Skip to content
Snippets Groups Projects
Commit e995c3aa authored by Arne Øslebø's avatar Arne Øslebø
Browse files

reenable support for adding observables from widget

parent 13cce184
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/odfekibana/templates/kibana_graphs.ndjson.j2
+ 1
1
View file @ e995c3aa
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top dst IP","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Suricata alerts - top ip_dst_addr \",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"cardinality\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"alert.signature_id\",\n \"customLabel\": \"Unique\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 10,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Dst IP\"\n }\n }\n ]\n}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:07:04.193Z","version":"WzY2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Suricata alerts - top dst IP","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Suricata alerts - top ip_dst_addr \",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"cardinality\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"alert.signature_id\",\n \"customLabel\": \"Unique\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 10,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Dst IP\"\n }\n }\n ]\n}"},"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:07:04.193Z","version":"WzY2LDFd"}
{"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"destination.ip_misp>0\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-02-10T09:09:17.354Z","version":"WzcwLDFd"} {"attributes":{"columns":["ip_dst_addr_misp","ip_dst_addr","alert.signature","ip_dst_addr_misp_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"destination.ip_misp>0\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["timestamp","desc"]],"title":"Suricata Alerts Misp","version":1},"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"search":"7.4.0"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-02-10T09:09:17.354Z","version":"WzcwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Dst IP in misp\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"count\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 5,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Signature\"\n }\n }\n ]\n}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:08:15.862Z","version":"WzY4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Dst IP in misp","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Dst IP in misp\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\",\n \"dimensions\": {\n \"metrics\": [\n {\n \"accessor\": 1,\n \"format\": {\n \"id\": \"number\"\n },\n \"params\": {},\n \"aggType\": \"count\"\n }\n ],\n \"buckets\": [\n {\n \"accessor\": 0,\n \"format\": {\n \"id\": \"terms\",\n \"params\": {\n \"id\": \"string\",\n \"otherBucketLabel\": \"Other\",\n \"missingBucketLabel\": \"Missing\"\n }\n },\n \"params\": {},\n \"aggType\": \"terms\"\n }\n ]\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"destination.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 5,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Signature\"\n }\n }\n ]\n}"},"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"42ad6a30-15b0-11ea-841d-a1505e4ae442","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-02-10T09:08:15.862Z","version":"WzY4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\n \"title\": \"Suricata alerts - the Hive\",\n \"type\": \"thehive_button\",\n \"params\": {\n \"url\": \"https://{{soctoolsproxy}}:9000\",\n \"apikey\": \"{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\",\n \"owner\": \"{{THEHIVE_KIBANA_USER.username}}\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"source.ip.keyword\",\n \"order\": \"desc\",\n \"size\": 20,\n \"orderBy\": \"1\",\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\"\n }\n }\n ]\n}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T09:10:21.209Z","version":"WzcyLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata alerts - the Hive","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata alerts - the Hive\",\"type\":\"thehive_button\",\"params\":{\"url\":\"https://{{soctoolsproxy}}:9000\",\"apikey\":\"{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}\",\"owner\":\"{{THEHIVE_KIBANA_USER.username}}\",\"obsFields\":[{\"cnt\":100,\"name\":\"source.ip.keyword\",\"type\":\"ip\"},{\"cnt\":100,\"name\":\"destination.ip.keyword\",\"type\":\"ip\"},{\"cnt\":100,\"name\":\"host.keyword\",\"type\":\"fqdn\"},{\"cnt\":100,\"name\":\"host_domain.keyword\",\"type\":\"domain\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source.ip.keyword\",\"order\":\"desc\",\"size\":20,\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"48992900-62d3-11ea-aaa3-bb2f31340783","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"e81e23f0-0b75-11ea-bc07-2bc38b4c4b9b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-12-20T14:01:02.393Z","version":"WzI5LDRd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE4LDFd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":7,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":14,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":15,\"h\":9,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":15,\"y\":7,\"w\":9,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.4.2\",\"gridData\":{\"x\":39,\"y\":7,\"w\":9,\"h\":4,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Suricata Alerts","version":1},"id":"368ddb80-0b7f-11ea-bc07-2bc38b4c4b9b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"71a37750-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_0","type":"visualization"},{"id":"35141420-0b7c-11ea-bc07-2bc38b4c4b9b","name":"panel_1","type":"search"},{"id":"d7d96e70-0b7d-11ea-bc07-2bc38b4c4b9b","name":"panel_2","type":"visualization"},{"id":"eb41e310-0b7e-11ea-bc07-2bc38b4c4b9b","name":"panel_3","type":"visualization"},{"id":"9676d8e0-15b0-11ea-841d-a1505e4ae442","name":"panel_4","type":"visualization"},{"id":"48992900-62d3-11ea-aaa3-bb2f31340783","name":"panel_5","type":"visualization"}],"type":"dashboard","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE4LDFd"}
{"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE5LDFd"} {"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"class\",\"subType\":\"multi\"},{\"name\":\"level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"level\",\"subType\":\"multi\"},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"message\",\"subType\":\"multi\"},{\"name\":\"source_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_file\",\"subType\":\"multi\"},{\"name\":\"source_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"source_host\",\"subType\":\"multi\"},{\"name\":\"stackTrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"stackTrace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"stackTrace\",\"subType\":\"multi\"},{\"name\":\"thread\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"thread.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"thread\",\"subType\":\"multi\"},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"logs-nifi-*"},"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2021-02-10T08:39:17.585Z","version":"WzE5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T08:39:17.585Z","version":"WzIwLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"NiFi Logs - Histogram","uiStateJSON":"{\"vis\":{\"colors\":{\"ERROR\":\"#BF1B00\",\"WARN\":\"#CCA300\",\"INFO\":\"#1F78C1\"}}}","version":1,"visState":"{\"title\":\"NiFi Logs - Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-12-20T10:47:07.185Z\",\"max\":\"2020-12-21T10:47:07.185Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"level.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"085d3790-437a-11eb-b75a-bbebe0b50e97","migrationVersion":{"visualization":"7.4.2"},"references":[{"id":"635a5350-430a-11eb-b75a-bbebe0b50e97","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-02-10T08:39:17.585Z","version":"WzIwLDFd"}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment