From ff2e631b50ae5344c66e5bd208f5064d2eaa93ab Mon Sep 17 00:00:00 2001 From: Mathieu Martin Date: Tue, 5 Feb 2019 14:58:34 -0500 Subject: [PATCH 1/2] Manually decode each JSON-encoded field --- .../7/dashboard/Winlogbeat-overview.json | 44 +++++++++++-------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json b/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json index ac6f17f6246..cd2a59dc75c 100644 --- a/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json +++ b/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json @@ -5,10 +5,16 @@ "description": "", "hits": 0, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}" + "searchSourceJSON": {"filter":[],"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}} }, - "optionsJSON": "{\"darkTheme\":false}", - "panelsJSON": "[{\"gridData\":{\"h\":20,\"i\":\"1\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.0.0-SNAPSHOT\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":20,\"i\":\"3\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.0.0-SNAPSHOT\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"4\",\"w\":16,\"x\":16,\"y\":20},\"panelIndex\":\"4\",\"version\":\"7.0.0-SNAPSHOT\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"h\":20,\"i\":\"5\",\"w\":16,\"x\":32,\"y\":20},\"panelIndex\":\"5\",\"version\":\"7.0.0-SNAPSHOT\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"h\":20,\"i\":\"6\",\"w\":16,\"x\":0,\"y\":20},\"panelIndex\":\"6\",\"version\":\"7.0.0-SNAPSHOT\",\"panelRefName\":\"panel_4\"}]", + "optionsJSON": {"darkTheme":false}, + "panelsJSON": [ + {"gridData":{ + "h":20,"i":"1","w":36,"x":12,"y":0}, + "panelIndex":"1","version":"7.0.0-SNAPSHOT","panelRefName":"panel_0" + },{"gridData":{ + "h":20,"i":"3","w":12,"x":0,"y":0},"panelIndex":"3","version":"7.0.0-SNAPSHOT","panelRefName":"panel_1"},{"embeddableConfig":{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}},"gridData":{"h":20,"i":"4","w":16,"x":16,"y":20},"panelIndex":"4","version":"7.0.0-SNAPSHOT","panelRefName":"panel_2"},{"gridData":{"h":20,"i":"5","w":16,"x":32,"y":20},"panelIndex":"5","version":"7.0.0-SNAPSHOT","panelRefName":"panel_3"},{"gridData":{"h":20,"i":"6","w":16,"x":0,"y":20},"panelIndex":"6","version":"7.0.0-SNAPSHOT","panelRefName":"panel_4"} + ], "timeRestore": false, "title": "Winlogbeat Dashboard", "version": 1 @@ -52,12 +58,12 @@ "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + "searchSourceJSON": {"filter":[],"query":{"query":"*","language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} }, "title": "Number of Events Over Time By Channel", - "uiStateJSON": "{}", + "uiStateJSON": {}, "version": 1, - "visState": "{\"title\":\"Number of Events Over Time By Channel\",\"type\":\"histogram\",\"params\":{\"scale\":\"linear\",\"yAxis\":{},\"addTimeMarker\":false,\"addLegend\":true,\"shareYAxis\":true,\"mode\":\"stacked\",\"defaultYExtents\":false,\"setYExtents\":false,\"addTooltip\":true,\"times\":[],\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"setYExtents\":false,\"defaultYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\"}],\"legendPosition\":\"right\",\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{\"date\":true,\"interval\":43200000,\"format\":\"YYYY-MM-DD HH:mm\",\"bounds\":{\"min\":\"2019-01-21T04:30:25.961Z\",\"max\":\"2019-02-05T04:30:25.961Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\",\"mode\":\"relative\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"time_zone\":\"America/Montreal\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"winlog.channel\",\"size\":6,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Channel\"}}]}" + "visState": {"title":"Number of Events Over Time By Channel","type":"histogram","params":{"scale":"linear","yAxis":{},"addTimeMarker":false,"addLegend":true,"shareYAxis":true,"mode":"stacked","defaultYExtents":false,"setYExtents":false,"addTooltip":true,"times":[],"type":"histogram","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal","setYExtents":false,"defaultYExtents":false},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"histogram","mode":"stacked","data":{"label":"Count","id":"1"},"valueAxis":"ValueAxis-1"}],"legendPosition":"right","dimensions":{"x":{"accessor":0,"format":{"id":"date","params":{"pattern":"YYYY-MM-DD HH:mm"}},"params":{"date":true,"interval":43200000,"format":"YYYY-MM-DD HH:mm","bounds":{"min":"2019-01-21T04:30:25.961Z","max":"2019-02-05T04:30:25.961Z"}},"aggType":"date_histogram"},"y":[{"accessor":2,"format":{"id":"number"},"params":{},"aggType":"count"}],"series":[{"accessor":1,"format":{"id":"terms","params":{"id":"string","otherBucketLabel":"Other","missingBucketLabel":"Missing"}},"params":{},"aggType":"terms"}]}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","timeRange":{"from":"now-15d","to":"now","mode":"relative"},"useNormalizedEsInterval":true,"interval":"auto","time_zone":"America/Montreal","drop_partials":false,"customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"winlog.channel","size":6,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Channel"}}]} }, "id": "Number-of-Events-Over-Time-By-Event-Log", "migrationVersion": { @@ -78,12 +84,12 @@ "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + "searchSourceJSON": {"filter":[],"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} }, "title": "Number of Events", - "uiStateJSON": "{}", + "uiStateJSON": {}, "version": 1, - "visState": "{\"type\": \"metric\", \"listeners\": {}, \"params\": {\"fontSize\": 60}, \"aggs\": [{\"type\": \"count\", \"params\": {}, \"id\": \"1\", \"schema\": \"metric\"}]}" + "visState": {"type": "metric", "listeners": {}, "params": {"fontSize": 60}, "aggs": [{"type": "count", "params": {}, "id": "1", "schema": "metric"}]} }, "id": "Number-of-Events", "migrationVersion": { @@ -104,12 +110,12 @@ "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + "searchSourceJSON": {"filter":[],"query":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} }, "title": "Top Event IDs", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "uiStateJSON": {"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}, "version": 1, - "visState": "{\"title\":\"Top Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event IDs\"}}]}" + "visState": {"title":"Top Event IDs","type":"table","params":{"perPage":10,"showPartialRows":false,"showMetricsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum","dimensions":{"metrics":[{"accessor":1,"format":{"id":"number"},"params":{},"aggType":"count"}],"buckets":[{"accessor":0,"format":{"id":"terms","params":{"id":"string","otherBucketLabel":"Other","missingBucketLabel":"Missing"}},"params":{},"aggType":"terms"}]}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"winlog.event_id","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Event IDs"}}]} }, "id": "Top-Event-IDs", "migrationVersion": { @@ -130,12 +136,12 @@ "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + "searchSourceJSON": {"filter":[],"query":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} }, "title": "Event Levels", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "uiStateJSON": {"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}, "version": 1, - "visState": "{\"title\":\"Event Levels\",\"type\":\"table\",\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null},\"perPage\":10,\"showPartialRows\":false,\"totalFunc\":\"sum\",\"showTotal\":false,\"showMetricsAtAllLevels\":false,\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"log.level\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Levels\"}}]}" + "visState": {"title":"Event Levels","type":"table","params":{"sort":{"columnIndex":null,"direction":null},"perPage":10,"showPartialRows":false,"totalFunc":"sum","showTotal":false,"showMetricsAtAllLevels":false,"dimensions":{"metrics":[{"accessor":1,"format":{"id":"number"},"params":{},"aggType":"count"}],"buckets":[{"accessor":0,"format":{"id":"terms","params":{"id":"string","otherBucketLabel":"Other","missingBucketLabel":"Missing"}},"params":{},"aggType":"terms"}]}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"log.level","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Log Levels"}}]} }, "id": "Event-Levels", "migrationVersion": { @@ -156,12 +162,12 @@ "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + "searchSourceJSON": {"filter":[],"query":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} }, "title": "Sources (Provider Names)", - "uiStateJSON": "{}", + "uiStateJSON": {}, "version": 1, - "visState": "{\"title\":\"Sources (Provider Names)\",\"type\":\"pie\",\"params\":{\"legendPosition\":\"right\",\"isDonut\":false,\"addTooltip\":true,\"shareYAxis\":true,\"addLegend\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"winlog.provider_name\",\"size\":7,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}" + "visState": {"title":"Sources (Provider Names)","type":"pie","params":{"legendPosition":"right","isDonut":false,"addTooltip":true,"shareYAxis":true,"addLegend":true,"type":"pie","labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"winlog.provider_name","size":7,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]} }, "id": "Sources", "migrationVersion": { @@ -180,4 +186,4 @@ } ], "version": "7.0.0-SNAPSHOT" -} \ No newline at end of file +} From 9ae17366ff9ccdb3c2c1240fa2634c601bf23dd1 Mon Sep 17 00:00:00 2001 From: Mathieu Martin Date: Tue, 5 Feb 2019 15:00:27 -0500 Subject: [PATCH 2/2] Re-export it with the proper command --- .../7/dashboard/Winlogbeat-overview.json | 563 +++++++++++++++++- 1 file changed, 534 insertions(+), 29 deletions(-) diff --git a/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json b/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json index cd2a59dc75c..82ccb038640 100644 --- a/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json +++ b/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json @@ -5,15 +5,90 @@ "description": "", "hits": 0, "kibanaSavedObjectMeta": { - "searchSourceJSON": {"filter":[],"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}} + "searchSourceJSON": { + "filter": [], + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + }, + "optionsJSON": { + "darkTheme": false }, - "optionsJSON": {"darkTheme":false}, "panelsJSON": [ - {"gridData":{ - "h":20,"i":"1","w":36,"x":12,"y":0}, - "panelIndex":"1","version":"7.0.0-SNAPSHOT","panelRefName":"panel_0" - },{"gridData":{ - "h":20,"i":"3","w":12,"x":0,"y":0},"panelIndex":"3","version":"7.0.0-SNAPSHOT","panelRefName":"panel_1"},{"embeddableConfig":{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}},"gridData":{"h":20,"i":"4","w":16,"x":16,"y":20},"panelIndex":"4","version":"7.0.0-SNAPSHOT","panelRefName":"panel_2"},{"gridData":{"h":20,"i":"5","w":16,"x":32,"y":20},"panelIndex":"5","version":"7.0.0-SNAPSHOT","panelRefName":"panel_3"},{"gridData":{"h":20,"i":"6","w":16,"x":0,"y":20},"panelIndex":"6","version":"7.0.0-SNAPSHOT","panelRefName":"panel_4"} + { + "gridData": { + "h": 20, + "i": "1", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.0.0-SNAPSHOT" + }, + { + "gridData": { + "h": 20, + "i": "3", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_1", + "version": "7.0.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 20, + "i": "4", + "w": 16, + "x": 16, + "y": 20 + }, + "panelIndex": "4", + "panelRefName": "panel_2", + "version": "7.0.0-SNAPSHOT" + }, + { + "gridData": { + "h": 20, + "i": "5", + "w": 16, + "x": 32, + "y": 20 + }, + "panelIndex": "5", + "panelRefName": "panel_3", + "version": "7.0.0-SNAPSHOT" + }, + { + "gridData": { + "h": 20, + "i": "6", + "w": 16, + "x": 0, + "y": 20 + }, + "panelIndex": "6", + "panelRefName": "panel_4", + "version": "7.0.0-SNAPSHOT" + } ], "timeRestore": false, "title": "Winlogbeat Dashboard", @@ -51,19 +126,196 @@ } ], "type": "dashboard", - "updated_at": "2019-02-05T04:31:28.874Z", - "version": 5 + "updated_at": "2019-02-05T19:56:19.932Z", + "version": 7 }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": {"filter":[],"query":{"query":"*","language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": "*" + } + } }, "title": "Number of Events Over Time By Channel", "uiStateJSON": {}, "version": 1, - "visState": {"title":"Number of Events Over Time By Channel","type":"histogram","params":{"scale":"linear","yAxis":{},"addTimeMarker":false,"addLegend":true,"shareYAxis":true,"mode":"stacked","defaultYExtents":false,"setYExtents":false,"addTooltip":true,"times":[],"type":"histogram","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal","setYExtents":false,"defaultYExtents":false},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"histogram","mode":"stacked","data":{"label":"Count","id":"1"},"valueAxis":"ValueAxis-1"}],"legendPosition":"right","dimensions":{"x":{"accessor":0,"format":{"id":"date","params":{"pattern":"YYYY-MM-DD HH:mm"}},"params":{"date":true,"interval":43200000,"format":"YYYY-MM-DD HH:mm","bounds":{"min":"2019-01-21T04:30:25.961Z","max":"2019-02-05T04:30:25.961Z"}},"aggType":"date_histogram"},"y":[{"accessor":2,"format":{"id":"number"},"params":{},"aggType":"count"}],"series":[{"accessor":1,"format":{"id":"terms","params":{"id":"string","otherBucketLabel":"Other","missingBucketLabel":"Missing"}},"params":{},"aggType":"terms"}]}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","timeRange":{"from":"now-15d","to":"now","mode":"relative"},"useNormalizedEsInterval":true,"interval":"auto","time_zone":"America/Montreal","drop_partials":false,"customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"winlog.channel","size":6,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Channel"}}]} + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "now-15d", + "mode": "relative", + "to": "now" + }, + "time_zone": "America/Montreal", + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Channel", + "field": "winlog.channel", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 6 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "defaultYExtents": false, + "dimensions": { + "series": [ + { + "accessor": 1, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "x": { + "accessor": 0, + "aggType": "date_histogram", + "format": { + "id": "date", + "params": { + "pattern": "YYYY-MM-DD HH:mm" + } + }, + "params": { + "bounds": { + "max": "2019-02-05T04:30:25.961Z", + "min": "2019-01-21T04:30:25.961Z" + }, + "date": true, + "format": "YYYY-MM-DD HH:mm", + "interval": 43200000 + } + }, + "y": [ + { + "accessor": 2, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "legendPosition": "right", + "mode": "stacked", + "scale": "linear", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "mode": "stacked", + "show": "true", + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "setYExtents": false, + "shareYAxis": true, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "defaultYExtents": false, + "mode": "normal", + "setYExtents": false, + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ], + "yAxis": {} + }, + "title": "Number of Events Over Time By Channel", + "type": "histogram" + } }, "id": "Number-of-Events-Over-Time-By-Event-Log", "migrationVersion": { @@ -77,19 +329,42 @@ } ], "type": "visualization", - "updated_at": "2019-02-05T04:30:57.063Z", - "version": 9 + "updated_at": "2019-02-05T19:56:19.932Z", + "version": 7 }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": {"filter":[],"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } }, "title": "Number of Events", "uiStateJSON": {}, "version": 1, - "visState": {"type": "metric", "listeners": {}, "params": {"fontSize": 60}, "aggs": [{"type": "count", "params": {}, "id": "1", "schema": "metric"}]} + "visState": { + "aggs": [ + { + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + } + ], + "listeners": {}, + "params": { + "fontSize": 60 + }, + "type": "metric" + } }, "id": "Number-of-Events", "migrationVersion": { @@ -103,19 +378,107 @@ } ], "type": "visualization", - "updated_at": "2019-02-05T03:54:42.903Z", - "version": 4 + "updated_at": "2019-02-05T19:56:19.932Z", + "version": 7 }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": {"filter":[],"query":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + } }, "title": "Top Event IDs", - "uiStateJSON": {"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}, + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, "version": 1, - "visState": {"title":"Top Event IDs","type":"table","params":{"perPage":10,"showPartialRows":false,"showMetricsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum","dimensions":{"metrics":[{"accessor":1,"format":{"id":"number"},"params":{},"aggType":"count"}],"buckets":[{"accessor":0,"format":{"id":"terms","params":{"id":"string","otherBucketLabel":"Other","missingBucketLabel":"Missing"}},"params":{},"aggType":"terms"}]}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"winlog.event_id","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Event IDs"}}]} + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Event IDs", + "field": "winlog.event_id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Event IDs", + "type": "table" + } }, "id": "Top-Event-IDs", "migrationVersion": { @@ -129,19 +492,107 @@ } ], "type": "visualization", - "updated_at": "2019-02-05T04:29:29.657Z", + "updated_at": "2019-02-05T19:56:19.932Z", "version": 7 }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": {"filter":[],"query":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + } }, "title": "Event Levels", - "uiStateJSON": {"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}, + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, "version": 1, - "visState": {"title":"Event Levels","type":"table","params":{"sort":{"columnIndex":null,"direction":null},"perPage":10,"showPartialRows":false,"totalFunc":"sum","showTotal":false,"showMetricsAtAllLevels":false,"dimensions":{"metrics":[{"accessor":1,"format":{"id":"number"},"params":{},"aggType":"count"}],"buckets":[{"accessor":0,"format":{"id":"terms","params":{"id":"string","otherBucketLabel":"Other","missingBucketLabel":"Missing"}},"params":{},"aggType":"terms"}]}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"log.level","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Log Levels"}}]} + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Log Levels", + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "dimensions": { + "buckets": [ + { + "accessor": 0, + "aggType": "terms", + "format": { + "id": "terms", + "params": { + "id": "string", + "missingBucketLabel": "Missing", + "otherBucketLabel": "Other" + } + }, + "params": {} + } + ], + "metrics": [ + { + "accessor": 1, + "aggType": "count", + "format": { + "id": "number" + }, + "params": {} + } + ] + }, + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Event Levels", + "type": "table" + } }, "id": "Event-Levels", "migrationVersion": { @@ -155,19 +606,73 @@ } ], "type": "visualization", - "updated_at": "2019-02-05T04:29:58.730Z", + "updated_at": "2019-02-05T19:56:19.932Z", "version": 7 }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": {"filter":[],"query":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"language":"lucene"},"indexRefName":"kibanaSavedObjectMeta.searchSourceJSON.index"} + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "lucene", + "query": { + "query_string": { + "analyze_wildcard": true, + "query": "*" + } + } + } + } }, "title": "Sources (Provider Names)", "uiStateJSON": {}, "version": 1, - "visState": {"title":"Sources (Provider Names)","type":"pie","params":{"legendPosition":"right","isDonut":false,"addTooltip":true,"shareYAxis":true,"addLegend":true,"type":"pie","labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"winlog.provider_name","size":7,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]} + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "winlog.provider_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 7 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": false, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "shareYAxis": true, + "type": "pie" + }, + "title": "Sources (Provider Names)", + "type": "pie" + } }, "id": "Sources", "migrationVersion": { @@ -181,9 +686,9 @@ } ], "type": "visualization", - "updated_at": "2019-02-05T04:28:30.544Z", + "updated_at": "2019-02-05T19:56:19.932Z", "version": 7 } ], "version": "7.0.0-SNAPSHOT" -} +} \ No newline at end of file