Comprehensive guide to using the pre-built Grafana dashboards for tactical drone surveillance operations.
- Quick Start
- Dashboard Overview
- Dashboard 1: Tactical Overview
- Dashboard 2: Pattern Analysis
- Dashboard 3: Multi-Kit Correlation
- Dashboard 4: Anomaly Detection
- Common Features
- Filters and Variables
- Alerts and Notifications
- Troubleshooting
- Advanced Usage
URL: http://localhost:3000 (or your server IP)
Default Credentials:
- Username:
admin - Password: Set in
.envfile asGRAFANA_PASSWORD
First Login:
- Navigate to http://localhost:3000
- Login with admin credentials
- You'll see 4 pre-installed dashboards in the "WarDragon Analytics" folder
- Click Dashboards (menu icon) on left sidebar
- Navigate to WarDragon Analytics folder
- Select a dashboard:
- Tactical Overview - Real-time operations dashboard
- Pattern Analysis - Surveillance and behavior patterns
- Multi-Kit Correlation - Multi-kit detection analysis
- Anomaly Detection - Unusual behavior alerts
WarDragon Analytics includes 4 purpose-built Grafana dashboards for tactical drone surveillance.
| Dashboard | Purpose | Best For | Refresh Rate |
|---|---|---|---|
| Tactical Overview | Real-time situational awareness | Live operations, command centers | 5 seconds |
| Pattern Analysis | Surveillance pattern detection | Intelligence analysis, investigations | 30 seconds |
| Multi-Kit Correlation | Triangulation and coverage | Multi-kit deployments, signal analysis | 30 seconds |
| Anomaly Detection | Threat identification | Security operations, airspace monitoring | 30 seconds |
All dashboards use the TimescaleDB datasource, auto-provisioned during deployment.
Connection Details:
- Name:
TimescaleDB - Type: PostgreSQL
- Host:
timescaledb:5432 - Database:
wardragon - User:
wardragon
Purpose: Real-time operational awareness for command and control.
Use Case: Monitor active drone activity, kit health, and immediate threats during live operations.
Type: Stat panel
What it shows: Count of unique drones detected in the last 5 minutes
Interpretation:
- 0-5 drones: Normal baseline
- 5-10 drones: Elevated activity
- 10+ drones: High activity or event
Color Coding:
- Green: 0-5 drones
- Yellow: 6-10 drones
- Red: 11+ drones
Type: Stat panel
What it shows: Count of anomalies in the last hour (altitude >400m, speed >30 m/s, night flights)
Interpretation:
- 0 alerts: Normal operations
- 1-3 alerts: Monitor situation
- 4+ alerts: Investigate immediately
Color Coding:
- Green: 0 alerts
- Yellow: 1-3 alerts
- Red: 4+ alerts
Type: Table panel
Columns:
- Kit ID
- Name
- Location
- Status (online/stale/offline)
- Last Seen (seconds ago)
- Drones (5m) - Drone count in last 5 minutes
Status Meanings:
- Online (green): Last seen < 1 minute ago
- Stale (yellow): Last seen 1-5 minutes ago
- Offline (red): Last seen > 5 minutes ago
Actions:
- Check connectivity if offline
- Verify DragonSync API if stale
- Monitor deployment status
Type: Time series graph
What it shows: Number of unique drones over time, grouped by kit (5-minute buckets)
Interpretation:
- Spikes indicate burst activity
- Flat lines indicate steady surveillance
- Gaps indicate no detections
Use Cases:
- Identify peak activity times
- Correlate events with timestamps
- Assess kit detection patterns
Type: Bar chart
What it shows: Most detected drone manufacturers in current time range
Interpretation:
- DJI dominance: Consumer/prosumer drones
- Autel presence: Professional operators
- Unknown/Other: Possible custom builds or spoofed IDs
Use Cases:
- Threat profiling
- Operator sophistication assessment
- Equipment trends
Scenario 1: Live Event Monitoring
- Set time range to "Last 5 minutes"
- Enable auto-refresh (5 seconds)
- Monitor Active Drones stat
- Watch Kit Status Grid for offline kits
- Check Drone Count Timeline for activity spikes
Scenario 2: Post-Event Analysis
- Set time range to event duration (custom range)
- Review Drone Count Timeline for patterns
- Check Top RID Makes for threat profile
- Export data if needed (Grafana export feature)
Purpose: Detect surveillance patterns, operator reuse, and coordinated activity.
Use Case: Intelligence gathering, investigation support, threat hunting.
Type: Table panel
What it shows: Drones detected multiple times in the time range
Columns:
- Drone ID
- Appearances (count of 5-minute buckets)
- First Seen
- Last Seen
- Duration (minutes)
- Kits (which kits detected it)
- Make
Interpretation:
- 2-3 appearances: Possible return trip
- 4-10 appearances: Surveillance pattern
- 10+ appearances: Persistent surveillance or training
Red Flags:
- Same drone, different times of day
- Same drone over multiple days
- Multiple kits detecting same ID
Actions:
- Flag for watchlist
- Correlate with pilot reuse
- Export for investigation
Type: Table panel
What it shows: Operators controlling multiple different drones
Columns:
- Operator/Location (ID or coordinates)
- Detection Method (operator_id or proximity)
- Drones (count)
- Drone IDs (list)
- First Seen
- Last Seen
Detection Methods:
- operator_id: Exact match on Remote ID operator field
- proximity: Pilots within 50m with different drones
Interpretation:
- 2-3 drones: Hobbyist with multiple aircraft
- 4-6 drones: Professional operator or commercial use
- 7+ drones: Fleet operator, training, or coordinated operation
Red Flags:
- Rapid drone swaps (< 1 hour between different drones)
- Same operator, different locations
- Professional-grade equipment (Matrice, Autel EVO)
Type: Table panel
What it shows: Groups of drones flying together (within same 5-minute window)
Columns:
- Group ID
- Group Size (number of drones)
- Drone IDs
- Detected By (kits)
- Start Time
- End Time
Interpretation:
- 2 drones: Possible coincidence or paired operation
- 3-4 drones: Coordinated activity (photography, surveying)
- 5+ drones: Swarm operation or training exercise
Red Flags:
- Military-style formations
- Synchronized timing
- Uniform equipment (all same make/model)
Type: Geomap panel
What it shows: Drone tracks plotted on map with track type color coding
Map Features:
- Blue markers: Normal drones
- Red markers: Anomalies
- Lines: Flight paths (if available)
- Clusters: Coordinated activity
Use Cases:
- Visualize surveillance routes
- Identify perimeter monitoring
- Detect grid search patterns
Type: Table panel
What it shows: Most used FPV frequencies and signal types
Columns:
- Frequency (MHz)
- Type (analog_fpv, dji_fpv, etc.)
- Detections (count)
- Kits (how many kits detected)
Interpretation:
- 5800-5900 MHz: Analog FPV video
- 5725-5850 MHz: Racing drones, custom builds
- 2400 MHz: WiFi, DJI OcuSync, RC control
Red Flags:
- Non-standard frequencies
- Military bands
- Encrypted signals
Scenario 1: Surveillance Investigation
- Set time range to 24 hours (or investigation period)
- Check Repeated Drone IDs table
- Export drone IDs with 3+ appearances
- Cross-reference with Operator Reuse Detection
- Plot on Flight Pattern Map
- Build timeline of activity
Scenario 2: Swarm Detection
- Monitor Coordinated Activity Detection
- Filter for groups of 3+ drones
- Check Flight Pattern Map for formation
- Review Frequency Reuse for coordination channel
- Alert security if military-style swarm detected
Purpose: Triangulation analysis and multi-kit detection correlation.
Use Case: Precision tracking, signal strength analysis, coverage optimization.
Type: Table panel
What it shows: Drones detected by 2+ kits simultaneously
Columns:
- Drone ID
- Kits (count)
- Kit IDs
- RSSI Comparison (kit:rssi pairs)
- RSSI Spread (dBm difference)
- Avg Lat/Lon (centroid)
- Time Window
- Make
Interpretation:
- 2 kits: Basic correlation, rough location estimate
- 3 kits: Triangulation possible, precise location
- 4+ kits: High-precision tracking
Triangulation Quality:
- RSSI Spread < 10 dBm: Drone equidistant from kits
- RSSI Spread 10-30 dBm: Good triangulation geometry
- RSSI Spread > 30 dBm: Drone much closer to one kit
Use Cases:
- Calculate precise drone position from RSSI
- Verify Remote ID location accuracy
- Detect spoofed locations
Type: Geomap panel
What it shows: Kit positions with detection counts
Map Features:
- Kit markers sized by detection count
- Coverage circles (approximate range)
- Overlap zones highlighted
Interpretation:
- Large overlaps: Good for triangulation
- Gaps: Coverage holes
- Asymmetric: Obstructions or antenna issues
Use Cases:
- Optimize kit placement
- Identify coverage gaps
- Plan additional kit deployments
Type: Time series graph
What it shows: RSSI over time for drones detected by multiple kits
Interpretation:
- Rising RSSI on Kit A, Falling on Kit B: Drone moving toward Kit A
- Crossover points: Drone passing midpoint between kits
- Sudden drops: Line-of-sight obstruction
Use Cases:
- Track drone movement
- Identify flight corridors
- Detect pattern of life
Type: Heatmap panel
What it shows: Grid-based detection density (0.01° lat/lon squares)
Interpretation:
- Hot spots: High-traffic areas
- Cold zones: Low activity or coverage gaps
- Corridors: Flight paths
Use Cases:
- Identify surveillance targets (hot spots)
- Optimize sensor placement
- Plan countermeasures
Scenario 1: Precision Tracking
- Monitor Multi-Kit Detections table
- Filter for triangulation_possible = true (3+ kits)
- Note RSSI values from each kit
- Calculate position using trilateration
- Compare with Remote ID broadcast location
- Flag discrepancies > 50m
Scenario 2: Coverage Optimization
- Review Kit Coverage Overlap Map
- Identify coverage gaps
- Check Detection Density Heatmap for activity
- Plan additional kit deployment to fill gaps
- Test with temporary kit placement
Purpose: Identify dangerous, unusual, or illegal drone behavior.
Use Case: Airspace security, threat detection, regulatory compliance monitoring.
Type: Time series graph with thresholds
What it shows: Drone altitude over time with FAA/regulatory limits
Threshold Lines:
- 400m (red line): FAA recreational limit (USA)
- 120m (yellow line): Typical commercial limit
- 500m (critical line): Extreme altitude
Interpretation:
- Below 120m: Normal operations
- 120-400m: Commercial or professional (requires authorization)
- Above 400m: Recreational limit violation
- Above 500m: Extreme violation or manned aircraft
Actions:
- Log violations
- Alert authorities if persistent
- Track operator for enforcement
Type: Time series graph with thresholds
What it shows: Drone ground speed over time
Threshold Lines:
- 30 m/s (yellow): Fast for consumer drones (~108 km/h)
- 40 m/s (orange): Very fast, likely racing drone (~144 km/h)
- 50 m/s (red): Extreme speed, possible aircraft (~180 km/h)
Interpretation:
- 0-15 m/s: Normal consumer drone (Mavic, Mini)
- 15-30 m/s: Fast drone (FPV, racing)
- 30-50 m/s: Racing drone or professional FPV
- > 50 m/s: Possible manned aircraft or misidentified
Red Flags:
- Sudden acceleration
- Speeds inconsistent with drone type (Mavic at 40 m/s = spoofed ID)
Type: Table panel
What it shows: Comprehensive anomaly summary
Columns:
- Drone ID
- Make / Model
- Anomaly Count (total violations)
- Altitude Issues
- Speed Issues
- Timing Issues (night flights: 22:00-05:00)
- Max Alt (m)
- Max Speed (m/s)
- First Seen / Last Seen
- Kits
Anomaly Categories:
-
Altitude Issues:
- "Excessive Altitude (>400m)"
- "High Altitude (>120m)"
-
Speed Issues:
- "Very High Speed (>30 m/s)"
- "High Speed (>20 m/s)"
-
Timing Issues:
- "Night Flight" (22:00-05:00 local time)
Interpretation:
- 1-2 anomalies: Possible violation or operator error
- 3-5 anomalies: Pattern of violations
- 6+ anomalies: Professional operator or intentional violations
Priority Actions:
- Critical: Altitude >500m or Speed >50 m/s
- High: Multiple simultaneous violations
- Medium: Single violation, first offense
Type: Time series graph
What it shows: RSSI over time for detected drones
Interpretation:
- RSSI > -50 dBm: Very close (< 100m)
- RSSI -50 to -70 dBm: Close (100-500m)
- RSSI -70 to -90 dBm: Medium range (500m-2km)
- RSSI < -90 dBm: Long range (> 2km) or weak signal
Anomalies:
- Sudden RSSI drops: Obstruction or antenna failure
- RSSI spikes: Drone very close to kit
- Fluctuating RSSI: Multipath interference
Type: Time series graph
What it shows: Rate of altitude change (m/s)
Interpretation:
- +5 to +10 m/s: Normal climb
- +10 to +20 m/s: Fast climb (racing, aggressive)
- > +20 m/s: Extreme climb
- -10 to -20 m/s: Fast descent
- < -20 m/s: Emergency descent or crash
Red Flags:
- Sustained high climb rates (> 15 m/s for > 10 seconds)
- Rapid descent followed by stop (possible crash)
- Oscillating altitude (unstable flight)
Scenario 1: Airspace Violation Response
- Monitor Out-of-Pattern Behavior Detection
- Filter for altitude >400m
- Note Drone ID, Make, Timestamp
- Check if persistent (multiple detections)
- Log violation
- Contact authorities if warranted
Scenario 2: Threat Assessment
- Check all anomaly panels
- Identify drones with multiple violations
- Cross-reference with Pattern Analysis (repeated?)
- Assess intent (commercial, hobbyist, malicious)
- Escalate if threat indicators present:
- Night operations
- Altitude violations
- Speed inconsistent with type
- Repeated surveillance pattern
All dashboards support flexible time ranges:
Quick Ranges:
- Last 5 minutes (live ops)
- Last 15 minutes
- Last 30 minutes
- Last 1 hour
- Last 3 hours
- Last 6 hours
- Last 12 hours
- Last 24 hours
- Last 7 days
Custom Range:
- Click time range selector (top right)
- Choose "Absolute time range"
- Select start and end times
Best Practices:
- Live ops: 5-15 minutes with 5-second refresh
- Shift analysis: 6-12 hours
- Investigation: Custom range for incident window
- Trend analysis: 7 days
Enable automatic dashboard refresh for live monitoring:
- Click refresh icon (top right)
- Select interval:
- 5s (live ops, high activity)
- 10s (live ops, moderate activity)
- 30s (monitoring)
- 1m (background monitoring)
- 5m (low-priority monitoring)
Recommendations:
- Tactical Overview: 5-10 seconds
- Pattern Analysis: 30 seconds to 1 minute
- Multi-Kit Correlation: 30 seconds
- Anomaly Detection: 30 seconds
Export data from any panel:
- Click panel title
- Select "Inspect" → "Data"
- Click "Download CSV" or "Download Excel"
Use Cases:
- Offline analysis
- Evidence collection
- Report generation
- Backup/archival
Share dashboard snapshots or links:
- Click share icon (top right)
- Options:
- Link: Share URL with current time range and filters
- Snapshot: Create public snapshot (careful with sensitive data!)
- Export JSON: Download dashboard definition
All dashboards include a $kit_filter variable to filter by kit.
Location: Top of dashboard
Options:
- "All" - Show data from all kits (default)
- Individual kit IDs (kit-alpha, kit-bravo, etc.)
Use Cases:
- Focus on single kit for troubleshooting
- Compare specific kit performance
- Isolate coverage area
How to Use:
- Click
kit_filterdropdown (top of dashboard) - Select kit or "All"
- Dashboard updates automatically
Some dashboards support custom time variables for panel-specific ranges.
Use Cases:
- Compare different time windows on same dashboard
- Zoom into specific incident while keeping overview
Set up alerts for critical conditions:
- Navigate to Alerting → Alert rules
- Click New alert rule
- Configure:
- Query: Select metric (e.g., drone count > 10)
- Condition: Define threshold
- Evaluation: How often to check
- Notification: Email, webhook, Slack, etc.
1. Kit Offline Alert
- Condition: Kit status = "offline" for > 5 minutes
- Action: Notify operations team
- Priority: High
2. Altitude Violation Alert
- Condition: Drone altitude > 400m
- Action: Log violation, notify security
- Priority: Medium
3. Swarm Detection Alert
- Condition: Coordinated group size ≥ 5 drones
- Action: Immediate notification
- Priority: Critical
4. Repeated Surveillance Alert
- Condition: Same drone detected 5+ times in 24 hours
- Action: Add to watchlist, notify intelligence
- Priority: Medium
Symptoms: Blank dashboard, "No data" message
Causes & Solutions:
-
Database not connected:
- Check:
docker ps- iswardragon-timescaledbrunning? - Fix:
docker restart wardragon-timescaledb
- Check:
-
No data in time range:
- Check: Expand time range to 24 hours or 7 days
- Verify: DragonSync kits are sending data
-
Datasource misconfigured:
- Check: Grafana → Configuration → Data Sources → TimescaleDB
- Verify: Host =
timescaledb, Port =5432, Database =wardragon
Symptoms: Red error boxes, "Query error" messages
Common Errors:
-
"relation does not exist"
- Cause: Database views not created
- Fix: Apply
timescaledb/02-pattern-views.sql(see deployment.md)
-
"column does not exist"
- Cause: Schema mismatch
- Fix: Verify database schema with
\d dronesin psql
-
"syntax error"
- Cause: SQL query issue
- Fix: Check Grafana query editor, review dashboard-queries.md
Symptoms: Long load times, timeouts
Solutions:
-
Reduce time range:
- Use smaller windows (1 hour instead of 7 days)
-
Check database performance:
docker exec wardragon-timescaledb psql -U wardragon -d wardragon -c "SELECT * FROM pg_stat_activity;"
-
Verify indexes:
docker exec wardragon-timescaledb psql -U wardragon -d wardragon -c "\di"
-
Check Docker resources:
- Increase memory allocation for TimescaleDB container (see docs/development/DOCKER_SETUP.md)
Symptoms: Dashboards missing from Grafana
Causes & Solutions:
-
Provisioning issue:
- Check:
grafana/dashboards/dashboard-provider.yamlexists - Check: Dashboard JSON files in
grafana/dashboards-json/ - Fix: Restart Grafana:
docker restart wardragon-grafana
- Check:
-
Permissions issue:
- Check: File permissions on
grafana/dashboards-json/*.json - Fix:
chmod 644 grafana/dashboards-json/*.json
- Check: File permissions on
-
Grafana reset:
- Cause: Grafana volume deleted
- Fix: Dashboards will auto-provision on next startup
Build your own dashboards for specific use cases:
- Navigate to Dashboards → New Dashboard
- Add panel → Select visualization
- Configure query using TimescaleDB datasource
- Use queries from dashboard-queries.md as templates
- Save dashboard
Example: Custom Watchlist Dashboard
SELECT time, drone_id, lat, lon, alt, speed, kit_id
FROM drones
WHERE time >= NOW() - INTERVAL '24 hours'
AND drone_id IN ('DJI-WATCHLIST1', 'DJI-WATCHLIST2')
ORDER BY time DESC;Modify existing panels:
- Click panel title → Edit
- Modify query, visualization, or settings
- Save dashboard (requires permissions)
Recommended Customizations:
- Adjust threshold lines for local regulations
- Add specific watchlist drones to queries
- Change color schemes for team preferences
- Add annotations for notable events
Embed dashboards in external applications:
-
Enable anonymous access (development only!):
- Edit
grafana/grafana.ini - Set
[auth.anonymous] enabled = true
- Edit
-
Get panel embed URL:
- Click panel → Share → Embed
- Copy iframe code
Security Warning: Do not enable anonymous access in production without proper network isolation!
Create dynamic dashboards with variables:
Example: Multi-Kit Comparison
- Dashboard Settings → Variables → Add variable
- Name:
kit_a, Type: Query - Query:
SELECT DISTINCT kit_id FROM kits - Repeat for
kit_b - Use in panel queries:
WHERE kit_id IN ('$kit_a', '$kit_b')
-
Use multiple monitors:
- Monitor 1: Tactical Overview (live)
- Monitor 2: Pattern Analysis or Anomaly Detection
- Monitor 3: Web UI map (http://localhost:8090)
-
Set appropriate refresh rates:
- Live ops: 5-10 seconds
- Background monitoring: 30-60 seconds
- Investigation: Disable auto-refresh
-
Document incidents:
- Export CSV for evidence
- Take dashboard screenshots
- Note exact time ranges
- Limit time ranges to what you need
- Disable unused panels (edit dashboard, delete panel)
- Use kit filter to reduce data volume
- Schedule maintenance during low-activity periods
- Change default password immediately
- Use HTTPS in production (reverse proxy)
- Restrict network access to trusted users
- Enable authentication for all users
- Audit access logs regularly
- Tactical Overview:
http://localhost:3000/d/tactical-overview - Pattern Analysis:
http://localhost:3000/d/pattern-analysis - Multi-Kit Correlation:
http://localhost:3000/d/multi-kit-correlation - Anomaly Detection:
http://localhost:3000/d/anomaly-detection
Ctrl + S(Windows/Linux) orCmd + S(Mac): Save dashboardd + k: Toggle kiosk mode (fullscreen)Ctrl + H(Windows/Linux) orCmd + H(Mac): Toggle row collapseEsc: Exit panel edit mode
| Metric | Normal | Elevated | Critical |
|---|---|---|---|
| Drone altitude | < 120m | 120-400m | > 400m |
| Drone speed | < 20 m/s | 20-30 m/s | > 30 m/s |
| Active drones | 0-5 | 6-10 | 11+ |
| Kit offline time | < 1 min | 1-5 min | > 5 min |
| Coordinated group | 1 drone | 2-4 drones | 5+ drones |
- Deployment Issues: See deployment.md
- Query Reference: See dashboard-queries.md
- API Documentation: See api-reference.md
- Troubleshooting: See troubleshooting.md
- Operator Workflows: See operator-guide.md
Last Updated: 2026-01-20 Grafana Version: Latest (auto-updated via Docker) WarDragon Analytics - Multi-kit drone surveillance platform