From c1d85f055b7af7b669b2251f67a35ada6ad4c31d Mon Sep 17 00:00:00 2001 From: ruflin Date: Mon, 4 Jun 2018 14:28:12 +0200 Subject: [PATCH] Decode versioned Filebeat dashboards Follow up from https://github.com/elastic/beats/pull/7224 for Filebeat. --- filebeat/Makefile | 2 + .../kibana/6/dashboard/Filebeat-apache2.json | 818 ++++++++++++---- .../kibana/6/dashboard/Filebeat-auditd.json | 570 ++++++++--- .../dashboard/Filebeat-icinga-debug-log.json | 379 ++++++-- .../6/dashboard/Filebeat-icinga-main-log.json | 377 ++++++-- .../Filebeat-icinga-startup-errors.json | 224 +++-- .../kibana/6/dashboard/Filebeat-iis.json | 714 ++++++++++++-- .../6/dashboard/Filebeat-Kafka-overview.json | 553 +++++++++-- .../6/dashboard/Filebeat-logstash-log.json | 414 ++++++-- .../dashboard/Filebeat-logstash-slowlog.json | 669 ++++++++++--- .../dashboard/Filebeat-Mongodb-overview.json | 292 ++++-- .../kibana/6/dashboard/Filebeat-mysql.json | 891 +++++++++++++++--- .../6/dashboard/Filebeat-nginx-logs.json | 381 ++++++-- .../6/dashboard/Filebeat-nginx-overview.json | 858 +++++++++++++---- ...nginx-access-remote-ip-count-explorer.json | 673 ++++++++++--- .../ml-nginx-remote-ip-url-explorer.json | 672 ++++++++++--- .../6/dashboard/osquery-compliance.json | 851 +++++++++++++---- .../kibana/6/dashboard/osquery-rootkit.json | 497 +++++++--- .../Filebeat-Postgresql-overview.json | 407 ++++++-- .../Filebeat-Postgresql-slowlogs.json | 382 ++++++-- .../kibana/6/dashboard/Filebeat-redis.json | 697 +++++++++++--- .../Filebeat-auth-sudo-commands.json | 466 ++++++--- .../Filebeat-new-users-and-groups.json | 871 +++++++++++++---- .../Filebeat-ssh-login-attempts.json | 611 +++++++++--- .../kibana/6/dashboard/Filebeat-syslog.json | 375 ++++++-- .../dashboard/Filebeat-traefik-overview.json | 732 +++++++++++--- ...aefik-access-remote-ip-count-explorer.json | 675 ++++++++++--- .../ml-traefik-remote-ip-url-explorer.json | 674 ++++++++++--- 28 files changed, 12637 insertions(+), 3088 deletions(-) diff --git a/filebeat/Makefile b/filebeat/Makefile index 4f7f4e5385de..8bb7452c5bfe 100644 --- a/filebeat/Makefile +++ b/filebeat/Makefile @@ -20,6 +20,8 @@ kibana: @rm -rf _meta/kibana @mkdir -p _meta/kibana @-cp -r module/*/_meta/kibana _meta/ + @# Convert all dashboards to string + @python ${ES_BEATS}/libbeat/scripts/unpack_dashboards.py --glob="./_meta/kibana/6/dashboard/*.json" # Collects all modules files to be packaged in a temporary folder .PHONY: modules diff --git a/filebeat/module/apache2/_meta/kibana/6/dashboard/Filebeat-apache2.json b/filebeat/module/apache2/_meta/kibana/6/dashboard/Filebeat-apache2.json index 020661e01a91..4ad494191c30 100644 --- a/filebeat/module/apache2/_meta/kibana/6/dashboard/Filebeat-apache2.json +++ b/filebeat/module/apache2/_meta/kibana/6/dashboard/Filebeat-apache2.json @@ -1,167 +1,653 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Apache2-access-logs", - "title": "Unique IPs map [Filebeat Apache2]", - "uiStateJSON": "{\n \"mapCenter\": [\n 14.944784875088372,\n 5.09765625\n ]\n}", - "version": 1, - "visState": "{\n \"title\": \"Apache2 access unique IPs map\",\n \"type\": \"tile_map\",\n \"params\": {\n \"mapType\": \"Scaled Circle Markers\",\n \"isDesaturated\": true,\n \"addTooltip\": true,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatRadius\": 25,\n \"heatBlur\": 15,\n \"heatNormalizeData\": true,\n \"legendPosition\": \"bottomright\",\n \"mapZoom\": 2,\n \"mapCenter\": [\n 15,\n 5\n ],\n \"wms\": {\n \"enabled\": false,\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\n \"options\": {\n \"version\": \"1.3.0\",\n \"layers\": \"0\",\n \"format\": \"image/png\",\n \"transparent\": true,\n \"attribution\": \"Maps provided by USGS\",\n \"styles\": \"\"\n }\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache2.access.remote_ip\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"geohash_grid\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"apache2.access.geoip.location\",\n \"autoPrecision\": true\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Apache2-access-unique-IPs-map", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Apache2-access-logs", - "title": "Top URLs by response code [Filebeat Apache2]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#EF843C\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Apache2 response codes of top URLs\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"split\",\n \"params\": {\n \"field\": \"apache2.access.url\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"URL\",\n \"row\": false\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"apache2.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Apache2-response-codes-of-top-URLs", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Apache2-access-logs", - "title": "Browsers breakdown [Filebeat Apache2]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Apache2 browsers\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache2.access.remote_ip\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"apache2.access.user_agent.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"apache2.access.user_agent.major\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Apache2-browsers", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Apache2-access-logs", - "title": "Operating systems breakdown [Filebeat Apache2]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Apache2 operating systems\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"apache2.access.remote_ip\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"apache2.access.user_agent.os_name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"apache2.access.user_agent.os_major\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Apache2-operating-systems", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Apache2-errors-log", - "title": "Error logs over time [Filebeat Apache2]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Apache2 error logs over time\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"apache2.error.level\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Apache2-error-logs-over-time", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Apache2-access-logs", - "title": "Response codes over time [Filebeat Apache2]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#629E51\",\n \"404\": \"#EF843C\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Apache2 response codes over time\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"apache2.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Apache2-response-codes-over-time", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "apache2.error.client", - "apache2.error.level", - "apache2.error.module", - "apache2.error.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:apache2.error\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Apache errors log [Filebeat Apache2]", - "version": 1 - }, - "id": "Apache2-errors-log", - "type": "search", - "version": 1 - }, - { - "attributes": { - "columns": [ - "apache2.access.remote_ip", - "apache2.access.method", - "apache2.access.url", - "apache2.access.response_code" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:apache2.access\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Apache access logs [Filebeat Apache2]", - "version": 1 - }, - "id": "Apache2-access-logs", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "Filebeat Apache2 module dashboard", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"Apache2-access-unique-IPs-map\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-of-top-URLs\",\"panelIndex\":2,\"row\":6,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Apache2-browsers\",\"panelIndex\":3,\"row\":6,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":11,\"id\":\"Apache2-operating-systems\",\"panelIndex\":4,\"row\":4,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-error-logs-over-time\",\"panelIndex\":5,\"row\":9,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Apache2-response-codes-over-time\",\"panelIndex\":6,\"row\":4,\"size_x\":10,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"apache2.error.client\",\"apache2.error.level\",\"apache2.error.module\",\"apache2.error.message\"],\"id\":\"Apache2-errors-log\",\"panelIndex\":7,\"row\":11,\"size_x\":12,\"size_y\":3,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]", - "timeRestore": false, - "title": "[Filebeat Apache2] Access and error logs", - "uiStateJSON": "{\"P-1\":{\"mapBounds\":{\"bottom_right\":{\"lat\":-3.864254615721396,\"lon\":205.3125},\"top_left\":{\"lat\":67.7427590666639,\"lon\":-205.6640625}},\"mapCenter\":[40.713955826286046,-0.17578125],\"mapCollar\":{\"top_left\":{\"lat\":90,\"lon\":-180},\"bottom_right\":{\"lat\":-39.667755,\"lon\":180},\"zoom\":2},\"mapZoom\":2}}", - "version": 1 - }, - "id": "Filebeat-Apache2-Dashboard", - "type": "dashboard", - "version": 2 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Apache2-access-logs", + "title": "Unique IPs map [Filebeat Apache2]", + "uiStateJSON": { + "mapCenter": [ + 14.944784875088372, + 5.09765625 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "apache2.access.remote_ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "apache2.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Apache2 access unique IPs map", + "type": "tile_map" + } + }, + "id": "Apache2-access-unique-IPs-map", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Apache2-access-logs", + "title": "Top URLs by response code [Filebeat Apache2]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "URL", + "field": "apache2.access.url", + "order": "desc", + "orderBy": "1", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "apache2.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Apache2 response codes of top URLs", + "type": "pie" + } + }, + "id": "Apache2-response-codes-of-top-URLs", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Apache2-access-logs", + "title": "Browsers breakdown [Filebeat Apache2]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "apache2.access.remote_ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "apache2.access.user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "apache2.access.user_agent.major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Apache2 browsers", + "type": "pie" + } + }, + "id": "Apache2-browsers", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Apache2-access-logs", + "title": "Operating systems breakdown [Filebeat Apache2]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "apache2.access.remote_ip" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "apache2.access.user_agent.os_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "apache2.access.user_agent.os_major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Apache2 operating systems", + "type": "pie" + } + }, + "id": "Apache2-operating-systems", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Apache2-errors-log", + "title": "Error logs over time [Filebeat Apache2]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "apache2.error.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "Apache2 error logs over time", + "type": "histogram" + } + }, + "id": "Apache2-error-logs-over-time", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Apache2-access-logs", + "title": "Response codes over time [Filebeat Apache2]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#629E51", + "404": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "apache2.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "Apache2 response codes over time", + "type": "histogram" + } + }, + "id": "Apache2-response-codes-over-time", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "apache2.error.client", + "apache2.error.level", + "apache2.error.module", + "apache2.error.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:apache2.error" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Apache errors log [Filebeat Apache2]", + "version": 1 + }, + "id": "Apache2-errors-log", + "type": "search", + "version": 1 + }, + { + "attributes": { + "columns": [ + "apache2.access.remote_ip", + "apache2.access.method", + "apache2.access.url", + "apache2.access.response_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:apache2.access" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Apache access logs [Filebeat Apache2]", + "version": 1 + }, + "id": "Apache2-access-logs", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "Filebeat Apache2 module dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "Apache2-access-unique-IPs-map", + "panelIndex": 1, + "row": 1, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "Apache2-response-codes-of-top-URLs", + "panelIndex": 2, + "row": 6, + "size_x": 8, + "size_y": 3, + "type": "visualization" + }, + { + "col": 9, + "id": "Apache2-browsers", + "panelIndex": 3, + "row": 6, + "size_x": 4, + "size_y": 3, + "type": "visualization" + }, + { + "col": 11, + "id": "Apache2-operating-systems", + "panelIndex": 4, + "row": 4, + "size_x": 2, + "size_y": 2, + "type": "visualization" + }, + { + "col": 1, + "id": "Apache2-error-logs-over-time", + "panelIndex": 5, + "row": 9, + "size_x": 12, + "size_y": 2, + "type": "visualization" + }, + { + "col": 1, + "id": "Apache2-response-codes-over-time", + "panelIndex": 6, + "row": 4, + "size_x": 10, + "size_y": 2, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "apache2.error.client", + "apache2.error.level", + "apache2.error.module", + "apache2.error.message" + ], + "id": "Apache2-errors-log", + "panelIndex": 7, + "row": 11, + "size_x": 12, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "[Filebeat Apache2] Access and error logs", + "uiStateJSON": { + "P-1": { + "mapBounds": { + "bottom_right": { + "lat": -3.864254615721396, + "lon": 205.3125 + }, + "top_left": { + "lat": 67.7427590666639, + "lon": -205.6640625 + } + }, + "mapCenter": [ + 40.713955826286046, + -0.17578125 + ], + "mapCollar": { + "bottom_right": { + "lat": -39.667755, + "lon": 180 + }, + "top_left": { + "lat": 90, + "lon": -180 + }, + "zoom": 2 + }, + "mapZoom": 2 + } + }, + "version": 1 + }, + "id": "Filebeat-Apache2-Dashboard", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/auditd/_meta/kibana/6/dashboard/Filebeat-auditd.json b/filebeat/module/auditd/_meta/kibana/6/dashboard/Filebeat-auditd.json index 72598f1345ae..00e82e6196a9 100644 --- a/filebeat/module/auditd/_meta/kibana/6/dashboard/Filebeat-auditd.json +++ b/filebeat/module/auditd/_meta/kibana/6/dashboard/Filebeat-auditd.json @@ -1,121 +1,451 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Event types breakdown [Filebeat Auditd]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Audit Event Types\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"auditd.log.record_type\",\n \"size\": 50,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"auditd.log.record_type:EXECVE\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Top Exec Commands [Filebeat Auditd]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Audit Top Exec Commands\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"auditd.log.a0\",\n \"size\": 30,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Command (arg 0)\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Event Results [Filebeat Auditd]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Event Results [Filebeat Auditd]\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=\\\"_exists_:auditd.log NOT auditd.log.res:failure\\\").label(\\\"Success\\\"), .es(q=\\\"auditd.log.res:failed\\\").label(\\\"Failure\\\").title(\\\"Audit Event Results\\\")\",\"interval\":\"auto\"},\"aggs\":[]}" - }, - "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Event Address Geo Location [Filebeat Auditd]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Audit Event Address Geo Location\",\n \"type\": \"tile_map\",\n \"params\": {\n \"mapType\": \"Scaled Circle Markers\",\n \"isDesaturated\": true,\n \"addTooltip\": true,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatRadius\": 25,\n \"heatBlur\": 15,\n \"heatNormalizeData\": true,\n \"legendPosition\": \"bottomright\",\n \"mapZoom\": 2,\n \"mapCenter\": [\n 15,\n 5\n ],\n \"wms\": {\n \"enabled\": false,\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\n \"options\": {\n \"version\": \"1.3.0\",\n \"layers\": \"0\",\n \"format\": \"image/png\",\n \"transparent\": true,\n \"attribution\": \"Maps provided by USGS\",\n \"styles\": \"\"\n }\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"geohash_grid\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"auditd.log.geoip.location\",\n \"autoPrecision\": true,\n \"precision\": 2\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Event Account Tag Cloud [Filebeat Auditd]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Audit Event Account Tag Cloud\",\n \"type\": \"tagcloud\",\n \"params\": {\n \"scale\": \"linear\",\n \"orientation\": \"single\",\n \"minFontSize\": 15,\n \"maxFontSize\": 42,\n \"hideLabel\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"auditd.log.acct\",\n \"size\": 15,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "c5411910-0a87-11e7-8b04-eb22a5669f27", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "auditd.log.record_type", - "auditd.log.sequence", - "auditd.log.acct" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"version\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:auditd.log\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Audit Events [Filebeat Auditd]", - "version": 1 - }, - "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Dashboard for the Auditd Filebeat module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"}}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"6295bdd0-0a0e-11e7-825f-6748cda7d858\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"5ebdbe50-0a0f-11e7-825f-6748cda7d858\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2bb0fa70-0a11-11e7-9e84-43da493ad0c7\",\"panelIndex\":3,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d1726930-0a7f-11e7-8b04-eb22a5669f27\",\"panelIndex\":5,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"c5411910-0a87-11e7-8b04-eb22a5669f27\",\"panelIndex\":6,\"row\":1,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":7,\"type\":\"search\",\"id\":\"4ac0a370-0a11-11e7-8b04-eb22a5669f27\",\"col\":1,\"row\":8,\"columns\":[\"auditd.log.record_type\",\"auditd.log.sequence\",\"auditd.log.acct\"],\"sort\":[\"@timestamp\",\"desc\"]}]", - "timeRestore": false, - "title": "[Filebeat Auditd] Audit Events", - "uiStateJSON": "{\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"mapZoom\":2,\"mapBounds\":{\"bottom_right\":{\"lat\":-43.580390855607845,\"lon\":102.65625},\"top_left\":{\"lat\":43.58039085560784,\"lon\":-102.3046875}},\"mapCollar\":{\"top_left\":{\"lat\":87.16078,\"lon\":-180},\"bottom_right\":{\"lat\":-87.16078,\"lon\":180},\"zoom\":2}}}", - "version": 1 - }, - "id": "dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", - "type": "dashboard", - "version": 4 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Event types breakdown [Filebeat Auditd]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auditd.log.record_type", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right" + }, + "title": "Audit Event Types", + "type": "pie" + } + }, + "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "auditd.log.record_type:EXECVE" + } + } + } + }, + "title": "Top Exec Commands [Filebeat Auditd]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Command (arg 0)", + "field": "auditd.log.a0", + "order": "desc", + "orderBy": "1", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Audit Top Exec Commands", + "type": "table" + } + }, + "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Event Results [Filebeat Auditd]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "expression": ".es(q=\"_exists_:auditd.log NOT auditd.log.res:failure\").label(\"Success\"), .es(q=\"auditd.log.res:failed\").label(\"Failure\").title(\"Audit Event Results\")", + "interval": "auto" + }, + "title": "Event Results [Filebeat Auditd]", + "type": "timelion" + } + }, + "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Event Address Geo Location [Filebeat Auditd]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "auditd.log.geoip.location", + "precision": 2 + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Audit Event Address Geo Location", + "type": "tile_map" + } + }, + "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Event Account Tag Cloud [Filebeat Auditd]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "auditd.log.acct", + "order": "desc", + "orderBy": "1", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "hideLabel": false, + "maxFontSize": 42, + "minFontSize": 15, + "orientation": "single", + "scale": "linear" + }, + "title": "Audit Event Account Tag Cloud", + "type": "tagcloud" + } + }, + "id": "c5411910-0a87-11e7-8b04-eb22a5669f27", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "auditd.log.record_type", + "auditd.log.sequence", + "auditd.log.acct" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:auditd.log" + } + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Audit Events [Filebeat Auditd]", + "version": 1 + }, + "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Dashboard for the Auditd Filebeat module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "6295bdd0-0a0e-11e7-825f-6748cda7d858", + "panelIndex": 1, + "row": 1, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 9, + "id": "5ebdbe50-0a0f-11e7-825f-6748cda7d858", + "panelIndex": 2, + "row": 1, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "2bb0fa70-0a11-11e7-9e84-43da493ad0c7", + "panelIndex": 3, + "row": 5, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "d1726930-0a7f-11e7-8b04-eb22a5669f27", + "panelIndex": 5, + "row": 5, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 5, + "id": "c5411910-0a87-11e7-8b04-eb22a5669f27", + "panelIndex": 6, + "row": 1, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "auditd.log.record_type", + "auditd.log.sequence", + "auditd.log.acct" + ], + "id": "4ac0a370-0a11-11e7-8b04-eb22a5669f27", + "panelIndex": 7, + "row": 8, + "size_x": 12, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "[Filebeat Auditd] Audit Events", + "uiStateJSON": { + "P-2": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "mapBounds": { + "bottom_right": { + "lat": -43.580390855607845, + "lon": 102.65625 + }, + "top_left": { + "lat": 43.58039085560784, + "lon": -102.3046875 + } + }, + "mapCollar": { + "bottom_right": { + "lat": -87.16078, + "lon": 180 + }, + "top_left": { + "lat": 87.16078, + "lon": -180 + }, + "zoom": 2 + }, + "mapZoom": 2 + } + }, + "version": 1 + }, + "id": "dfbb49f0-0a0f-11e7-8a62-2d05eaaac5cb", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-debug-log.json b/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-debug-log.json index ace48f9f723e..edfb29ec3e4d 100644 --- a/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-debug-log.json +++ b/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-debug-log.json @@ -1,78 +1,303 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", - "title": "Debuglog Facility [Filebeat Icinga]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Icinga Debuglog Facility\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"icinga.debug.facility\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "0bc34b60-2419-11e7-a83b-d5f4cebac9ff", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", - "title": "Debuglog Severity [Filebeat Icinga]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"information\": \"#629E51\",\n \"warning\": \"#E5AC0E\",\n \"debug\": \"#BA43A9\",\n \"notice\": \"#6ED0E0\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Icinga Debuglog Severity\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"icinga.debug.severity\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "fb09d4b0-2418-11e7-a83b-d5f4cebac9ff", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "icinga.debug.facility", - "icinga.debug.severity", - "icinga.debug.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"icinga\",\"params\":{\"query\":\"icinga\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"icinga\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"debug\",\"params\":{\"query\":\"debug\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"debug\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Debug Log [Filebeat Icinga]", - "version": 1 - }, - "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Filebeat Icinga module dashboard for the debug logs", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"0bc34b60-2419-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"fb09d4b0-2418-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"icinga.debug.facility\",\"icinga.debug.severity\",\"icinga.debug.message\"],\"id\":\"c876e6a0-2418-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":3,\"row\":4,\"size_x\":12,\"size_y\":29,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]", - "timeRestore": false, - "title": "[Filebeat Icinga] Debug Log", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "26309570-2419-11e7-a83b-d5f4cebac9ff", - "type": "dashboard", - "version": 2 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", + "title": "Debuglog Facility [Filebeat Icinga]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "icinga.debug.facility", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Debuglog Facility", + "type": "histogram" + } + }, + "id": "0bc34b60-2419-11e7-a83b-d5f4cebac9ff", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", + "title": "Debuglog Severity [Filebeat Icinga]", + "uiStateJSON": { + "vis": { + "colors": { + "debug": "#BA43A9", + "information": "#629E51", + "notice": "#6ED0E0", + "warning": "#E5AC0E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "icinga.debug.severity", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Debuglog Severity", + "type": "histogram" + } + }, + "id": "fb09d4b0-2418-11e7-a83b-d5f4cebac9ff", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "icinga.debug.facility", + "icinga.debug.severity", + "icinga.debug.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "icinga", + "type": "phrase" + }, + "type": "phrase", + "value": "icinga" + }, + "query": { + "match": { + "fileset.module": { + "query": "icinga", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "debug", + "type": "phrase" + }, + "type": "phrase", + "value": "debug" + }, + "query": { + "match": { + "fileset.name": { + "query": "debug", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Debug Log [Filebeat Icinga]", + "version": 1 + }, + "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Filebeat Icinga module dashboard for the debug logs", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "0bc34b60-2419-11e7-a83b-d5f4cebac9ff", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "fb09d4b0-2418-11e7-a83b-d5f4cebac9ff", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "icinga.debug.facility", + "icinga.debug.severity", + "icinga.debug.message" + ], + "id": "c876e6a0-2418-11e7-a83b-d5f4cebac9ff", + "panelIndex": 3, + "row": 4, + "size_x": 12, + "size_y": 29, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "[Filebeat Icinga] Debug Log", + "uiStateJSON": {}, + "version": 1 + }, + "id": "26309570-2419-11e7-a83b-d5f4cebac9ff", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-main-log.json b/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-main-log.json index fd2da9d63106..4587a45f4e51 100644 --- a/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-main-log.json +++ b/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-main-log.json @@ -1,78 +1,301 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", - "title": "Mainlog Severity [Filebeat Icinga]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"warning\": \"#E5AC0E\",\n \"critical\": \"#BF1B00\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Icinga Mainlog Severity\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"icinga.main.severity\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "d8e5dc40-2417-11e7-a83b-d5f4cebac9ff", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "icinga.main.facility", - "icinga.main.severity", - "icinga.main.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"icinga\",\"params\":{\"query\":\"icinga\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"icinga\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"main\",\"params\":{\"query\":\"main\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"main\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Main Log [Filebeat Icinga]", - "version": 1 - }, - "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", - "title": "Mainlog Facility [Filebeat Icinga]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Icinga Mainlog Facility\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"icinga.main.facility\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "2cf77780-2418-11e7-a83b-d5f4cebac9ff", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "Filebeat Icinga module dashboard for the main log files", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":7,\"id\":\"d8e5dc40-2417-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"icinga.main.facility\",\"icinga.main.severity\",\"icinga.main.message\"],\"id\":\"ffaf5a30-2413-11e7-a0d9-39604d45ca7f\",\"panelIndex\":2,\"row\":4,\"size_x\":12,\"size_y\":25,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"2cf77780-2418-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":3,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"}]", - "timeRestore": false, - "title": "[Filebeat Icinga] Main Log", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "f693d260-2417-11e7-a83b-d5f4cebac9ff", - "type": "dashboard", - "version": 4 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", + "title": "Mainlog Severity [Filebeat Icinga]", + "uiStateJSON": { + "vis": { + "colors": { + "critical": "#BF1B00", + "warning": "#E5AC0E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "icinga.main.severity", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Mainlog Severity", + "type": "histogram" + } + }, + "id": "d8e5dc40-2417-11e7-a83b-d5f4cebac9ff", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "icinga.main.facility", + "icinga.main.severity", + "icinga.main.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "icinga", + "type": "phrase" + }, + "type": "phrase", + "value": "icinga" + }, + "query": { + "match": { + "fileset.module": { + "query": "icinga", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "main", + "type": "phrase" + }, + "type": "phrase", + "value": "main" + }, + "query": { + "match": { + "fileset.name": { + "query": "main", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Main Log [Filebeat Icinga]", + "version": 1 + }, + "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", + "title": "Mainlog Facility [Filebeat Icinga]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "icinga.main.facility", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Mainlog Facility", + "type": "histogram" + } + }, + "id": "2cf77780-2418-11e7-a83b-d5f4cebac9ff", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "Filebeat Icinga module dashboard for the main log files", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 7, + "id": "d8e5dc40-2417-11e7-a83b-d5f4cebac9ff", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "icinga.main.facility", + "icinga.main.severity", + "icinga.main.message" + ], + "id": "ffaf5a30-2413-11e7-a0d9-39604d45ca7f", + "panelIndex": 2, + "row": 4, + "size_x": 12, + "size_y": 25, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "id": "2cf77780-2418-11e7-a83b-d5f4cebac9ff", + "panelIndex": 3, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Icinga] Main Log", + "uiStateJSON": {}, + "version": 1 + }, + "id": "f693d260-2417-11e7-a83b-d5f4cebac9ff", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-startup-errors.json b/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-startup-errors.json index 425ed339f8d1..055946e7775e 100644 --- a/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-startup-errors.json +++ b/filebeat/module/icinga/_meta/kibana/6/dashboard/Filebeat-icinga-startup-errors.json @@ -1,62 +1,164 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "710043e0-2417-11e7-a83b-d5f4cebac9ff", - "title": "Startup Errors [Filebeat Icinga]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"Count\": \"#BF1B00\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Icinga Startup Errors\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "a59b5e00-2417-11e7-a83b-d5f4cebac9ff", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "icinga.startup.facility", - "icinga.startup.severity", - "icinga.startup.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"icinga.startup.severity:critical\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[],\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Startup Errors [Filebeat Icinga]", - "version": 1 - }, - "id": "710043e0-2417-11e7-a83b-d5f4cebac9ff", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Filebeat Icinga module dashboard for startup errors", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"a59b5e00-2417-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"icinga.startup.facility\",\"icinga.startup.severity\",\"icinga.startup.message\"],\"id\":\"710043e0-2417-11e7-a83b-d5f4cebac9ff\",\"panelIndex\":2,\"row\":3,\"size_x\":12,\"size_y\":13,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]", - "timeRestore": false, - "title": "[Filebeat Icinga] Startup Errors", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "b9163ea0-2417-11e7-a83b-d5f4cebac9ff", - "type": "dashboard", - "version": 2 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "710043e0-2417-11e7-a83b-d5f4cebac9ff", + "title": "Startup Errors [Filebeat Icinga]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#BF1B00" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Icinga Startup Errors", + "type": "histogram" + } + }, + "id": "a59b5e00-2417-11e7-a83b-d5f4cebac9ff", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "icinga.startup.facility", + "icinga.startup.severity", + "icinga.startup.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "icinga.startup.severity:critical" + } + } + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Startup Errors [Filebeat Icinga]", + "version": 1 + }, + "id": "710043e0-2417-11e7-a83b-d5f4cebac9ff", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Filebeat Icinga module dashboard for startup errors", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "a59b5e00-2417-11e7-a83b-d5f4cebac9ff", + "panelIndex": 1, + "row": 1, + "size_x": 12, + "size_y": 2, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "icinga.startup.facility", + "icinga.startup.severity", + "icinga.startup.message" + ], + "id": "710043e0-2417-11e7-a83b-d5f4cebac9ff", + "panelIndex": 2, + "row": 3, + "size_x": 12, + "size_y": 13, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "[Filebeat Icinga] Startup Errors", + "uiStateJSON": {}, + "version": 1 + }, + "id": "b9163ea0-2417-11e7-a83b-d5f4cebac9ff", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/iis/_meta/kibana/6/dashboard/Filebeat-iis.json b/filebeat/module/iis/_meta/kibana/6/dashboard/Filebeat-iis.json index 9ca48111efa6..3158c3de45bc 100644 --- a/filebeat/module/iis/_meta/kibana/6/dashboard/Filebeat-iis.json +++ b/filebeat/module/iis/_meta/kibana/6/dashboard/Filebeat-iis.json @@ -1,120 +1,656 @@ { - "version": "6.1.2", "objects": [ { - "id": "eb2db5b0-fe11-11e7-a3b0-d13028918f9f", - "type": "visualization", - "updated_at": "2018-01-20T18:44:17.162Z", - "version": 1, "attributes": { - "title": "Access map [Filebeat IIS]", - "visState": "{\"title\":\"Access map [Filebeat IIS]\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"iis.access.geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, + "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Access map [Filebeat IIS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "iis.access.geoip.location", + "isFilteredByCollar": true, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Access map [Filebeat IIS]", + "type": "tile_map" } - } - }, + }, + "id": "eb2db5b0-fe11-11e7-a3b0-d13028918f9f", + "type": "visualization", + "updated_at": "2018-01-20T18:44:17.162Z", + "version": 1 + }, { - "id": "f31414b0-fe14-11e7-a3b0-d13028918f9f", - "type": "visualization", - "updated_at": "2018-01-20T19:05:58.905Z", - "version": 1, "attributes": { - "title": "Response codes over time [Filebeat IIS]", - "visState": "{\"title\":\"Response codes over time [Filebeat IIS]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"iis.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, + "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Response codes over time [Filebeat IIS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "iis.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Response codes over time [Filebeat IIS]", + "type": "histogram" } - } - }, + }, + "id": "f31414b0-fe14-11e7-a3b0-d13028918f9f", + "type": "visualization", + "updated_at": "2018-01-20T19:05:58.905Z", + "version": 1 + }, { - "id": "63129c80-fe12-11e7-a3b0-d13028918f9f", - "type": "visualization", - "updated_at": "2018-01-20T18:47:38.312Z", - "version": 1, "attributes": { - "title": "Broswers breakdown [Filebeat IIS]", - "visState": "{\"title\":\"Broswers breakdown [Filebeat IIS]\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"iis.access.user_agent.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"iis.access.user_agent.major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, + "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Broswers breakdown [Filebeat IIS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "iis.access.user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "iis.access.user_agent.major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Broswers breakdown [Filebeat IIS]", + "type": "pie" } - } - }, + }, + "id": "63129c80-fe12-11e7-a3b0-d13028918f9f", + "type": "visualization", + "updated_at": "2018-01-20T18:47:38.312Z", + "version": 1 + }, { - "id": "ccd3f9c0-fe12-11e7-a3b0-d13028918f9f", - "type": "visualization", - "updated_at": "2018-01-20T18:51:54.619Z", - "version": 2, "attributes": { - "title": "Operating systems breakdown [Filebeat IIS]", - "visState": "{\"title\":\"Operating systems breakdown [Filebeat IIS]\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"iis.access.user_agent.os_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"iis.access.user_agent.os_major\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, + "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Operating systems breakdown [Filebeat IIS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "iis.access.user_agent.os_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "iis.access.user_agent.os_major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Operating systems breakdown [Filebeat IIS]", + "type": "pie" } - } - }, + }, + "id": "ccd3f9c0-fe12-11e7-a3b0-d13028918f9f", + "type": "visualization", + "updated_at": "2018-01-20T18:51:54.619Z", + "version": 2 + }, { - "id": "41f38230-fe17-11e7-a3b0-d13028918f9f", - "type": "visualization", - "updated_at": "2018-01-20T19:22:30.227Z", - "version": 1, "attributes": { - "title": "Error logs over time [Filebeat IIS]", - "visState": "{\"title\":\"Error logs over time [Filebeat IIS]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"iis.error.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, + "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Error logs over time [Filebeat IIS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "iis.error.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Error logs over time [Filebeat IIS]", + "type": "histogram" } - } - }, + }, + "id": "41f38230-fe17-11e7-a3b0-d13028918f9f", + "type": "visualization", + "updated_at": "2018-01-20T19:22:30.227Z", + "version": 1 + }, { - "id": "c0d02cd0-fe1b-11e7-a3b0-d13028918f9f", - "type": "visualization", - "updated_at": "2018-01-20T19:58:24.005Z", - "version": 2, "attributes": { - "title": "Top URLs by response code [Filebeat IIS]", - "visState": "{\"title\":\"Top URLs by response code [Filebeat IIS]\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"iis.access.url\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URL\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"iis.access.response_code\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", - "uiStateJSON": "{}", - "description": "", - "version": 1, + "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + } + } + }, + "title": "Top URLs by response code [Filebeat IIS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "URL", + "field": "iis.access.url", + "order": "desc", + "orderBy": "1", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "iis.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Top URLs by response code [Filebeat IIS]", + "type": "pie" } - } - }, + }, + "id": "c0d02cd0-fe1b-11e7-a3b0-d13028918f9f", + "type": "visualization", + "updated_at": "2018-01-20T19:58:24.005Z", + "version": 2 + }, { - "id": "4278ad30-fe16-11e7-a3b0-d13028918f9f", - "type": "dashboard", - "updated_at": "2018-01-20T19:57:50.287Z", - "version": 4, "attributes": { - "title": "[Filebeat IIS] Access and error logs", - "hits": 0, - "description": "Dashboard for the Filebeat IIS module", - "panelsJSON": "[{\"gridData\":{\"h\":3,\"i\":\"1\",\"w\":12,\"x\":0,\"y\":0},\"id\":\"eb2db5b0-fe11-11e7-a3b0-d13028918f9f\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.1.2\"},{\"gridData\":{\"h\":3,\"i\":\"2\",\"w\":7,\"x\":0,\"y\":3},\"id\":\"f31414b0-fe14-11e7-a3b0-d13028918f9f\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.1.2\"},{\"gridData\":{\"h\":3,\"i\":\"4\",\"w\":6,\"x\":0,\"y\":9},\"id\":\"63129c80-fe12-11e7-a3b0-d13028918f9f\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.1.2\"},{\"gridData\":{\"h\":3,\"i\":\"5\",\"w\":6,\"x\":6,\"y\":9},\"id\":\"ccd3f9c0-fe12-11e7-a3b0-d13028918f9f\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.1.2\"},{\"gridData\":{\"h\":3,\"i\":\"6\",\"w\":5,\"x\":7,\"y\":3},\"id\":\"41f38230-fe17-11e7-a3b0-d13028918f9f\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.1.2\"},{\"gridData\":{\"h\":3,\"i\":\"7\",\"w\":12,\"x\":0,\"y\":6},\"id\":\"c0d02cd0-fe1b-11e7-a3b0-d13028918f9f\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.1.2\"}]", - "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", - "uiStateJSON": "{}", - "version": 1, - "timeRestore": false, + "description": "Dashboard for the Filebeat IIS module", + "hits": 0, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - } - } + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "gridData": { + "h": 3, + "i": "1", + "w": 12, + "x": 0, + "y": 0 + }, + "id": "eb2db5b0-fe11-11e7-a3b0-d13028918f9f", + "panelIndex": "1", + "type": "visualization", + "version": "6.1.2" + }, + { + "gridData": { + "h": 3, + "i": "2", + "w": 7, + "x": 0, + "y": 3 + }, + "id": "f31414b0-fe14-11e7-a3b0-d13028918f9f", + "panelIndex": "2", + "type": "visualization", + "version": "6.1.2" + }, + { + "gridData": { + "h": 3, + "i": "4", + "w": 6, + "x": 0, + "y": 9 + }, + "id": "63129c80-fe12-11e7-a3b0-d13028918f9f", + "panelIndex": "4", + "type": "visualization", + "version": "6.1.2" + }, + { + "gridData": { + "h": 3, + "i": "5", + "w": 6, + "x": 6, + "y": 9 + }, + "id": "ccd3f9c0-fe12-11e7-a3b0-d13028918f9f", + "panelIndex": "5", + "type": "visualization", + "version": "6.1.2" + }, + { + "gridData": { + "h": 3, + "i": "6", + "w": 5, + "x": 7, + "y": 3 + }, + "id": "41f38230-fe17-11e7-a3b0-d13028918f9f", + "panelIndex": "6", + "type": "visualization", + "version": "6.1.2" + }, + { + "gridData": { + "h": 3, + "i": "7", + "w": 12, + "x": 0, + "y": 6 + }, + "id": "c0d02cd0-fe1b-11e7-a3b0-d13028918f9f", + "panelIndex": "7", + "type": "visualization", + "version": "6.1.2" + } + ], + "timeRestore": false, + "title": "[Filebeat IIS] Access and error logs", + "uiStateJSON": {}, + "version": 1 + }, + "id": "4278ad30-fe16-11e7-a3b0-d13028918f9f", + "type": "dashboard", + "updated_at": "2018-01-20T19:57:50.287Z", + "version": 4 } - ] + ], + "version": "6.1.2" } \ No newline at end of file diff --git a/filebeat/module/kafka/_meta/kibana/6/dashboard/Filebeat-Kafka-overview.json b/filebeat/module/kafka/_meta/kibana/6/dashboard/Filebeat-Kafka-overview.json index c21c9c2ac80a..adbb178b7492 100644 --- a/filebeat/module/kafka/_meta/kibana/6/dashboard/Filebeat-Kafka-overview.json +++ b/filebeat/module/kafka/_meta/kibana/6/dashboard/Filebeat-Kafka-overview.json @@ -1,101 +1,456 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Kafka stacktraces", - "title": "Number of stracktraces by class [Filebeat Kafka]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Number of Kafka stracktraces by class\",\n \"type\": \"histogram\",\n \"params\": {\n \"type\": \"histogram\",\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"type\": \"category\",\n \"position\": \"bottom\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\"\n },\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"@timestamp per 30 minutes\"\n }\n }\n ],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"name\": \"LeftAxis-1\",\n \"type\": \"value\",\n \"position\": \"left\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\",\n \"mode\": \"normal\"\n },\n \"labels\": {\n \"show\": true,\n \"rotate\": 0,\n \"filter\": false,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"Count\"\n }\n }\n ],\n \"seriesParams\": [\n {\n \"show\": \"true\",\n \"type\": \"histogram\",\n \"mode\": \"stacked\",\n \"data\": {\n \"label\": \"Count\",\n \"id\": \"1\"\n },\n \"valueAxis\": \"ValueAxis-1\",\n \"drawLinesBetweenPoints\": true,\n \"showCircles\": true\n }\n ],\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"times\": [],\n \"addTimeMarker\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"kafka.log.trace.class\",\n \"size\": 10,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ]\n}" - }, - "id": "Number of Kafka stracktraces by class", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "kafka.log.class", - "kafka.log.trace.class", - "kafka.log.trace.full" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"_exists_:kafka.log.trace.class\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Stacktraces [Filebeat Kafka]", - "version": 1 - }, - "id": "Kafka stacktraces", - "type": "search", - "version": 1 - }, - { - "attributes": { - "columns": [ - "kafka.log.level", - "kafka.log.component", - "kafka.log.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"kafka\",\"params\":{\"query\":\"kafka\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"kafka\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"log\",\"params\":{\"query\":\"log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "All logs [Filebeat Kafka]", - "version": 1 - }, - "id": "All Kafka logs", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "All Kafka logs", - "title": "Log levels over time [Filebeat Kafka]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Log levels over time [Filebeat Kafka]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per day\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"kafka.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Level\"}}]}" - }, - "id": "3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "Filebeat Kafka module dashboard", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"Number of Kafka stracktraces by class\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"columns\":[\"kafka.log.class\",\"kafka.log.trace.class\",\"kafka.log.trace.full\"],\"id\":\"Kafka stacktraces\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"columns\":[\"kafka.log.level\",\"kafka.log.component\",\"kafka.log.message\"],\"id\":\"All Kafka logs\",\"panelIndex\":3,\"row\":6,\"size_x\":12,\"size_y\":5,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"size_x\":12,\"size_y\":2,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3\",\"col\":1,\"row\":4}]", - "timeRestore": false, - "title": "[Filebeat Kafka] Overview", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "943caca0-87ee-11e7-ad9c-db80de0bf8d3", - "type": "dashboard", - "version": 1 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Kafka stacktraces", + "title": "Number of stracktraces by class [Filebeat Kafka]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "kafka.log.trace.class", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 minutes" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Number of Kafka stracktraces by class", + "type": "histogram" + } + }, + "id": "Number of Kafka stracktraces by class", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "kafka.log.class", + "kafka.log.trace.class", + "kafka.log.trace.full" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "_exists_:kafka.log.trace.class" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Stacktraces [Filebeat Kafka]", + "version": 1 + }, + "id": "Kafka stacktraces", + "type": "search", + "version": 1 + }, + { + "attributes": { + "columns": [ + "kafka.log.level", + "kafka.log.component", + "kafka.log.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "kafka", + "type": "phrase" + }, + "type": "phrase", + "value": "kafka" + }, + "query": { + "match": { + "fileset.module": { + "query": "kafka", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "All logs [Filebeat Kafka]", + "version": 1 + }, + "id": "All Kafka logs", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "All Kafka logs", + "title": "Log levels over time [Filebeat Kafka]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Log Level", + "field": "kafka.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per day" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Log levels over time [Filebeat Kafka]", + "type": "histogram" + } + }, + "id": "3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "Filebeat Kafka module dashboard", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "Number of Kafka stracktraces by class", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "columns": [ + "kafka.log.class", + "kafka.log.trace.class", + "kafka.log.trace.full" + ], + "id": "Kafka stacktraces", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "columns": [ + "kafka.log.level", + "kafka.log.component", + "kafka.log.message" + ], + "id": "All Kafka logs", + "panelIndex": 3, + "row": 6, + "size_x": 12, + "size_y": 5, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "id": "3f7c33c0-87ee-11e7-ad9c-db80de0bf8d3", + "panelIndex": 4, + "row": 4, + "size_x": 12, + "size_y": 2, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Kafka] Overview", + "uiStateJSON": {}, + "version": 1 + }, + "id": "943caca0-87ee-11e7-ad9c-db80de0bf8d3", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" } \ No newline at end of file diff --git a/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-log.json b/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-log.json index dead5b5c0089..a4d815391365 100644 --- a/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-log.json +++ b/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-log.json @@ -1,79 +1,337 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", - "title": "Logs Severity [Filebeat Logstash]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Logs Severity [Filebeat Logstash]\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"logstash.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", - "title": "logs over time [Filebeat Logstash]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"logs over time [Filebeat Logstash]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"logstash.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "logstash.log.level", - "logstash.log.module", - "logstash.log.message", - "source" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"fileset.module\",\"negate\":false,\"params\":{\"query\":\"logstash\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"logstash\"},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"logstash\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"fileset.name\",\"negate\":false,\"params\":{\"query\":\"log\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"log\"},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"log\",\"type\":\"phrase\"}}}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "logs [Filebeat Logstash]", - "version": 1 - }, - "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":7,\"id\":\"0b1dace0-cbdb-11e7-9852-73e0a9df1bb6\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"e90b7240-cbda-11e7-9852-73e0a9df1bb6\",\"panelIndex\":3,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":10,\"panelIndex\":4,\"type\":\"search\",\"id\":\"cfaba090-cbda-11e7-9852-73e0a9df1bb6\",\"col\":1,\"row\":4,\"columns\":[\"logstash.log.level\",\"logstash.log.module\",\"logstash.log.message\",\"source\"],\"sort\":[\"@timestamp\",\"desc\"]}]", - "timeRestore": false, - "title": "Logstash Logs [Filebeat Logstash]", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "Filebeat-Logstash-Log-Dashboard", - "type": "dashboard", - "version": 1 - } - ], - "version": "6.0.0" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "title": "Logs Severity [Filebeat Logstash]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "logstash.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right", + "type": "pie" + }, + "title": "Logs Severity [Filebeat Logstash]", + "type": "pie" + } + }, + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "title": "logs over time [Filebeat Logstash]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "logstash.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "logs over time [Filebeat Logstash]", + "type": "histogram" + } + }, + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "logstash.log.level", + "logstash.log.module", + "logstash.log.message", + "source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "logstash", + "type": "phrase" + }, + "type": "phrase", + "value": "logstash" + }, + "query": { + "match": { + "fileset.module": { + "query": "logstash", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "logs [Filebeat Logstash]", + "version": 1 + }, + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 7, + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6", + "panelIndex": 3, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "logstash.log.level", + "logstash.log.module", + "logstash.log.message", + "source" + ], + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "panelIndex": 4, + "row": 4, + "size_x": 12, + "size_y": 10, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "Logstash Logs [Filebeat Logstash]", + "uiStateJSON": {}, + "version": 1 + }, + "id": "Filebeat-Logstash-Log-Dashboard", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0" +} \ No newline at end of file diff --git a/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-slowlog.json b/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-slowlog.json index 36926c8e102c..c1caa3422c6e 100644 --- a/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-slowlog.json +++ b/filebeat/module/logstash/_meta/kibana/6/dashboard/Filebeat-logstash-slowlog.json @@ -1,121 +1,550 @@ { - "objects": [ - { - "attributes": { - "columns": [ - "logstash.slowlog.level", - "logstash.slowlog.plugin_type", - "logstash.slowlog.plugin_name", - "logstash.slowlog.message", - "logstash.slowlog.plugin_params", - "logstash.slowlog.execution_time_ns" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"logstash\",\"params\":{\"query\":\"logstash\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"logstash\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"slowlog\",\"params\":{\"query\":\"slowlog\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"slowlog\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" - }, - "sort": [ - "logstash.slowlog.level", - "asc" - ], - "title": "Slow logs [Filebeat Logstash]", - "version": 1 - }, - "id": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", - "title": "Logs Severity [Filebeat Logstash]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Logs Severity [Filebeat Logstash]\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"logstash.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", - "title": "logs over time [Filebeat Logstash]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"logs over time [Filebeat Logstash]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"logstash.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" - }, - "savedSearchId": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6", - "title": "Slowest plugins [Filebeat Logstash]", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}", - "version": 1, - "visState": "{\"title\":\"Slowest plugins [Filebeat Logstash]\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"6\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash.slowlog.took_in_millis\",\"customLabel\":\"Average\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash.slowlog.took_in_millis\",\"customLabel\":\"Min\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"logstash.slowlog.plugin_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"5\",\"customLabel\":\"Plugin Name\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash.slowlog.took_in_millis\",\"customLabel\":\"Max\"}},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"logstash.slowlog.plugin_type\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"5\",\"customLabel\":\"Plugin Type\"}}]}" - }, - "id": "b3315630-cbdf-11e7-9852-73e0a9df1bb6", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "logstash.log.level", - "logstash.log.module", - "logstash.log.message", - "source" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"fileset.module\",\"negate\":false,\"params\":{\"query\":\"logstash\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"logstash\"},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"logstash\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"fileset.name\",\"negate\":false,\"params\":{\"query\":\"log\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"log\"},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"log\",\"type\":\"phrase\"}}}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "logs [Filebeat Logstash]", - "version": 1 - }, - "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"columns\":[\"logstash.slowlog.level\",\"logstash.slowlog.plugin_type\",\"logstash.slowlog.plugin_name\",\"logstash.slowlog.message\",\"logstash.slowlog.plugin_params\",\"logstash.slowlog.execution_time_ns\"],\"id\":\"742e45d0-cbdd-11e7-9852-73e0a9df1bb6\",\"panelIndex\":1,\"row\":7,\"size_x\":12,\"size_y\":9,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":7,\"id\":\"0b1dace0-cbdb-11e7-9852-73e0a9df1bb6\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"e90b7240-cbda-11e7-9852-73e0a9df1bb6\",\"panelIndex\":3,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"b3315630-cbdf-11e7-9852-73e0a9df1bb6\",\"col\":1,\"row\":4}]", - "timeRestore": false, - "title": "Slowlogs [Filebeat Logstash]", - "uiStateJSON": "{\"P-4\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}}", - "version": 1 - }, - "id": "Filebeat-Logstash-Slowlog-Dashboard", - "type": "dashboard", - "version": 1 - } - ], - "version": "6.0.0" -} + "objects": [ + { + "attributes": { + "columns": [ + "logstash.slowlog.level", + "logstash.slowlog.plugin_type", + "logstash.slowlog.plugin_name", + "logstash.slowlog.message", + "logstash.slowlog.plugin_params", + "logstash.slowlog.execution_time_ns" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "logstash", + "type": "phrase" + }, + "type": "phrase", + "value": "logstash" + }, + "query": { + "match": { + "fileset.module": { + "query": "logstash", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "slowlog", + "type": "phrase" + }, + "type": "phrase", + "value": "slowlog" + }, + "query": { + "match": { + "fileset.name": { + "query": "slowlog", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "logstash.slowlog.level", + "asc" + ], + "title": "Slow logs [Filebeat Logstash]", + "version": 1 + }, + "id": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "title": "Logs Severity [Filebeat Logstash]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "logstash.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right", + "type": "pie" + }, + "title": "Logs Severity [Filebeat Logstash]", + "type": "pie" + } + }, + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "title": "logs over time [Filebeat Logstash]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "logstash.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "logs over time [Filebeat Logstash]", + "type": "histogram" + } + }, + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6", + "title": "Slowest plugins [Filebeat Logstash]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Average", + "field": "logstash.slowlog.took_in_millis" + }, + "schema": "metric", + "type": "avg" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Min", + "field": "logstash.slowlog.took_in_millis" + }, + "schema": "metric", + "type": "min" + }, + { + "enabled": true, + "id": "8", + "params": { + "customLabel": "Plugin Name", + "field": "logstash.slowlog.plugin_name", + "order": "desc", + "orderBy": "5", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Max", + "field": "logstash.slowlog.took_in_millis" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "9", + "params": { + "customLabel": "Plugin Type", + "field": "logstash.slowlog.plugin_type", + "order": "desc", + "orderBy": "5", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Slowest plugins [Filebeat Logstash]", + "type": "table" + } + }, + "id": "b3315630-cbdf-11e7-9852-73e0a9df1bb6", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "logstash.log.level", + "logstash.log.module", + "logstash.log.message", + "source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "logstash", + "type": "phrase" + }, + "type": "phrase", + "value": "logstash" + }, + "query": { + "match": { + "fileset.module": { + "query": "logstash", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "logs [Filebeat Logstash]", + "version": 1 + }, + "id": "cfaba090-cbda-11e7-9852-73e0a9df1bb6", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "columns": [ + "logstash.slowlog.level", + "logstash.slowlog.plugin_type", + "logstash.slowlog.plugin_name", + "logstash.slowlog.message", + "logstash.slowlog.plugin_params", + "logstash.slowlog.execution_time_ns" + ], + "id": "742e45d0-cbdd-11e7-9852-73e0a9df1bb6", + "panelIndex": 1, + "row": 7, + "size_x": 12, + "size_y": 9, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 7, + "id": "0b1dace0-cbdb-11e7-9852-73e0a9df1bb6", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "e90b7240-cbda-11e7-9852-73e0a9df1bb6", + "panelIndex": 3, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "b3315630-cbdf-11e7-9852-73e0a9df1bb6", + "panelIndex": 4, + "row": 4, + "size_x": 12, + "size_y": 3, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "Slowlogs [Filebeat Logstash]", + "uiStateJSON": { + "P-4": { + "vis": { + "params": { + "sort": { + "columnIndex": 3, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "Filebeat-Logstash-Slowlog-Dashboard", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0" +} \ No newline at end of file diff --git a/filebeat/module/mongodb/_meta/kibana/6/dashboard/Filebeat-Mongodb-overview.json b/filebeat/module/mongodb/_meta/kibana/6/dashboard/Filebeat-Mongodb-overview.json index ee919ab0e913..418d8576d5d1 100644 --- a/filebeat/module/mongodb/_meta/kibana/6/dashboard/Filebeat-Mongodb-overview.json +++ b/filebeat/module/mongodb/_meta/kibana/6/dashboard/Filebeat-Mongodb-overview.json @@ -1,89 +1,205 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" - }, - "savedSearchId": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94", - "title": "Logs Severity [Filebeat MongoDB]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Log severity\",\"field\":\"mongodb.log.severity\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"Logs Severity [Filebeat MongoDB]\",\"type\":\"pie\"}" - }, - "id": "0fef5710-0a82-11e8-bffe-ff7d4f68cf94", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "columns": [ - "mongodb.log.timestamp", - "mongodb.log.severity", - "mongodb.log.component", - "mongodb.log.context", - "mongodb.log.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"mongodb.log.severity: F or mongodb.log.severity: W\"},\"filter\":[]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Error logs [Filebeat MongoDB]", - "version": 1 - }, - "id": "e49fe000-0a7e-11e8-bffe-ff7d4f68cf94", - "type": "search", - "version": 3 - }, - { - "attributes": { - "columns": [ - "mongodb.log.timestamp", - "mongodb.log.severity", - "mongodb.log.component", - "mongodb.log.context", - "mongodb.log.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"mongodb.log.severity: *\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "sort": [ - "mongodb.log.timestamp", - "asc" - ], - "title": "All logs [Filebeat MongoDB]", - "version": 1 - }, - "id": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Filebeat MongoDB module overview", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"size_x\":4,\"size_y\":3,\"panelIndex\":1,\"type\":\"visualization\",\"id\":\"0fef5710-0a82-11e8-bffe-ff7d4f68cf94\",\"col\":1,\"row\":1},{\"size_x\":8,\"size_y\":3,\"panelIndex\":2,\"type\":\"search\",\"id\":\"e49fe000-0a7e-11e8-bffe-ff7d4f68cf94\",\"col\":5,\"row\":1,\"columns\":[\"mongodb.log.timestamp\",\"mongodb.log.severity\",\"mongodb.log.component\",\"mongodb.log.context\",\"mongodb.log.message\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"size_x\":12,\"size_y\":6,\"panelIndex\":3,\"type\":\"search\",\"id\":\"bfc96a60-0a80-11e8-bffe-ff7d4f68cf94\",\"col\":1,\"row\":4,\"columns\":[\"mongodb.log.timestamp\",\"mongodb.log.severity\",\"mongodb.log.component\",\"mongodb.log.context\",\"mongodb.log.message\"],\"sort\":[\"mongodb.log.timestamp\",\"asc\"]}]", - "timeRestore": false, - "title": "Overview [Filebeat MongoDB]", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "abcf35b0-0a82-11e8-bffe-ff7d4f68cf94", - "type": "dashboard", - "version": 2 - } - ], - "version": "6.0.0" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94", + "title": "Logs Severity [Filebeat MongoDB]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log severity", + "field": "mongodb.log.severity", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "right", + "type": "pie" + }, + "title": "Logs Severity [Filebeat MongoDB]", + "type": "pie" + } + }, + "id": "0fef5710-0a82-11e8-bffe-ff7d4f68cf94", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "columns": [ + "mongodb.log.timestamp", + "mongodb.log.severity", + "mongodb.log.component", + "mongodb.log.context", + "mongodb.log.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "mongodb.log.severity: F or mongodb.log.severity: W" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Error logs [Filebeat MongoDB]", + "version": 1 + }, + "id": "e49fe000-0a7e-11e8-bffe-ff7d4f68cf94", + "type": "search", + "version": 3 + }, + { + "attributes": { + "columns": [ + "mongodb.log.timestamp", + "mongodb.log.severity", + "mongodb.log.component", + "mongodb.log.context", + "mongodb.log.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "mongodb.log.severity: *" + }, + "version": true + } + }, + "sort": [ + "mongodb.log.timestamp", + "asc" + ], + "title": "All logs [Filebeat MongoDB]", + "version": 1 + }, + "id": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Filebeat MongoDB module overview", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "0fef5710-0a82-11e8-bffe-ff7d4f68cf94", + "panelIndex": 1, + "row": 1, + "size_x": 4, + "size_y": 3, + "type": "visualization" + }, + { + "col": 5, + "columns": [ + "mongodb.log.timestamp", + "mongodb.log.severity", + "mongodb.log.component", + "mongodb.log.context", + "mongodb.log.message" + ], + "id": "e49fe000-0a7e-11e8-bffe-ff7d4f68cf94", + "panelIndex": 2, + "row": 1, + "size_x": 8, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "columns": [ + "mongodb.log.timestamp", + "mongodb.log.severity", + "mongodb.log.component", + "mongodb.log.context", + "mongodb.log.message" + ], + "id": "bfc96a60-0a80-11e8-bffe-ff7d4f68cf94", + "panelIndex": 3, + "row": 4, + "size_x": 12, + "size_y": 6, + "sort": [ + "mongodb.log.timestamp", + "asc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "Overview [Filebeat MongoDB]", + "uiStateJSON": {}, + "version": 1 + }, + "id": "abcf35b0-0a82-11e8-bffe-ff7d4f68cf94", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0" +} \ No newline at end of file diff --git a/filebeat/module/mysql/_meta/kibana/6/dashboard/Filebeat-mysql.json b/filebeat/module/mysql/_meta/kibana/6/dashboard/Filebeat-mysql.json index 1f4541a84d84..fe4ce23a6045 100644 --- a/filebeat/module/mysql/_meta/kibana/6/dashboard/Filebeat-mysql.json +++ b/filebeat/module/mysql/_meta/kibana/6/dashboard/Filebeat-mysql.json @@ -1,146 +1,747 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "Filebeat-MySQL-Slow-log", - "title": "Top slowest queries [Filebeat MySQL]", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "visState": "{\"title\":\"Top slowest queries [Filebeat MySQL]\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mysql.slowlog.query_time.sec\",\"customLabel\":\"Query time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.slowlog.query\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.slowlog.user\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}" - }, - "id": "MySQL-slowest-queries", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "Filebeat-MySQL-Slow-log", - "title": "Slow queries over time [Filebeat MySQL]", - "uiStateJSON": "{\"vis\":{\"colors\":{\"Slow queries\":\"#EF843C\"}}}", - "version": 1, - "visState": "{\"title\":\"Slow queries over time [Filebeat MySQL]\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Slow queries\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Slow queries\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Slow queries\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}]}" - }, - "id": "MySQL-Slow-queries-over-time", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "Filebeat-MySQL-error-log", - "title": "Error logs over time [Filebeat MySQL]", - "uiStateJSON": "{\"vis\":{\"colors\":{\"Count\":\"#447EBC\",\"Error logs\":\"#1F78C1\"}}}", - "version": 1, - "visState": "{\"title\":\"Error logs over time [Filebeat MySQL]\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{},\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Error logs\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Error logs\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Error logs\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}]}" - }, - "id": "MySQL-error-logs", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "mysql.error.level", - "mysql.error.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"mysql\",\"params\":{\"query\":\"mysql\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"mysql\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"error\",\"params\":{\"query\":\"error\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"error\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"highlightAll\":true,\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Error logs [Filebeat MySQL]", - "version": 1 - }, - "id": "Filebeat-MySQL-error-log", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "Filebeat-MySQL-error-log", - "title": "Error logs levels breakdown [Filebeat MySQL]", - "uiStateJSON": "{\"vis\":{\"colors\":{\"Note\":\"#9AC48A\",\"Warning\":\"#F9934E\",\"ERROR\":\"#E24D42\"}}}", - "version": 1, - "visState": "{\"title\":\"Error logs levels breakdown [Filebeat MySQL]\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.error.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "MySQL-Error-logs-levels", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "Filebeat-MySQL-Slow-log", - "title": "Slow logs breakdown [Filebeat MySQL]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Slow logs breakdown [Filebeat MySQL]\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.slowlog.query\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "MySQL-Slow-logs-by-count", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "_source" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"mysql\",\"params\":{\"query\":\"mysql\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"mysql\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"slowlog\",\"params\":{\"query\":\"slowlog\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"slowlog\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"highlightAll\":true,\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Slow logs [Filebeat MySQL]", - "version": 1 - }, - "id": "Filebeat-MySQL-Slow-log", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "Overview dashboard for the Filebeat MySQL module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"MySQL-slowest-queries\",\"panelIndex\":1,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MySQL-Slow-queries-over-time\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"MySQL-error-logs\",\"panelIndex\":3,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"columns\":[\"mysql.error.level\",\"mysql.error.message\"],\"id\":\"Filebeat-MySQL-error-log\",\"panelIndex\":4,\"row\":8,\"size_x\":6,\"size_y\":5,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":7,\"id\":\"MySQL-Error-logs-levels\",\"panelIndex\":5,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"MySQL-Slow-logs-by-count\",\"panelIndex\":6,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", - "timeRestore": false, - "title": "[Filebeat MySQL] Overview", - "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", - "version": 1 - }, - "id": "Filebeat-MySQL-Dashboard", - "type": "dashboard", - "version": 2 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-MySQL-Slow-log", + "title": "Top slowest queries [Filebeat MySQL]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Query time", + "field": "mysql.slowlog.query_time.sec" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Query", + "field": "mysql.slowlog.query", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "mysql.slowlog.user", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top slowest queries [Filebeat MySQL]", + "type": "table" + } + }, + "id": "MySQL-slowest-queries", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-MySQL-Slow-log", + "title": "Slow queries over time [Filebeat MySQL]", + "uiStateJSON": { + "vis": { + "colors": { + "Slow queries": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Slow queries" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Slow queries" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Slow queries" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Slow queries over time [Filebeat MySQL]", + "type": "histogram" + } + }, + "id": "MySQL-Slow-queries-over-time", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-MySQL-error-log", + "title": "Error logs over time [Filebeat MySQL]", + "uiStateJSON": { + "vis": { + "colors": { + "Count": "#447EBC", + "Error logs": "#1F78C1" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Error logs" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 30 seconds" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Error logs" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Error logs" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Error logs over time [Filebeat MySQL]", + "type": "histogram" + } + }, + "id": "MySQL-error-logs", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "mysql.error.level", + "mysql.error.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "mysql", + "type": "phrase" + }, + "type": "phrase", + "value": "mysql" + }, + "query": { + "match": { + "fileset.module": { + "query": "mysql", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "error", + "type": "phrase" + }, + "type": "phrase", + "value": "error" + }, + "query": { + "match": { + "fileset.name": { + "query": "error", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Error logs [Filebeat MySQL]", + "version": 1 + }, + "id": "Filebeat-MySQL-error-log", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-MySQL-error-log", + "title": "Error logs levels breakdown [Filebeat MySQL]", + "uiStateJSON": { + "vis": { + "colors": { + "ERROR": "#E24D42", + "Note": "#9AC48A", + "Warning": "#F9934E" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "mysql.error.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "bottom", + "shareYAxis": true, + "type": "pie" + }, + "title": "Error logs levels breakdown [Filebeat MySQL]", + "type": "pie" + } + }, + "id": "MySQL-Error-logs-levels", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-MySQL-Slow-log", + "title": "Slow logs breakdown [Filebeat MySQL]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "mysql.slowlog.query", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "bottom", + "shareYAxis": true, + "type": "pie" + }, + "title": "Slow logs breakdown [Filebeat MySQL]", + "type": "pie" + } + }, + "id": "MySQL-Slow-logs-by-count", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "mysql", + "type": "phrase" + }, + "type": "phrase", + "value": "mysql" + }, + "query": { + "match": { + "fileset.module": { + "query": "mysql", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "slowlog", + "type": "phrase" + }, + "type": "phrase", + "value": "slowlog" + }, + "query": { + "match": { + "fileset.name": { + "query": "slowlog", + "type": "phrase" + } + } + } + } + ], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Slow logs [Filebeat MySQL]", + "version": 1 + }, + "id": "Filebeat-MySQL-Slow-log", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "Overview dashboard for the Filebeat MySQL module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "MySQL-slowest-queries", + "panelIndex": 1, + "row": 8, + "size_x": 6, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "MySQL-Slow-queries-over-time", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "MySQL-error-logs", + "panelIndex": 3, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "columns": [ + "mysql.error.level", + "mysql.error.message" + ], + "id": "Filebeat-MySQL-error-log", + "panelIndex": 4, + "row": 8, + "size_x": 6, + "size_y": 5, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 7, + "id": "MySQL-Error-logs-levels", + "panelIndex": 5, + "row": 4, + "size_x": 6, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "MySQL-Slow-logs-by-count", + "panelIndex": 6, + "row": 4, + "size_x": 6, + "size_y": 4, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat MySQL] Overview", + "uiStateJSON": { + "P-1": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "Filebeat-MySQL-Dashboard", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-logs.json b/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-logs.json index 2cc876759fe0..2a02ddd3284f 100644 --- a/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-logs.json +++ b/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-logs.json @@ -1,99 +1,284 @@ { - "objects": [ - { - "attributes": { - "columns": [ - "nginx.error.level", - "nginx.error.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"language\":\"lucene\",\"query\":\"_exists_:nginx AND _exists_:nginx.error.message\"},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"highlightAll\":true,\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Nginx error logs [Filebeat Nginx]", - "version": 1 - }, - "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519", - "type": "search", - "version": 1 - }, - { - "attributes": { - "columns": [ - "nginx.access.url", - "nginx.access.method", - "nginx.access.response_code", - "nginx.access.body_sent.bytes" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"language\":\"lucene\",\"query\":\"_exists_:nginx AND _exists_:nginx.access.url\"},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"highlightAll\":true,\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Nginx access logs [Filebeat Nginx]", - "version": 1 - }, - "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519", - "type": "search", - "version": 4 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Access logs over time [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Access logs over time [Filebeat Nginx]\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"nginx.access.url\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"1db649a0-a1f3-11e7-a062-a1c3587f4874\"}],\"label\":\"Access logs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"filebeat-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"background_color_rules\":[{\"id\":\"3189aa80-a1f3-11e7-a062-a1c3587f4874\"}],\"annotations\":[{\"id\":\"970b1420-a1f3-11e7-a062-a1c3587f4874\",\"color\":\"#F00\",\"index_pattern\":\"filebeat-*\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":1,\"ignore_panel_filters\":1}],\"filter\":\"fileset.module:nginx AND fileset.name:access\",\"legend_position\":\"bottom\"},\"aggs\":[]}" - }, - "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Dashboards [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Dashboards [Filebeat Nginx]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)\"},\"aggs\":[]}" - }, - "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "Dashboard for the Filebeat Nginx module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"columns\":[\"nginx.error.level\",\"nginx.error.message\"],\"id\":\"9eb25600-a1f0-11e7-928f-5dbe6f6f5519\",\"panelIndex\":11,\"row\":5,\"size_x\":12,\"size_y\":3,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"columns\":[\"nginx.access.url\",\"nginx.access.method\",\"nginx.access.response_code\",\"nginx.access.body_sent.bytes\"],\"id\":\"6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519\",\"panelIndex\":16,\"row\":8,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519\",\"panelIndex\":18,\"row\":2,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":1,\"panelIndex\":19,\"type\":\"visualization\",\"id\":\"97109780-a2a5-11e7-928f-5dbe6f6f5519\",\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat Nginx] Access and error logs", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "046212a0-a2a1-11e7-928f-5dbe6f6f5519", - "type": "dashboard", - "version": 2 - } - ], - "version": "6.0.0-beta2" -} + "objects": [ + { + "attributes": { + "columns": [ + "nginx.error.level", + "nginx.error.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "_exists_:nginx AND _exists_:nginx.error.message" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Nginx error logs [Filebeat Nginx]", + "version": 1 + }, + "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519", + "type": "search", + "version": 1 + }, + { + "attributes": { + "columns": [ + "nginx.access.url", + "nginx.access.method", + "nginx.access.response_code", + "nginx.access.body_sent.bytes" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "_exists_:nginx AND _exists_:nginx.access.url" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Nginx access logs [Filebeat Nginx]", + "version": 1 + }, + "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519", + "type": "search", + "version": 4 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Access logs over time [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "annotations": [ + { + "color": "#F00", + "icon": "fa-tag", + "id": "970b1420-a1f3-11e7-a062-a1c3587f4874", + "ignore_global_filters": 1, + "ignore_panel_filters": 1, + "index_pattern": "filebeat-*", + "time_field": "@timestamp" + } + ], + "axis_formatter": "number", + "axis_position": "left", + "background_color_rules": [ + { + "id": "3189aa80-a1f3-11e7-a062-a1c3587f4874" + } + ], + "filter": "fileset.module:nginx AND fileset.name:access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Access logs", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "#68BC00", + "id": "1db649a0-a1f3-11e7-a062-a1c3587f4874" + } + ], + "split_mode": "everything", + "stacked": "none", + "terms_field": "nginx.access.url", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Access logs over time [Filebeat Nginx]", + "type": "metrics" + } + }, + "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)" + }, + "title": "Dashboards [Filebeat Nginx]", + "type": "markdown" + } + }, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "Dashboard for the Filebeat Nginx module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "columns": [ + "nginx.error.level", + "nginx.error.message" + ], + "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519", + "panelIndex": 11, + "row": 5, + "size_x": 12, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "columns": [ + "nginx.access.url", + "nginx.access.method", + "nginx.access.response_code", + "nginx.access.body_sent.bytes" + ], + "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519", + "panelIndex": 16, + "row": 8, + "size_x": 12, + "size_y": 7, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519", + "panelIndex": 18, + "row": 2, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519", + "panelIndex": 19, + "row": 1, + "size_x": 12, + "size_y": 1, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Nginx] Access and error logs", + "uiStateJSON": {}, + "version": 1 + }, + "id": "046212a0-a2a1-11e7-928f-5dbe6f6f5519", + "type": "dashboard", + "version": 2 + } + ], + "version": "6.0.0-beta2" +} \ No newline at end of file diff --git a/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-overview.json b/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-overview.json index 042836fb6394..a0a1411a3fab 100644 --- a/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-overview.json +++ b/filebeat/module/nginx/_meta/kibana/6/dashboard/Filebeat-nginx-overview.json @@ -1,169 +1,691 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Browsers breakdown [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Nginx Access Browsers\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"nginx.access.user_agent.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"nginx.access.user_agent.major\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Nginx-Access-Browsers", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Operating systems breakdown [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Nginx Access OSes\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"nginx.access.user_agent.os_name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"nginx.access.user_agent.os_major\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Nginx-Access-OSes", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Filebeat-Nginx-module", - "title": "Access Map [Filebeat Nginx]", - "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"autoPrecision\": true,\n \"field\": \"nginx.access.geoip.location\"\n },\n \"schema\": \"segment\",\n \"type\": \"geohash_grid\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addTooltip\": true,\n \"heatBlur\": 15,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatNormalizeData\": true,\n \"heatRadius\": 25,\n \"isDesaturated\": true,\n \"legendPosition\": \"bottomright\",\n \"mapCenter\": [\n 15,\n 5\n ],\n \"mapType\": \"Scaled Circle Markers\",\n \"mapZoom\": 2,\n \"wms\": {\n \"enabled\": false,\n \"options\": {\n \"attribution\": \"Maps provided by USGS\",\n \"format\": \"image/png\",\n \"layers\": \"0\",\n \"styles\": \"\",\n \"transparent\": true,\n \"version\": \"1.3.0\"\n },\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"\n }\n },\n \"title\": \"Nginx Access Map\",\n \"type\": \"tile_map\"\n}" - }, - "id": "Nginx-Access-Map", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Response codes over time [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Response codes over time [Filebeat Nginx]\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"filters\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"stacked\",\"terms_field\":\"nginx.access.response_code\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"split_filters\":[{\"filter\":\"nginx.access.response_code:[200 TO 299]\",\"label\":\"200s\",\"color\":\"#68BC00\",\"id\":\"5acdc750-a29d-11e7-a062-a1c3587f4874\"},{\"filter\":\"nginx.access.response_code:[300 TO 399]\",\"label\":\"300s\",\"color\":\"rgba(252,196,0,1)\",\"id\":\"6efd2ae0-a29d-11e7-a062-a1c3587f4874\"},{\"filter\":\"nginx.access.response_code:[400 TO 499]\",\"label\":\"400s\",\"color\":\"rgba(211,49,21,1)\",\"id\":\"76089a90-a29d-11e7-a062-a1c3587f4874\"},{\"filter\":\"nginx.access.response_code:[500 TO 599]\",\"label\":\"500s\",\"color\":\"rgba(171,20,158,1)\",\"id\":\"7c7929d0-a29d-11e7-a062-a1c3587f4874\"}]}],\"time_field\":\"@timestamp\",\"index_pattern\":\"filebeat-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"legend_position\":\"bottom\",\"filter\":\"fileset.module:nginx AND fileset.name:access\"},\"aggs\":[]}" - }, - "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 7 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Top pages [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Top pages [Filebeat Nginx]\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"top_n\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"nginx.access.url\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"value_template\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"filebeat-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"6252c320-a1f5-11e7-92ba-5d0b8663aece\"}],\"filter\":\"fileset.module:nginx AND fileset.name:access\"},\"aggs\":[]}" - }, - "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Errors over time [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Errors over time [Filebeat Nginx]\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(211,49,21,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"nginx.error.level\",\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"filebeat-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"filter\":\"fileset.module:nginx AND fileset.name:error\",\"legend_position\":\"bottom\"},\"aggs\":[]}" - }, - "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 5 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Data Volume [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Data Volume [Filebeat Nginx]\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"nginx.access.body_sent.bytes\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_filters\":[{\"filter\":\"nginx.access.response_code:[200 TO 299]\",\"label\":\"200s\",\"color\":\"#68BC00\",\"id\":\"7c343c20-a29e-11e7-a062-a1c3587f4874\"}],\"label\":\"\",\"terms_field\":null}],\"time_field\":\"@timestamp\",\"index_pattern\":\"filebeat-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"filter\":\"fileset.module: nginx AND fileset.name: access\",\"legend_position\":\"bottom\"},\"aggs\":[]}" - }, - "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Dashboards [Filebeat Nginx]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Dashboards [Filebeat Nginx]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)\"},\"aggs\":[]}" - }, - "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "nginx.access.url", - "nginx.access.method", - "nginx.access.response_code", - "nginx.access.referrer", - "nginx.access.body_sent.bytes" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"_exists_:nginx\"}}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"highlightAll\":true,\"version\":true}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Nginx logs [Filebeat Nginx]", - "version": 1 - }, - "id": "Filebeat-Nginx-module", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Dashboard for the Filebeat Nginx module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":10,\"id\":\"Nginx-Access-Browsers\",\"panelIndex\":3,\"row\":12,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Nginx-Access-OSes\",\"panelIndex\":4,\"row\":12,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Nginx-Access-Map\",\"panelIndex\":8,\"row\":2,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"b70b1b20-a1f4-11e7-928f-5dbe6f6f5519\",\"panelIndex\":13,\"row\":6,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"9184fa00-a1f5-11e7-928f-5dbe6f6f5519\",\"panelIndex\":14,\"row\":9,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"46322e50-a1f6-11e7-928f-5dbe6f6f5519\",\"panelIndex\":15,\"row\":9,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"0dd6f320-a29f-11e7-928f-5dbe6f6f5519\",\"panelIndex\":16,\"row\":12,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":1,\"panelIndex\":17,\"type\":\"visualization\",\"id\":\"97109780-a2a5-11e7-928f-5dbe6f6f5519\",\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat Nginx] Overview", - "uiStateJSON": "{\"P-4\":{\"vis\":{\"legendOpen\":true}},\"P-8\":{\"mapBounds\":{\"bottom_right\":{\"lat\":-7.362466865535738,\"lon\":245.39062500000003},\"top_left\":{\"lat\":77.07878389624943,\"lon\":-245.74218750000003}},\"mapCenter\":[50.51342652633956,-0.17578125],\"mapCollar\":{\"top_left\":{\"lat\":90,\"lon\":-180},\"bottom_right\":{\"lat\":-49.583095,\"lon\":180},\"zoom\":2},\"mapZoom\":2}}", - "version": 1 - }, - "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519", - "type": "dashboard", - "version": 6 - } - ], - "version": "6.0.0-beta2" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Browsers breakdown [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nginx.access.user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nginx.access.user_agent.major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Nginx Access Browsers", + "type": "pie" + } + }, + "id": "Nginx-Access-Browsers", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Operating systems breakdown [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nginx.access.user_agent.os_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nginx.access.user_agent.os_major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Nginx Access OSes", + "type": "pie" + } + }, + "id": "Nginx-Access-OSes", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-Nginx-module", + "title": "Access Map [Filebeat Nginx]", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "nginx.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Nginx Access Map", + "type": "tile_map" + } + }, + "id": "Nginx-Access-Map", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Response codes over time [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "fileset.module:nginx AND fileset.name:access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "#68BC00", + "filter": "nginx.access.response_code:[200 TO 299]", + "id": "5acdc750-a29d-11e7-a062-a1c3587f4874", + "label": "200s" + }, + { + "color": "rgba(252,196,0,1)", + "filter": "nginx.access.response_code:[300 TO 399]", + "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874", + "label": "300s" + }, + { + "color": "rgba(211,49,21,1)", + "filter": "nginx.access.response_code:[400 TO 499]", + "id": "76089a90-a29d-11e7-a062-a1c3587f4874", + "label": "400s" + }, + { + "color": "rgba(171,20,158,1)", + "filter": "nginx.access.response_code:[500 TO 599]", + "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874", + "label": "500s" + } + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "nginx.access.response_code", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Response codes over time [Filebeat Nginx]", + "type": "metrics" + } + }, + "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 7 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Top pages [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "bar_color_rules": [ + { + "id": "6252c320-a1f5-11e7-92ba-5d0b8663aece" + } + ], + "filter": "fileset.module:nginx AND fileset.name:access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nginx.access.url", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "value_template": "" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "top_n" + }, + "title": "Top pages [Filebeat Nginx]", + "type": "metrics" + } + }, + "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Errors over time [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "fileset.module:nginx AND fileset.name:error", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nginx.error.level", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Errors over time [Filebeat Nginx]", + "type": "metrics" + } + }, + "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 5 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Data Volume [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_position": "left", + "filter": "fileset.module: nginx AND fileset.name: access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "nginx.access.body_sent.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "sum" + } + ], + "point_size": 1, + "seperate_axis": 0, + "split_filters": [ + { + "color": "#68BC00", + "filter": "nginx.access.response_code:[200 TO 299]", + "id": "7c343c20-a29e-11e7-a062-a1c3587f4874", + "label": "200s" + } + ], + "split_mode": "everything", + "stacked": "none", + "terms_field": null + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "type": "timeseries" + }, + "title": "Data Volume [Filebeat Nginx]", + "type": "metrics" + } + }, + "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Filebeat Nginx]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)" + }, + "title": "Dashboards [Filebeat Nginx]", + "type": "markdown" + } + }, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "nginx.access.url", + "nginx.access.method", + "nginx.access.response_code", + "nginx.access.referrer", + "nginx.access.body_sent.bytes" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:nginx" + } + } + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Nginx logs [Filebeat Nginx]", + "version": 1 + }, + "id": "Filebeat-Nginx-module", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Dashboard for the Filebeat Nginx module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 10, + "id": "Nginx-Access-Browsers", + "panelIndex": 3, + "row": 12, + "size_x": 3, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "Nginx-Access-OSes", + "panelIndex": 4, + "row": 12, + "size_x": 3, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "Nginx-Access-Map", + "panelIndex": 8, + "row": 2, + "size_x": 12, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519", + "panelIndex": 13, + "row": 6, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519", + "panelIndex": 14, + "row": 9, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519", + "panelIndex": 15, + "row": 9, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519", + "panelIndex": 16, + "row": 12, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519", + "panelIndex": 17, + "row": 1, + "size_x": 12, + "size_y": 1, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Nginx] Overview", + "uiStateJSON": { + "P-4": { + "vis": { + "legendOpen": true + } + }, + "P-8": { + "mapBounds": { + "bottom_right": { + "lat": -7.362466865535738, + "lon": 245.39062500000003 + }, + "top_left": { + "lat": 77.07878389624943, + "lon": -245.74218750000003 + } + }, + "mapCenter": [ + 50.51342652633956, + -0.17578125 + ], + "mapCollar": { + "bottom_right": { + "lat": -49.583095, + "lon": 180 + }, + "top_left": { + "lat": 90, + "lon": -180 + }, + "zoom": 2 + }, + "mapZoom": 2 + } + }, + "version": 1 + }, + "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519", + "type": "dashboard", + "version": 6 + } + ], + "version": "6.0.0-beta2" +} \ No newline at end of file diff --git a/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-access-remote-ip-count-explorer.json b/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-access-remote-ip-count-explorer.json index f9b270a0e4df..6130fdb2492f 100644 --- a/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-access-remote-ip-count-explorer.json +++ b/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-access-remote-ip-count-explorer.json @@ -1,124 +1,553 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Remote IP Timechart [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"legendOpen\": false\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Remote IP Timechart\",\n \"type\": \"area\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"position\": \"bottom\",\n \"scale\": {\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"@timestamp per 5 minutes\"\n },\n \"type\": \"category\"\n }\n ],\n \"defaultYExtents\": false,\n \"drawLinesBetweenPoints\": true,\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"interpolate\": \"linear\",\n \"legendPosition\": \"right\",\n \"radiusRatio\": 9,\n \"scale\": \"linear\",\n \"seriesParams\": [\n {\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Count\"\n },\n \"drawLinesBetweenPoints\": true,\n \"interpolate\": \"linear\",\n \"mode\": \"stacked\",\n \"show\": \"true\",\n \"showCircles\": true,\n \"type\": \"area\",\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"setYExtents\": false,\n \"showCircles\": true,\n \"times\": [],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"labels\": {\n \"filter\": false,\n \"rotate\": 0,\n \"show\": true,\n \"truncate\": 100\n },\n \"name\": \"LeftAxis-1\",\n \"position\": \"left\",\n \"scale\": {\n \"mode\": \"normal\",\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {},\n \"type\": \"value\"\n }\n ]\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"nginx.access.remote_ip\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Remote-IP-Timechart", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Response Code Timechart [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Response Code Timechart\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"nginx.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Response-Code-Timechart", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Top Remote IPs [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Top Remote IPs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"nginx.access.remote_ip\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Top-Remote-IPs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Access Map [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"autoPrecision\": true,\n \"field\": \"nginx.access.geoip.location\"\n },\n \"schema\": \"segment\",\n \"type\": \"geohash_grid\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addTooltip\": true,\n \"heatBlur\": 15,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatNormalizeData\": true,\n \"heatRadius\": 25,\n \"isDesaturated\": true,\n \"legendPosition\": \"bottomright\",\n \"mapCenter\": [\n 15,\n 5\n ],\n \"mapType\": \"Scaled Circle Markers\",\n \"mapZoom\": 2,\n \"wms\": {\n \"enabled\": false,\n \"options\": {\n \"attribution\": \"Maps provided by USGS\",\n \"format\": \"image/png\",\n \"layers\": \"0\",\n \"styles\": \"\",\n \"transparent\": true,\n \"version\": \"1.3.0\"\n },\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"\n }\n },\n \"title\": \"ML Nginx Access Map\",\n \"type\": \"tile_map\"\n}" - }, - "id": "ML-Nginx-Access-Map", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Top URLs [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Top URLs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 100,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"nginx.access.url\",\n \"size\": 1000,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Top-URLs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "columns": [ - "_source" - ], - "description": "Filebeat Nginx Access Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:nginx.access\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "ML Access Data [Filebeat Nginx]", - "version": 1 - }, - "id": "ML-Filebeat-Nginx-Access", - "type": "search", - "version": 3 - }, - { - "attributes": { - "description": "Machine learning dashboard, for the Filebeat Nginx module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ],\n \"highlightAll\": true,\n \"version\": true\n}" - }, - "optionsJSON": "{\n \"darkTheme\": false\n}", - "panelsJSON": "[\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 1,\n \"type\": \"visualization\",\n \"id\": \"ML-Nginx-Access-Remote-IP-Timechart\",\n \"col\": 1,\n \"row\": 1\n },\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 2,\n \"type\": \"visualization\",\n \"id\": \"ML-Nginx-Access-Response-Code-Timechart\",\n \"col\": 7,\n \"row\": 1\n },\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 3,\n \"type\": \"visualization\",\n \"id\": \"ML-Nginx-Access-Top-Remote-IPs-Table\",\n \"col\": 1,\n \"row\": 4\n },\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 4,\n \"type\": \"visualization\",\n \"id\": \"ML-Nginx-Access-Map\",\n \"col\": 7,\n \"row\": 4\n },\n {\n \"size_x\": 12,\n \"size_y\": 9,\n \"panelIndex\": 5,\n \"type\": \"visualization\",\n \"id\": \"ML-Nginx-Access-Top-URLs-Table\",\n \"col\": 1,\n \"row\": 7\n }\n]", - "timeRestore": false, - "title": "[Filebeat Nginx] [ML] Remote IP Count Explorer", - "uiStateJSON": "{\n \"P-3\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n },\n \"P-5\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n }\n}", - "version": 1 - }, - "id": "ML-Nginx-Access-Remote-IP-Count-Explorer", - "type": "dashboard", - "version": 3 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Remote IP Timechart [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nginx.access.remote_ip", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 5 minutes" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "ML Nginx Access Remote IP Timechart", + "type": "area" + } + }, + "id": "ML-Nginx-Access-Remote-IP-Timechart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Response Code Timechart [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#614D93" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nginx.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "ML Nginx Access Response Code Timechart", + "type": "histogram" + } + }, + "id": "ML-Nginx-Access-Response-Code-Timechart", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Top Remote IPs [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nginx.access.remote_ip", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Nginx Access Top Remote IPs Table", + "type": "table" + } + }, + "id": "ML-Nginx-Access-Top-Remote-IPs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Access Map [Filebeat Nginx] [ML]", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "nginx.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "ML Nginx Access Map", + "type": "tile_map" + } + }, + "id": "ML-Nginx-Access-Map", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Top URLs [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nginx.access.url", + "order": "desc", + "orderBy": "1", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 100, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Nginx Access Top URLs Table", + "type": "table" + } + }, + "id": "ML-Nginx-Access-Top-URLs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "Filebeat Nginx Access Data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:nginx.access" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ML Access Data [Filebeat Nginx]", + "version": 1 + }, + "id": "ML-Filebeat-Nginx-Access", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "Machine learning dashboard, for the Filebeat Nginx module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "ML-Nginx-Access-Remote-IP-Timechart", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Nginx-Access-Response-Code-Timechart", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Nginx-Access-Top-Remote-IPs-Table", + "panelIndex": 3, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Nginx-Access-Map", + "panelIndex": 4, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Nginx-Access-Top-URLs-Table", + "panelIndex": 5, + "row": 7, + "size_x": 12, + "size_y": 9, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Nginx] [ML] Remote IP Count Explorer", + "uiStateJSON": { + "P-3": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "ML-Nginx-Access-Remote-IP-Count-Explorer", + "type": "dashboard", + "version": 3 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" } \ No newline at end of file diff --git a/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-remote-ip-url-explorer.json b/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-remote-ip-url-explorer.json index 911a53334d91..3f13cafa1530 100644 --- a/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-remote-ip-url-explorer.json +++ b/filebeat/module/nginx/_meta/kibana/6/dashboard/ml-nginx-remote-ip-url-explorer.json @@ -1,124 +1,552 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Unique Count URL Timechart [Filebeat Nginx] [ML]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Unique Count URL Timechart\",\n \"type\": \"line\",\n \"params\": {\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"type\": \"category\",\n \"position\": \"bottom\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\"\n },\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"@timestamp per day\"\n }\n }\n ],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"name\": \"LeftAxis-1\",\n \"type\": \"value\",\n \"position\": \"left\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\",\n \"mode\": \"normal\"\n },\n \"labels\": {\n \"show\": true,\n \"rotate\": 0,\n \"filter\": false,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"Unique count of nginx.access.url\"\n }\n }\n ],\n \"seriesParams\": [\n {\n \"show\": true,\n \"mode\": \"normal\",\n \"type\": \"line\",\n \"drawLinesBetweenPoints\": true,\n \"showCircles\": true,\n \"interpolate\": \"linear\",\n \"lineWidth\": 2,\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Unique count of nginx.access.url\"\n },\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"showCircles\": true,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": 9,\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"nginx.access.url\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Unique-Count-URL-Timechart", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Response Code Timechart [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Response Code Timechart\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"nginx.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Response-Code-Timechart", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Top Remote IPs [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Top Remote IPs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"nginx.access.remote_ip\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Top-Remote-IPs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Access Map [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"autoPrecision\": true,\n \"field\": \"nginx.access.geoip.location\"\n },\n \"schema\": \"segment\",\n \"type\": \"geohash_grid\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addTooltip\": true,\n \"heatBlur\": 15,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatNormalizeData\": true,\n \"heatRadius\": 25,\n \"isDesaturated\": true,\n \"legendPosition\": \"bottomright\",\n \"mapCenter\": [\n 15,\n 5\n ],\n \"mapType\": \"Scaled Circle Markers\",\n \"mapZoom\": 2,\n \"wms\": {\n \"enabled\": false,\n \"options\": {\n \"attribution\": \"Maps provided by USGS\",\n \"format\": \"image/png\",\n \"layers\": \"0\",\n \"styles\": \"\",\n \"transparent\": true,\n \"version\": \"1.3.0\"\n },\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"\n }\n },\n \"title\": \"ML Nginx Access Map\",\n \"type\": \"tile_map\"\n}" - }, - "id": "ML-Nginx-Access-Map", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Nginx-Access", - "title": "Top URLs [Filebeat Nginx] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Nginx Access Top URLs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 100,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"nginx.access.url\",\n \"size\": 1000,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Nginx-Access-Top-URLs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "columns": [ - "_source" - ], - "description": "Filebeat Nginx Access Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:nginx.access\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "ML Access Data [Filebeat Nginx]", - "version": 1 - }, - "id": "ML-Filebeat-Nginx-Access", - "type": "search", - "version": 3 - }, - { - "attributes": { - "description": "Machine Learning dashboard for the Filebeat Nginx module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ],\n \"highlightAll\": true,\n \"version\": true\n}" - }, - "optionsJSON": "{\n \"darkTheme\": false\n}", - "panelsJSON": "[\n {\n \"col\": 1,\n \"id\": \"ML-Nginx-Access-Unique-Count-URL-Timechart\",\n \"panelIndex\": 1,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"ML-Nginx-Access-Response-Code-Timechart\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"ML-Nginx-Access-Top-Remote-IPs-Table\",\n \"panelIndex\": 3,\n \"row\": 4,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"ML-Nginx-Access-Map\",\n \"panelIndex\": 4,\n \"row\": 4,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"size_x\": 12,\n \"size_y\": 8,\n \"panelIndex\": 5,\n \"type\": \"visualization\",\n \"id\": \"ML-Nginx-Access-Top-URLs-Table\",\n \"col\": 1,\n \"row\": 7\n }\n]", - "timeRestore": false, - "title": "[Filebeat Nginx] [ML] Remote IP URL Explorer", - "uiStateJSON": "{\n \"P-2\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n },\n \"P-3\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n },\n \"P-5\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n }\n}", - "version": 1 - }, - "id": "ML-Nginx-Remote-IP-URL-Explorer", - "type": "dashboard", - "version": 4 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Unique Count URL Timechart [Filebeat Nginx] [ML]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "nginx.access.url" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per day" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Unique count of nginx.access.url" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Unique count of nginx.access.url" + }, + "type": "value" + } + ] + }, + "title": "ML Nginx Access Unique Count URL Timechart", + "type": "line" + } + }, + "id": "ML-Nginx-Access-Unique-Count-URL-Timechart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Response Code Timechart [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#614D93" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "nginx.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "ML Nginx Access Response Code Timechart", + "type": "histogram" + } + }, + "id": "ML-Nginx-Access-Response-Code-Timechart", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Top Remote IPs [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nginx.access.remote_ip", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Nginx Access Top Remote IPs Table", + "type": "table" + } + }, + "id": "ML-Nginx-Access-Top-Remote-IPs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Access Map [Filebeat Nginx] [ML]", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "nginx.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "ML Nginx Access Map", + "type": "tile_map" + } + }, + "id": "ML-Nginx-Access-Map", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Nginx-Access", + "title": "Top URLs [Filebeat Nginx] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "nginx.access.url", + "order": "desc", + "orderBy": "1", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 100, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Nginx Access Top URLs Table", + "type": "table" + } + }, + "id": "ML-Nginx-Access-Top-URLs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "Filebeat Nginx Access Data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:nginx.access" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ML Access Data [Filebeat Nginx]", + "version": 1 + }, + "id": "ML-Filebeat-Nginx-Access", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "Machine Learning dashboard for the Filebeat Nginx module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "ML-Nginx-Access-Unique-Count-URL-Timechart", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Nginx-Access-Response-Code-Timechart", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Nginx-Access-Top-Remote-IPs-Table", + "panelIndex": 3, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Nginx-Access-Map", + "panelIndex": 4, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Nginx-Access-Top-URLs-Table", + "panelIndex": 5, + "row": 7, + "size_x": 12, + "size_y": 8, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Nginx] [ML] Remote IP URL Explorer", + "uiStateJSON": { + "P-2": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-3": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "ML-Nginx-Remote-IP-URL-Explorer", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" } \ No newline at end of file diff --git a/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-compliance.json b/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-compliance.json index 8ecfc44705b6..e9b2f6c92687 100644 --- a/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-compliance.json +++ b/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-compliance.json @@ -1,185 +1,668 @@ { - "objects": [ - { - "attributes": { - "columns": [ - "osquery.result.columns.path", - "osquery.result.columns.type", - "osquery.result.columns.flags" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"osquery.result.name\",\"negate\":false,\"params\":{\"query\":\"pack_it-compliance_mounts\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"pack_it-compliance_mounts\"},\"query\":{\"match\":{\"osquery.result.name\":{\"query\":\"pack_it-compliance_mounts\",\"type\":\"phrase\"}}}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Mounts [Osquery results]", - "version": 1 - }, - "id": "7a9482d0-eb00-11e7-8f04-51231daa5b05", - "type": "search", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" - }, - "savedSearchId": "7a9482d0-eb00-11e7-8f04-51231daa5b05", - "title": "Mounts by type [Osquery Result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"osquery.result.columns.path\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"osquery.result.columns.type\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"title\":\"Mounts by type [Osquery Result]\",\"type\":\"pie\"}" - }, - "id": "a9fd8bb0-eb01-11e7-8f04-51231daa5b05", - "type": "visualization", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "columns": [ - "osquery.result.columns.name", - "osquery.result.columns.version", - "osquery.result.columns.revision" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"filebeat-*\",\"type\":\"phrase\",\"key\":\"osquery.result.name\",\"value\":\"pack_it-compliance_deb_packages\",\"params\":{\"query\":\"pack_it-compliance_deb_packages\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"osquery.result.name\":{\"query\":\"pack_it-compliance_deb_packages\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "DEB packages installed [Osquery results]", - "version": 1 - }, - "id": "3824b080-eb02-11e7-8f04-51231daa5b05", - "type": "search", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}" - }, - "savedSearchId": "b5d6baa0-eb02-11e7-8f04-51231daa5b05", - "title": "OS versions [Osquery result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"OS versions [Osquery result]\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.result.host_identifier\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"osquery.result.columns.platform_like\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"osquery.result.columns.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"osquery.result.columns.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "1da1ed30-eb03-11e7-8f04-51231daa5b05", - "type": "visualization", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"osquery.result.columns.status\",\"value\":\"Live\",\"params\":{\"query\":\"Live\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"osquery.result.columns.status\":{\"query\":\"Live\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "f59e21e0-eb03-11e7-8f04-51231daa5b05", - "title": "Number of Kernel modules [Osquery Result]", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", - "version": 1, - "visState": "{\"title\":\"Number of Kernel modules [Osquery Result]\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.result.columns.name\",\"customLabel\":\"Live Kernel modules\"}}]}" - }, - "id": "240f3630-eb05-11e7-8f04-51231daa5b05", - "type": "visualization", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Navigation [Osquery Result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Navigation [Osquery Result]\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"[Compilance](#/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040)\"},\"aggs\":[]}" - }, - "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040", - "type": "visualization", - "updated_at": "2018-01-08T19:41:10.264Z", - "version": 3 - }, - { - "attributes": { - "columns": [ - "osquery.result.name" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"filebeat-*\",\"type\":\"phrase\",\"key\":\"osquery.result.name\",\"value\":\"pack_it-compliance_os_version\",\"params\":{\"query\":\"pack_it-compliance_os_version\",\"type\":\"phrase\"},\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"osquery.result.name\":{\"query\":\"pack_it-compliance_os_version\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "OS versions [Osquery results]", - "version": 1 - }, - "id": "b5d6baa0-eb02-11e7-8f04-51231daa5b05", - "type": "search", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "columns": [ - "osquery.result.name", - "osquery.result.columns.name", - "osquery.result.columns.status" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"osquery.result.name\",\"negate\":false,\"params\":{\"query\":\"pack_it-compliance_kernel_modules\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"pack_it-compliance_kernel_modules\"},\"query\":{\"match\":{\"osquery.result.name\":{\"query\":\"pack_it-compliance_kernel_modules\",\"type\":\"phrase\"}}}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Kernel modules [Osquery results]", - "version": 1 - }, - "id": "f59e21e0-eb03-11e7-8f04-51231daa5b05", - "type": "search", - "updated_at": "2018-01-08T17:35:32.102Z", - "version": 1 - }, - { - "attributes": { - "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", - "panelsJSON": "[{\"panelIndex\":\"1\",\"gridData\":{\"x\":6,\"y\":6,\"w\":6,\"h\":4,\"i\":\"1\"},\"id\":\"7a9482d0-eb00-11e7-8f04-51231daa5b05\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"2\",\"gridData\":{\"x\":5,\"y\":1,\"w\":7,\"h\":5,\"i\":\"2\"},\"id\":\"a9fd8bb0-eb01-11e7-8f04-51231daa5b05\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":6,\"w\":6,\"h\":4,\"i\":\"3\"},\"id\":\"3824b080-eb02-11e7-8f04-51231daa5b05\",\"type\":\"search\",\"version\":\"6.2.4\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":1,\"w\":5,\"h\":3,\"i\":\"4\"},\"id\":\"1da1ed30-eb03-11e7-8f04-51231daa5b05\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":4,\"w\":5,\"h\":2,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"id\":\"240f3630-eb05-11e7-8f04-51231daa5b05\",\"type\":\"visualization\",\"version\":\"6.2.4\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":0,\"w\":12,\"h\":1,\"i\":\"6\"},\"version\":\"6.1.0-SNAPSHOT\",\"type\":\"visualization\",\"id\":\"2d6e0760-f4ab-11e7-8647-534bb4c21040\"}]", - "timeRestore": false, - "title": "[Osquery Result] Compliance pack", - "uiStateJSON": "{\"P-5\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", - "version": 1 - }, - "id": "69f5ae20-eb02-11e7-8f04-51231daa5b05", - "type": "dashboard", - "updated_at": "2018-01-08T19:42:15.406Z", - "version": 2 - } - ], - "version": "6.1.0-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "columns": [ + "osquery.result.columns.path", + "osquery.result.columns.type", + "osquery.result.columns.flags" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_mounts", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_mounts" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_mounts", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Mounts [Osquery results]", + "version": 1 + }, + "id": "7a9482d0-eb00-11e7-8f04-51231daa5b05", + "type": "search", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "7a9482d0-eb00-11e7-8f04-51231daa5b05", + "title": "Mounts by type [Osquery Result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.path", + "order": "desc", + "orderBy": "1", + "size": 10 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.type", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Mounts by type [Osquery Result]", + "type": "pie" + } + }, + "id": "a9fd8bb0-eb01-11e7-8f04-51231daa5b05", + "type": "visualization", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "osquery.result.columns.name", + "osquery.result.columns.version", + "osquery.result.columns.revision" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_deb_packages", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_deb_packages" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_deb_packages", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "DEB packages installed [Osquery results]", + "version": 1 + }, + "id": "3824b080-eb02-11e7-8f04-51231daa5b05", + "type": "search", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "b5d6baa0-eb02-11e7-8f04-51231daa5b05", + "title": "OS versions [Osquery result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "osquery.result.host_identifier" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "osquery.result.columns.platform_like", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "osquery.result.columns.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "osquery.result.columns.version", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "OS versions [Osquery result]", + "type": "pie" + } + }, + "id": "1da1ed30-eb03-11e7-8f04-51231daa5b05", + "type": "visualization", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "osquery.result.columns.status", + "negate": false, + "params": { + "query": "Live", + "type": "phrase" + }, + "type": "phrase", + "value": "Live" + }, + "query": { + "match": { + "osquery.result.columns.status": { + "query": "Live", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "f59e21e0-eb03-11e7-8f04-51231daa5b05", + "title": "Number of Kernel modules [Osquery Result]", + "uiStateJSON": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Live Kernel modules", + "field": "osquery.result.columns.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "gauge": { + "backStyle": "Full", + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 100 + } + ], + "extendRange": true, + "gaugeColorMode": "Labels", + "gaugeStyle": "Full", + "gaugeType": "Arc", + "invertColors": false, + "labels": { + "color": "black", + "show": true + }, + "orientation": "vertical", + "percentageMode": false, + "scale": { + "color": "#333", + "labels": false, + "show": true + }, + "style": { + "bgColor": false, + "bgFill": "#eee", + "bgMask": false, + "bgWidth": 0.9, + "fontSize": 60, + "labelColor": true, + "mask": false, + "maskBars": 50, + "subText": "", + "width": 0.9 + }, + "type": "meter", + "verticalSplit": false + }, + "isDisplayWarning": false, + "type": "gauge" + }, + "title": "Number of Kernel modules [Osquery Result]", + "type": "gauge" + } + }, + "id": "240f3630-eb05-11e7-8f04-51231daa5b05", + "type": "visualization", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Navigation [Osquery Result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "[Compilance](#/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "title": "Navigation [Osquery Result]", + "type": "markdown" + } + }, + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040", + "type": "visualization", + "updated_at": "2018-01-08T19:41:10.264Z", + "version": 3 + }, + { + "attributes": { + "columns": [ + "osquery.result.name" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_os_version", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_os_version" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_os_version", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "OS versions [Osquery results]", + "version": 1 + }, + "id": "b5d6baa0-eb02-11e7-8f04-51231daa5b05", + "type": "search", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "columns": [ + "osquery.result.name", + "osquery.result.columns.name", + "osquery.result.columns.status" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "osquery.result.name", + "negate": false, + "params": { + "query": "pack_it-compliance_kernel_modules", + "type": "phrase" + }, + "type": "phrase", + "value": "pack_it-compliance_kernel_modules" + }, + "query": { + "match": { + "osquery.result.name": { + "query": "pack_it-compliance_kernel_modules", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Kernel modules [Osquery results]", + "version": 1 + }, + "id": "f59e21e0-eb03-11e7-8f04-51231daa5b05", + "type": "search", + "updated_at": "2018-01-08T17:35:32.102Z", + "version": 1 + }, + { + "attributes": { + "description": "Dashboard for visualizing the data collected by the Osquery compliance pack.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "gridData": { + "h": 4, + "i": "1", + "w": 6, + "x": 6, + "y": 6 + }, + "id": "7a9482d0-eb00-11e7-8f04-51231daa5b05", + "panelIndex": "1", + "type": "search", + "version": "6.2.4" + }, + { + "gridData": { + "h": 5, + "i": "2", + "w": 7, + "x": 5, + "y": 1 + }, + "id": "a9fd8bb0-eb01-11e7-8f04-51231daa5b05", + "panelIndex": "2", + "type": "visualization", + "version": "6.2.4" + }, + { + "gridData": { + "h": 4, + "i": "3", + "w": 6, + "x": 0, + "y": 6 + }, + "id": "3824b080-eb02-11e7-8f04-51231daa5b05", + "panelIndex": "3", + "type": "search", + "version": "6.2.4" + }, + { + "gridData": { + "h": 3, + "i": "4", + "w": 5, + "x": 0, + "y": 1 + }, + "id": "1da1ed30-eb03-11e7-8f04-51231daa5b05", + "panelIndex": "4", + "type": "visualization", + "version": "6.2.4" + }, + { + "embeddableConfig": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + }, + "legendOpen": false + } + }, + "gridData": { + "h": 2, + "i": "5", + "w": 5, + "x": 0, + "y": 4 + }, + "id": "240f3630-eb05-11e7-8f04-51231daa5b05", + "panelIndex": "5", + "type": "visualization", + "version": "6.2.4" + }, + { + "gridData": { + "h": 1, + "i": "6", + "w": 12, + "x": 0, + "y": 0 + }, + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040", + "panelIndex": "6", + "type": "visualization", + "version": "6.1.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Osquery Result] Compliance pack", + "uiStateJSON": { + "P-5": { + "vis": { + "defaultColors": { + "0 - 100": "rgb(0,104,55)" + } + } + } + }, + "version": 1 + }, + "id": "69f5ae20-eb02-11e7-8f04-51231daa5b05", + "type": "dashboard", + "updated_at": "2018-01-08T19:42:15.406Z", + "version": 2 + } + ], + "version": "6.1.0-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-rootkit.json b/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-rootkit.json index f4d9eb51fca0..38e897645b0a 100644 --- a/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-rootkit.json +++ b/filebeat/module/osquery/_meta/kibana/6/dashboard/osquery-rootkit.json @@ -1,114 +1,387 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Info OSSEC rootkit [Osquery Result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Info OSSEC rootkit [Osquery Result]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"This dashboard shows data collected by the ossec-rootkit pack from osquery.\"},\"aggs\":[]}" - }, - "id": "6ec10290-f4aa-11e7-8647-534bb4c21040", - "type": "visualization", - "updated_at": "2018-01-08T19:30:49.785Z", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "0fe5dc00-f49b-11e7-8647-534bb4c21040", - "title": "Number of rootkits found [Osquery Result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Number of rootkits found [Osquery Result]\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.result.name\",\"customLabel\":\"Rootkits\"}}]}" - }, - "id": "ffdbba50-f4a9-11e7-8647-534bb4c21040", - "type": "visualization", - "updated_at": "2018-01-08T19:40:05.060Z", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}" - }, - "savedSearchId": "0fe5dc00-f49b-11e7-8647-534bb4c21040", - "title": "Number of hosts infected [Osquery Result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Number of hosts infected [Osquery Result]\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"beat.hostname\",\"customLabel\":\"Hosts\"}}]}" - }, - "id": "ab587180-f4a9-11e7-8647-534bb4c21040", - "type": "visualization", - "updated_at": "2018-01-08T19:39:45.085Z", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Navigation [Osquery Result]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Navigation [Osquery Result]\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"markdown\":\"[Compilance](#/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040)\"},\"aggs\":[]}" - }, - "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040", - "type": "visualization", - "updated_at": "2018-01-08T19:41:10.264Z", - "version": 3 - }, - { - "attributes": { - "columns": [ - "osquery.result.name", - "osquery.result.columns.path", - "beat.hostname" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"prefix\\\":{\\\"osquery.result.name\\\":\\\"pack_ossec-rootkit\\\"}}\"},\"query\":{\"prefix\":{\"osquery.result.name\":\"pack_ossec-rootkit\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"fileset.module\",\"negate\":false,\"params\":{\"query\":\"osquery\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"osquery\"},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"osquery\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"fileset.name\",\"negate\":false,\"params\":{\"query\":\"result\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"result\"},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"result\",\"type\":\"phrase\"}}}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "OSSEC Rootkits [Osquery Result]", - "version": 1 - }, - "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040", - "type": "search", - "updated_at": "2018-01-08T19:38:24.483Z", - "version": 2 - }, - { - "attributes": { - "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}", - "panelsJSON": "[{\"gridData\":{\"h\":2,\"i\":\"1\",\"w\":4,\"x\":8,\"y\":1},\"id\":\"6ec10290-f4aa-11e7-8647-534bb4c21040\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.1.0-SNAPSHOT\"},{\"gridData\":{\"h\":2,\"i\":\"2\",\"w\":4,\"x\":4,\"y\":1},\"id\":\"ffdbba50-f4a9-11e7-8647-534bb4c21040\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.1.0-SNAPSHOT\"},{\"gridData\":{\"h\":2,\"i\":\"3\",\"w\":4,\"x\":0,\"y\":1},\"id\":\"ab587180-f4a9-11e7-8647-534bb4c21040\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.1.0-SNAPSHOT\"},{\"gridData\":{\"h\":1,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":0},\"id\":\"2d6e0760-f4ab-11e7-8647-534bb4c21040\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.1.0-SNAPSHOT\"},{\"gridData\":{\"h\":4,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":3},\"id\":\"0fe5dc00-f49b-11e7-8647-534bb4c21040\",\"panelIndex\":\"5\",\"type\":\"search\",\"version\":\"6.1.0-SNAPSHOT\"}]", - "timeRestore": false, - "title": "[Osquery Result] OSSEC rootkit pack", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "c0a7ce90-f4aa-11e7-8647-534bb4c21040", - "type": "dashboard", - "updated_at": "2018-01-08T19:40:16.304Z", - "version": 6 - } - ], - "version": "6.1.0-SNAPSHOT" + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Info OSSEC rootkit [Osquery Result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "This dashboard shows data collected by the ossec-rootkit pack from osquery." + }, + "title": "Info OSSEC rootkit [Osquery Result]", + "type": "markdown" + } + }, + "id": "6ec10290-f4aa-11e7-8647-534bb4c21040", + "type": "visualization", + "updated_at": "2018-01-08T19:30:49.785Z", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "0fe5dc00-f49b-11e7-8647-534bb4c21040", + "title": "Number of rootkits found [Osquery Result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Rootkits", + "field": "osquery.result.name" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Number of rootkits found [Osquery Result]", + "type": "metric" + } + }, + "id": "ffdbba50-f4a9-11e7-8647-534bb4c21040", + "type": "visualization", + "updated_at": "2018-01-08T19:40:05.060Z", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene", + "query": "" + } + } + }, + "savedSearchId": "0fe5dc00-f49b-11e7-8647-534bb4c21040", + "title": "Number of hosts infected [Osquery Result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Hosts", + "field": "beat.hostname" + }, + "schema": "metric", + "type": "cardinality" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 40, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Number of hosts infected [Osquery Result]", + "type": "metric" + } + }, + "id": "ab587180-f4a9-11e7-8647-534bb4c21040", + "type": "visualization", + "updated_at": "2018-01-08T19:39:45.085Z", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Navigation [Osquery Result]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 10, + "markdown": "[Compilance](#/dashboard/69f5ae20-eb02-11e7-8f04-51231daa5b05) | [OSSEC Rootkit](#/dashboard/c0a7ce90-f4aa-11e7-8647-534bb4c21040)" + }, + "title": "Navigation [Osquery Result]", + "type": "markdown" + } + }, + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040", + "type": "visualization", + "updated_at": "2018-01-08T19:41:10.264Z", + "version": 3 + }, + { + "attributes": { + "columns": [ + "osquery.result.name", + "osquery.result.columns.path", + "beat.hostname" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "query", + "negate": false, + "type": "custom", + "value": "{\"prefix\":{\"osquery.result.name\":\"pack_ossec-rootkit\"}}" + }, + "query": { + "prefix": { + "osquery.result.name": "pack_ossec-rootkit" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "osquery", + "type": "phrase" + }, + "type": "phrase", + "value": "osquery" + }, + "query": { + "match": { + "fileset.module": { + "query": "osquery", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "result", + "type": "phrase" + }, + "type": "phrase", + "value": "result" + }, + "query": { + "match": { + "fileset.name": { + "query": "result", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "OSSEC Rootkits [Osquery Result]", + "version": 1 + }, + "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040", + "type": "search", + "updated_at": "2018-01-08T19:38:24.483Z", + "version": 2 + }, + { + "attributes": { + "description": "This dashboard shows data collected by the OSSEC rootkit pack from osquery", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "gridData": { + "h": 2, + "i": "1", + "w": 4, + "x": 8, + "y": 1 + }, + "id": "6ec10290-f4aa-11e7-8647-534bb4c21040", + "panelIndex": "1", + "type": "visualization", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 2, + "i": "2", + "w": 4, + "x": 4, + "y": 1 + }, + "id": "ffdbba50-f4a9-11e7-8647-534bb4c21040", + "panelIndex": "2", + "type": "visualization", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 2, + "i": "3", + "w": 4, + "x": 0, + "y": 1 + }, + "id": "ab587180-f4a9-11e7-8647-534bb4c21040", + "panelIndex": "3", + "type": "visualization", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 1, + "i": "4", + "w": 12, + "x": 0, + "y": 0 + }, + "id": "2d6e0760-f4ab-11e7-8647-534bb4c21040", + "panelIndex": "4", + "type": "visualization", + "version": "6.1.0-SNAPSHOT" + }, + { + "gridData": { + "h": 4, + "i": "5", + "w": 12, + "x": 0, + "y": 3 + }, + "id": "0fe5dc00-f49b-11e7-8647-534bb4c21040", + "panelIndex": "5", + "type": "search", + "version": "6.1.0-SNAPSHOT" + } + ], + "timeRestore": false, + "title": "[Osquery Result] OSSEC rootkit pack", + "uiStateJSON": {}, + "version": 1 + }, + "id": "c0a7ce90-f4aa-11e7-8647-534bb4c21040", + "type": "dashboard", + "updated_at": "2018-01-08T19:40:16.304Z", + "version": 6 + } + ], + "version": "6.1.0-SNAPSHOT" } \ No newline at end of file diff --git a/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-overview.json b/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-overview.json index 8536a63f6c1a..9978b509444f 100644 --- a/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-overview.json +++ b/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-overview.json @@ -1,80 +1,331 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "PostgreSQL All Logs", - "title": "Log Level Count [Filebeat PostgreSQL]", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", - "version": 1, - "visState": "{\"title\":\"Log Level Count [Filebeat PostgreSQL]\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"postgresql.log.level\",\"size\":12,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "PostgreSQL Log Level Count", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "postgresql.log.user", - "postgresql.log.database", - "postgresql.log.level", - "postgresql.log.message", - "postgresql.log.query" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"postgresql\",\"params\":{\"query\":\"postgresql\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"postgresql\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "All Logs [Filebeat PostgreSQL]", - "version": 1 - }, - "id": "PostgreSQL All Logs", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "PostgreSQL All Logs", - "title": "Logs by level over time [Filebeat PostgreSQL]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Logs by level over time [Filebeat PostgreSQL]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per month\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"postgresql.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "Overview dashboard for the Filebeat PostgreSQL module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"PostgreSQL Log Level Count\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"postgresql.log.user\",\"postgresql.log.database\",\"postgresql.log.level\",\"postgresql.log.message\",\"postgresql.log.query\"],\"id\":\"PostgreSQL All Logs\",\"panelIndex\":2,\"row\":4,\"size_x\":12,\"size_y\":6,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"size_x\":9,\"size_y\":3,\"panelIndex\":3,\"type\":\"visualization\",\"id\":\"3dbd5370-87f3-11e7-ad9c-db80de0bf8d3\",\"col\":4,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat PostgreSQL] Overview", - "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", - "version": 1 - }, - "id": "158be870-87f4-11e7-ad9c-db80de0bf8d3", - "type": "dashboard", - "version": 1 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "PostgreSQL All Logs", + "title": "Log Level Count [Filebeat PostgreSQL]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "postgresql.log.level", + "order": "desc", + "orderBy": "1", + "size": 12 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Log Level Count [Filebeat PostgreSQL]", + "type": "table" + } + }, + "id": "PostgreSQL Log Level Count", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "postgresql.log.user", + "postgresql.log.database", + "postgresql.log.level", + "postgresql.log.message", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "postgresql", + "type": "phrase" + }, + "type": "phrase", + "value": "postgresql" + }, + "query": { + "match": { + "fileset.module": { + "query": "postgresql", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "All Logs [Filebeat PostgreSQL]", + "version": 1 + }, + "id": "PostgreSQL All Logs", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "PostgreSQL All Logs", + "title": "Logs by level over time [Filebeat PostgreSQL]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "postgresql.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per month" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Logs by level over time [Filebeat PostgreSQL]", + "type": "histogram" + } + }, + "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "Overview dashboard for the Filebeat PostgreSQL module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "PostgreSQL Log Level Count", + "panelIndex": 1, + "row": 1, + "size_x": 3, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "postgresql.log.user", + "postgresql.log.database", + "postgresql.log.level", + "postgresql.log.message", + "postgresql.log.query" + ], + "id": "PostgreSQL All Logs", + "panelIndex": 2, + "row": 4, + "size_x": 12, + "size_y": 6, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 4, + "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3", + "panelIndex": 3, + "row": 1, + "size_x": 9, + "size_y": 3, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat PostgreSQL] Overview", + "uiStateJSON": { + "P-1": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "158be870-87f4-11e7-ad9c-db80de0bf8d3", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" } \ No newline at end of file diff --git a/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-slowlogs.json b/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-slowlogs.json index b3a32c5e97ce..653b071aa650 100644 --- a/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-slowlogs.json +++ b/filebeat/module/postgresql/_meta/kibana/6/dashboard/Filebeat-Postgresql-slowlogs.json @@ -1,87 +1,299 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\"}}" - }, - "savedSearchId": "PostgreSQL Query Durations", - "title": "Query count and cumulated duration [Filebeat PostgreSQL]", - "uiStateJSON": "{\"vis\":{\"colors\":{\"Sum of query duration\":\"#6ED0E0\",\"Number of queries\":\"#0A437C\"},\"legendOpen\":true}}", - "version": 1, - "visState": "{\"title\":\"Query count and cumulated duration [Filebeat PostgreSQL]\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 3 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"4\",\"label\":\"Number of queries\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"2\",\"label\":\"Sum of query duration\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Number of queries\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"postgresql.log.duration\",\"customLabel\":\"Sum of query duration\"}}]}" - }, - "id": "PostgreSQL Query Count and Duration", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "postgresql.log.user", - "postgresql.log.database", - "postgresql.log.duration", - "postgresql.log.query" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"postgresql.log.duration:\u003e30\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Slow Queries [Filebeat PostgreSQL]", - "version": 1 - }, - "id": "Slow PostgreSQL Queries", - "type": "search", - "version": 1 - }, - { - "attributes": { - "columns": [ - "postgresql.log.user", - "postgresql.log.database", - "postgresql.log.duration", - "postgresql.log.query" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"postgresql.log.duration:*\",\"language\":\"lucene\"},\"filter\":[]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Query Durations [Filebeat PostgreSQL]", - "version": 1 - }, - "id": "PostgreSQL Query Durations", - "type": "search", - "version": 1 - }, - { - "attributes": { - "description": "Dashboard for analyzing the query durations of the Filebeat PostgreSQL module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"postgresql.log.query:*\"},\"filter\":[],\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"PostgreSQL Query Count and Duration\",\"panelIndex\":1,\"row\":1,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"columns\":[\"postgresql.log.user\",\"postgresql.log.database\",\"postgresql.log.duration\",\"postgresql.log.query\"],\"id\":\"Slow PostgreSQL Queries\",\"panelIndex\":2,\"row\":1,\"size_x\":6,\"size_y\":3,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"columns\":[\"postgresql.log.user\",\"postgresql.log.database\",\"postgresql.log.duration\",\"postgresql.log.query\"],\"id\":\"PostgreSQL Query Durations\",\"panelIndex\":3,\"row\":4,\"size_x\":12,\"size_y\":5,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]", - "timeRestore": false, - "title": "[Filebeat PostgreSQL] Query Duration Overview", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "e4c5f230-87f3-11e7-ad9c-db80de0bf8d3", - "type": "dashboard", - "version": 1 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "lucene" + } + } + }, + "savedSearchId": "PostgreSQL Query Durations", + "title": "Query count and cumulated duration [Filebeat PostgreSQL]", + "uiStateJSON": { + "vis": { + "colors": { + "Number of queries": "#0A437C", + "Sum of query duration": "#6ED0E0" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "3", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Number of queries" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sum of query duration", + "field": "postgresql.log.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 3 hours" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "4", + "label": "Number of queries" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "2", + "label": "Sum of query duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Query count and cumulated duration [Filebeat PostgreSQL]", + "type": "histogram" + } + }, + "id": "PostgreSQL Query Count and Duration", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "postgresql.log.user", + "postgresql.log.database", + "postgresql.log.duration", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "postgresql.log.duration:>30" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Slow Queries [Filebeat PostgreSQL]", + "version": 1 + }, + "id": "Slow PostgreSQL Queries", + "type": "search", + "version": 1 + }, + { + "attributes": { + "columns": [ + "postgresql.log.user", + "postgresql.log.database", + "postgresql.log.duration", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "postgresql.log.duration:*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Query Durations [Filebeat PostgreSQL]", + "version": 1 + }, + "id": "PostgreSQL Query Durations", + "type": "search", + "version": 1 + }, + { + "attributes": { + "description": "Dashboard for analyzing the query durations of the Filebeat PostgreSQL module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": "postgresql.log.query:*" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "PostgreSQL Query Count and Duration", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "columns": [ + "postgresql.log.user", + "postgresql.log.database", + "postgresql.log.duration", + "postgresql.log.query" + ], + "id": "Slow PostgreSQL Queries", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "columns": [ + "postgresql.log.user", + "postgresql.log.database", + "postgresql.log.duration", + "postgresql.log.query" + ], + "id": "PostgreSQL Query Durations", + "panelIndex": 3, + "row": 4, + "size_x": 12, + "size_y": 5, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "[Filebeat PostgreSQL] Query Duration Overview", + "uiStateJSON": {}, + "version": 1 + }, + "id": "e4c5f230-87f3-11e7-ad9c-db80de0bf8d3", + "type": "dashboard", + "version": 1 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" } \ No newline at end of file diff --git a/filebeat/module/redis/_meta/kibana/6/dashboard/Filebeat-redis.json b/filebeat/module/redis/_meta/kibana/6/dashboard/Filebeat-redis.json index 381a9dbd2024..3cf698f3af33 100644 --- a/filebeat/module/redis/_meta/kibana/6/dashboard/Filebeat-redis.json +++ b/filebeat/module/redis/_meta/kibana/6/dashboard/Filebeat-redis.json @@ -1,117 +1,582 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"_exists_:redis.log\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}" - }, - "title": "Log levels and roles breakdown [Filebeat Redis]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Log levels and roles breakdown [Filebeat Redis]\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"legendPosition\":\"bottom\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"redis.log.role\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"redis.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log level\"}}]}" - }, - "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"_exists_:redis.log\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}" - }, - "title": "Logs over time [Filebeat Redis]", - "uiStateJSON": "{\"vis\":{\"colors\":{\"notice\":\"#629E51\",\"warning\":\"#EF843C\"}}}", - "version": 1, - "visState": "{\"title\":\"Logs over time [Filebeat Redis]\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per month\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"redis.log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}" - }, - "id": "d2864600-478f-11e7-be88-2ddb32f3df97", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "beat.name", - "redis.log.level", - "redis.log.role", - "redis.log.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.module\",\"value\":\"redis\",\"params\":{\"query\":\"redis\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.module\":{\"query\":\"redis\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"filebeat-*\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"log\",\"params\":{\"query\":\"log\",\"type\":\"phrase\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"log\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Logs [Filebeat Redis]", - "version": 1 - }, - "id": "73613570-4791-11e7-be88-2ddb32f3df97", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[]}" - }, - "savedSearchId": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b", - "title": "Top slowest commands [Filebeat Redis]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Top slowest commands [Filebeat Redis]\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Duration (microseconds)\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Command\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Command\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"redis.slowlog.duration.us\",\"customLabel\":\"Command\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"redis.slowlog.cmd\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration (microseconds)\"}}]}" - }, - "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "beat.name", - "message", - "redis.slowlog.duration.us", - "redis.slowlog.key" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"filebeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"_exists_:redis.slowlog\"}}},\"filter\":[]}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Slow logs [Filebeat Redis]", - "version": 1 - }, - "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Overview dashboard for the FIlebeat Redis module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"78b9afe0-478f-11e7-b1f0-cb29bac6bf8b\",\"panelIndex\":2,\"row\":5,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"d2864600-478f-11e7-be88-2ddb32f3df97\",\"panelIndex\":3,\"row\":5,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"beat.name\",\"redis.log.level\",\"redis.log.role\",\"redis.log.message\"],\"id\":\"73613570-4791-11e7-be88-2ddb32f3df97\",\"panelIndex\":4,\"row\":8,\"size_x\":12,\"size_y\":4,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":7,\"id\":\"dcccaa80-4791-11e7-be88-2ddb32f3df97\",\"panelIndex\":5,\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"beat.name\",\"message\",\"redis.slowlog.duration.us\",\"redis.slowlog.key\"],\"id\":\"0ab87b80-478e-11e7-b1f0-cb29bac6bf8b\",\"panelIndex\":6,\"row\":1,\"size_x\":6,\"size_y\":4,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]", - "timeRestore": false, - "title": "[Filebeat Redis] Overview", - "uiStateJSON": "{\"P-5\":{\"vis\":{\"legendOpen\":false}}}", - "version": 1 - }, - "id": "7fea2930-478e-11e7-b1f0-cb29bac6bf8b", - "type": "dashboard", - "version": 4 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:redis.log" + } + } + }, + "version": true + } + }, + "title": "Log levels and roles breakdown [Filebeat Redis]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "redis.log.role", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log level", + "field": "redis.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "bottom", + "type": "pie" + }, + "title": "Log levels and roles breakdown [Filebeat Redis]", + "type": "pie" + } + }, + "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:redis.log" + } + } + }, + "version": true + } + }, + "title": "Logs over time [Filebeat Redis]", + "uiStateJSON": { + "vis": { + "colors": { + "notice": "#629E51", + "warning": "#EF843C" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "redis.log.level", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per month" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Logs over time [Filebeat Redis]", + "type": "histogram" + } + }, + "id": "d2864600-478f-11e7-be88-2ddb32f3df97", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "beat.name", + "redis.log.level", + "redis.log.role", + "redis.log.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.module", + "negate": false, + "params": { + "query": "redis", + "type": "phrase" + }, + "type": "phrase", + "value": "redis" + }, + "query": { + "match": { + "fileset.module": { + "query": "redis", + "type": "phrase" + } + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "log", + "type": "phrase" + }, + "type": "phrase", + "value": "log" + }, + "query": { + "match": { + "fileset.name": { + "query": "log", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": "*" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Logs [Filebeat Redis]", + "version": 1 + }, + "id": "73613570-4791-11e7-be88-2ddb32f3df97", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b", + "title": "Top slowest commands [Filebeat Redis]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Command", + "field": "redis.slowlog.duration.us" + }, + "schema": "metric", + "type": "max" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Duration (microseconds)", + "field": "redis.slowlog.cmd", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Duration (microseconds)" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Command" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Command" + }, + "type": "value" + } + ] + }, + "title": "Top slowest commands [Filebeat Redis]", + "type": "histogram" + } + }, + "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "beat.name", + "message", + "redis.slowlog.duration.us", + "redis.slowlog.key" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:redis.slowlog" + } + } + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Slow logs [Filebeat Redis]", + "version": 1 + }, + "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Overview dashboard for the FIlebeat Redis module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "78b9afe0-478f-11e7-b1f0-cb29bac6bf8b", + "panelIndex": 2, + "row": 5, + "size_x": 3, + "size_y": 3, + "type": "visualization" + }, + { + "col": 4, + "id": "d2864600-478f-11e7-be88-2ddb32f3df97", + "panelIndex": 3, + "row": 5, + "size_x": 9, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "beat.name", + "redis.log.level", + "redis.log.role", + "redis.log.message" + ], + "id": "73613570-4791-11e7-be88-2ddb32f3df97", + "panelIndex": 4, + "row": 8, + "size_x": 12, + "size_y": 4, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 7, + "id": "dcccaa80-4791-11e7-be88-2ddb32f3df97", + "panelIndex": 5, + "row": 1, + "size_x": 6, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "beat.name", + "message", + "redis.slowlog.duration.us", + "redis.slowlog.key" + ], + "id": "0ab87b80-478e-11e7-b1f0-cb29bac6bf8b", + "panelIndex": 6, + "row": 1, + "size_x": 6, + "size_y": 4, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + } + ], + "timeRestore": false, + "title": "[Filebeat Redis] Overview", + "uiStateJSON": { + "P-5": { + "vis": { + "legendOpen": false + } + } + }, + "version": 1 + }, + "id": "7fea2930-478e-11e7-b1f0-cb29bac6bf8b", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-auth-sudo-commands.json b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-auth-sudo-commands.json index b157be46f605..3e6530a9aaf0 100644 --- a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-auth-sudo-commands.json +++ b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-auth-sudo-commands.json @@ -1,109 +1,359 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", - "title": "Sudo commands by user [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Sudo commands by user\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"system.auth.user\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "5c7af030-fa2a-11e6-bbd3-29c986c96e5a", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:system.auth.sudo.error\",\n \"analyze_wildcard\": true\n }\n }\n}" - }, - "title": "Sudo errors [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Sudo errors\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"system.auth.sudo.error\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "51164310-fa2b-11e6-bbd3-29c986c96e5a", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", - "title": "Top sudo commands [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Top sudo commands\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.sudo.command\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.user\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "dc589770-fa2b-11e6-bbd3-29c986c96e5a", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Dashboards [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Dashboards [Filebeat System]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"aggs\":[]}" - }, - "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "system.auth.user", - "system.auth.sudo.user", - "system.auth.sudo.pwd", - "system.auth.sudo.command" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:system.auth.sudo\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Sudo commands [Filebeat System]", - "version": 1 - }, - "id": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Sudo commands dashboard from the Filebeat System module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"5c7af030-fa2a-11e6-bbd3-29c986c96e5a\",\"panelIndex\":1,\"row\":6,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"51164310-fa2b-11e6-bbd3-29c986c96e5a\",\"panelIndex\":2,\"row\":10,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"dc589770-fa2b-11e6-bbd3-29c986c96e5a\",\"panelIndex\":3,\"row\":2,\"size_x\":12,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":1,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"327417e0-8462-11e7-bab8-bd2f0fb42c54\",\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat System] Sudo commands", - "uiStateJSON": "{\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", - "version": 1 - }, - "id": "277876d0-fa2c-11e6-bbd3-29c986c96e5a", - "type": "dashboard", - "version": 6 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "title": "Sudo commands by user [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.user", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Sudo commands by user", + "type": "histogram" + } + }, + "id": "5c7af030-fa2a-11e6-bbd3-29c986c96e5a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:system.auth.sudo.error" + } + } + } + }, + "title": "Sudo errors [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.sudo.error", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Sudo errors", + "type": "histogram" + } + }, + "id": "51164310-fa2b-11e6-bbd3-29c986c96e5a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "title": "Top sudo commands [Filebeat System]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.sudo.command", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.user", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top sudo commands", + "type": "table" + } + }, + "id": "dc589770-fa2b-11e6-bbd3-29c986c96e5a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" + }, + "title": "Dashboards [Filebeat System]", + "type": "markdown" + } + }, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "system.auth.user", + "system.auth.sudo.user", + "system.auth.sudo.pwd", + "system.auth.sudo.command" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:system.auth.sudo" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Sudo commands [Filebeat System]", + "version": 1 + }, + "id": "b6f321e0-fa25-11e6-bbd3-29c986c96e5a", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Sudo commands dashboard from the Filebeat System module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "5c7af030-fa2a-11e6-bbd3-29c986c96e5a", + "panelIndex": 1, + "row": 6, + "size_x": 12, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "51164310-fa2b-11e6-bbd3-29c986c96e5a", + "panelIndex": 2, + "row": 10, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "dc589770-fa2b-11e6-bbd3-29c986c96e5a", + "panelIndex": 3, + "row": 2, + "size_x": 12, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "panelIndex": 4, + "row": 1, + "size_x": 12, + "size_y": 1, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat System] Sudo commands", + "uiStateJSON": { + "P-3": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "277876d0-fa2c-11e6-bbd3-29c986c96e5a", + "type": "dashboard", + "version": 6 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-new-users-and-groups.json b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-new-users-and-groups.json index 319af38e2636..4e7ed804f2a0 100644 --- a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-new-users-and-groups.json +++ b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-new-users-and-groups.json @@ -1,181 +1,692 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", - "title": "New users [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"New users\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Host\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.useradd.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"User\"\n }\n },\n {\n \"id\": \"4\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.useradd.uid\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"UID\"\n }\n },\n {\n \"id\": \"5\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.useradd.gid\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"GID\"\n }\n },\n {\n \"id\": \"6\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.useradd.home\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Home\"\n }\n },\n {\n \"id\": \"7\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.useradd.shell\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"Shell\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "f398d2f0-fa77-11e6-ae9b-81e5311e8cab", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", - "title": "New users over time [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"New users over time\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"system.auth.useradd.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "5dd15c00-fa78-11e6-ae9b-81e5311e8cab", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", - "title": "New users by shell [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"/bin/bash\": \"#E24D42\",\n \"/bin/false\": \"#508642\",\n \"/sbin/nologin\": \"#7EB26D\"\n },\n \"legendOpen\": true\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"New users by shell\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.auth.useradd.shell\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.auth.useradd.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "e121b140-fa78-11e6-a1df-a78bd7504d38", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", - "title": "New users by home directory [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"/bin/bash\": \"#E24D42\",\n \"/bin/false\": \"#508642\",\n \"/sbin/nologin\": \"#7EB26D\",\n \"/nonexistent\": \"#629E51\"\n },\n \"legendOpen\": true\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"New users by home directory\",\n \"type\": \"pie\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.auth.useradd.home\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.auth.useradd.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "d56ee420-fa79-11e6-a1df-a78bd7504d38", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", - "title": "New groups [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"New groups\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.groupadd.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"system.auth.groupadd.gid\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "12667040-fa80-11e6-a1df-a78bd7504d38", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", - "title": "New groups over time [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"New groups over time\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"system.auth.groupadd.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "346bb290-fa80-11e6-a1df-a78bd7504d38", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Dashboards [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Dashboards [Filebeat System]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"aggs\":[]}" - }, - "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "columns": [ - "system.auth.useradd.name", - "system.auth.useradd.uid", - "system.auth.useradd.gid", - "system.auth.useradd.home", - "system.auth.useradd.shell" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"_exists_:system.auth.useradd\"\n }\n },\n \"filter\": []\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "useradd logs [Filebeat System]", - "version": 1 - }, - "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", - "type": "search", - "version": 2 - }, - { - "attributes": { - "columns": [ - "system.auth.groupadd.name", - "system.auth.groupadd.gid" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:system.auth.groupadd\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "groupadd logs [Filebeat System]", - "version": 1 - }, - "id": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "New users and groups dashboard for the System module in Filebeat", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"f398d2f0-fa77-11e6-ae9b-81e5311e8cab\",\"panelIndex\":1,\"row\":2,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"5dd15c00-fa78-11e6-ae9b-81e5311e8cab\",\"panelIndex\":2,\"row\":2,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"e121b140-fa78-11e6-a1df-a78bd7504d38\",\"panelIndex\":3,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d56ee420-fa79-11e6-a1df-a78bd7504d38\",\"panelIndex\":4,\"row\":5,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"12667040-fa80-11e6-a1df-a78bd7504d38\",\"panelIndex\":5,\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"346bb290-fa80-11e6-a1df-a78bd7504d38\",\"panelIndex\":6,\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":1,\"panelIndex\":7,\"type\":\"visualization\",\"id\":\"327417e0-8462-11e7-bab8-bd2f0fb42c54\",\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat System] New users and groups", - "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", - "version": 1 - }, - "id": "0d3f2380-fa78-11e6-ae9b-81e5311e8cab", - "type": "dashboard", - "version": 6 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users [Filebeat System]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Host", + "field": "system.auth.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "User", + "field": "system.auth.useradd.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "UID", + "field": "system.auth.useradd.uid", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "GID", + "field": "system.auth.useradd.gid", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "6", + "params": { + "customLabel": "Home", + "field": "system.auth.useradd.home", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "7", + "params": { + "customLabel": "Shell", + "field": "system.auth.useradd.shell", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "New users", + "type": "table" + } + }, + "id": "f398d2f0-fa77-11e6-ae9b-81e5311e8cab", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users over time [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.useradd.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "New users over time", + "type": "histogram" + } + }, + "id": "5dd15c00-fa78-11e6-ae9b-81e5311e8cab", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users by shell [Filebeat System]", + "uiStateJSON": { + "vis": { + "colors": { + "/bin/bash": "#E24D42", + "/bin/false": "#508642", + "/sbin/nologin": "#7EB26D" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.useradd.shell", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.useradd.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "New users by shell", + "type": "pie" + } + }, + "id": "e121b140-fa78-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "title": "New users by home directory [Filebeat System]", + "uiStateJSON": { + "vis": { + "colors": { + "/bin/bash": "#E24D42", + "/bin/false": "#508642", + "/nonexistent": "#629E51", + "/sbin/nologin": "#7EB26D" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.useradd.home", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.useradd.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right" + }, + "title": "New users by home directory", + "type": "pie" + } + }, + "id": "d56ee420-fa79-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "title": "New groups [Filebeat System]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.groupadd.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.groupadd.gid", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "New groups", + "type": "table" + } + }, + "id": "12667040-fa80-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "title": "New groups over time [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.groupadd.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "bottom", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "New groups over time", + "type": "histogram" + } + }, + "id": "346bb290-fa80-11e6-a1df-a78bd7504d38", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" + }, + "title": "Dashboards [Filebeat System]", + "type": "markdown" + } + }, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "columns": [ + "system.auth.useradd.name", + "system.auth.useradd.uid", + "system.auth.useradd.gid", + "system.auth.useradd.home", + "system.auth.useradd.shell" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:system.auth.useradd" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "useradd logs [Filebeat System]", + "version": 1 + }, + "id": "8030c1b0-fa77-11e6-ae9b-81e5311e8cab", + "type": "search", + "version": 2 + }, + { + "attributes": { + "columns": [ + "system.auth.groupadd.name", + "system.auth.groupadd.gid" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:system.auth.groupadd" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "groupadd logs [Filebeat System]", + "version": 1 + }, + "id": "eb0039f0-fa7f-11e6-a1df-a78bd7504d38", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "New users and groups dashboard for the System module in Filebeat", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "f398d2f0-fa77-11e6-ae9b-81e5311e8cab", + "panelIndex": 1, + "row": 2, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "5dd15c00-fa78-11e6-ae9b-81e5311e8cab", + "panelIndex": 2, + "row": 2, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "e121b140-fa78-11e6-a1df-a78bd7504d38", + "panelIndex": 3, + "row": 5, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "d56ee420-fa79-11e6-a1df-a78bd7504d38", + "panelIndex": 4, + "row": 5, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "12667040-fa80-11e6-a1df-a78bd7504d38", + "panelIndex": 5, + "row": 8, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "346bb290-fa80-11e6-a1df-a78bd7504d38", + "panelIndex": 6, + "row": 8, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "panelIndex": 7, + "row": 1, + "size_x": 12, + "size_y": 1, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat System] New users and groups", + "uiStateJSON": { + "P-1": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "0d3f2380-fa78-11e6-ae9b-81e5311e8cab", + "type": "dashboard", + "version": 6 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-ssh-login-attempts.json b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-ssh-login-attempts.json index fa2a9b08ed7f..01782217b7b3 100644 --- a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-ssh-login-attempts.json +++ b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-ssh-login-attempts.json @@ -1,123 +1,490 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"system.auth.ssh.event:Accepted\",\n \"analyze_wildcard\": true\n }\n }\n}" - }, - "title": "Successful SSH logins [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"Accepted\": \"#3F6833\",\n \"Failed\": \"#F9934E\",\n \"Invalid\": \"#447EBC\",\n \"publickey\": \"#629E51\",\n \"password\": \"#BF1B00\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Successful SSH logins\",\n \"type\": \"histogram\",\n \"params\": {\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"system.auth.ssh.method\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "d16bb400-f9cc-11e6-8115-a7c18106d86a", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"highlightAll\": true\n}" - }, - "title": "SSH login attempts [Filebeat System]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"Accepted\": \"#3F6833\",\n \"Failed\": \"#F9934E\",\n \"Invalid\": \"#447EBC\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"customInterval\": \"2h\",\n \"extended_bounds\": {},\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"min_doc_count\": 1\n },\n \"schema\": \"segment\",\n \"type\": \"date_histogram\"\n },\n {\n \"enabled\": true,\n \"id\": \"3\",\n \"params\": {\n \"field\": \"system.auth.ssh.event\",\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"size\": 5\n },\n \"schema\": \"group\",\n \"type\": \"terms\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"defaultYExtents\": false,\n \"legendPosition\": \"right\",\n \"mode\": \"stacked\",\n \"scale\": \"linear\",\n \"setYExtents\": false,\n \"times\": []\n },\n \"title\": \"SSH login attempts\",\n \"type\": \"histogram\"\n}" - }, - "id": "78b74f30-f9cd-11e6-8115-a7c18106d86a", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\",\n \"analyze_wildcard\": true\n }\n }\n}" - }, - "title": "SSH users of failed login attempts [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"SSH users of failed login attempts\",\n \"type\": \"tagcloud\",\n \"params\": {\n \"maxFontSize\": 72,\n \"minFontSize\": 18,\n \"orientation\": \"single\",\n \"scale\": \"linear\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.auth.user\",\n \"size\": 50,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "341ffe70-f9ce-11e6-8115-a7c18106d86a", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\",\n \"analyze_wildcard\": true\n }\n }\n}" - }, - "title": "SSH failed login attempts source locations [Filebeat System]", - "uiStateJSON": "{\n \"mapZoom\": 2,\n \"mapCenter\": [\n 17.602139123350838,\n 69.697265625\n ]\n}", - "version": 1, - "visState": "{\n \"title\": \"SSH failed login attempts source locations\",\n \"type\": \"tile_map\",\n \"params\": {\n \"mapType\": \"Shaded Circle Markers\",\n \"isDesaturated\": true,\n \"addTooltip\": true,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatRadius\": 25,\n \"heatBlur\": 15,\n \"heatNormalizeData\": true,\n \"legendPosition\": \"bottomright\",\n \"mapZoom\": 2,\n \"mapCenter\": [\n 15,\n 5\n ],\n \"wms\": {\n \"enabled\": false,\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\n \"options\": {\n \"version\": \"1.3.0\",\n \"layers\": \"0\",\n \"format\": \"image/png\",\n \"transparent\": true,\n \"attribution\": \"Maps provided by USGS\",\n \"styles\": \"\"\n }\n }\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"geohash_grid\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.auth.ssh.geoip.location\",\n \"autoPrecision\": true,\n \"precision\": 2\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "system.auth.ssh.event", - "system.auth.ssh.method", - "system.auth.user", - "system.auth.ssh.ip", - "system.auth.ssh.geoip.country_iso_code" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"highlightAll\": true,\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:system.auth.ssh.event\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "SSH login attempts [Filebeat System]", - "version": 1 - }, - "id": "62439dc0-f9c9-11e6-a747-6121780e0414", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Dashboards [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Dashboards [Filebeat System]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"aggs\":[]}" - }, - "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "SSH dashboard for the System module in Filebeat", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"col\":1,\"id\":\"d16bb400-f9cc-11e6-8115-a7c18106d86a\",\"panelIndex\":1,\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"78b74f30-f9cd-11e6-8115-a7c18106d86a\",\"panelIndex\":2,\"row\":2,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"341ffe70-f9ce-11e6-8115-a7c18106d86a\",\"panelIndex\":3,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d\",\"panelIndex\":4,\"row\":8,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":3,\"panelIndex\":5,\"type\":\"search\",\"id\":\"62439dc0-f9c9-11e6-a747-6121780e0414\",\"col\":1,\"row\":12,\"columns\":[\"system.auth.ssh.event\",\"system.auth.ssh.method\",\"system.auth.user\",\"system.auth.ssh.ip\",\"system.auth.ssh.geoip.country_iso_code\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"size_x\":12,\"size_y\":1,\"panelIndex\":6,\"type\":\"visualization\",\"id\":\"327417e0-8462-11e7-bab8-bd2f0fb42c54\",\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat System] SSH login attempts", - "uiStateJSON": "{\"P-4\":{\"mapCenter\":[39.774769485295465,23.203125],\"mapZoom\":3,\"mapBounds\":{\"bottom_right\":{\"lat\":10.31491928581316,\"lon\":74.53125},\"top_left\":{\"lat\":60.50052541051131,\"lon\":-27.94921875}},\"mapCollar\":{\"top_left\":{\"lat\":85.593335,\"lon\":-79.189455},\"bottom_right\":{\"lat\":-14.777884999999998,\"lon\":125.771485},\"zoom\":3}}}", - "version": 1 - }, - "id": "5517a150-f9ce-11e6-8115-a7c18106d86a", - "type": "dashboard", - "version": 7 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "system.auth.ssh.event:Accepted" + } + } + } + }, + "title": "Successful SSH logins [Filebeat System]", + "uiStateJSON": { + "vis": { + "colors": { + "Accepted": "#3F6833", + "Failed": "#F9934E", + "Invalid": "#447EBC", + "password": "#BF1B00", + "publickey": "#629E51" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.ssh.method", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "Successful SSH logins", + "type": "histogram" + } + }, + "id": "d16bb400-f9cc-11e6-8115-a7c18106d86a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*" + } + }, + "title": "SSH login attempts [Filebeat System]", + "uiStateJSON": { + "vis": { + "colors": { + "Accepted": "#3F6833", + "Failed": "#F9934E", + "Invalid": "#447EBC" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.auth.ssh.event", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "times": [] + }, + "title": "SSH login attempts", + "type": "histogram" + } + }, + "id": "78b74f30-f9cd-11e6-8115-a7c18106d86a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid" + } + } + } + }, + "title": "SSH users of failed login attempts [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.auth.user", + "order": "desc", + "orderBy": "1", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear" + }, + "title": "SSH users of failed login attempts", + "type": "tagcloud" + } + }, + "id": "341ffe70-f9ce-11e6-8115-a7c18106d86a", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid" + } + } + } + }, + "title": "SSH failed login attempts source locations [Filebeat System]", + "uiStateJSON": { + "mapCenter": [ + 17.602139123350838, + 69.697265625 + ], + "mapZoom": 2 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "system.auth.ssh.geoip.location", + "precision": 2 + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Shaded Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "SSH failed login attempts source locations", + "type": "tile_map" + } + }, + "id": "3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "system.auth.ssh.event", + "system.auth.ssh.method", + "system.auth.user", + "system.auth.ssh.ip", + "system.auth.ssh.geoip.country_iso_code" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:system.auth.ssh.event" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "SSH login attempts [Filebeat System]", + "version": 1 + }, + "id": "62439dc0-f9c9-11e6-a747-6121780e0414", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" + }, + "title": "Dashboards [Filebeat System]", + "type": "markdown" + } + }, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "SSH dashboard for the System module in Filebeat", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "d16bb400-f9cc-11e6-8115-a7c18106d86a", + "panelIndex": 1, + "row": 5, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "78b74f30-f9cd-11e6-8115-a7c18106d86a", + "panelIndex": 2, + "row": 2, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "341ffe70-f9ce-11e6-8115-a7c18106d86a", + "panelIndex": 3, + "row": 8, + "size_x": 6, + "size_y": 4, + "type": "visualization" + }, + { + "col": 7, + "id": "3cec3eb0-f9d3-11e6-8a3e-2b904044ea1d", + "panelIndex": 4, + "row": 8, + "size_x": 6, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "system.auth.ssh.event", + "system.auth.ssh.method", + "system.auth.user", + "system.auth.ssh.ip", + "system.auth.ssh.geoip.country_iso_code" + ], + "id": "62439dc0-f9c9-11e6-a747-6121780e0414", + "panelIndex": 5, + "row": 12, + "size_x": 12, + "size_y": 3, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "panelIndex": 6, + "row": 1, + "size_x": 12, + "size_y": 1, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat System] SSH login attempts", + "uiStateJSON": { + "P-4": { + "mapBounds": { + "bottom_right": { + "lat": 10.31491928581316, + "lon": 74.53125 + }, + "top_left": { + "lat": 60.50052541051131, + "lon": -27.94921875 + } + }, + "mapCenter": [ + 39.774769485295465, + 23.203125 + ], + "mapCollar": { + "bottom_right": { + "lat": -14.777884999999998, + "lon": 125.771485 + }, + "top_left": { + "lat": 85.593335, + "lon": -79.189455 + }, + "zoom": 3 + }, + "mapZoom": 3 + } + }, + "version": 1 + }, + "id": "5517a150-f9ce-11e6-8115-a7c18106d86a", + "type": "dashboard", + "version": 7 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-syslog.json b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-syslog.json index 6ea346c286ee..530535c305c0 100644 --- a/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-syslog.json +++ b/filebeat/module/system/_meta/kibana/6/dashboard/Filebeat-syslog.json @@ -1,93 +1,284 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Syslog-system-logs", - "title": "Syslog events by hostname [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Syslog events by hostname\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"system.syslog.hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Syslog-events-by-hostname", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Syslog-system-logs", - "title": "Syslog hostnames and processes [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Syslog hostnames and processes\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.syslog.hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"system.syslog.program\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Syslog-hostnames-and-processes", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "system.syslog.hostname", - "system.syslog.program", - "system.syslog.message" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:system.syslog\",\n \"analyze_wildcard\": true\n }\n },\n \"highlightAll\": true\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Syslog logs [Filebeat System]", - "version": 1 - }, - "id": "Syslog-system-logs", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "title": "Dashboards [Filebeat System]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\"title\":\"Dashboards [Filebeat System]\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"aggs\":[]}" - }, - "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", - "type": "visualization", - "version": 1 - }, - { - "attributes": { - "description": "Syslog dashboard from the Filebeat System module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true}" - }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"id\":\"Syslog-events-by-hostname\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":8,\"size_y\":4,\"col\":1,\"row\":2},{\"id\":\"Syslog-hostnames-and-processes\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":4,\"size_y\":4,\"col\":9,\"row\":2},{\"id\":\"Syslog-system-logs\",\"type\":\"search\",\"panelIndex\":3,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":6,\"columns\":[\"system.syslog.hostname\",\"system.syslog.program\",\"system.syslog.message\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"size_x\":12,\"size_y\":1,\"panelIndex\":4,\"type\":\"visualization\",\"id\":\"327417e0-8462-11e7-bab8-bd2f0fb42c54\",\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat System] Syslog dashboard", - "uiStateJSON": "{}", - "version": 1 - }, - "id": "Filebeat-syslog-dashboard", - "type": "dashboard", - "version": 6 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Syslog-system-logs", + "title": "Syslog events by hostname [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.syslog.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "Syslog events by hostname", + "type": "histogram" + } + }, + "id": "Syslog-events-by-hostname", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Syslog-system-logs", + "title": "Syslog hostnames and processes [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "system.syslog.hostname", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "system.syslog.program", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Syslog hostnames and processes", + "type": "pie" + } + }, + "id": "Syslog-hostnames-and-processes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "system.syslog.hostname", + "system.syslog.program", + "system.syslog.message" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "highlightAll": true, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:system.syslog" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Syslog logs [Filebeat System]", + "version": 1 + }, + "id": "Syslog-system-logs", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Dashboards [Filebeat System]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 12, + "markdown": "[Syslog](#/dashboard/Filebeat-syslog-dashboard) | [Sudo commands](#/dashboard/277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" + }, + "title": "Dashboards [Filebeat System]", + "type": "markdown" + } + }, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "type": "visualization", + "version": 1 + }, + { + "attributes": { + "description": "Syslog dashboard from the Filebeat System module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "Syslog-events-by-hostname", + "panelIndex": 1, + "row": 2, + "size_x": 8, + "size_y": 4, + "type": "visualization" + }, + { + "col": 9, + "id": "Syslog-hostnames-and-processes", + "panelIndex": 2, + "row": 2, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "columns": [ + "system.syslog.hostname", + "system.syslog.program", + "system.syslog.message" + ], + "id": "Syslog-system-logs", + "panelIndex": 3, + "row": 6, + "size_x": 12, + "size_y": 7, + "sort": [ + "@timestamp", + "desc" + ], + "type": "search" + }, + { + "col": 1, + "id": "327417e0-8462-11e7-bab8-bd2f0fb42c54", + "panelIndex": 4, + "row": 1, + "size_x": 12, + "size_y": 1, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat System] Syslog dashboard", + "uiStateJSON": {}, + "version": 1 + }, + "id": "Filebeat-syslog-dashboard", + "type": "dashboard", + "version": 6 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/traefik/_meta/kibana/6/dashboard/Filebeat-traefik-overview.json b/filebeat/module/traefik/_meta/kibana/6/dashboard/Filebeat-traefik-overview.json index 61a0467e0058..c30cc512489b 100644 --- a/filebeat/module/traefik/_meta/kibana/6/dashboard/Filebeat-traefik-overview.json +++ b/filebeat/module/traefik/_meta/kibana/6/dashboard/Filebeat-traefik-overview.json @@ -1,136 +1,598 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Browsers breakdown [Filebeat Traefik]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Traefik Access Browsers\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"traefik.access.user_agent.name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"traefik.access.user_agent.major\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Traefik-Access-Browsers", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Operating systems breakdown [Filebeat Traefik]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Traefik Access OSes\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"bottom\",\n \"isDonut\": true\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"traefik.access.user_agent.os_name\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"traefik.access.user_agent.os_major\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Traefik-Access-OSes", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Filebeat-Traefik-module", - "title": "Response codes over time [Filebeat Traefik]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"New Visualization\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"traefik.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "New-Visualization", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": []\n}" - }, - "title": "Response codes by top URLs [Filebeat Traefik]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#629E51\",\n \"404\": \"#0A50A1\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"Traefik Access Response codes by top URLs\",\n \"type\": \"pie\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"isDonut\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"split\",\n \"params\": {\n \"field\": \"traefik.access.url\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"row\": false\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"traefik.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Traefik-Access-Response-codes-by-top-URLs", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [],\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:traefik.access\",\n \"analyze_wildcard\": true\n }\n },\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "title": "Sent Byte Size [Filebeat Traefik]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"Sent sizes\",\n \"type\": \"line\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"showCircles\": true,\n \"smoothLines\": true,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": \"17\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"sum\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"traefik.access.body_sent.bytes\",\n \"customLabel\": \"Data sent\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"radius\",\n \"params\": {}\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "Sent-sizes", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "Filebeat-Traefik-module", - "title": "Access Map [Filebeat Traefik]", - "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"autoPrecision\": true,\n \"field\": \"traefik.access.geoip.location\"\n },\n \"schema\": \"segment\",\n \"type\": \"geohash_grid\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addTooltip\": true,\n \"heatBlur\": 15,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatNormalizeData\": true,\n \"heatRadius\": 25,\n \"isDesaturated\": true,\n \"legendPosition\": \"bottomright\",\n \"mapCenter\": [\n 15,\n 5\n ],\n \"mapType\": \"Scaled Circle Markers\",\n \"mapZoom\": 2,\n \"wms\": {\n \"enabled\": false,\n \"options\": {\n \"attribution\": \"Maps provided by USGS\",\n \"format\": \"image/png\",\n \"layers\": \"0\",\n \"styles\": \"\",\n \"transparent\": true,\n \"version\": \"1.3.0\"\n },\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"\n }\n },\n \"title\": \"Traefik Access Map\",\n \"type\": \"tile_map\"\n}" - }, - "id": "Traefik-Access-Map", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "columns": [ - "_source" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:traefik\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Traefik logs [Filebeat Traefik]", - "version": 1 - }, - "id": "Filebeat-Traefik-module", - "type": "search", - "version": 2 - }, - { - "attributes": { - "description": "Dashboard for the Filebeat Traefik module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ]\n}" - }, - "optionsJSON": "{\n \"darkTheme\": false\n}", - "panelsJSON": "[{\"col\":1,\"id\":\"Traefik-Access-Browsers\",\"panelIndex\":3,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Traefik-Access-OSes\",\"panelIndex\":4,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"New-Visualization\",\"panelIndex\":5,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Traefik-Access-Response-codes-by-top-URLs\",\"panelIndex\":6,\"row\":7,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Sent-sizes\",\"panelIndex\":7,\"row\":10,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"id\":\"Traefik-Access-Map\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":1}]", - "timeRestore": false, - "title": "[Filebeat Traefik] Access logs", - "uiStateJSON": "{\n \"P-4\": {\n \"vis\": {\n \"legendOpen\": true\n }\n },\n \"P-8\": {\n \"mapCenter\": [\n 50.51342652633956,\n -0.17578125\n ]\n }\n}", - "version": 1 - }, - "id": "Filebeat-Traefik-Dashboard", - "type": "dashboard", - "version": 3 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Browsers breakdown [Filebeat Traefik]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.user_agent.name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.user_agent.major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Traefik Access Browsers", + "type": "pie" + } + }, + "id": "Traefik-Access-Browsers", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Operating systems breakdown [Filebeat Traefik]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.user_agent.os_name", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.user_agent.os_major", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", + "shareYAxis": true + }, + "title": "Traefik Access OSes", + "type": "pie" + } + }, + "id": "Traefik-Access-OSes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-Traefik-module", + "title": "Response codes over time [Filebeat Traefik]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#614D93" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "New Visualization", + "type": "histogram" + } + }, + "id": "New-Visualization", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "title": "Response codes by top URLs [Filebeat Traefik]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#629E51", + "404": "#0A50A1" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.url", + "order": "desc", + "orderBy": "1", + "row": false, + "size": 5 + }, + "schema": "split", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "legendPosition": "right", + "shareYAxis": true + }, + "title": "Traefik Access Response codes by top URLs", + "type": "pie" + } + }, + "id": "Traefik-Access-Response-codes-by-top-URLs", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:traefik.access" + } + } + } + }, + "title": "Sent Byte Size [Filebeat Traefik]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Data sent", + "field": "traefik.access.body_sent.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": {}, + "schema": "radius", + "type": "count" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": "17", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "showCircles": true, + "smoothLines": true, + "times": [], + "yAxis": {} + }, + "title": "Sent sizes", + "type": "line" + } + }, + "id": "Sent-sizes", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "Filebeat-Traefik-module", + "title": "Access Map [Filebeat Traefik]", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "traefik.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "Traefik Access Map", + "type": "tile_map" + } + }, + "id": "Traefik-Access-Map", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:traefik" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "Traefik logs [Filebeat Traefik]", + "version": 1 + }, + "id": "Filebeat-Traefik-module", + "type": "search", + "version": 2 + }, + { + "attributes": { + "description": "Dashboard for the Filebeat Traefik module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + ] + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "Traefik-Access-Browsers", + "panelIndex": 3, + "row": 10, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 5, + "id": "Traefik-Access-OSes", + "panelIndex": 4, + "row": 10, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "New-Visualization", + "panelIndex": 5, + "row": 4, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "Traefik-Access-Response-codes-by-top-URLs", + "panelIndex": 6, + "row": 7, + "size_x": 12, + "size_y": 3, + "type": "visualization" + }, + { + "col": 9, + "id": "Sent-sizes", + "panelIndex": 7, + "row": 10, + "size_x": 4, + "size_y": 4, + "type": "visualization" + }, + { + "col": 1, + "id": "Traefik-Access-Map", + "panelIndex": 8, + "row": 1, + "size_x": 12, + "size_y": 3, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Traefik] Access logs", + "uiStateJSON": { + "P-4": { + "vis": { + "legendOpen": true + } + }, + "P-8": { + "mapCenter": [ + 50.51342652633956, + -0.17578125 + ] + } + }, + "version": 1 + }, + "id": "Filebeat-Traefik-Dashboard", + "type": "dashboard", + "version": 3 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-access-remote-ip-count-explorer.json b/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-access-remote-ip-count-explorer.json index 116a32531e84..835a4fe7d5cb 100644 --- a/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-access-remote-ip-count-explorer.json +++ b/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-access-remote-ip-count-explorer.json @@ -1,124 +1,553 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Remote IP Timechart [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"legendOpen\": false\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Remote IP Timechart\",\n \"type\": \"area\",\n \"params\": {\n \"addLegend\": true,\n \"addTimeMarker\": false,\n \"addTooltip\": true,\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"position\": \"bottom\",\n \"scale\": {\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {\n \"text\": \"@timestamp per 5 minutes\"\n },\n \"type\": \"category\"\n }\n ],\n \"defaultYExtents\": false,\n \"drawLinesBetweenPoints\": true,\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"interpolate\": \"linear\",\n \"legendPosition\": \"right\",\n \"radiusRatio\": 9,\n \"scale\": \"linear\",\n \"seriesParams\": [\n {\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Count\"\n },\n \"drawLinesBetweenPoints\": true,\n \"interpolate\": \"linear\",\n \"mode\": \"stacked\",\n \"show\": \"true\",\n \"showCircles\": true,\n \"type\": \"area\",\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"setYExtents\": false,\n \"showCircles\": true,\n \"times\": [],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"labels\": {\n \"filter\": false,\n \"rotate\": 0,\n \"show\": true,\n \"truncate\": 100\n },\n \"name\": \"LeftAxis-1\",\n \"position\": \"left\",\n \"scale\": {\n \"mode\": \"normal\",\n \"type\": \"linear\"\n },\n \"show\": true,\n \"style\": {},\n \"title\": {},\n \"type\": \"value\"\n }\n ]\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"traefik.access.remote_ip\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Remote-IP-Timechart", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Response Code Timechart [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Response Code Timechart\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"traefik.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Response-Code-Timechart", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Top Remote IPs [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Top Remote IPs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"traefik.access.remote_ip\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Top-Remote-IPs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Access Map [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"autoPrecision\": true,\n \"field\": \"traefik.access.geoip.location\"\n },\n \"schema\": \"segment\",\n \"type\": \"geohash_grid\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addTooltip\": true,\n \"heatBlur\": 15,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatNormalizeData\": true,\n \"heatRadius\": 25,\n \"isDesaturated\": true,\n \"legendPosition\": \"bottomright\",\n \"mapCenter\": [\n 15,\n 5\n ],\n \"mapType\": \"Scaled Circle Markers\",\n \"mapZoom\": 2,\n \"wms\": {\n \"enabled\": false,\n \"options\": {\n \"attribution\": \"Maps provided by USGS\",\n \"format\": \"image/png\",\n \"layers\": \"0\",\n \"styles\": \"\",\n \"transparent\": true,\n \"version\": \"1.3.0\"\n },\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"\n }\n },\n \"title\": \"ML Traefik Access Map\",\n \"type\": \"tile_map\"\n}" - }, - "id": "ML-Traefik-Access-Map", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Top URLs [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Top URLs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 100,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"traefik.access.url\",\n \"size\": 1000,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Top-URLs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "columns": [ - "_source" - ], - "description": "Filebeat Traefik Access Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:traefik.access\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "ML Access Data [Filebeat Traefik]", - "version": 1 - }, - "id": "ML-Filebeat-Traefik-Access", - "type": "search", - "version": 3 - }, - { - "attributes": { - "description": "Machine learning dashboard, for the Filebeat Traefik module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ],\n \"highlightAll\": true,\n \"version\": true\n}" - }, - "optionsJSON": "{\n \"darkTheme\": false\n}", - "panelsJSON": "[\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 1,\n \"type\": \"visualization\",\n \"id\": \"ML-Traefik-Access-Remote-IP-Timechart\",\n \"col\": 1,\n \"row\": 1\n },\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 2,\n \"type\": \"visualization\",\n \"id\": \"ML-Traefik-Access-Response-Code-Timechart\",\n \"col\": 7,\n \"row\": 1\n },\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 3,\n \"type\": \"visualization\",\n \"id\": \"ML-Traefik-Access-Top-Remote-IPs-Table\",\n \"col\": 1,\n \"row\": 4\n },\n {\n \"size_x\": 6,\n \"size_y\": 3,\n \"panelIndex\": 4,\n \"type\": \"visualization\",\n \"id\": \"ML-Traefik-Access-Map\",\n \"col\": 7,\n \"row\": 4\n },\n {\n \"size_x\": 12,\n \"size_y\": 9,\n \"panelIndex\": 5,\n \"type\": \"visualization\",\n \"id\": \"ML-Traefik-Access-Top-URLs-Table\",\n \"col\": 1,\n \"row\": 7\n }\n]", - "timeRestore": false, - "title": "[Filebeat Traefik] [ML] Remote IP Count Explorer", - "uiStateJSON": "{\n \"P-3\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n },\n \"P-5\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n }\n}", - "version": 1 - }, - "id": "ML-Traefik-Access-Remote-IP-Count-Explorer", - "type": "dashboard", - "version": 3 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Remote IP Timechart [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "legendOpen": false + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.remote_ip", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 5 minutes" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "value" + } + ] + }, + "title": "ML Traefik Access Remote IP Timechart", + "type": "area" + } + }, + "id": "ML-Traefik-Access-Remote-IP-Timechart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Response Code Timechart [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#614D93" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "ML Traefik Access Response Code Timechart", + "type": "histogram" + } + }, + "id": "ML-Traefik-Access-Response-Code-Timechart", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Top Remote IPs [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.remote_ip", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Traefik Access Top Remote IPs Table", + "type": "table" + } + }, + "id": "ML-Traefik-Access-Top-Remote-IPs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Access Map [Filebeat Traefik] [ML]", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "traefik.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "ML Traefik Access Map", + "type": "tile_map" + } + }, + "id": "ML-Traefik-Access-Map", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Top URLs [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.url", + "order": "desc", + "orderBy": "1", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 100, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Traefik Access Top URLs Table", + "type": "table" + } + }, + "id": "ML-Traefik-Access-Top-URLs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "Filebeat Traefik Access Data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:traefik.access" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ML Access Data [Filebeat Traefik]", + "version": 1 + }, + "id": "ML-Filebeat-Traefik-Access", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "Machine learning dashboard, for the Filebeat Traefik module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "ML-Traefik-Access-Remote-IP-Timechart", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Traefik-Access-Response-Code-Timechart", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Traefik-Access-Top-Remote-IPs-Table", + "panelIndex": 3, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Traefik-Access-Map", + "panelIndex": 4, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Traefik-Access-Top-URLs-Table", + "panelIndex": 5, + "row": 7, + "size_x": 12, + "size_y": 9, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Traefik] [ML] Remote IP Count Explorer", + "uiStateJSON": { + "P-3": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "ML-Traefik-Access-Remote-IP-Count-Explorer", + "type": "dashboard", + "version": 3 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file diff --git a/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-remote-ip-url-explorer.json b/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-remote-ip-url-explorer.json index 53f46f1885e2..e6833d009b1c 100644 --- a/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-remote-ip-url-explorer.json +++ b/filebeat/module/traefik/_meta/kibana/6/dashboard/ml-traefik-remote-ip-url-explorer.json @@ -1,124 +1,552 @@ { - "objects": [ - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Unique Count URL Timechart [Filebeat Traefik] [ML]", - "uiStateJSON": "{}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Unique Count URL Timechart\",\n \"type\": \"line\",\n \"params\": {\n \"grid\": {\n \"categoryLines\": false,\n \"style\": {\n \"color\": \"#eee\"\n }\n },\n \"categoryAxes\": [\n {\n \"id\": \"CategoryAxis-1\",\n \"type\": \"category\",\n \"position\": \"bottom\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\"\n },\n \"labels\": {\n \"show\": true,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"@timestamp per day\"\n }\n }\n ],\n \"valueAxes\": [\n {\n \"id\": \"ValueAxis-1\",\n \"name\": \"LeftAxis-1\",\n \"type\": \"value\",\n \"position\": \"left\",\n \"show\": true,\n \"style\": {},\n \"scale\": {\n \"type\": \"linear\",\n \"mode\": \"normal\"\n },\n \"labels\": {\n \"show\": true,\n \"rotate\": 0,\n \"filter\": false,\n \"truncate\": 100\n },\n \"title\": {\n \"text\": \"Unique count of traefik.access.url\"\n }\n }\n ],\n \"seriesParams\": [\n {\n \"show\": true,\n \"mode\": \"normal\",\n \"type\": \"line\",\n \"drawLinesBetweenPoints\": true,\n \"showCircles\": true,\n \"interpolate\": \"linear\",\n \"lineWidth\": 2,\n \"data\": {\n \"id\": \"1\",\n \"label\": \"Unique count of traefik.access.url\"\n },\n \"valueAxis\": \"ValueAxis-1\"\n }\n ],\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"showCircles\": true,\n \"interpolate\": \"linear\",\n \"scale\": \"linear\",\n \"drawLinesBetweenPoints\": true,\n \"radiusRatio\": 9,\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"cardinality\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"traefik.access.url\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Unique-Count-URL-Timechart", - "type": "visualization", - "version": 2 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Response Code Timechart [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"colors\": {\n \"200\": \"#7EB26D\",\n \"404\": \"#614D93\"\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Response Code Timechart\",\n \"type\": \"histogram\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"scale\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"group\",\n \"params\": {\n \"field\": \"traefik.access.response_code\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Response-Code-Timechart", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Top Remote IPs [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Top Remote IPs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"traefik.access.remote_ip\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Top-Remote-IPs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": []\n}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Access Map [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"mapCenter\": [\n 12.039320557540572,\n -0.17578125\n ]\n}", - "version": 1, - "visState": "{\n \"aggs\": [\n {\n \"enabled\": true,\n \"id\": \"1\",\n \"params\": {},\n \"schema\": \"metric\",\n \"type\": \"count\"\n },\n {\n \"enabled\": true,\n \"id\": \"2\",\n \"params\": {\n \"autoPrecision\": true,\n \"field\": \"traefik.access.geoip.location\"\n },\n \"schema\": \"segment\",\n \"type\": \"geohash_grid\"\n }\n ],\n \"listeners\": {},\n \"params\": {\n \"addTooltip\": true,\n \"heatBlur\": 15,\n \"heatMaxZoom\": 16,\n \"heatMinOpacity\": 0.1,\n \"heatNormalizeData\": true,\n \"heatRadius\": 25,\n \"isDesaturated\": true,\n \"legendPosition\": \"bottomright\",\n \"mapCenter\": [\n 15,\n 5\n ],\n \"mapType\": \"Scaled Circle Markers\",\n \"mapZoom\": 2,\n \"wms\": {\n \"enabled\": false,\n \"options\": {\n \"attribution\": \"Maps provided by USGS\",\n \"format\": \"image/png\",\n \"layers\": \"0\",\n \"styles\": \"\",\n \"transparent\": true,\n \"version\": \"1.3.0\"\n },\n \"url\": \"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"\n }\n },\n \"title\": \"ML Traefik Access Map\",\n \"type\": \"tile_map\"\n}" - }, - "id": "ML-Traefik-Access-Map", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{}" - }, - "savedSearchId": "ML-Filebeat-Traefik-Access", - "title": "Top URLs [Filebeat Traefik] [ML]", - "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", - "version": 1, - "visState": "{\n \"title\": \"ML Traefik Access Top URLs Table\",\n \"type\": \"table\",\n \"params\": {\n \"perPage\": 100,\n \"showPartialRows\": false,\n \"showMeticsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": false,\n \"totalFunc\": \"sum\"\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"schema\": \"metric\",\n \"params\": {}\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"bucket\",\n \"params\": {\n \"field\": \"traefik.access.url\",\n \"size\": 1000,\n \"order\": \"desc\",\n \"orderBy\": \"1\"\n }\n }\n ],\n \"listeners\": {}\n}" - }, - "id": "ML-Traefik-Access-Top-URLs-Table", - "type": "visualization", - "version": 3 - }, - { - "attributes": { - "columns": [ - "_source" - ], - "description": "Filebeat Traefik Access Data", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"index\": \"filebeat-*\",\n \"query\": {\n \"query_string\": {\n \"query\": \"_exists_:traefik.access\",\n \"analyze_wildcard\": true\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}" - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "ML Access Data [Filebeat Traefik]", - "version": 1 - }, - "id": "ML-Filebeat-Traefik-Access", - "type": "search", - "version": 3 - }, - { - "attributes": { - "description": "Machine Learning dashboard for the Filebeat Traefik module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ],\n \"highlightAll\": true,\n \"version\": true\n}" - }, - "optionsJSON": "{\n \"darkTheme\": false\n}", - "panelsJSON": "[\n {\n \"col\": 1,\n \"id\": \"ML-Traefik-Access-Unique-Count-URL-Timechart\",\n \"panelIndex\": 1,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"ML-Traefik-Access-Response-Code-Timechart\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"ML-Traefik-Access-Top-Remote-IPs-Table\",\n \"panelIndex\": 3,\n \"row\": 4,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"ML-Traefik-Access-Map\",\n \"panelIndex\": 4,\n \"row\": 4,\n \"size_x\": 6,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"size_x\": 12,\n \"size_y\": 8,\n \"panelIndex\": 5,\n \"type\": \"visualization\",\n \"id\": \"ML-Traefik-Access-Top-URLs-Table\",\n \"col\": 1,\n \"row\": 7\n }\n]", - "timeRestore": false, - "title": "[Filebeat Traefik] [ML] Remote IP URL Explorer", - "uiStateJSON": "{\n \"P-2\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n },\n \"P-3\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n },\n \"P-5\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n }\n}", - "version": 1 - }, - "id": "ML-Traefik-Remote-IP-URL-Explorer", - "type": "dashboard", - "version": 4 - } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} + "objects": [ + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Unique Count URL Timechart [Filebeat Traefik] [ML]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "field": "traefik.access.url" + }, + "schema": "metric", + "type": "cardinality" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per day" + }, + "type": "category" + } + ], + "defaultYExtents": false, + "drawLinesBetweenPoints": true, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "interpolate": "linear", + "legendPosition": "right", + "radiusRatio": 9, + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Unique count of traefik.access.url" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "showCircles": true, + "times": [], + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Unique count of traefik.access.url" + }, + "type": "value" + } + ] + }, + "title": "ML Traefik Access Unique Count URL Timechart", + "type": "line" + } + }, + "id": "ML-Traefik-Access-Unique-Count-URL-Timechart", + "type": "visualization", + "version": 2 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Response Code Timechart [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "colors": { + "200": "#7EB26D", + "404": "#614D93" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1 + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "traefik.access.response_code", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "defaultYExtents": false, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "setYExtents": false, + "shareYAxis": true, + "times": [], + "yAxis": {} + }, + "title": "ML Traefik Access Response Code Timechart", + "type": "histogram" + } + }, + "id": "ML-Traefik-Access-Response-Code-Timechart", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Top Remote IPs [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.remote_ip", + "order": "desc", + "orderBy": "1", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 10, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Traefik Access Top Remote IPs Table", + "type": "table" + } + }, + "id": "ML-Traefik-Access-Top-Remote-IPs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [] + } + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Access Map [Filebeat Traefik] [ML]", + "uiStateJSON": { + "mapCenter": [ + 12.039320557540572, + -0.17578125 + ] + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "traefik.access.geoip.location" + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "listeners": {}, + "params": { + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 15, + 5 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, + "version": "1.3.0" + }, + "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" + } + }, + "title": "ML Traefik Access Map", + "type": "tile_map" + } + }, + "id": "ML-Traefik-Access-Map", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "savedSearchId": "ML-Filebeat-Traefik-Access", + "title": "Top URLs [Filebeat Traefik] [ML]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "traefik.access.url", + "order": "desc", + "orderBy": "1", + "size": 1000 + }, + "schema": "bucket", + "type": "terms" + } + ], + "listeners": {}, + "params": { + "perPage": 100, + "showMeticsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "ML Traefik Access Top URLs Table", + "type": "table" + } + }, + "id": "ML-Traefik-Access-Top-URLs-Table", + "type": "visualization", + "version": 3 + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "Filebeat Traefik Access Data", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlight": { + "fields": { + "*": {} + }, + "fragment_size": 2147483647, + "post_tags": [ + "@/kibana-highlighted-field@" + ], + "pre_tags": [ + "@kibana-highlighted-field@" + ], + "require_field_match": false + }, + "index": "filebeat-*", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "_exists_:traefik.access" + } + } + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "ML Access Data [Filebeat Traefik]", + "version": 1 + }, + "id": "ML-Filebeat-Traefik-Access", + "type": "search", + "version": 3 + }, + { + "attributes": { + "description": "Machine Learning dashboard for the Filebeat Traefik module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + ], + "highlightAll": true, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "col": 1, + "id": "ML-Traefik-Access-Unique-Count-URL-Timechart", + "panelIndex": 1, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Traefik-Access-Response-Code-Timechart", + "panelIndex": 2, + "row": 1, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Traefik-Access-Top-Remote-IPs-Table", + "panelIndex": 3, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 7, + "id": "ML-Traefik-Access-Map", + "panelIndex": 4, + "row": 4, + "size_x": 6, + "size_y": 3, + "type": "visualization" + }, + { + "col": 1, + "id": "ML-Traefik-Access-Top-URLs-Table", + "panelIndex": 5, + "row": 7, + "size_x": 12, + "size_y": 8, + "type": "visualization" + } + ], + "timeRestore": false, + "title": "[Filebeat Traefik] [ML] Remote IP URL Explorer", + "uiStateJSON": { + "P-2": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-3": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "P-5": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + } + }, + "version": 1 + }, + "id": "ML-Traefik-Remote-IP-URL-Explorer", + "type": "dashboard", + "version": 4 + } + ], + "version": "6.0.0-beta1-SNAPSHOT" +} \ No newline at end of file