Arkime Parliament

Parliament contains a grouped list of your Arkime clusters with links, Elasticsearch/OpenSearch health, and issues for each. You can use Parliament as a landing page for all of your Arkime clusters and as a status page to monitor the health of your clusters.

As of v5 of Arkime, Parliament requires a configuration file. See Parliament Settings for details.

View the Parliament README on GitHub!

Did you know that a Parliament is a group of owls?

Parliament Dashboard

The Parliament Dashboard displays a grouped list of your configured Arkime Clusters. Here you can navigate to any cluster and view stats and health.

Parliament Dashboard screenshot
  Search

Search for clusters in your Parliament by their name.

  Acknowledge Issues

Acknowledge issues in your clusters by clicking the check box. You can acknowledge them one at a time or all in each cluster. Acknowledged issues will not show up on the dashboard, but will remain on the issues page.
Note: only logged in users can acknowledge issues.

  Ignore Issues

Ignore issues in your cluster for a certain amount of time by clicking the eye dropdown. Ignored issues will not send alerts until the ignore time has expired and the issue still persists. You can un-ignore them on the Issues page.
Note: only logged in users can ignore issues.

  Navigate to a Cluster

You can click the cluster's name to navigate to the Arkime sessions page of that cluster. You can also navigate to the Arkime main stats page by clicking the bar graph icon and the Elasticsearch/OpenSearch Nodes stats page by clicking on the Elasticsearch/OpenSearch status indicator.

Configure Parliament

When logged in, you can create, update, and delete Parliament groups and clusters.

Configure Parliament screenshot
  Toggle Edit

To edit your Parliament, click the toggle button at the top right.

  New Groups and Clusters

Create new groups to organize your clusters. Add clusters to groups at any time.

  Delete Groups and Clusters

Delete groups and clusters as you remove Arkime clusters.

  Edit Groups and Clusters

Edit groups and clusters as your Parliament changes.

  Reorder

Drag and drop groups and clusters where you want them.

Parliament Issues

You can view and interact with all of the issues that the clusters in your Parliament are experiencing.

Parliament Issues screenshot
  Search Issues

Search for issues within your Parliament by name cluster name, node name, and issue type.

  Filter Issues

Use the filter dropdown to filter out issues you don't want to view.

  Sort Issues

Sort the issues by field to display the issues relevant to you.

  Acknowledge Issues

Acknowledge issues in your clusters by clicking the check box. Acknowledged issues will remain on the issues page (grayed out) but will not be visible on the Parliament dashboard. Acknowledged issues will be removed after 15 minutes (or your configured setting) or can be removed at any time via the trashcan button.
Note: only logged in users can acknowledge issues.

  Ignore Issues

Ignore issues in your cluster for a certain amount of time by clicking the eye dropdown. Ignored issues will remain on the issues page (grayed out) but will not be visible on the parliament dashboard. Ignored issues will not send alerts until the ignore time has expired and the issue still persists. You can un-ignore issues here as well to begin receiving alerts again.
Note: only logged in users can ignore issues.

Parliament Settings

When logged in, you can configure the alert thresholds, password, and notifiers (services that send alerts).

Parliament Settings screenshot
  General Settings

  • The capture nodes must check in this often setting controls how behind a node's cluster's timestamp can be from the current time. If the timestamp exceeds this time setting, an Out Of Date issue is added to the cluster. The default for this setting is 30 seconds.
  • The OpenSearch/Elasticsearch query timeout setting controls the maximum OpenSearch/Elasticsearch status query duration. If the query exceeds this time setting, an Elasticsearch/OpenSearch Down issue is added to the cluster. The default for this setting is 5 seconds.
  • The Low Packets Threshold setting controls the minimum number of packets that the capture nodes must receive. If a capture node is not receiving enough packets, a Low Packets issue is added to the cluster. You can set this value to -1 to ignore this issue altogether. This setting also includes a time range for how long this problem must persist before adding an issue to the cluster. The default for this setting is 0 packets for 10 seconds.
  • The remove all issues after setting controls when an issue is removed if it has not occurred again. The issue is removed from the cluster after this time expires as long as the issue has not occurred again. The default for this setting is 60 minutes.
  • The remove acknowledged issues after setting controls when an acknowledged issue is removed. The issue is removed from the cluster after this time expires (so you don't have to remove issues manually with the trashcan button on the issues page). The default for this setting is 15 minutes.

  Notifiers

Configure services to send alerts here. Currently, you can configure Slack, Email, and Twilio (SMS) alerts. You can select which type of alerts each notifier alerts on. Update, delete, or test an alert at any time.
Note: If you configure a Parliament hostname and enable Parliament dashboard links, every alert will contain a link to the Parliament Dashboard

Parliament Users

You can configure users and roles for access to Parliament, Arkime, Cont3xt, and WISE here.

Parliament Users screenshot
  Users

New to v5!
This is the same page that is available within both Arkime and Cont3xt.
Here, you can create, update, and delete users and roles.

Want to contribute to Parliament? Found an issue?

  Parliament is open source. Please contribute!  

Arkime Logo