This is the new Smartscape model, containing model definitions for entities that are stored in Smartscape on Grail. All models, describing different entities are organized by domain in subfolders:
Get an overview of all Smartscape node types
smartscapeNodes "*"| summarize count(), by: type
Get an overview of all Smartscape edges
smartscapeEdges "*"| summarize count(), by:{ source_type, type, target_type }
Get all edges that start from hosts.
smartscapeEdges "*"| filter source_type == "HOST"| fields type, target_type| dedup type, target_type
Load all Smartscape nodes and traverse forward to all connected nodes.
smartscapeNodes "*"| traverse "*", "*"
Load all Kubernetes entities.
smartscapeNodes "K8S_*"| fieldsRemove k8s.object
Load all AWS entities.
smartscapeNodes "AWS_*"| fieldsRemove aws.object
All relationships have the following fields:
typesource_idsource_typetarget_idtarget_typedt.system.edge_kind| Attribute | Type | Description | Examples |
|---|---|---|---|
balanced_by | record | stable Relationship field that contains all balanced_by-relationships as nested fields.Opposite direction: balances | |
balances | record | stable Relationship field that contains all balances-relationships as nested fields.Opposite direction: balanced_by | |
belongs_to | record | stable This is similar to an aggregation in UML. It is a many-to-many relationship without existential properties (the destination is not composed of the sources). | SERVICE belongs_to K8S_CLUSTER; K8S_POD belongs_to K8S_NAMESPACE |
calls | record | stable Defines a "horizontal" relationship between two entities that "call" each other. The "calls" relation does not imply a parent/child or other strong structural relation but rather a dynamic communication association. Examples: Typical examples include services calling other services, but also services calling databases, queue brokers, or other infrastructure entities. | |
contains | record | stable Relationship field that contains all contains-relationships as nested fields.Opposite direction: belongs_to | |
instance_of | record | stable Relationship field that contains all instance_of-relationships as nested fields.Opposite direction: instantiates | |
is_attached_to | record | stable Is (typically) exclusively attached to the instance (1-many) | AWS_EBS_VOLUME is_attached_to AWS_EC2_INSTANCE; AZURE_NETWORK_INTERFACE is_attached_to AZURE_VIRTUAL_SUBNETWORK |
is_part_of | record | stable Defines if the instance is part of a cluster, similar to a composition in UML. The source (child) cannot exist without the destination (parent). | AWS_EC2_INSTANCE is_part_of AWS_AUTOSCALING_GROUP; K8S_POD is_part_of K8S_DEPLOYMENT |
routes_to | record | stable Define network route to the instance Examples: EC2 route table routes to EC2 NAT Gateway EC2 VPC Peering Connection routes to VPC | |
runs_on | record | stable Defines a "vertical" relation of an entity running on some other entity. It does not imply any composition or aggregation but only a looser association between the entities. One entity can run on multiple other entities. Examples: Service running on a POD, a CONTAINER or a HOST. | |
uses | record | stable Similar to is_attached_to but in the opposite direction. Examples: EC2 Instance uses DHCP options, Auto Scaling Group uses EC2 Launch Template | K8S_POD uses K8S_CONFIGMAP |
| Attribute | Type | Description | Examples |
|---|---|---|---|
ip | ipAddress[] | experimental A collection of IP addresses that may be used to identify this entity. | ['192.168.0.1', '10.10.10.10']; ['10.10.10.10']; ['2001:0000:130F:0000:0000:09C0:876A:130B'] |
mac | string[] | experimental A collection of MAC addresses that can be used to identify this entity. | ['4C:03:4F:5B:E8:89'] |
port | long[] | experimental A collection of layer 4 ports used to identify this entity. | [50000, 50001, 50002, 50003] |