| {{ .message }}`\n\n" } ], "title": "Logs", @@ -256,7 +256,7 @@ "refresh": "1m", "schemaVersion": 39, "tags": [ - "active-directory" + "windows" ], "templating": { "list": [ @@ -277,7 +277,7 @@ "label": "Job", "multi": true, "name": "job", - "query": "label_values({job=~\"integrations/windows_exporter\"}, job)", + "query": "label_values({job=~\".*windows.*\"}, job)", "refresh": 2, "sort": 1, "type": "query" @@ -292,7 +292,7 @@ "label": "Instance", "multi": true, "name": "instance", - "query": "label_values({job=~\"integrations/windows_exporter\",job=~\"$job\"}, instance)", + "query": "label_values({job=~\".*windows.*\",job=~\"$job\"}, instance)", "refresh": 2, "sort": 1, "type": "query" @@ -307,7 +307,7 @@ "label": "Channel", "multi": true, "name": "channel", - "query": "label_values({job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\"}, channel)", + "query": "label_values({job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\"}, channel)", "refresh": 2, "sort": 1, "type": "query" @@ -322,7 +322,7 @@ "label": "Source", "multi": true, "name": "source", - "query": "label_values({job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\"}, source)", + "query": "label_values({job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\"}, source)", "refresh": 2, "sort": 1, "type": "query" @@ -337,7 +337,7 @@ "label": "Keywords", "multi": true, "name": "keywords", - "query": "label_values({job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\"}, keywords)", + "query": "label_values({job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\"}, keywords)", "refresh": 2, "sort": 1, "type": "query" @@ -352,7 +352,7 @@ "label": "Level", "multi": true, "name": "level", - "query": "label_values({job=~\"integrations/windows_exporter\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\",keywords=~\"$keywords\"}, level)", + "query": "label_values({job=~\".*windows.*\",job=~\"$job\",instance=~\"$instance\",channel=~\"$channel\",source=~\"$source\",keywords=~\"$keywords\"}, level)", "refresh": 2, "sort": 1, "type": "query" diff --git a/assets/windows/dashboards/overview b/assets/windows/dashboards/overview index 6ea517c..f64cc0b 100644 --- a/assets/windows/dashboards/overview +++ b/assets/windows/dashboards/overview @@ -162,7 +162,7 @@ "calcs": [ "lastNotNull" ], - "fields": "/^hostname$/" + "fields": "/^instance$/" } }, "pluginVersion": "v11.0.0", @@ -280,7 +280,8 @@ "color": { "fixedColor": "text", "mode": "fixed" - } + }, + "unit": "none" } }, "gridPos": { diff --git a/assets/windows/dashboards/system b/assets/windows/dashboards/system index 5f40b7f..6a1b759 100644 --- a/assets/windows/dashboards/system +++ b/assets/windows/dashboards/system @@ -314,7 +314,8 @@ "lineInterpolation": "smooth", "lineWidth": 2, "showPoints": "never" - } + }, + "unit": "short" } }, "gridPos": { @@ -362,7 +363,8 @@ "lineInterpolation": "smooth", "lineWidth": 2, "showPoints": "never" - } + }, + "unit": "short" } }, "gridPos": { @@ -530,7 +532,7 @@ "showPoints": "never" }, "noValue": "No data. Please check that \"time\" collector is enabled.", - "unit": "seconds" + "unit": "s" } }, "gridPos": { diff --git a/site/content/windows-active-directory/_index.md b/site/content/windows-active-directory/_index.md index 4c0a8e2..956909b 100644 --- a/site/content/windows-active-directory/_index.md +++ b/site/content/windows-active-directory/_index.md @@ -27,7 +27,7 @@ annotations: CPU usage on host {{ $labels.instance }} is above 90%. The current value is {{ $value | printf "%.2f" }}%. summary: High CPU usage on Windows host. expr: | - 100 - (avg without (mode, core) (rate(windows_cpu_time_total{job=~"integrations/windows_exporter", mode="idle"}[2m])) * 100) > 90 + 100 - (avg without (mode, core) (rate(windows_cpu_time_total{job=~".*windows.*", mode="idle"}[2m])) * 100) > 90 for: 15m keep_firing_for: 5m labels: @@ -43,9 +43,9 @@ annotations: Memory usage on host {{ $labels.instance }} is above 90%. The current value is {{ $value | printf "%.2f" }}%. summary: High memory usage on Windows host. expr: | - 100 - ((windows_os_physical_memory_free_bytes{job=~"integrations/windows_exporter"} + 100 - ((windows_os_physical_memory_free_bytes{job=~".*windows.*"} / - windows_cs_physical_memory_bytes{job=~"integrations/windows_exporter"}) * 100) > 90 + windows_cs_physical_memory_bytes{job=~".*windows.*"}) * 100) > 90 for: 15m keep_firing_for: 5m labels: @@ -61,7 +61,7 @@ annotations: Volume {{ $labels.volume }} is almost full on host {{ $labels.instance }}, more than 90% of space is used. The current volume utilization is {{ $value | printf "%.2f" }}%. summary: Disk is almost full on Windows host. expr: | - 100 - ((windows_logical_disk_free_bytes{job=~"integrations/windows_exporter"} ) / (windows_logical_disk_size_bytes{job=~"integrations/windows_exporter"})) * 100 > 90 + 100 - ((windows_logical_disk_free_bytes{job=~".*windows.*"} ) / (windows_logical_disk_size_bytes{job=~".*windows.*"})) * 100 > 90 for: 15m keep_firing_for: 5m labels: @@ -77,7 +77,7 @@ annotations: Windows service {{ $labels.name }} is not in healthy state, currently in '{{ $labels.status }}'. summary: Windows service is not healthy. expr: | - windows_service_status{job=~"integrations/windows_exporter", status!~"starting|stopping|ok"} > 0 + windows_service_status{job=~".*windows.*", status!~"starting|stopping|ok"} > 0 for: 5m labels: severity: critical @@ -92,7 +92,7 @@ annotations: Windows disk {{ $labels.name }} is not in healthy state, currently in '{{ $labels.status }}' status. summary: Windows physical disk is not healthy. expr: | - windows_disk_drive_status{job=~"integrations/windows_exporter", status="OK"} != 1 + windows_disk_drive_status{job=~".*windows.*", status="OK"} != 1 for: 5m labels: severity: critical @@ -107,7 +107,7 @@ annotations: Round-trip time of NTP client on instance {{ $labels.instance }} is greater than 1 second. Delay is {{ $value }} sec. summary: NTP client delay. expr: | - windows_time_ntp_round_trip_delay_seconds{job=~"integrations/windows_exporter"} > 1 + windows_time_ntp_round_trip_delay_seconds{job=~".*windows.*"} > 1 for: 5m keep_firing_for: 5m labels: @@ -123,7 +123,7 @@ annotations: NTP time offset for instance {{ $labels.instance }} is greater than 1 second. Offset is {{ $value }} sec. summary: NTP time offset is too large. expr: | - windows_time_computed_time_offset_seconds{job=~"integrations/windows_exporter"} > 1 + windows_time_computed_time_offset_seconds{job=~".*windows.*"} > 1 for: 5m keep_firing_for: 5m labels: @@ -140,8 +140,7 @@ annotations: summary: There is a high number of pending replication operations in Active Directory. A high number of pending operations sustained over a period of time can indicate a problem with replication. -expr: "windows_ad_replication_pending_operations{job=~\"integrations/windows_exporter\"} - >= 50 +expr: "windows_ad_replication_pending_operations{job=~\".*windows.*\"} >= 50 " for: 10m keep_firing_for: 5m @@ -159,7 +158,7 @@ annotations: summary: There are a number of replication synchronization request failures. These can cause authentication failures, outdated information being propagated across domain controllers, and potentially data loss or inconsistencies. -expr: "increase(windows_ad_replication_sync_requests_schema_mismatch_failure_total{job=~\"integrations/windows_exporter\"}[5m]) +expr: "increase(windows_ad_replication_sync_requests_schema_mismatch_failure_total{job=~\".*windows.*\"}[5m]) > 0 " for: 5m @@ -179,7 +178,7 @@ annotations: summary: There is a high number of password changes. This may indicate unauthorized changes or attacks. expr: | - increase(windows_ad_sam_password_changes_total{job=~"integrations/windows_exporter"}[5m]) > 25 + increase(windows_ad_sam_password_changes_total{job=~".*windows.*"}[5m]) > 25 for: 5m labels: keep_firing_for: 24h