Clarification request for GHES usage

[twuytens]

We are using this app for our GHES servers and are seeing some discrepancies in some of the dashboard we'd like to get clarification on. Currently we're on GHES 3.8.2.

• In the github_app_for_splunk/2_process_monitor view the bottom 4 dashboard panels remain empty. It seems these are referencing metrics that are not available in our collectd data?

  • processes.ps_disk_ops.read/write
  • processes.ps_storage_octets.read/write

  We do have other metrics which might be usable for this (going by their names):

  • processes.io_ops.read/write OR processes.disk_octets.read/write
  • processes.disk_octets.read/write

  Are these the correct ones to use, or should there be others in the GHES collectd data?

• In the 3_authentication_monitor view it seems there is an issue with the metric names containing forward slashes '/'?
  Looking for statsd.gauge.github/auth/result/*/*.value --> We have statsd.gauge.github_auth_result_*_* . To make these panels work we need to change the slashes to underscores.
  Is this supposed to work like that, or should the queries be updated in this app? If so, I'm happy to create a PR for that.

• In the different audit view(s) we notice that the action=* filter is not working as expected. Field extractions are not working correctly with GHES audit log data and we need to include "github_source action | spath input=message" to all the queries to make it work. Is that intended?

• In the workflow overview view, field names are different in GHES data as well? workflow_job.name, workflow_job.id are not available, but we do have workflow_run.name, worflow_run.id. As a job and a run are not technically the same, should this be changed?

Next to this, really loving the insights we get from this app. ❤️

[twuytens]

Any feedback on this?

[rajbos]

Probably better to tag someone, maybe @derkkila ?