Arkime Parliament

Parliament contains a grouped list of your Arkime clusters with links, ES health, and issues for each. You can use Parliament as a landing page for all of your Arkime clusters and as a status page to monitor the health of your clusters.

As of v5 of Arkime, Parliament requires a configuration file. See Parliament Settings for details.

View the Parliament README on GitHub!

Did you know that a Parliament is a group of owls?


Parliament Dashboad

The Parliament Dashboad displays a grouped list of your configured Arkime Clusters. Here you can navigate to any cluster and view stats and health.

Parliament Dashboard screenshot
  Search

Search for clusters in your Parliament by their name.

  Acknowledge Issues

Acknowledge issues in your clusters by clicking the check box. You can acknowledge them one at a time or all in each cluster. Acknowledged issues will not show up on the dashboard, but will remain on the issues page.
Note: only logged in users can acknowledge issues.

  Ignore Issues

Ignore issues in your cluster for a certain amount of time by clicking the eye dropdown. Ignored issues will not send alerts until the ignore time has expired and the issue still persists. You can unignore them on the Issues page.
Note: only logged in users can ignore issues.

  Navigate to a Cluster

You can click the cluster's name to navigate to the Arkime sessions page of that cluster. You can also navigate to the Arkime main stats page by clicking the bar graph icon and the ES Nodes stats page by clicing on the ES status indicator.


Configure Parliament

When logged in, you can create, update, and delete Parliament groups and clusters.

Configure Parliament screenshot
  Toggle Edit

To edit your Parliament, click the toggle button at the top right.

  New Groups and Clusters

Create new groups to organize your clusters. Add clusters to groups at any time.

  Delete Groups and Clusters

Delete groups and clusters as you remove Arkime clusters.

  Edit Groups and Clusters

Edit groups and clusters as your Parliament changes.

  Reorder

Drag and drop groups and clusters where you want them.


Parliament Issues

You can view and interact with all of the issues that the clusters in your Parliament are experiencing.

Parliament Issues screenshot
  Search Issues

Search for issues within your Parliament by name cluster name, node name, and issue type.

  Filter Issues

Use the filter dropdown to filter out issues you don't want to view.

  Sort Issues

Sort the issues by field to display the issues relevant to you.

  Acknowledge Issues

Acknowledge issues in your clusters by clicking the check box. Acknowledged issues will remain on the issues page (grayed out) but will not be visible on the Parliament dashboad. Acknowledged issues will be removed after 15 minutes (or your configured setting) or can be removed at any time via the trashcan button.
Note: only logged in users can acknowledge issues.

  Ignore Issues

Ignore issues in your cluster for a certain amount of time by clicking the eye dropdown. Ignored issues will remain on the issues page (grayed out) but will not be visible on the parliament dashboad. Ignored issues will not send alerts until the ignore time has expired and the issue still persists. You can unignore issues here as well to begin receiving alerts again.
Note: only logged in users can ignore issues.


Parliament Settings

When logged in, you can configure the alert thresholds, password, and notifiers (services that send alerts).

Parliament Settings screenshot
  General Settings

  • The capture nodes must check in this often setting controls how behind a node's cluster's timestamp can be from the current time. If the timestamp exceeds this time setting, an Out Of Date issue is added to the cluster. The default for this setting is 30 seconds.
  • The OpenSearch/Elasticsearch query timeout setting controls the maximum OpenSearch/Elasticsearch status query duration. If the query exceeds this time setting, an ES Down issue is added to the cluster. The default for this setting is 5 seconds.
  • The Low Packets Threshold setting controls the minimum number of packets that the capture nodes must receive. If a capture node is not receiving enough packets, a Low Packets issue is added to the cluster. You can set this value to -1 to ignore this issue altogether. This setting also includes a time range for how long this problem must persist before adding an issue to the cluster. The default for this setting is 0 packets for 10 seconds.
  • The remove all issues after setting controls when an issue is removed if it has not occurred again. The issue is removed from the cluster after this time expires as long as the issue has not occurred again. The default for this setting is 60 minutes.
  • The remove acknowledged issues after setting controls when an acknowledged issue is removed. The issue is removed from the cluster after this time expires (so you don't have to remove issues manually with the trashcan button on the issues page). The default for this setting is 15 minutes.

  Password (deprecated in v4, removed in v5)

These passwords are being deprecated, please use the Auth section to configure access to your Parliament.
You can configure a new password, or update your current password. Note: Parliament is readonly if there is no password set.

  Auth (removed in v5)*

Auth uses the the Arkime User's database for Parliament access.

  • All Arkime users can view the Parliament (like dashboard only mode).
  • Users with the "parliamentUser" role can ack, ignore, and delete issues within the Parliament.
  • Users with the "parliamentAdmin" role can do everything a "parliamentUser" can, plus they can configure the Parliament by adding/removing/updating groups/clusters and manage the Parliament settings.

* You must configure this in v4 or add these settings to the Parliament config manually (see Parliament ini settings).

  Notifiers

Configure services to send alerts here. Currently, you can configure Slack, Email, and Twilio (SMS) alerts. You can select which type of alerts each notifer alerts on. Update, delete, or test an alert at any time.
Note: If you configure a Parliament hostname and enable Parliament dashboard links, every alert will contain a link to the Parliament Dashbaord


Want to contribute to Parliament? Found an issue?

  Parliament is open source. Please contribute!  

Arkime Logo