This tool extracts data about Alerts and Mitigations from Sightline via its APIs and loads it into a postgres database. Grafana is used to visualize that data. The tool uses docker compose to create three docker containers:
sp-ingest- Python code that extracts data from Sightline and loads it into PostgreSQLpostgres- PostgreSQL database for storagegrafana- Grafana for visualizing the data
- Install
git - Install
docker
- Clone this repo -
https://github.com/arbor/sp-api-reporting - Go into top level directory of this repo -
cd sp-api-reporting - Edit
.envfile and add the SP DNS/IP and API token - Start up -
docker compose up -d - Initial extract could take a while - many minutes to an hour - depending on the amount of data. Wait for
sp-ingestto perform the initial extract. - Log into grafana - [http://localhost:3000] - default creds are
admin/admin - Click on the
Dashboardsicon on the left (four squares), and select theSightline: Alert EVENT - Statisticsdashboard (Under theGeneralfolder)
Instructions can be found via the following:
- Log into Sightline
- Go to
Administration-->Sightline REST API Documentation - Click on
Generating and managing REST API tokenslink and follow instructions
Type docker compose logs -f sp-ingest to follow the logs and wait until you see a log message:
api-reporting-sp-ingest-1 | INFO:root:DONE
api-reporting-sp-ingest-1 | INFO:root:## Sleeping for 86400 seconds
Type Ctrl+C to exit from following the logs.
NOTE: All commands should be run at the top level of this repository.
docker compose up -d
docker compose stop
docker compose start
docker compose logs sp-ingest
docker compose exec -it postgres psql -U postgres
NOTE: Running this command will delete ALL of the data in postgres. It will NOT delete any data from Sightline
docker compose down