This is the new Smartscape model, containing model definitions for entities that are stored in Smartscape on Grail. All models, describing different entities are organized by domain in subfolders:
Get an overview of all Smartscape node types
smartscapeNodes "*"| summarize count(), by: type
Get an overview of all Smartscape edges
smartscapeEdges "*"| summarize count(), by:{ source_type, type, target_type }
Get all edges that start from hosts.
smartscapeEdges "*"| filter source_type == "HOST"| fields type, target_type| dedup type, target_type
Load all Smartscape nodes and traverse forward to all connected nodes.
smartscapeNodes "*"| traverse "*", "*"
Load all Kubernetes entities.
smartscapeNodes "K8S_*"| fieldsRemove k8s.object
Load all AWS entities.
smartscapeNodes "AWS_*"| fieldsRemove aws.object
Load all Synthetic entities.
smartscapeNodes "BROWSER_MONITOR"| append [smartscapeNodes "BROWSER_MONITOR_STEP"]| append [smartscapeNodes "HTTP_MONITOR"]| append [smartscapeNodes "HTTP_MONITOR_STEP"]| append [smartscapeNodes "NETWORK_AVAILABILITY_MONITOR"]| append [smartscapeNodes "SYNTHETIC_LOCATION"]| append [smartscapeNodes "CREDENTIAL_VAULT_ENTRY"]
All relationships have the following fields:
typesource_idsource_typetarget_idtarget_typedt.system.edge_kind| Attribute | Type | Description | Examples |
|---|---|---|---|
| record | stableRelationship field that contains all | |
| record | stableRelationship field that contains all | |
| record | stableThis is similar to an aggregation in UML. It is a many-to-many relationship without existential properties (the destination is not composed of the sources). |
|
| record | stableDefines a "horizontal" relationship between two entities that "call" each other. The "calls" relation does not imply a parent/child or other strong structural relation but rather a dynamic communication association. Examples: Typical examples include services calling other services, but also services calling databases, queue brokers, or other infrastructure entities. | |
| record | stableRelationship field that contains all | |
| record | stableRelationship field that contains all | |
| record | experimentalDefines assignment relationship, where the source is assigned to the destination. Similar to |
|
| record | stableIs (typically) exclusively attached to the instance (1-many) |
|
| record | stableDefines if the instance is part of a cluster, similar to a composition in UML. The source (child) cannot exist without the destination (parent). |
|
| record | experimentalDefines monitoring relationship, where the source monitors the destination. Examples: A synthetic monitor monitors a frontend. A synthetic monitor or OneAgent monitors a host. |
|
| record | stableDefine network route to the instance Examples: EC2 route table routes to EC2 NAT Gateway EC2 VPC Peering Connection routes to VPC | |
| record | stableDefines a "vertical" relation of an entity running on some other entity. It does not imply any composition or aggregation but only a looser association between the entities. One entity can run on multiple other entities. Examples: Service running on a POD, a CONTAINER or a HOST. | |
| record | experimentalSimilar to |
|
| record | stableSimilar to |
|
| Attribute | Type | Description | Examples |
|---|---|---|---|
| record[] | experimentalNetwork interface configuration, including IP address and network prefix length |
|
| ipAddress[] | experimentalA collection of IP addresses that may be used to identify this entity. |
|
| string[] | experimentalA collection of MAC addresses that can be used to identify this entity. |
|
| long[] | experimentalA collection of layer 4 ports used to identify this entity. |
|