From e139a5d8a9c70a56ec0fc61ba61c8fbe3cc01b90 Mon Sep 17 00:00:00 2001 From: Mohit Jha <138874484+mohitjha-elastic@users.noreply.github.com> Date: Tue, 5 Mar 2024 19:10:56 +0530 Subject: [PATCH 01/34] [ti_crowdstrike] Add Mapping of Hash Sha1 type Indicator (#9270) * Add the mapping of hash sha1 type indicator. As per the API Documentation, Hash Sha1 type indicator is not mentioned in the Intel Responses but the users are getting those in the live responses hence adding the support for that. * Add the offset in the config in case of unsuccessful requests. --- packages/ti_crowdstrike/changelog.yml | 8 ++ .../intel/_dev/test/pipeline/test-intel.log | 1 + .../pipeline/test-intel.log-expected.json | 124 ++++++++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 1 + .../data_stream/ioc/agent/stream/cel.yml.hbs | 5 +- packages/ti_crowdstrike/manifest.yml | 3 +- 6 files changed, 139 insertions(+), 3 deletions(-) diff --git a/packages/ti_crowdstrike/changelog.yml b/packages/ti_crowdstrike/changelog.yml index 2b050c65aba..bea68950b68 100644 --- a/packages/ti_crowdstrike/changelog.yml +++ b/packages/ti_crowdstrike/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "0.5.1" + changes: + - description: Add the mapping of hash sha1 type indicator. + type: enhancement + link: https://github.com/elastic/integrations/pull/9270 + - description: Add the offset in the config in case of unsuccessful requests. + type: enhancement + link: https://github.com/elastic/integrations/pull/9270 - version: "0.5.0" changes: - description: Set sensitive values as secret, upgrade to package spec 3.0.3. diff --git a/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log b/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log index 7408b59114b..32cb2d3fa23 100644 --- a/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log +++ b/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log @@ -2,3 +2,4 @@ {"id":"hash_md5_ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193","indicator":"d98f192bf91a7f97563824cd448b1c853742b78f42b9990192b83d","type":"hash_md5","deleted":true,"published_date":1700547346,"last_updated":1700547461,"reports":["reports"],"actors":["SALTYSPIDER"],"malware_families":["Trojan"],"kill_chains":["Installation","C2"],"ip_address_types":["81.2.69.192"],"domain_types":["domain.com"],"malicious_confidence":"low","_marker":"1800547361df353d123235e4158c5c81f25f0","labels":[{"name":"MaliciousConfidence/High","created_on":1700547390,"last_valid_on":1700547390},{"name":"Malware/Mofksys","created_on":1700547369,"last_valid_on":1700547369},{"name":"ThreatType/Commodity","created_on":1700547359,"last_valid_on":1700547359},{"name":"ThreatType/CredentialHarvesting","created_on":1700547359,"last_valid_on":1700547359},{"name":"ThreatType/InformationStealer","created_on":1700547359,"last_valid_on":1700547359}],"relations":[{"id":"domain.com.xx","indicator":"domain.xx","type":"domain","created_date":1700547339,"last_valid_date":1700547339},{"id":"domain.xx.yy","indicator":"domain.xx.fd","type":"domain","created_date":1700547339,"last_valid_date":1700547339}],"targets":["abc"],"threat_types":["Commodity","CredentialHarvesting","InformationStealer"],"vulnerabilities":["vuln"]} {"id":"domain_ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193","indicator":"e88808f192bf563824cd448b1c853742b78f42b9990192b83d","type":"domain","deleted":true,"published_date":1700547346,"last_updated":1700547469,"reports":["reports"],"actors":["SALTYSPIDER"],"malware_families":["Trojan"],"kill_chains":["Installation","C2"],"ip_address_types":["C2"],"domain_types":["domain.com"],"malicious_confidence":"low","_marker":"1800547361df353d123235e4158c5c81f25f0","labels":[{"name":"MaliciousConfidence/High","created_on":1700547390,"last_valid_on":1700547390},{"name":"Malware/Mofksys","created_on":1700547369,"last_valid_on":1700547369},{"name":"ThreatType/Commodity","created_on":1700547359,"last_valid_on":1700547359},{"name":"ThreatType/CredentialHarvesting","created_on":1700547359,"last_valid_on":1700547359},{"name":"ThreatType/InformationStealer","created_on":1700547359,"last_valid_on":1700547359}],"relations":[{"id":"domain.com.xx","indicator":"domain.xx","type":"domain","created_date":1700547339,"last_valid_date":1700547339},{"id":"domain.xx.yy","indicator":"domain.xx.fd","type":"domain","created_date":1700547339,"last_valid_date":1700547339}],"targets":["abc"],"threat_types":["Commodity","CredentialHarvesting","InformationStealer"],"vulnerabilities":["vuln"]} {"_marker":"17005473618d17ae6353d123235e4158c5c81f25f0","actors":[],"deleted":false,"domain_types":[],"id":"hash_md5_ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193","indicator":"e52faef955f651da029a4ee4fa227c0f","ip_address_types":[],"kill_chains":[],"labels":[{"created_on":1707938343,"last_valid_on":1707938355,"name":"MaliciousConfidence/High"},{"created_on":1707938347,"last_valid_on":1707938347,"name":"Malware/STOP"},{"created_on":1707938347,"last_valid_on":1707938347,"name":"ThreatType/Criminal"},{"created_on":1707938347,"last_valid_on":1707938347,"name":"ThreatType/Ransomware"}],"last_updated":1707938355,"malicious_confidence":"high","malware_families":["STOP"],"published_date":1707938343,"relations":[],"reports":[],"targets":[],"threat_types":["Criminal","Ransomware"],"type":"hash_md5","vulnerabilities":[]} +{"id":"hash_sha1_abcdxxxxxx","indicator":"t98f1xxxxxxxxxxxxxxc853742b78f42b9990192b83d","type":"hash_sha1","deleted":true,"published_date":1700547349,"last_updated":1700547471,"reports":["reports"],"actors":["SALTYSPIDER"],"malware_families":["Trojan"],"kill_chains":["Installation","C2"],"ip_address_types":["81.2.69.192"],"domain_types":["domain.com"],"malicious_confidence":"low","_marker":"1000547361df353d123235e4158c5c81f456f0","labels":[{"name":"MaliciousConfidence/High","created_on":1700547390,"last_valid_on":1700547390},{"name":"Malware/Mofksys","created_on":1700547369,"last_valid_on":1700547369},{"name":"ThreatType/Commodity","created_on":1700547359,"last_valid_on":1700547359},{"name":"ThreatType/CredentialHarvesting","created_on":1700547359,"last_valid_on":1700547359},{"name":"ThreatType/InformationStealer","created_on":1700547359,"last_valid_on":1700547359}],"relations":[{"id":"domain.com.xx","indicator":"domain.xx","type":"domain","created_date":1700547339,"last_valid_date":1700547339},{"id":"domain.xx.yy","indicator":"domain.xx.fd","type":"domain","created_date":1700547339,"last_valid_date":1700547339}],"targets":["abc"],"threat_types":["Commodity","CredentialHarvesting","InformationStealer"],"vulnerabilities":["vuln"]} diff --git a/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json b/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json index 4218edd72c5..7c9928b427e 100644 --- a/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json +++ b/packages/ti_crowdstrike/data_stream/intel/_dev/test/pipeline/test-intel.log-expected.json @@ -462,6 +462,130 @@ "value": "e52faef955f651da029a4ee4fa227c0f" } } + }, + { + "@timestamp": "2023-11-21T06:17:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "category": [ + "threat" + ], + "id": "hash_sha1_abcdxxxxxx", + "kind": "enrichment", + "original": "{\"id\":\"hash_sha1_abcdxxxxxx\",\"indicator\":\"t98f1xxxxxxxxxxxxxxc853742b78f42b9990192b83d\",\"type\":\"hash_sha1\",\"deleted\":true,\"published_date\":1700547349,\"last_updated\":1700547471,\"reports\":[\"reports\"],\"actors\":[\"SALTYSPIDER\"],\"malware_families\":[\"Trojan\"],\"kill_chains\":[\"Installation\",\"C2\"],\"ip_address_types\":[\"81.2.69.192\"],\"domain_types\":[\"domain.com\"],\"malicious_confidence\":\"low\",\"_marker\":\"1000547361df353d123235e4158c5c81f456f0\",\"labels\":[{\"name\":\"MaliciousConfidence/High\",\"created_on\":1700547390,\"last_valid_on\":1700547390},{\"name\":\"Malware/Mofksys\",\"created_on\":1700547369,\"last_valid_on\":1700547369},{\"name\":\"ThreatType/Commodity\",\"created_on\":1700547359,\"last_valid_on\":1700547359},{\"name\":\"ThreatType/CredentialHarvesting\",\"created_on\":1700547359,\"last_valid_on\":1700547359},{\"name\":\"ThreatType/InformationStealer\",\"created_on\":1700547359,\"last_valid_on\":1700547359}],\"relations\":[{\"id\":\"domain.com.xx\",\"indicator\":\"domain.xx\",\"type\":\"domain\",\"created_date\":1700547339,\"last_valid_date\":1700547339},{\"id\":\"domain.xx.yy\",\"indicator\":\"domain.xx.fd\",\"type\":\"domain\",\"created_date\":1700547339,\"last_valid_date\":1700547339}],\"targets\":[\"abc\"],\"threat_types\":[\"Commodity\",\"CredentialHarvesting\",\"InformationStealer\"],\"vulnerabilities\":[\"vuln\"]}", + "type": [ + "indicator" + ] + }, + "related": { + "ip": [ + "81.2.69.192" + ] + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "threat": { + "indicator": { + "confidence": "Low", + "name": "t98f1xxxxxxxxxxxxxxc853742b78f42b9990192b83d", + "provider": "crowdstrike", + "type": "file" + } + }, + "ti_crowdstrike": { + "intel": { + "_marker": "1000547361df353d123235e4158c5c81f456f0", + "actors": [ + "SALTYSPIDER" + ], + "deleted": true, + "domain_types": [ + "domain.com" + ], + "id": "hash_sha1_abcdxxxxxx", + "ip_address_types": [ + "81.2.69.192" + ], + "kill_chains": [ + "Installation", + "C2" + ], + "labels": [ + { + "created_on": "2023-11-21T06:16:30.000Z", + "last_valid_on": "2023-11-21T06:16:30.000Z", + "name": "MaliciousConfidence/High" + }, + { + "created_on": "2023-11-21T06:16:09.000Z", + "last_valid_on": "2023-11-21T06:16:09.000Z", + "name": "Malware/Mofksys" + }, + { + "created_on": "2023-11-21T06:15:59.000Z", + "last_valid_on": "2023-11-21T06:15:59.000Z", + "name": "ThreatType/Commodity" + }, + { + "created_on": "2023-11-21T06:15:59.000Z", + "last_valid_on": "2023-11-21T06:15:59.000Z", + "name": "ThreatType/CredentialHarvesting" + }, + { + "created_on": "2023-11-21T06:15:59.000Z", + "last_valid_on": "2023-11-21T06:15:59.000Z", + "name": "ThreatType/InformationStealer" + } + ], + "last_updated": "2023-11-21T06:17:51.000Z", + "malicious_confidence": "low", + "malware_families": [ + "Trojan" + ], + "published_date": "2023-11-21T06:15:49.000Z", + "relations": [ + { + "created_date": "2023-11-21T06:15:39.000Z", + "id": "domain.com.xx", + "indicator": "domain.xx", + "last_valid_date": "2023-11-21T06:15:39.000Z", + "type": "domain" + }, + { + "created_date": "2023-11-21T06:15:39.000Z", + "id": "domain.xx.yy", + "indicator": "domain.xx.fd", + "last_valid_date": "2023-11-21T06:15:39.000Z", + "type": "domain" + } + ], + "reports": [ + "reports" + ], + "targets": [ + "abc" + ], + "threat_types": [ + "Commodity", + "CredentialHarvesting", + "InformationStealer" + ], + "type": "hash_sha1", + "value": "t98f1xxxxxxxxxxxxxxc853742b78f42b9990192b83d", + "vulnerabilities": [ + "vuln" + ] + } + }, + "vulnerability": { + "category": [ + "vuln" + ] + } } ] } \ No newline at end of file diff --git a/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 4249e1d6f4e..0c869cff978 100644 --- a/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -321,6 +321,7 @@ processors: file_path: file hash_ion: file hash_md5: file + hash_sha1: file hash_sha256: file ip_address: ipv4-addr ip_address_block: ipv4-addr diff --git a/packages/ti_crowdstrike/data_stream/ioc/agent/stream/cel.yml.hbs b/packages/ti_crowdstrike/data_stream/ioc/agent/stream/cel.yml.hbs index a8d77adc100..2a21ce7836b 100644 --- a/packages/ti_crowdstrike/data_stream/ioc/agent/stream/cel.yml.hbs +++ b/packages/ti_crowdstrike/data_stream/ioc/agent/stream/cel.yml.hbs @@ -55,7 +55,7 @@ program: | }), "want_more": has(body.meta.pagination) && (int(state.offset) + body.resources.size()) < body.meta.pagination.total, "offset": has(body.meta.pagination) && ((int(state.offset) + body.resources.size()) < body.meta.pagination.total) ? - int(state.offset) + int(body.resources.size()) + int(state.offset) + int(body.resources.size()) : 0, "url": state.url, @@ -81,7 +81,7 @@ program: | "first_timestamp": ( has(state.cursor) && has(state.cursor.first_timestamp) && state.cursor.first_timestamp != null ? ( - state.want_more ? + state.want_more ? state.cursor.first_timestamp : state.cursor.last_timestamp @@ -101,6 +101,7 @@ program: | }, }, "want_more": false, + "offset": 0, "url": state.url, "batch_size": state.batch_size, "initial_interval": state.initial_interval, diff --git a/packages/ti_crowdstrike/manifest.yml b/packages/ti_crowdstrike/manifest.yml index 6abdacbaead..e0429ba438d 100644 --- a/packages/ti_crowdstrike/manifest.yml +++ b/packages/ti_crowdstrike/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: ti_crowdstrike title: CrowdStrike Falcon Intelligence -version: 0.5.0 +version: 0.5.1 description: Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent. type: integration categories: @@ -63,6 +63,7 @@ policy_templates: description: Token URL of CrowdStrike Falcon Intelligence. default: https://api.crowdstrike.com/oauth2/token required: true + secret: false show_user: false - name: proxy_url type: text From 5bc07043a534e6260b19e630b883209bec0b4245 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 17:23:46 +0100 Subject: [PATCH 02/34] Bump golang.org/x/tools from 0.18.0 to 0.19.0 (#9272) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.18.0 to 0.19.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 424bf15b549..40e44bcd0a0 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/magefile/mage v1.15.0 github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.9.0 - golang.org/x/tools v0.18.0 + golang.org/x/tools v0.19.0 gopkg.in/yaml.v2 v2.4.0 ) @@ -172,13 +172,13 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.19.0 // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/mod v0.16.0 // indirect + golang.org/x/net v0.22.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/api v0.162.0 // indirect diff --git a/go.sum b/go.sum index 955ee6e65c7..6077f695cbc 100644 --- a/go.sum +++ b/go.sum @@ -523,8 +523,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -538,8 +538,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= +golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -557,8 +557,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= @@ -600,16 +600,16 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -636,8 +636,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= +golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 0110fddb08b34292d3c49bb51fefee5eafbd890b Mon Sep 17 00:00:00 2001 From: Bharat Pasupula <123897612+bhapas@users.noreply.github.com> Date: Tue, 5 Mar 2024 21:09:17 +0100 Subject: [PATCH 03/34] Add ilm policy to intel data stream (#9274) --- packages/ti_crowdstrike/changelog.yml | 5 +++++ packages/ti_crowdstrike/data_stream/intel/manifest.yml | 1 + packages/ti_crowdstrike/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/packages/ti_crowdstrike/changelog.yml b/packages/ti_crowdstrike/changelog.yml index bea68950b68..867599051fc 100644 --- a/packages/ti_crowdstrike/changelog.yml +++ b/packages/ti_crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.2" + changes: + - description: Add ilm policy to intel data stream. + type: bugfix + link: https://github.com/elastic/integrations/pull/9274 - version: "0.5.1" changes: - description: Add the mapping of hash sha1 type indicator. diff --git a/packages/ti_crowdstrike/data_stream/intel/manifest.yml b/packages/ti_crowdstrike/data_stream/intel/manifest.yml index 3c038ab2a83..38073114f8f 100644 --- a/packages/ti_crowdstrike/data_stream/intel/manifest.yml +++ b/packages/ti_crowdstrike/data_stream/intel/manifest.yml @@ -1,5 +1,6 @@ title: Collect Intel logs from CrowdStrike Falcon Intelligence. type: logs +ilm_policy: logs-ti_crowdstrike.intel-default_policy streams: - input: cel title: Intel logs diff --git a/packages/ti_crowdstrike/manifest.yml b/packages/ti_crowdstrike/manifest.yml index e0429ba438d..843c5edf643 100644 --- a/packages/ti_crowdstrike/manifest.yml +++ b/packages/ti_crowdstrike/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: ti_crowdstrike title: CrowdStrike Falcon Intelligence -version: 0.5.1 +version: 0.5.2 description: Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent. type: integration categories: From e42f1fbaf12504e6005e87f83deac10386dcbde3 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 6 Mar 2024 07:48:41 +1030 Subject: [PATCH 04/34] sentinel_one_cloud_funnel: improve detection rules support (#9120) Also lower required kibana version. --- .../sentinel_one_cloud_funnel/changelog.yml | 8 + .../test-command-script.log-expected.json | 30 +++- .../test-cross-process.log-expected.json | 25 ++- .../test/pipeline/test-dns.log-expected.json | 28 +++- .../test/pipeline/test-file.log-expected.json | 31 +++- .../pipeline/test-indicator.log-expected.json | 25 ++- .../pipeline/test-login.log-expected.json | 7 +- .../pipeline/test-module.log-expected.json | 25 ++- .../test-network-action.log-expected.json | 29 +++- .../pipeline/test-process.log-expected.json | 29 +++- .../pipeline/test-registry.log-expected.json | 32 +++- .../test-scheduled-task.log-expected.json | 25 ++- ...t-intelligence-indicator.log-expected.json | 18 ++- .../test/pipeline/test-url.log-expected.json | 32 +++- .../elasticsearch/ingest_pipeline/default.yml | 147 ++++++++++++++++++ .../pipeline-command-script.yml | 4 + .../ingest_pipeline/pipeline-dns.yml | 4 + .../ingest_pipeline/pipeline-file.yml | 81 ++++++++-- .../ingest_pipeline/pipeline-login.yml | 9 ++ .../pipeline-network-action.yml | 18 ++- .../ingest_pipeline/pipeline-process.yml | 11 +- .../ingest_pipeline/pipeline-registry.yml | 21 ++- .../ingest_pipeline/pipeline-url.yml | 12 ++ .../data_stream/event/fields/fields.yml | 10 ++ .../data_stream/event/manifest.yml | 8 + .../data_stream/event/sample_event.json | 54 +++++-- .../sentinel_one_cloud_funnel/docs/README.md | 54 +++++-- .../sentinel_one_cloud_funnel/manifest.yml | 4 +- 28 files changed, 706 insertions(+), 75 deletions(-) diff --git a/packages/sentinel_one_cloud_funnel/changelog.yml b/packages/sentinel_one_cloud_funnel/changelog.yml index 906270d202a..24fed47691e 100644 --- a/packages/sentinel_one_cloud_funnel/changelog.yml +++ b/packages/sentinel_one_cloud_funnel/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "0.12.0" + changes: + - description: Improve detection rules support. + type: enhancement + link: https://github.com/elastic/integrations/pull/9120 + - description: Lower kibana version requirement to v8.10.1. + type: enhancement + link: https://github.com/elastic/integrations/pull/9120 - version: "0.11.0" changes: - description: Set sensitive values as secret. diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-command-script.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-command-script.log-expected.json index ae7e7cf98fb..b232b9db0b6 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-command-script.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-command-script.log-expected.json @@ -21,15 +21,32 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "WindowsServer2019Standard", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "server" }, + "powershell": { + "file": { + "script_block_text": "$global:?" + } + }, "process": { + "args": [ + "powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "MICROSOFTWINDOWS", + "trusted": true + }, "command_line": "powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';", "entity_id": "230B188E26085676", + "executable": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "hash": { "md5": "7353f60b1739074eb17c5f4dddefe239", "sha1": "6cbce4a295c163791b60fc23d285e6d84f28ee4c", @@ -37,8 +54,13 @@ }, "name": "powershell.exe", "parent": { + "args": [ + "C:\\Windows\\system32\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2" + ], + "args_count": 1, "command_line": "C:\\Windows\\system32\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2", "entity_id": "8608188E26085676", + "executable": "C:\\Windows\\System32\\CompatTelRunner.exe", "hash": { "sha1": "134fd2ad04cf59b0c10596230da5daf6fc711bd1", "sha256": "046f009960f70981597cd7b3a1e44cbb4ba5893cc1407734366aa55fbeda5d66" @@ -239,7 +261,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-cross-process.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-cross-process.log-expected.json index 0b62ef98240..2568ad83d3e 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-cross-process.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-cross-process.log-expected.json @@ -21,15 +21,27 @@ }, "host": { "hostname": "IHM-MP23Y3DD", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows10Enterprise", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "laptop" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "GOOGLELLC", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "F27AB6F105F6C47A", + "executable": "C:\\ProgramFiles\\Google\\Chrome\\Application\\chrome.exe", "hash": { "md5": "6693974b22d16712c9a164e154c17556", "sha1": "ebec2705217692afae8e9cc5e82d58d78e7d6d89", @@ -37,8 +49,13 @@ }, "name": "chrome.exe", "parent": { + "args": [ + "C:\\ProgramFiles\\Google\\Chrome\\Application\\chrome.exe--single-argumenthttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.asdf.com%2FCopy%2520A%3Fdl%3D0%26subfolder_nav_tracking%3D1&data=05%7C01%7CCeliaVerPloeg%7C122a5275b9e3%7C0%7C0%7C638000749817681064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Oe8GdP%2Fty%2FFwi58b87FF5qp1VjewxNXjXfEBWVf5urI%3D&reserved=0" + ], + "args_count": 1, "command_line": "\"C:\\ProgramFiles\\Google\\Chrome\\Application\\chrome.exe\"--single-argumenthttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.asdf.com%2FCopy%2520A%3Fdl%3D0%26subfolder_nav_tracking%3D1&data=05%7C01%7CCeliaVerPloeg%7C122a5275b9e3%7C0%7C0%7C638000749817681064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Oe8GdP%2Fty%2FFwi58b87FF5qp1VjewxNXjXfEBWVf5urI%3D&reserved=0", "entity_id": "F17AB6F105F6C47A", + "executable": "C:\\ProgramFiles\\Google\\Chrome\\Application\\chrome.exe", "hash": { "sha1": "ebec2705217692afae8e9cc5e82d58d78e7d6d89", "sha256": "a462f776c0935c7359e941d9a23b62243e3eabbd1694065fe2e1dc521e685698" @@ -267,7 +284,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "asdf", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-dns.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-dns.log-expected.json index 6ea6f6d6a05..adf2601aae9 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-dns.log-expected.json @@ -2,6 +2,11 @@ "expected": [ { "@timestamp": "2022-10-03T15:32:29.495Z", + "dns": { + "question": { + "name": "vrnorfva01.usa.ccu.clearchannel.com" + } + }, "ecs": { "version": "8.11.0" }, @@ -21,15 +26,25 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows8.1Pro", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "laptop" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": false + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "AFD43004051AA366", + "executable": "C:\\Users\\asdf\\AppData\\Local\\LANInternational\\VIERO\\Application\\7.22.1.105\\CC.Falcon.OrderModule.exe", "hash": { "md5": "421f6d5ec86f6b930646321fc6ed2c46", "sha1": "d8b12c9072fdcf68ec152befb004add14b5c25b8", @@ -37,8 +52,13 @@ }, "name": "CC.Falcon.OrderModule.exe", "parent": { + "args": [ + "C:\\Users\\asdf\\AppData\\Local\\LANInternational\\VIERO\\Application\\7.22.1.105\\VIERO.exe" + ], + "args_count": 1, "command_line": "C:\\Users\\asdf\\AppData\\Local\\LANInternational\\VIERO\\Application\\7.22.1.105\\VIERO.exe", "entity_id": "8CD23004051AA366", + "executable": "C:\\Users\\asdf\\AppData\\Local\\stuff\\stuff\\Application\\stuff\\stuff.exe", "hash": { "sha1": "f9bc4c756eab5121ace7ec1cf6a394be0439dec0", "sha256": "d2213413a6a558981670676ff0575e31542067ef69ee7e061c0308c4f0c0888d" @@ -292,7 +312,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "asdf", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-file.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-file.log-expected.json index aaddf59e971..4bcf57ed940 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-file.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-file.log-expected.json @@ -6,6 +6,9 @@ "version": "8.11.0" }, "event": { + "action": [ + "creation" + ], "category": [ "file" ], @@ -18,7 +21,10 @@ }, "file": { "created": "2022-10-03T15:32:29.488Z", + "directory": "C:\\PROGRAMFILES\\MediaMonitors\\ChromeProfiles\\profile-1234\\userdata\\Default", + "drive_letter": "C", "mtime": "2022-10-03T15:32:29.488Z", + "name": "Favicons", "path": "C:\\PROGRAMFILES\\MediaMonitors\\ChromeProfiles\\profile-1234\\userdata\\Default\\Favicons", "size": 0, "type": "UNKNOWN" @@ -28,15 +34,27 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows10Pro", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "desktop" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "GOOGLELLC", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "BA34D0202623D4E6", + "executable": "C:\\ProgramFiles(x86)\\Google\\Chrome\\Application\\chrome.exe", "hash": { "md5": "32f678531906e17dd7e9508d289c8d0a", "sha1": "2797538e84a534cc5aa2d2700c0d1ca297aaa507", @@ -44,8 +62,13 @@ }, "name": "chrome.exe", "parent": { + "args": [ + "C:\\ProgramFiles\\MediaMonitors\\MediaMonitors.WebCrawler.Desktop.exe" + ], + "args_count": 1, "command_line": "C:\\ProgramFiles\\MediaMonitors\\MediaMonitors.WebCrawler.Desktop.exe", "entity_id": "3F41C4202623D4E6", + "executable": "C:\\PROGRAMFILES\\MediaMonitors\\MediaMonitors.WebCrawler.Desktop.exe", "hash": { "sha1": "cb3d662017fc8f5ca5fd8f843781dc979bc39f3a", "sha256": "bea718b473f35cfc401a8e529ec6461427ed6a2cf7dd819cb1a7895b57e3e5a7" @@ -244,7 +267,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "asdf", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-indicator.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-indicator.log-expected.json index 061a5cda919..22cff0e1bbe 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-indicator.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-indicator.log-expected.json @@ -15,15 +15,27 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows10Pro", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "desktop" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "MICROSOFTWINDOWS", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "9544B91D29223D1A", + "executable": "C:\\Windows\\System32\\asdf\\WmiApSrv.exe", "hash": { "md5": "72260ce9438a7a9a8a5ba101eda4d6bd", "sha1": "090436b0679559cb2d5e863ad9c9135613f38d77", @@ -31,8 +43,13 @@ }, "name": "WmiApSrv.exe", "parent": { + "args": [ + "C:\\WINDOWS\\system32\\services.exe" + ], + "args_count": 1, "command_line": "C:\\WINDOWS\\system32\\services.exe", "entity_id": "B4C1F07EC98B907A", + "executable": "C:\\Windows\\System32\\services.exe", "hash": { "sha1": "86662690d627002d7cab3285f7be3e6d87b35cfb", "sha256": "9090e0e44e14709fb09b23b98572e0e61c810189e2de8f7156021bc81c3b1bb6" @@ -227,7 +244,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-login.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-login.log-expected.json index 20f8bc1b055..3dcbc972b9f 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-login.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-login.log-expected.json @@ -13,14 +13,16 @@ "kind": "event", "original": "{\"timestamp\":\"18:32:29.467\",\"event.category\":\"logins\",\"site.id\":\"123456789123456789\",\"src.process.user\":\"NTAUTHORITY\\\\SYSTEM\",\"src.process.indicatorRansomwareCount\":0,\"src.process.crossProcessDupRemoteProcessHandleCount\":0,\"src.process.tgtFileCreationCount\":23,\"src.process.indicatorInjectionCount\":0,\"src.process.moduleCount\":180,\"i.version\":\"preprocess-lib-1.0\",\"sca:atlantisIngestTime\":1664811157561,\"src.process.indicatorReconnaissanceCount\":0,\"src.process.childProcCount\":0,\"mgmt.url\":\"asdf-123.sentinelone.org\",\"src.process.crossProcessOpenProcessCount\":20668,\"src.process.subsystem\":\"SYS_WIN32\",\"meta.event.name\":\"WINLOGONATTEMPT\",\"event.login.type\":\"NETWORK\",\"src.process.indicatorExploitationCount\":0,\"event.login.loginIsSuccessful\":true,\"src.process.integrityLevel\":\"SYSTEM\",\"i.scheme\":\"edr\",\"site.name\":\"ASDF\",\"src.process.netConnInCount\":0,\"event.time\":1664811149467,\"account.id\":\"123456789123456789\",\"dataSource.name\":\"SentinelOne\",\"endpoint.name\":\"asdf1\",\"src.process.isStorylineRoot\":false,\"src.process.pid\":776,\"sca:ingestTime\":1664811157,\"dataSource.category\":\"security\",\"src.process.crossProcessThreadCreateCount\":0,\"src.process.crossProcessCount\":20668,\"event.id\":\"01GEF7MHHR6BB9SJNBMVFMQP5X_431\",\"event.login.accountName\":\"-\",\"src.process.tgtFileModificationCount\":159,\"src.process.indicatorEvasionCount\":0,\"src.process.netConnOutCount\":24905,\"src.process.crossProcessDupThreadHandleCount\":0,\"endpoint.os\":\"windows\",\"src.process.tgtFileDeletionCount\":23,\"src.process.startTime\":1664084384297,\"mgmt.id\":\"1337\",\"os.name\":\"WindowsServer2016Datacenter\",\"src.process.isNative64Bit\":false,\"src.process.uid\":\"61D19661DB864A92\",\"event.login.sessionId\":0,\"src.process.indicatorBootConfigurationUpdateCount\":0,\"src.process.indicatorInfostealerCount\":0,\"process.unique.key\":\"61D19661DB864A92\",\"event.login.isAdministratorEquivalent\":true,\"agent.version\":\"22.1.2.217\",\"event.login.userName\":\"asdf\",\"src.process.sessionId\":-1,\"src.process.netConnCount\":24905,\"mgmt.osRevision\":\"14393\",\"src.process.isRedirectCmdProcessor\":false,\"src.process.dnsCount\":27,\"event.login.accountDomain\":\"-\",\"endpoint.type\":\"server\",\"trace.id\":\"01GEF7MHHR6BB9SJNBMVFMQP5X\",\"agent.uuid\":\"asdf356783457dfds4456d65\",\"src.process.indicatorGeneralCount\":0,\"src.process.crossProcessOutOfStorylineCount\":20554,\"src.process.registryChangeCount\":7137,\"packet.id\":\"62A299E57FC84504A7CB0A3EB733C82A\",\"src.process.indicatorPersistenceCount\":0,\"event.type\":\"Login\",\"src.process.indicatorPostExploitationCount\":0,\"event.login.accountSid\":\"S-1-0-0\"}", "type": [ - "info" + "start" ] }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "WindowsServer2016Datacenter", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "server" }, @@ -156,6 +158,7 @@ "preserve_duplicate_custom_fields" ], "user": { + "domain": "NTAUTHORITY", "name": "asdf" } } diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json index 2ed926f636b..be042779d73 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-module.log-expected.json @@ -15,15 +15,27 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows10Pro", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "desktop" }, "process": { + "args": [ + "\\??\\C:\\WINDOWS\\system32\\conhost.exe0xffffffff-ForceV1" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "MICROSOFTWINDOWS", + "trusted": true + }, "command_line": "\\??\\C:\\WINDOWS\\system32\\conhost.exe0xffffffff-ForceV1", "entity_id": "08693A26E6783D52", + "executable": "C:\\Windows\\System32\\conhost.exe", "hash": { "md5": "0d698af330fd17bee3bf90011d49251d", "sha1": "52a7274a0b4f9493632060fe25993a2ef24fe827", @@ -31,8 +43,13 @@ }, "name": "conhost.exe", "parent": { + "args": [ + "C:\\ProgramFiles\\SentinelOne\\SentinelAgent22.1.4.10010\\ranger\\SentinelRanger.exe{\"agentVersion\":\"22.1.4.10010\",\"authToken\":\"jhdskdhkdgdgdahdksaHDKJsdhkNjUifQ.+dVxpFE/Hqs5RGjPczU8DC9i1tw\",\"dataFolder\":\"C:\\\\\\\\ProgramData\\\\\\\\Sentinel\\\\\\\\ranger\",\"logsFolder\":\"C:\\\\\\\\ProgramData\\\\\\\\Sentinel\\\\\\\\logs\",\"maxIdleTime\":300,\"sendUnsuccessful\":false,\"url\":\"wss://asdf-123.sentinelone.org\",\"uuid\":\"asdf1234\"}" + ], + "args_count": 1, "command_line": "C:\\ProgramFiles\\SentinelOne\\SentinelAgent22.1.4.10010\\ranger\\SentinelRanger.exe\"\"{\\\"agentVersion\\\":\\\"22.1.4.10010\\\",\\\"authToken\\\":\\\"jhdskdhkdgdgdahdksaHDKJsdhkNjUifQ.+dVxpFE/Hqs5RGjPczU8DC9i1tw\\\",\\\"dataFolder\\\":\\\"C:\\\\\\\\ProgramData\\\\\\\\Sentinel\\\\\\\\ranger\\\",\\\"logsFolder\\\":\\\"C:\\\\\\\\ProgramData\\\\\\\\Sentinel\\\\\\\\logs\\\",\\\"maxIdleTime\\\":300,\\\"sendUnsuccessful\\\":false,\\\"url\\\":\\\"wss://asdf-123.sentinelone.org\\\",\\\"uuid\\\":\\\"asdf1234\\\"}", "entity_id": "07693A26E6783D52", + "executable": "C:\\ProgramFiles\\SentinelOne\\SentinelAgent22.1.4.10010\\Ranger\\SentinelRanger.exe", "hash": { "sha1": "a5032d5e80fc742245cb58546c4476e18747f4a0", "sha256": "3b509cfd164bdfe4e330c039745051b8057cc05b8974b1c87e7db7e1fc3eb659" @@ -223,7 +240,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-network-action.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-network-action.log-expected.json index fb0652b3b6f..d6febab0717 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-network-action.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-network-action.log-expected.json @@ -3,6 +3,7 @@ { "@timestamp": "2022-10-03T15:32:29.466Z", "destination": { + "address": "81.2.69.192", "ip": "81.2.69.192", "port": 443 }, @@ -18,7 +19,8 @@ "original": "{\"timestamp\":\"18:32:29.466\",\"src.process.parent.isStorylineRoot\":true,\"event.category\":\"ip\",\"src.process.parent.image.sha1\":\"9037711d20353f0adec0c4558a77f6277dab778b\",\"site.id\":\"123456789123456789\",\"src.process.image.binaryIsExecutable\":true,\"src.process.parent.displayName\":\"GoogleChrome\",\"src.process.user\":\"asdf\\\\SYSTEM\",\"src.process.parent.subsystem\":\"SYS_WIN32\",\"src.process.indicatorRansomwareCount\":0,\"src.process.crossProcessDupRemoteProcessHandleCount\":0,\"src.process.activeContent.signedStatus\":\"unsigned\",\"src.process.tgtFileCreationCount\":18,\"src.process.indicatorInjectionCount\":0,\"src.process.moduleCount\":88,\"src.process.parent.name\":\"chrome.exe\",\"i.version\":\"preprocess-lib-1.0\",\"src.process.activeContentType\":\"FILE\",\"sca:atlantisIngestTime\":1664811151704,\"src.process.image.md5\":\"b0bd1ff76f58006d879fee68a1241528\",\"src.process.indicatorReconnaissanceCount\":0,\"src.process.storyline.id\":\"738A830FDFF04CF5\",\"src.process.childProcCount\":0,\"mgmt.url\":\"asdf-123.sentinelone.org\",\"src.process.crossProcessOpenProcessCount\":0,\"src.process.subsystem\":\"SYS_WIN32\",\"meta.event.name\":\"TCPV4\",\"src.process.parent.integrityLevel\":\"MEDIUM\",\"src.port.number\":56473,\"event.network.protocolName\":\"https\",\"src.process.indicatorExploitationCount\":1,\"src.process.parent.storyline.id\":\"738A830FDFF04CF5\",\"i.scheme\":\"edr\",\"src.process.integrityLevel\":\"MEDIUM\",\"site.name\":\"ASDF\",\"src.process.netConnInCount\":0,\"event.time\":1664811149466,\"account.id\":\"123456789123456789\",\"dataSource.name\":\"SentinelOne\",\"endpoint.name\":\"asdf1\",\"src.process.image.sha1\":\"9037711d20353f0adec0c4558a77f6277dab778b\",\"src.process.isStorylineRoot\":false,\"src.process.parent.image.path\":\"C:\\\\PROGRAMFILES(X86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\"dst.port.number\":443,\"src.process.pid\":12952,\"tgt.file.isSigned\":\"signed\",\"sca:ingestTime\":1664811152,\"dataSource.category\":\"security\",\"src.process.cmdline\":\"C:\\\\ProgramFiles(x86)\\\\Microsoft\\\\important_stuff\\\\stuff.EXE\\\\\",\"src.process.publisher\":\"GOOGLELLC\",\"src.process.parent.activeContentType\":\"FILE\",\"src.process.crossProcessThreadCreateCount\":0,\"src.process.parent.isNative64Bit\":false,\"src.process.parent.isRedirectCmdProcessor\":false,\"src.process.signedStatus\":\"signed\",\"src.process.crossProcessCount\":0,\"event.id\":\"01GEF7MB0DMJQHCWR3DZWQY4CF_942\",\"src.process.parent.cmdline\":\"\\\"C:\\\\ProgramFiles(x86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\\\"\",\"src.process.image.path\":\"C:\\\\PROGRAMFILES(X86)\\\\Google\\\\Chrome\\\\Application\\\\chrome.exe\",\"src.process.tgtFileModificationCount\":35,\"src.process.indicatorEvasionCount\":1,\"src.process.netConnOutCount\":38,\"event.network.direction\":\"OUTGOING\",\"src.process.crossProcessDupThreadHandleCount\":0,\"endpoint.os\":\"windows\",\"src.process.tgtFileDeletionCount\":17,\"src.ip.address\":\"81.2.69.192\",\"src.process.startTime\":1664811134954,\"mgmt.id\":\"1337\",\"os.name\":\"Windows10Enterprise\",\"src.process.displayName\":\"GoogleChrome\",\"src.process.isNative64Bit\":false,\"src.process.parent.sessionId\":1,\"src.process.uid\":\"778A830FDFF04CF5\",\"src.process.parent.image.md5\":\"b0bd1ff76f58006d879fee68a1241528\",\"event.network.connectionStatus\":\"SUCCESS\",\"src.process.indicatorInfostealerCount\":0,\"src.process.indicatorBootConfigurationUpdateCount\":0,\"process.unique.key\":\"778A830FDFF04CF5\",\"agent.version\":\"22.1.2.217\",\"src.process.parent.uid\":\"728A830FDFF04CF5\",\"src.process.parent.image.sha256\":\"03155d327c65a8768c571018132e17336fa38349eb0c96e9cbbf5ea905ed750e\",\"src.process.sessionId\":1,\"src.process.netConnCount\":38,\"mgmt.osRevision\":\"19042\",\"dst.ip.address\":\"81.2.69.192\",\"group.id\":\"asdf\",\"src.process.isRedirectCmdProcessor\":false,\"src.process.verifiedStatus\":\"verified\",\"src.process.parent.publisher\":\"GOOGLELLC\",\"src.process.parent.startTime\":1664811134640,\"src.process.dnsCount\":39,\"endpoint.type\":\"laptop\",\"trace.id\":\"01GEF7MB0DMJQHCWR3DZWQY4CF\",\"src.process.name\":\"chrome.exe\",\"agent.uuid\":\"asdf356783457dfds4456d65\",\"src.process.image.sha256\":\"03155d327c65a8768c571018132e17336fa38349eb0c96e9cbbf5ea905ed750e\",\"src.process.indicatorGeneralCount\":15,\"src.process.crossProcessOutOfStorylineCount\":0,\"src.process.registryChangeCount\":0,\"packet.id\":\"6D359D9ED19C4CB29CC1F1D60B8E556B\",\"src.process.indicatorPersistenceCount\":0,\"src.process.parent.signedStatus\":\"signed\",\"src.process.parent.user\":\"asdf\\\\SYSTEM\",\"event.type\":\"IPConnect\",\"event.repetitionCount\":2,\"src.process.indicatorPostExploitationCount\":0,\"src.process.parent.activeContent.signedStatus\":\"unsigned\",\"src.process.parent.pid\":11892}", "outcome": "success", "type": [ - "info" + "start", + "connection" ] }, "group": { @@ -26,9 +28,11 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows10Enterprise", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "laptop" }, @@ -37,8 +41,18 @@ "protocol": "https" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "GOOGLELLC", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "778A830FDFF04CF5", + "executable": "C:\\PROGRAMFILES(X86)\\Google\\Chrome\\Application\\chrome.exe", "hash": { "md5": "b0bd1ff76f58006d879fee68a1241528", "sha1": "9037711d20353f0adec0c4558a77f6277dab778b", @@ -46,8 +60,13 @@ }, "name": "chrome.exe", "parent": { + "args": [ + "C:\\ProgramFiles(x86)\\Google\\Chrome\\Application\\chrome.exe" + ], + "args_count": 1, "command_line": "C:\\ProgramFiles(x86)\\Google\\Chrome\\Application\\chrome.exe", "entity_id": "728A830FDFF04CF5", + "executable": "C:\\PROGRAMFILES(X86)\\Google\\Chrome\\Application\\chrome.exe", "hash": { "sha1": "9037711d20353f0adec0c4558a77f6277dab778b", "sha256": "03155d327c65a8768c571018132e17336fa38349eb0c96e9cbbf5ea905ed750e" @@ -257,7 +276,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "asdf", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-process.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-process.log-expected.json index bca6f4f0255..eeffda9be47 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-process.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-process.log-expected.json @@ -6,6 +6,9 @@ "version": "8.11.0" }, "event": { + "action": [ + "start" + ], "category": [ "process" ], @@ -13,7 +16,7 @@ "kind": "event", "original": "{\"timestamp\":\"18:32:29.470\",\"tgt.process.displayName\":\"nr-winpkg.exe\",\"src.process.parent.isStorylineRoot\":false,\"event.category\":\"process\",\"src.process.parent.image.sha1\":\"9ef7039dadb490762d4446892b1c0323f06bd1c2\",\"site.id\":\"123456789123456789\",\"src.process.parent.displayName\":\"Test123\",\"src.process.image.binaryIsExecutable\":true,\"tgt.process.storyline.id\":\"F8C44B7A0C80D2E7\",\"tgt.process.isNative64Bit\":false,\"src.process.parent.subsystem\":\"SYS_WIN32\",\"src.process.user\":\"NTAUTHORITY\\\\SYSTEM\",\"src.process.indicatorRansomwareCount\":0,\"src.process.crossProcessDupRemoteProcessHandleCount\":0,\"src.process.tgtFileCreationCount\":5621,\"src.process.indicatorInjectionCount\":0,\"src.process.moduleCount\":216402,\"src.process.parent.name\":\"newrelic-infra-service.exe\",\"i.version\":\"preprocess-lib-1.0\",\"sca:atlantisIngestTime\":1664811195133,\"src.process.image.md5\":\"7c99f420f8985a4ccf428f9fe2b090f0\",\"src.process.indicatorReconnaissanceCount\":4179,\"src.process.storyline.id\":\"F8C44B7A0C80D2E7\",\"src.process.childProcCount\":67359,\"mgmt.url\":\"asdf-123.sentinelone.org\",\"tgt.process.subsystem\":\"SYS_WIN32\",\"src.process.crossProcessOpenProcessCount\":0,\"tgt.process.image.binaryIsExecutable\":true,\"tgt.process.image.sha256\":\"b00b5e5d4e268b8dbd0af0749edb6626e686403c71f1c81ae08d18242046f29e\",\"src.process.subsystem\":\"SYS_WIN32\",\"meta.event.name\":\"PROCESSCREATION\",\"src.process.parent.integrityLevel\":\"SYSTEM\",\"tgt.process.publisher\":\"NEWRELIC,INC.\",\"src.process.indicatorExploitationCount\":0,\"src.process.parent.storyline.id\":\"F8C44B7A0C80D2E7\",\"tgt.process.verifiedStatus\":\"verified\",\"tgt.process.image.path\":\"C:\\\\ProgramFiles\\\\NewRelic\\\\newrelic-infra\\\\newrelic-integrations\\\\nr-winpkg.exe\",\"src.process.integrityLevel\":\"SYSTEM\",\"i.scheme\":\"edr\",\"tgt.process.integrityLevel\":\"SYSTEM\",\"site.name\":\"ASDF\",\"src.process.netConnInCount\":1,\"tgt.process.image.md5\":\"65f9131df4b7c909ae41add0fcd172fa\",\"event.time\":1664811149470,\"account.id\":\"123456789123456789\",\"dataSource.name\":\"SentinelOne\",\"endpoint.name\":\"asdf1\",\"src.process.image.sha1\":\"7f3981d9bf5d134065541387a77b9f651471fa0f\",\"src.process.isStorylineRoot\":false,\"src.process.parent.image.path\":\"C:\\\\ProgramFiles\\\\NewRelic\\\\newrelic-infra\\\\newrelic-infra-service.exe\",\"src.process.pid\":3596,\"tgt.file.isSigned\":\"signed\",\"src.process.cmdline\":\"C:\\\\ProgramFiles(x86)\\\\Microsoft\\\\important_stuff\\\\stuff.EXE\\\\\",\"src.process.publisher\":\"NEWRELIC,INC.\",\"sca:ingestTime\":1664811195,\"dataSource.category\":\"security\",\"src.process.crossProcessThreadCreateCount\":0,\"src.process.parent.isNative64Bit\":false,\"src.process.parent.isRedirectCmdProcessor\":false,\"tgt.process.image.sha1\":\"a1d7ac9e15c26535a7dec40bba21cda4de078504\",\"src.process.crossProcessCount\":0,\"src.process.signedStatus\":\"signed\",\"event.id\":\"01GEF7NPDYKJDP1X0XSQ9K7J2N_41\",\"src.process.parent.cmdline\":\"\\\"C:\\\\ProgramFiles\\\\NewRelic\\\\newrelic-infra\\\\newrelic-infra-service.exe\\\"\",\"src.process.image.path\":\"C:\\\\ProgramFiles\\\\NewRelic\\\\newrelic-infra\\\\newrelic-infra.exe\",\"src.process.tgtFileModificationCount\":516119,\"src.process.indicatorEvasionCount\":2100,\"src.process.netConnOutCount\":7330,\"tgt.process.pid\":4720,\"src.process.crossProcessDupThreadHandleCount\":0,\"tgt.process.name\":\"nr-winpkg.exe\",\"endpoint.os\":\"windows\",\"src.process.tgtFileDeletionCount\":5621,\"tgt.process.signedStatus\":\"signed\",\"src.process.startTime\":1662784606181,\"mgmt.id\":\"1337\",\"os.name\":\"WindowsServer2019Datacenter\",\"tgt.process.cmdline\":\"./nr-winpkg\",\"src.process.displayName\":\"newrelic-infra.exe\",\"src.process.parent.sessionId\":0,\"src.process.isNative64Bit\":false,\"src.process.uid\":\"F59445BAF5BC03DA\",\"src.process.parent.image.md5\":\"8c3eb2770d8eed24ce33d77f7668fea5\",\"src.process.indicatorBootConfigurationUpdateCount\":0,\"src.process.indicatorInfostealerCount\":0,\"process.unique.key\":\"D0046CBAF5BC03DA\",\"tgt.process.uid\":\"D0046CBAF5BC03DA\",\"tgt.process.isStorylineRoot\":false,\"src.process.parent.uid\":\"C19445BAF5BC03DA\",\"agent.version\":\"22.1.2.217\",\"src.process.parent.image.sha256\":\"f62c2d5c9e7605c75a0c8fcb9c2b506267ca0e6706766e033495d81dac4e302c\",\"src.process.sessionId\":0,\"src.process.netConnCount\":7331,\"mgmt.osRevision\":\"17763\",\"group.id\":\"asdf\",\"tgt.process.startTime\":1664811149464,\"src.process.parent.publisher\":\"NEWRELIC,INC.\",\"src.process.isRedirectCmdProcessor\":false,\"src.process.verifiedStatus\":\"verified\",\"src.process.parent.startTime\":1662784605701,\"src.process.dnsCount\":565,\"endpoint.type\":\"server\",\"trace.id\":\"01GEF7NPDYKJDP1X0XSQ9K7J2N\",\"src.process.name\":\"newrelic-infra.exe\",\"agent.uuid\":\"asdf356783457dfds4456d65\",\"src.process.image.sha256\":\"058043b4d2b74a31dda6966a7a0c292a04e898bd4dabaefdc6b0eabf518c40d1\",\"tgt.process.user\":\"NTAUTHORITY\\\\SYSTEM\",\"src.process.indicatorGeneralCount\":4180,\"src.process.crossProcessOutOfStorylineCount\":0,\"src.process.registryChangeCount\":146,\"packet.id\":\"62D7376456284C24A2067FE50BA5B7D7\",\"tgt.process.sessionId\":0,\"src.process.indicatorPersistenceCount\":0,\"src.process.parent.signedStatus\":\"signed\",\"src.process.parent.user\":\"asdf\\\\SYSTEM\",\"tgt.process.isRedirectCmdProcessor\":false,\"event.type\":\"ProcessCreation\",\"src.process.indicatorPostExploitationCount\":0,\"src.process.parent.pid\":3132}", "type": [ - "info" + "start" ] }, "group": { @@ -21,13 +24,19 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "WindowsServer2019Datacenter", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "server" }, "process": { + "args": [ + "./nr-winpkg" + ], + "args_count": 1, "command_line": "./nr-winpkg", "entity_id": "D0046CBAF5BC03DA", "hash": { @@ -37,8 +46,18 @@ }, "name": "nr-winpkg.exe", "parent": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "NEWRELIC,INC.", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "F59445BAF5BC03DA", + "executable": "C:\\ProgramFiles\\NewRelic\\newrelic-infra\\newrelic-infra.exe", "hash": { "md5": "7c99f420f8985a4ccf428f9fe2b090f0", "sha1": "7f3981d9bf5d134065541387a77b9f651471fa0f", @@ -257,7 +276,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-registry.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-registry.log-expected.json index 19b0cc3aa3b..1e8829a6022 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-registry.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-registry.log-expected.json @@ -21,15 +21,27 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows7Professional", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "desktop" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "MICROSOFTWINDOWS", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "7A5B258D66B11991", + "executable": "C:\\Windows\\system32\\svchost.exe", "hash": { "md5": "c78655bc80301d76ed4fef1c1ea40a7d", "sha1": "619652b42afe5fb0e3719d7aeda7a5494ab193e8", @@ -37,8 +49,13 @@ }, "name": "svchost.exe", "parent": { + "args": [ + "C:\\Windows\\system32\\services.exe" + ], + "args_count": 1, "command_line": "C:\\Windows\\system32\\services.exe", "entity_id": "55A75E7FE942CE7D", + "executable": "C:\\Windows\\system32\\services.exe", "hash": { "sha1": "ff658a36899e43fec3966d608b4aa4472de7a378", "sha256": "a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536" @@ -59,7 +76,12 @@ } }, "registry": { - "key": "MACHINE\\SYSTEM\\ControlSet001\\Control\\DeviceClasses\\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\##?#PCI#VEN_10EE&DEV_0300&SUBSYS_044D173E&REV_00#4&353c0d9e&0&20F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\#Topology\\Properties\\{d1885396-39d8-4777-bcff-5e3241483416}\\00000000\\00000000\\Type" + "data": { + "type": "BINARY" + }, + "key": "MACHINE\\SYSTEM\\ControlSet001\\Control\\DeviceClasses\\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\##?#PCI#VEN_10EE&DEV_0300&SUBSYS_044D173E&REV_00#4&353c0d9e&0&20F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\#Topology\\Properties\\{d1885396-39d8-4777-bcff-5e3241483416}\\00000000\\00000000", + "path": "MACHINE\\SYSTEM\\ControlSet001\\Control\\DeviceClasses\\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\##?#PCI#VEN_10EE&DEV_0300&SUBSYS_044D173E&REV_00#4&353c0d9e&0&20F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\#Topology\\Properties\\{d1885396-39d8-4777-bcff-5e3241483416}\\00000000\\00000000\\Type", + "value": "Type" }, "related": { "hash": [ @@ -235,7 +257,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-scheduled-task.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-scheduled-task.log-expected.json index 8b0318f6a69..59b7613cec9 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-scheduled-task.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-scheduled-task.log-expected.json @@ -15,15 +15,27 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Windows10Enterprise", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "laptop" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "LENOVO", + "trusted": true + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "0AF3AD1313577E13", + "executable": "C:\\Windows\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe", "hash": { "md5": "9b86c2a9ff7b8e697a9bbe015d4c9d0e", "sha1": "c364f32c9df2fb147131618b9793346ae5d8f745", @@ -31,8 +43,13 @@ }, "name": "Lenovo.Modern.ImController.exe", "parent": { + "args": [ + "C:\\Windows\\system32\\services.exe" + ], + "args_count": 1, "command_line": "C:\\Windows\\system32\\services.exe", "entity_id": "2AF2AD1313577E13", + "executable": "C:\\Windows\\System32\\services.exe", "hash": { "sha1": "d7a213f3cfee2a8a191769eb33847953be51de54", "sha256": "dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674" @@ -287,7 +304,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-threat-intelligence-indicator.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-threat-intelligence-indicator.log-expected.json index a9b37fbdada..c59d97a5e87 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-threat-intelligence-indicator.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-threat-intelligence-indicator.log-expected.json @@ -21,15 +21,25 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "Linux", - "platform": "linux" + "platform": "linux", + "type": "linux" }, "type": "server" }, "process": { + "args": [ + "-D" + ], + "args_count": 1, + "code_signature": { + "exists": false + }, "command_line": "-D", "entity_id": "09edcd06-faa9-1575-1f8b-46a5ad0ac0fe", + "executable": "/usr/sbin/sshd", "hash": { "sha1": "4fe13081b31b55176af7dee8354ea18ad3ca4c59" }, @@ -183,7 +193,11 @@ "tags": [ "preserve_original_event", "preserve_duplicate_custom_fields" - ] + ], + "user": { + "domain": "root", + "name": "root" + } } ] } \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-url.log-expected.json b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-url.log-expected.json index d8c2c5afca4..a80d672d915 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-url.log-expected.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/_dev/test/pipeline/test-url.log-expected.json @@ -2,6 +2,13 @@ "expected": [ { "@timestamp": "2022-10-03T15:32:29.475Z", + "destination": { + "address": "www.asdf.com", + "domain": "www.asdf.com", + "registered_domain": "asdf.com", + "subdomain": "www", + "top_level_domain": "com" + }, "ecs": { "version": "8.11.0" }, @@ -15,15 +22,25 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "WindowsServer2019Datacenter", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "server" }, "process": { + "args": [ + "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\" + ], + "args_count": 1, + "code_signature": { + "exists": false + }, "command_line": "C:\\ProgramFiles(x86)\\Microsoft\\important_stuff\\stuff.EXE\\", "entity_id": "E1471D24880BECFA", + "executable": "C:\\MetSrc\\sourcelink5.exe", "hash": { "md5": "ac5ebf6878c1226542453aea56e451a2", "sha1": "186fdd875432f3af106eb973fbc871240f35964e", @@ -31,8 +48,13 @@ }, "name": "sourcelink5.exe", "parent": { + "args": [ + "C:\\MetSrc\\nssm.exe" + ], + "args_count": 1, "command_line": "C:\\MetSrc\\nssm.exe", "entity_id": "632D1A24880BECFA", + "executable": "C:\\MetSrc\\nssm.exe", "hash": { "sha1": "47c112c23c7bdf2af24a20bd512f91ff6af76bc6", "sha256": "f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97" @@ -221,7 +243,13 @@ "preserve_duplicate_custom_fields" ], "url": { - "original": "http://www.asdf.com" + "domain": "www.asdf.com", + "original": "http://www.asdf.com", + "scheme": "http" + }, + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" } } ] diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/default.yml index b62cb1da528..fb0f64039a6 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -199,6 +199,17 @@ processors: field: host.os.platform copy_from: sentinel_one_cloud_funnel.event.endpoint.os ignore_empty_value: true + - set: + field: host.os.type + copy_from: sentinel_one_cloud_funnel.event.endpoint.os + if: >- + [ + 'linux', + 'windows', + 'macos', + 'ios', + 'android' + ].contains(ctx.sentinel_one_cloud_funnel?.event?.endpoint?.os) - append: field: related.hosts value: '{{{sentinel_one_cloud_funnel.event.endpoint.os}}}' @@ -229,6 +240,10 @@ processors: field: json.src.process.image.path target_field: sentinel_one_cloud_funnel.event.src.process.image.path ignore_missing: true + - set: + field: process.executable + copy_from: sentinel_one_cloud_funnel.event.src.process.image.path + ignore_empty_value: true - rename: field: json.src.process.image.md5 target_field: sentinel_one_cloud_funnel.event.src.process.image.md5 @@ -554,6 +569,19 @@ processors: field: process.user.name copy_from: sentinel_one_cloud_funnel.event.src.process.user.name ignore_empty_value: true + - set: + field: user.name + copy_from: process.user.name + ignore_empty_value: true + - set: + field: user.domain + copy_from: process.user.name + ignore_empty_value: true + - dissect: + field: process.user.name + pattern: '%{user.domain}\%{user.name}' + if: ctx.process?.user?.name?.contains('\\') == true + description: "Split user and domain" - rename: field: json.src.process.eUserName target_field: sentinel_one_cloud_funnel.event.src.process.e_user.name @@ -595,6 +623,10 @@ processors: field: json.agent.uuid target_field: sentinel_one_cloud_funnel.event.agent.uuid ignore_missing: true + - set: + field: host.id + copy_from: sentinel_one_cloud_funnel.event.agent.uuid + ignore_empty_value: true - rename: field: json.agent.version target_field: sentinel_one_cloud_funnel.event.agent.version @@ -1457,6 +1489,10 @@ processors: field: json.src.process.parent.image.path target_field: sentinel_one_cloud_funnel.event.src.process.parent.image.path ignore_missing: true + - set: + field: process.parent.executable + copy_from: sentinel_one_cloud_funnel.event.src.process.parent.image.path + ignore_empty_value: true - rename: field: json.src.process.parent.integrityLevel target_field: sentinel_one_cloud_funnel.event.src.process.parent.integrity_level @@ -1868,6 +1904,14 @@ processors: field: json.src.process.signedStatus target_field: sentinel_one_cloud_funnel.event.src.process.signed_status ignore_missing: true + - set: + field: process.code_signature.exists + value: true + if: ctx.sentinel_one_cloud_funnel?.event?.src?.process?.signed_status == 'signed' + - set: + field: process.code_signature.exists + value: false + if: ctx.sentinel_one_cloud_funnel?.event?.src?.process?.signed_status == 'unsigned' - convert: field: json.src.process.tgtFileDeletionCount tag: 'convert_json_src_process_tgtFileDeletionCount' @@ -1976,10 +2020,23 @@ processors: field: json.src.process.publisher target_field: sentinel_one_cloud_funnel.event.src.process.publisher ignore_missing: true + - set: + field: process.code_signature.subject_name + copy_from: sentinel_one_cloud_funnel.event.src.process.publisher + ignore_empty_value: true - rename: field: json.src.process.verifiedStatus target_field: sentinel_one_cloud_funnel.event.src.process.verified_status ignore_missing: true + - set: + field: process.code_signature.trusted + value: true + if: ctx.sentinel_one_cloud_funnel?.event?.src?.process?.verified_status?.contains('verified') == true + - set: + field: process.code_signature.trusted + value: false + override: false + if: ctx.process?.code_signature?.exists == true - rename: field: json.driver.certificate.thumbprint target_field: sentinel_one_cloud_funnel.event.driver.certificate.thumbprint.value @@ -2702,6 +2759,96 @@ processors: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - script: + # This must happen after the pipelines since the process pipeline also touches process.command_line. + description: Implements Windows-like SplitCommandLine + lang: painless + if: |- + (ctx.process?.command_line != null && ctx.process.command_line != "") || + (ctx.process?.parent?.command_line != null && ctx.process.parent.command_line != "") + source: |- + // appendBSBytes appends n '\\' bytes to b and returns the resulting slice. + def appendBSBytes(StringBuilder b, int n) { + for (; n > 0; n--) { + b.append('\\'); + } + return b; + } + + // readNextArg splits command line string cmd into next + // argument and command line remainder. + def readNextArg(String cmd) { + def b = new StringBuilder(); + boolean inquote; + int nslash; + for (; cmd.length() > 0; cmd = cmd.substring(1)) { + def c = cmd.charAt(0); + if (c == (char)' ' || c == (char)0x09) { + if (!inquote) { + return [ + "arg": appendBSBytes(b, nslash).toString(), + "rest": cmd.substring(1) + ]; + } + } else if (c == (char)'"') { + b = appendBSBytes(b, nslash/2); + if (nslash%2 == 0) { + // use "Prior to 2008" rule from + // http://daviddeley.com/autohotkey/parameters/parameters.htm + // section 5.2 to deal with double double quotes + if (inquote && cmd.length() > 1 && cmd.charAt(1) == (char)'"') { + b.append(c); + cmd = cmd.substring(1); + } + inquote = !inquote; + } else { + b.append(c); + } + nslash = 0; + continue; + } else if (c == (char)'\\') { + nslash++; + continue; + } + b = appendBSBytes(b, nslash); + nslash = 0; + b.append(c); + } + return [ + "arg": appendBSBytes(b, nslash).toString(), + "rest": '' + ]; + } + + // commandLineToArgv splits a command line into individual argument + // strings, following the Windows conventions documented + // at http://daviddeley.com/autohotkey/parameters/parameters.htm#WINARGV + // Original implementation found at: https://github.com/golang/go/commit/39c8d2b7faed06b0e91a1ad7906231f53aab45d1 + def commandLineToArgv(String cmd) { + def args = new ArrayList(); + while (cmd.length() > 0) { + if (cmd.charAt(0) == (char)' ' || cmd.charAt(0) == (char)0x09) { + cmd = cmd.substring(1); + continue; + } + def next = readNextArg(cmd); + cmd = next.rest; + args.add(next.arg); + } + return args; + } + + def cmd = ctx.process?.command_line; + if (cmd != null && cmd != "") { + ctx.process.args = commandLineToArgv(cmd); + ctx.process.args_count = ctx.process.args.length; + } + + def parentCmd = ctx.process?.parent?.command_line; + if (parentCmd != null && parentCmd != "") { + ctx.process.parent.args = commandLineToArgv(parentCmd); + ctx.process.parent.args_count = ctx.process.parent.args.length; + } - remove: field: json ignore_missing: true diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-command-script.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-command-script.yml index d05e538b431..af2ae2c3c3b 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-command-script.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-command-script.yml @@ -28,6 +28,10 @@ processors: field: json.cmdScript.content target_field: sentinel_one_cloud_funnel.event.cmd_script.content ignore_missing: true + - set: + field: powershell.file.script_block_text + copy_from: sentinel_one_cloud_funnel.event.cmd_script.content + ignore_empty_value: true - convert: field: json.cmdScript.isComplete tag: 'convert_json_cmdScript_isComplete' diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-dns.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-dns.yml index c9d4e82c9f1..1c1f6f1c016 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-dns.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-dns.yml @@ -11,6 +11,10 @@ processors: field: json.event.dns.request target_field: sentinel_one_cloud_funnel.event.dns.request ignore_missing: true + - set: + field: dns.question.name + copy_from: sentinel_one_cloud_funnel.event.dns.request + ignore_empty_value: true - rename: field: json.event.dns.response target_field: sentinel_one_cloud_funnel.event.dns.response diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-file.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-file.yml index 64f192d6196..bbad4016d03 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-file.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-file.yml @@ -4,21 +4,50 @@ processors: - set: field: event.category value: [file] - - set: - field: event.type - value: [info] - set: field: event.type value: [creation] - if: ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel?.event?.type.toLowerCase().contains('creat') + if: ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('creat') - set: field: event.type value: [deletion] - if: ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel?.event?.type.toLowerCase().contains('delet') + if: ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('delet') - set: field: event.type value: [change] - if: ctx.sentinel_one_cloud_funnel?.event?.type != null && (ctx.sentinel_one_cloud_funnel?.event?.type.toLowerCase().contains('change') || ctx.sentinel_one_cloud_funnel?.event?.type.toLowerCase().contains('modif')) + if: >- + ctx.sentinel_one_cloud_funnel?.event?.type != null && + ( + ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('change') || + ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('modif') || + ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('rename') + ) + - set: + field: event.type + value: [info] + override: false + - set: + field: event.action + value: [creation] + if: ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('creat') + - set: + field: event.action + value: [deletion] + if: ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('delet') + - set: + field: event.action + value: [change] + if: >- + ctx.sentinel_one_cloud_funnel?.event?.type != null && + ( + ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('change') || + ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('modif') + ) + - set: + field: event.action + value: [rename] + if: >- + ctx.sentinel_one_cloud_funnel?.event?.type != null && ctx.sentinel_one_cloud_funnel.event.type.toLowerCase().contains('rename') - rename: field: json.k8sCluster.containerId target_field: sentinel_one_cloud_funnel.event.k8s_cluster.container.id @@ -152,6 +181,38 @@ processors: field: file.path copy_from: sentinel_one_cloud_funnel.event.tgt.file.path ignore_empty_value: true + - rename: + field: json.tgt.file.type + target_field: sentinel_one_cloud_funnel.event.tgt.file.type + ignore_missing: true + - set: + field: file.type + copy_from: sentinel_one_cloud_funnel.event.tgt.file.type + ignore_empty_value: true + - script: + lang: painless + if: ctx.sentinel_one_cloud_funnel?.event?.tgt?.file?.path instanceof String && ctx.sentinel_one_cloud_funnel.event.tgt.file.path.length() > 1 + source: |- + def path = ctx.sentinel_one_cloud_funnel.event.tgt.file.path; + def idx = path.lastIndexOf("\\"); + if (idx == -1) { + idx = path.lastIndexOf("/"); + } + if (idx > -1) { + if (ctx.file == null) { + ctx.file = new HashMap(); + } + ctx.file.name = path.substring(idx+1); + ctx.file.directory = path.substring(0, idx); + + def extIdx = ctx.file.name.lastIndexOf("."); + if (extIdx > -1 && ctx.file.type == "file") { + ctx.file.extension = ctx.file.name.substring(extIdx+1); + } + } + if (path.indexOf(':') == 1) { + ctx.file.drive_letter = path.substring(0, 1).toUpperCase(); + } - convert: field: json.tgt.file.size tag: 'convert_json_tgt_file_size' @@ -167,14 +228,6 @@ processors: field: file.size copy_from: sentinel_one_cloud_funnel.event.tgt.file.size ignore_empty_value: true - - rename: - field: json.tgt.file.type - target_field: sentinel_one_cloud_funnel.event.tgt.file.type - ignore_missing: true - - set: - field: file.type - copy_from: sentinel_one_cloud_funnel.event.tgt.file.type - ignore_empty_value: true - convert: field: json.src.process.tid tag: 'convert_json_src_process_tid' diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-login.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-login.yml index e1820501b2d..c83e7cb74a8 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-login.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-login.yml @@ -4,9 +4,18 @@ processors: - set: field: event.category value: [authentication] + - set: + field: event.type + value: [start] + if: ctx.sentinel_one_cloud_funnel?.event?.type == 'Login' + - set: + field: event.type + value: [end] + if: ctx.sentinel_one_cloud_funnel?.event?.type == 'Logout' - set: field: event.type value: [info] + override: false - rename: field: json.event.login.userName target_field: sentinel_one_cloud_funnel.event.login.user_name diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-network-action.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-network-action.yml index 623d2b7dc16..683c275ade5 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-network-action.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-network-action.yml @@ -6,7 +6,8 @@ processors: value: [network] - set: field: event.type - value: [info] + value: [start] + if: ctx.sentinel_one_cloud_funnel?.event?.type == 'IPConnect' - rename: field: json.k8sCluster.containerId target_field: sentinel_one_cloud_funnel.event.k8s_cluster.container.id @@ -73,6 +74,10 @@ processors: field: destination.ip copy_from: sentinel_one_cloud_funnel.event.dst.ip_address ignore_empty_value: true + - set: + field: destination.address + copy_from: sentinel_one_cloud_funnel.event.dst.ip_address + ignore_empty_value: true - convert: field: json.dst.port.number tag: 'convert_json_dst_port_number' @@ -203,6 +208,17 @@ processors: field: json.k8sCluster.podName target_field: sentinel_one_cloud_funnel.event.k8s_cluster.pod.name ignore_missing: true + - append: + field: event.type + value: connection + allow_duplicates: false + if: >- + (ctx.source?.ip != null || ctx.source?.address != null) && ctx.source?.port != null && + (ctx.destination?.ip != null || ctx.destination?.address != null) && ctx.destination?.port != null + - set: + field: event.type + value: [info] + override: false on_failure: - append: field: error.message diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-process.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-process.yml index 6a53d5a7b5f..86b3ea805af 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-process.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-process.yml @@ -6,7 +6,16 @@ processors: value: [process] - set: field: event.type - value: [info] + value: [start] + if: ctx.sentinel_one_cloud_funnel?.event?.type == 'ProcessCreation' + - set: + field: event.type + value: [end] + if: ctx.sentinel_one_cloud_funnel?.event?.type == 'ProcessExit' || ctx.sentinel_one_cloud_funnel?.event?.type == 'ProcessTermination' + - set: + field: event.action + copy_from: event.type + ignore_empty_value: true - rename: field: json.k8sCluster.containerId target_field: sentinel_one_cloud_funnel.event.k8s_cluster.container.id diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-registry.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-registry.yml index 096a22b276f..c2c0a306276 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-registry.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-registry.yml @@ -21,17 +21,34 @@ processors: target_field: sentinel_one_cloud_funnel.event.registry.key.path ignore_missing: true - set: - field: registry.key + field: registry.path copy_from: sentinel_one_cloud_funnel.event.registry.key.path ignore_empty_value: true + - script: + lang: painless + if: ctx.registry?.path instanceof String && ctx.registry.path != "" + source: |- + def idx = ctx.registry.path.lastIndexOf('\\'); + if (idx >= 0) { + ctx.registry.key = ctx.registry.path.substring(0, idx); + ctx.registry.value = ctx.registry.path.substring(idx+1); + } - rename: field: json.registry.value target_field: sentinel_one_cloud_funnel.event.registry.val ignore_missing: true - set: - field: registry.value + field: registry.data.strings copy_from: sentinel_one_cloud_funnel.event.registry.val ignore_empty_value: true + - rename: + field: json.registry.valueType + target_field: sentinel_one_cloud_funnel.event.registry.value.type + ignore_missing: true + - set: + field: registry.data.type + copy_from: sentinel_one_cloud_funnel.event.registry.value.type + ignore_empty_value: true - rename: field: json.registry.keyUid target_field: sentinel_one_cloud_funnel.event.registry.key.uid diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-url.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-url.yml index 6a9bc42d44a..2b42e387ae3 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-url.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/elasticsearch/ingest_pipeline/pipeline-url.yml @@ -9,6 +9,18 @@ processors: field: url.original copy_from: sentinel_one_cloud_funnel.event.url.address ignore_empty_value: true + - uri_parts: + field: url.original + keep_original: true + ignore_missing: true + - set: + field: destination.address + copy_from: url.domain + ignore_empty_value: true + - registered_domain: + field: destination.address + target_field: destination + if: ctx.destination?.address != null - rename: field: json.event.url.action target_field: sentinel_one_cloud_funnel.event.url.action diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/fields/fields.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/fields/fields.yml index f41bd74a7cf..9a5a0eacafb 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/fields/fields.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/fields/fields.yml @@ -1502,3 +1502,13 @@ description: Complete URL. - name: source type: keyword +- name: powershell.file + type: group + fields: + - name: script_block_text + type: text + analyzer: powershell_script_analyzer + description: > + Text of the executed script block. + + example: ".\\a_script.ps1" diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/manifest.yml b/packages/sentinel_one_cloud_funnel/data_stream/event/manifest.yml index a2363f51a90..769c6da7e54 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/manifest.yml +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/manifest.yml @@ -1,4 +1,12 @@ title: Collect Event logs from SentinelOne Cloud Funnel. +elasticsearch: + index_template: + settings: + analysis: + analyzer: + powershell_script_analyzer: + type: pattern + pattern: '[\W&&[^-]]+' type: logs streams: - input: aws-s3 diff --git a/packages/sentinel_one_cloud_funnel/data_stream/event/sample_event.json b/packages/sentinel_one_cloud_funnel/data_stream/event/sample_event.json index e22d5ea5ce0..f57b4a35988 100644 --- a/packages/sentinel_one_cloud_funnel/data_stream/event/sample_event.json +++ b/packages/sentinel_one_cloud_funnel/data_stream/event/sample_event.json @@ -1,17 +1,17 @@ { "@timestamp": "2022-10-25T07:47:24.180Z", "agent": { - "ephemeral_id": "26afb86c-4349-4dc3-8efa-fe82afd55bcf", - "id": "acba78ef-1401-4689-977c-d8c2e5d6a8fa", + "ephemeral_id": "00480237-584b-4874-900c-1ee82179d3ac", + "id": "aca18834-90ec-4b18-8bd9-50466624ef53", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.10.1" + "version": "8.11.1" }, "aws": { "s3": { "bucket": { - "arn": "arn:aws:s3:::elastic-package-sentinel-one-bucket-47039", - "name": "elastic-package-sentinel-one-bucket-47039" + "arn": "arn:aws:s3:::elastic-package-sentinel-one-bucket-11810", + "name": "elastic-package-sentinel-one-bucket-11810" }, "object": { "key": "command_script.log" @@ -30,9 +30,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "acba78ef-1401-4689-977c-d8c2e5d6a8fa", + "id": "aca18834-90ec-4b18-8bd9-50466624ef53", "snapshot": false, - "version": "8.10.1" + "version": "8.11.1" }, "event": { "agent_id_status": "verified", @@ -41,7 +41,7 @@ ], "dataset": "sentinel_one_cloud_funnel.event", "id": "01GG71RXEEHZQFY6XZ1WGS2BAE_168", - "ingested": "2023-11-02T13:59:39Z", + "ingested": "2024-02-15T00:46:20Z", "kind": "event", "original": "{\"timestamp\":\"10:47:24.180\",\"src.process.parent.isStoryline™Root\":false,\"event.category\":\"command_script\",\"src.process.parent.image.sha1\":\"134fd2ad04cf59b0c10596230da5daf6fc711bd1\",\"site.id\":\"123456789123456789\",\"src.process.image.binaryIsExecutable\":true,\"src.process.parent.displayName\":\"MicrosoftCompatibilityTelemetry\",\"src.process.user\":\"NTAUTHORITY\\\\SYSTEM\",\"src.process.parent.subsystem\":\"SYS_WIN32\",\"src.process.indicatorRansomwareCount\":0,\"src.process.crossProcessDupRemoteProcessHandleCount\":0,\"src.process.activeContent.signedStatus\":\"unsigned\",\"src.process.tgtFileCreationCount\":0,\"src.process.indicatorInjectionCount\":0,\"src.process.moduleCount\":284,\"src.process.parent.name\":\"CompatTelRunner.exe\",\"i.version\":\"preprocess-lib-1.0\",\"src.process.activeContentType\":\"CLI\",\"sca:atlantisIngestTime\":1666684057507,\"src.process.image.md5\":\"7353f60b1739074eb17c5f4dddefe239\",\"src.process.indicatorReconnaissanceCount\":8,\"src.process.Storyline™.id\":\"87EE3C19E0250305\",\"src.process.childProcCount\":1,\"mgmt.url\":\"asdf-123.sentinelone.org\",\"src.process.crossProcessOpenProcessCount\":0,\"cmdScript.isComplete\":true,\"src.process.subsystem\":\"SYS_WIN32\",\"meta.event.name\":\"SCRIPTS\",\"src.process.parent.integrityLevel\":\"SYSTEM\",\"src.process.indicatorExploitationCount\":0,\"src.process.parent.Storyline™.id\":\"87EE3C19E0250305\",\"i.scheme\":\"edr\",\"src.process.integrityLevel\":\"SYSTEM\",\"site.name\":\"ASDF\",\"src.process.netConnInCount\":0,\"event.time\":1666684044180,\"account.id\":\"123456789123456789\",\"dataSource.name\":\"SentinelOne\",\"endpoint.name\":\"asdf1\",\"src.process.image.sha1\":\"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",\"src.process.isStoryline™Root\":false,\"cmdScript.applicationName\":\"PowerShell_C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe_10.0.17763.1\",\"src.process.parent.image.path\":\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"src.process.pid\":5912,\"tgt.file.isSigned\":\"signed\",\"sca:ingestTime\":1666684063,\"dataSource.category\":\"security\",\"src.process.cmdline\":\"powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';\",\"src.process.publisher\":\"MICROSOFTWINDOWS\",\"src.process.crossProcessThreadCreateCount\":0,\"src.process.parent.isNative64Bit\":false,\"src.process.parent.isRedirectCmdProcessor\":false,\"src.process.signedStatus\":\"signed\",\"src.process.crossProcessCount\":0,\"event.id\":\"01GG71RXEEHZQFY6XZ1WGS2BAE_168\",\"src.process.parent.cmdline\":\"C:\\\\Windows\\\\system32\\\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2\",\"cmdScript.content\":\"$global:?\",\"src.process.image.path\":\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"src.process.tgtFileModificationCount\":4,\"src.process.indicatorEvasionCount\":1,\"src.process.netConnOutCount\":0,\"cmdScript.sha256\":\"feb60de98632d9f666e16e89bd1c99174801c761115d4a9f52f05ef41e397d2d\",\"src.process.crossProcessDupThreadHandleCount\":0,\"endpoint.os\":\"windows\",\"src.process.tgtFileDeletionCount\":0,\"src.process.startTime\":1666684041917,\"mgmt.id\":\"1337\",\"os.name\":\"WindowsServer2019Standard\",\"src.process.activeContent.id\":\"3EFA3EFA3EFA3EFA\",\"src.process.displayName\":\"WindowsPowerShell\",\"src.process.activeContent.path\":\"\\\\Unknowndevice\\\\Unknownfile\",\"src.process.isNative64Bit\":false,\"src.process.parent.sessionId\":0,\"src.process.uid\":\"230B188E26085676\",\"src.process.parent.image.md5\":\"47dd94d79d9bac54a2c3a1cf502770c6\",\"src.process.indicatorInfostealerCount\":0,\"src.process.indicatorBootConfigurationUpdateCount\":0,\"process.unique.key\":\"230B188E26085676\",\"cmdScript.originalSize\":18,\"agent.version\":\"22.1.4.10010\",\"src.process.parent.uid\":\"8608188E26085676\",\"src.process.parent.image.sha256\":\"046f009960f70981597cd7b3a1e44cbb4ba5893cc1407734366aa55fbeda5d66\",\"src.process.sessionId\":0,\"src.process.netConnCount\":0,\"mgmt.osRevision\":\"17763\",\"group.id\":\"asdf\",\"src.process.isRedirectCmdProcessor\":false,\"src.process.verifiedStatus\":\"verified\",\"src.process.parent.publisher\":\"MICROSOFTWINDOWS\",\"src.process.parent.startTime\":1666683971590,\"src.process.dnsCount\":0,\"endpoint.type\":\"server\",\"trace.id\":\"01GG71RXEEHZQFY6XZ1WGS2BAE\",\"src.process.name\":\"powershell.exe\",\"agent.uuid\":\"asdf356783457dfds4456d65\",\"src.process.activeContent.hash\":\"a8ae2c841e3f0f39d494a45370815a90cf00421e\",\"src.process.image.sha256\":\"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",\"src.process.indicatorGeneralCount\":49,\"src.process.crossProcessOutOfStoryline™Count\":0,\"src.process.registryChangeCount\":0,\"packet.id\":\"9CB6AC4F10C34F5BB0A2788760E870F5\",\"src.process.indicatorPersistenceCount\":0,\"src.process.parent.signedStatus\":\"signed\",\"src.process.parent.user\":\"NTAUTHORITY\\\\SYSTEM\",\"event.type\":\"CommandScript\",\"src.process.indicatorPostExploitationCount\":0,\"src.process.parent.pid\":6008}", "type": [ @@ -53,9 +53,11 @@ }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "WindowsServer2019Standard", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "server" }, @@ -64,12 +66,28 @@ }, "log": { "file": { - "path": "https://elastic-package-sentinel-one-bucket-47039.s3.us-east-1.amazonaws.com/command_script.log" + "path": "https://elastic-package-sentinel-one-bucket-11810.s3.us-east-1.amazonaws.com/command_script.log" }, "offset": 0 }, + "powershell": { + "file": { + "script_block_text": "$global:?" + } + }, "process": { + "args": [ + "powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "MICROSOFTWINDOWS", + "trusted": true + }, "command_line": "powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';", + "entity_id": "230B188E26085676", + "executable": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "hash": { "md5": "7353f60b1739074eb17c5f4dddefe239", "sha1": "6cbce4a295c163791b60fc23d285e6d84f28ee4c", @@ -77,7 +95,13 @@ }, "name": "powershell.exe", "parent": { + "args": [ + "C:\\Windows\\system32\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2" + ], + "args_count": 1, "command_line": "C:\\Windows\\system32\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2", + "entity_id": "8608188E26085676", + "executable": "C:\\Windows\\System32\\CompatTelRunner.exe", "hash": { "sha1": "134fd2ad04cf59b0c10596230da5daf6fc711bd1", "sha256": "046f009960f70981597cd7b3a1e44cbb4ba5893cc1407734366aa55fbeda5d66" @@ -239,7 +263,7 @@ "is_signed": "signed" } }, - "timestamp": "2023-01-01T10:47:24.180Z", + "timestamp": "2024-01-01T10:47:24.180Z", "trace_id": "01GG71RXEEHZQFY6XZ1WGS2BAE", "type": "CommandScript" } @@ -249,5 +273,9 @@ "preserve_original_event", "forwarded", "sentinel_one_cloud_funnel-event" - ] -} + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } +} \ No newline at end of file diff --git a/packages/sentinel_one_cloud_funnel/docs/README.md b/packages/sentinel_one_cloud_funnel/docs/README.md index a03ef36155e..a169e25b46e 100644 --- a/packages/sentinel_one_cloud_funnel/docs/README.md +++ b/packages/sentinel_one_cloud_funnel/docs/README.md @@ -152,17 +152,17 @@ An example event for `event` looks as following: { "@timestamp": "2022-10-25T07:47:24.180Z", "agent": { - "ephemeral_id": "26afb86c-4349-4dc3-8efa-fe82afd55bcf", - "id": "acba78ef-1401-4689-977c-d8c2e5d6a8fa", + "ephemeral_id": "00480237-584b-4874-900c-1ee82179d3ac", + "id": "aca18834-90ec-4b18-8bd9-50466624ef53", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.10.1" + "version": "8.11.1" }, "aws": { "s3": { "bucket": { - "arn": "arn:aws:s3:::elastic-package-sentinel-one-bucket-47039", - "name": "elastic-package-sentinel-one-bucket-47039" + "arn": "arn:aws:s3:::elastic-package-sentinel-one-bucket-11810", + "name": "elastic-package-sentinel-one-bucket-11810" }, "object": { "key": "command_script.log" @@ -181,9 +181,9 @@ An example event for `event` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "acba78ef-1401-4689-977c-d8c2e5d6a8fa", + "id": "aca18834-90ec-4b18-8bd9-50466624ef53", "snapshot": false, - "version": "8.10.1" + "version": "8.11.1" }, "event": { "agent_id_status": "verified", @@ -192,7 +192,7 @@ An example event for `event` looks as following: ], "dataset": "sentinel_one_cloud_funnel.event", "id": "01GG71RXEEHZQFY6XZ1WGS2BAE_168", - "ingested": "2023-11-02T13:59:39Z", + "ingested": "2024-02-15T00:46:20Z", "kind": "event", "original": "{\"timestamp\":\"10:47:24.180\",\"src.process.parent.isStoryline™Root\":false,\"event.category\":\"command_script\",\"src.process.parent.image.sha1\":\"134fd2ad04cf59b0c10596230da5daf6fc711bd1\",\"site.id\":\"123456789123456789\",\"src.process.image.binaryIsExecutable\":true,\"src.process.parent.displayName\":\"MicrosoftCompatibilityTelemetry\",\"src.process.user\":\"NTAUTHORITY\\\\SYSTEM\",\"src.process.parent.subsystem\":\"SYS_WIN32\",\"src.process.indicatorRansomwareCount\":0,\"src.process.crossProcessDupRemoteProcessHandleCount\":0,\"src.process.activeContent.signedStatus\":\"unsigned\",\"src.process.tgtFileCreationCount\":0,\"src.process.indicatorInjectionCount\":0,\"src.process.moduleCount\":284,\"src.process.parent.name\":\"CompatTelRunner.exe\",\"i.version\":\"preprocess-lib-1.0\",\"src.process.activeContentType\":\"CLI\",\"sca:atlantisIngestTime\":1666684057507,\"src.process.image.md5\":\"7353f60b1739074eb17c5f4dddefe239\",\"src.process.indicatorReconnaissanceCount\":8,\"src.process.Storyline™.id\":\"87EE3C19E0250305\",\"src.process.childProcCount\":1,\"mgmt.url\":\"asdf-123.sentinelone.org\",\"src.process.crossProcessOpenProcessCount\":0,\"cmdScript.isComplete\":true,\"src.process.subsystem\":\"SYS_WIN32\",\"meta.event.name\":\"SCRIPTS\",\"src.process.parent.integrityLevel\":\"SYSTEM\",\"src.process.indicatorExploitationCount\":0,\"src.process.parent.Storyline™.id\":\"87EE3C19E0250305\",\"i.scheme\":\"edr\",\"src.process.integrityLevel\":\"SYSTEM\",\"site.name\":\"ASDF\",\"src.process.netConnInCount\":0,\"event.time\":1666684044180,\"account.id\":\"123456789123456789\",\"dataSource.name\":\"SentinelOne\",\"endpoint.name\":\"asdf1\",\"src.process.image.sha1\":\"6cbce4a295c163791b60fc23d285e6d84f28ee4c\",\"src.process.isStoryline™Root\":false,\"cmdScript.applicationName\":\"PowerShell_C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe_10.0.17763.1\",\"src.process.parent.image.path\":\"C:\\\\Windows\\\\System32\\\\CompatTelRunner.exe\",\"src.process.pid\":5912,\"tgt.file.isSigned\":\"signed\",\"sca:ingestTime\":1666684063,\"dataSource.category\":\"security\",\"src.process.cmdline\":\"powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';\",\"src.process.publisher\":\"MICROSOFTWINDOWS\",\"src.process.crossProcessThreadCreateCount\":0,\"src.process.parent.isNative64Bit\":false,\"src.process.parent.isRedirectCmdProcessor\":false,\"src.process.signedStatus\":\"signed\",\"src.process.crossProcessCount\":0,\"event.id\":\"01GG71RXEEHZQFY6XZ1WGS2BAE_168\",\"src.process.parent.cmdline\":\"C:\\\\Windows\\\\system32\\\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2\",\"cmdScript.content\":\"$global:?\",\"src.process.image.path\":\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\",\"src.process.tgtFileModificationCount\":4,\"src.process.indicatorEvasionCount\":1,\"src.process.netConnOutCount\":0,\"cmdScript.sha256\":\"feb60de98632d9f666e16e89bd1c99174801c761115d4a9f52f05ef41e397d2d\",\"src.process.crossProcessDupThreadHandleCount\":0,\"endpoint.os\":\"windows\",\"src.process.tgtFileDeletionCount\":0,\"src.process.startTime\":1666684041917,\"mgmt.id\":\"1337\",\"os.name\":\"WindowsServer2019Standard\",\"src.process.activeContent.id\":\"3EFA3EFA3EFA3EFA\",\"src.process.displayName\":\"WindowsPowerShell\",\"src.process.activeContent.path\":\"\\\\Unknowndevice\\\\Unknownfile\",\"src.process.isNative64Bit\":false,\"src.process.parent.sessionId\":0,\"src.process.uid\":\"230B188E26085676\",\"src.process.parent.image.md5\":\"47dd94d79d9bac54a2c3a1cf502770c6\",\"src.process.indicatorInfostealerCount\":0,\"src.process.indicatorBootConfigurationUpdateCount\":0,\"process.unique.key\":\"230B188E26085676\",\"cmdScript.originalSize\":18,\"agent.version\":\"22.1.4.10010\",\"src.process.parent.uid\":\"8608188E26085676\",\"src.process.parent.image.sha256\":\"046f009960f70981597cd7b3a1e44cbb4ba5893cc1407734366aa55fbeda5d66\",\"src.process.sessionId\":0,\"src.process.netConnCount\":0,\"mgmt.osRevision\":\"17763\",\"group.id\":\"asdf\",\"src.process.isRedirectCmdProcessor\":false,\"src.process.verifiedStatus\":\"verified\",\"src.process.parent.publisher\":\"MICROSOFTWINDOWS\",\"src.process.parent.startTime\":1666683971590,\"src.process.dnsCount\":0,\"endpoint.type\":\"server\",\"trace.id\":\"01GG71RXEEHZQFY6XZ1WGS2BAE\",\"src.process.name\":\"powershell.exe\",\"agent.uuid\":\"asdf356783457dfds4456d65\",\"src.process.activeContent.hash\":\"a8ae2c841e3f0f39d494a45370815a90cf00421e\",\"src.process.image.sha256\":\"de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c\",\"src.process.indicatorGeneralCount\":49,\"src.process.crossProcessOutOfStoryline™Count\":0,\"src.process.registryChangeCount\":0,\"packet.id\":\"9CB6AC4F10C34F5BB0A2788760E870F5\",\"src.process.indicatorPersistenceCount\":0,\"src.process.parent.signedStatus\":\"signed\",\"src.process.parent.user\":\"NTAUTHORITY\\\\SYSTEM\",\"event.type\":\"CommandScript\",\"src.process.indicatorPostExploitationCount\":0,\"src.process.parent.pid\":6008}", "type": [ @@ -204,9 +204,11 @@ An example event for `event` looks as following: }, "host": { "hostname": "asdf1", + "id": "asdf356783457dfds4456d65", "os": { "name": "WindowsServer2019Standard", - "platform": "windows" + "platform": "windows", + "type": "windows" }, "type": "server" }, @@ -215,12 +217,28 @@ An example event for `event` looks as following: }, "log": { "file": { - "path": "https://elastic-package-sentinel-one-bucket-47039.s3.us-east-1.amazonaws.com/command_script.log" + "path": "https://elastic-package-sentinel-one-bucket-11810.s3.us-east-1.amazonaws.com/command_script.log" }, "offset": 0 }, + "powershell": { + "file": { + "script_block_text": "$global:?" + } + }, "process": { + "args": [ + "powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';" + ], + "args_count": 1, + "code_signature": { + "exists": true, + "subject_name": "MICROSOFTWINDOWS", + "trusted": true + }, "command_line": "powershell.exe-ExecutionPolicyRestricted-CommandWrite-Host'Finalresult:1';", + "entity_id": "230B188E26085676", + "executable": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "hash": { "md5": "7353f60b1739074eb17c5f4dddefe239", "sha1": "6cbce4a295c163791b60fc23d285e6d84f28ee4c", @@ -228,7 +246,13 @@ An example event for `event` looks as following: }, "name": "powershell.exe", "parent": { + "args": [ + "C:\\Windows\\system32\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2" + ], + "args_count": 1, "command_line": "C:\\Windows\\system32\\CompatTelRunner.exe-m:appraiser.dll-f:DoScheduledTelemetryRun-cv:1DRRwZous0W15sCL.2", + "entity_id": "8608188E26085676", + "executable": "C:\\Windows\\System32\\CompatTelRunner.exe", "hash": { "sha1": "134fd2ad04cf59b0c10596230da5daf6fc711bd1", "sha256": "046f009960f70981597cd7b3a1e44cbb4ba5893cc1407734366aa55fbeda5d66" @@ -390,7 +414,7 @@ An example event for `event` looks as following: "is_signed": "signed" } }, - "timestamp": "2023-01-01T10:47:24.180Z", + "timestamp": "2024-01-01T10:47:24.180Z", "trace_id": "01GG71RXEEHZQFY6XZ1WGS2BAE", "type": "CommandScript" } @@ -400,9 +424,12 @@ An example event for `event` looks as following: "preserve_original_event", "forwarded", "sentinel_one_cloud_funnel-event" - ] + ], + "user": { + "domain": "NTAUTHORITY", + "name": "SYSTEM" + } } - ``` **Exported fields** @@ -420,6 +447,7 @@ An example event for `event` looks as following: | event.module | Event module. | constant_keyword | | input.type | Type of filebeat input. | keyword | | log.offset | Log offset. | long | +| powershell.file.script_block_text | Text of the executed script block. | text | | sentinel_one_cloud_funnel.event.account_id | SentinelOne Account ID. | keyword | | sentinel_one_cloud_funnel.event.agent.uuid | Agent Unique ID. | keyword | | sentinel_one_cloud_funnel.event.agent.version | Version of SentinelOne Agent. | keyword | diff --git a/packages/sentinel_one_cloud_funnel/manifest.yml b/packages/sentinel_one_cloud_funnel/manifest.yml index 97a3dad9b81..72d8b88f927 100644 --- a/packages/sentinel_one_cloud_funnel/manifest.yml +++ b/packages/sentinel_one_cloud_funnel/manifest.yml @@ -1,13 +1,13 @@ format_version: "3.0.2" name: sentinel_one_cloud_funnel title: SentinelOne Cloud Funnel -version: "0.11.0" +version: "0.12.0" description: Collect logs from SentinelOne Cloud Funnel with Elastic Agent. type: integration categories: ["security", "edr_xdr"] conditions: kibana: - version: ^8.12.0 + version: ^8.10.1 elastic: subscription: basic screenshots: From 33716e0b6ff5e82302c9814dcc3baf6467a628a6 Mon Sep 17 00:00:00 2001 From: Luca Belluccini Date: Wed, 6 Mar 2024 00:45:44 +0100 Subject: [PATCH 05/34] [Prometheus] SSL Certificate Authorities for remote_write (#9264) * [Prometheus] SSL Certificate Authorities --- packages/prometheus/changelog.yml | 5 +++++ .../data_stream/remote_write/agent/stream/stream.yml.hbs | 8 +++++++- packages/prometheus/data_stream/remote_write/manifest.yml | 6 ++++++ packages/prometheus/manifest.yml | 2 +- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/packages/prometheus/changelog.yml b/packages/prometheus/changelog.yml index fa691b67b5a..b7c52571908 100644 --- a/packages/prometheus/changelog.yml +++ b/packages/prometheus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.14.1" + changes: + - description: Add Certificate Authorities for Remote Write + type: enhancement + link: https://github.com/elastic/integrations/pull/9264 - version: "1.14.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/prometheus/data_stream/remote_write/agent/stream/stream.yml.hbs b/packages/prometheus/data_stream/remote_write/agent/stream/stream.yml.hbs index 91f45cf8384..c9cb3134dfa 100644 --- a/packages/prometheus/data_stream/remote_write/agent/stream/stream.yml.hbs +++ b/packages/prometheus/data_stream/remote_write/agent/stream/stream.yml.hbs @@ -4,6 +4,12 @@ port: {{port}} ssl.enabled: {{ssl.enabled}} ssl.certificate: {{ssl.certificate}} ssl.key: {{ssl.key}} +{{#if ssl.certificate_authorities}} +ssl.certificate_authorities: +{{#each ssl.certificate_authorities}} + - {{this}} +{{/each}} +{{/if}} rate_counters: {{rate_counters}} use_types: {{use_types}} types_patterns.exclude: @@ -19,4 +25,4 @@ data_stream: {{#if processors}} processors: {{processors}} -{{/if}} \ No newline at end of file +{{/if}} diff --git a/packages/prometheus/data_stream/remote_write/manifest.yml b/packages/prometheus/data_stream/remote_write/manifest.yml index b8e640620ed..f3ee6ffdabb 100644 --- a/packages/prometheus/data_stream/remote_write/manifest.yml +++ b/packages/prometheus/data_stream/remote_write/manifest.yml @@ -40,6 +40,12 @@ streams: required: false show_user: false default: /etc/pki/server/cert.key + - name: ssl.certificate_authorities + type: text + title: SSL Certificate Authorities + multi: true + required: false + show_user: false - name: rate_counters type: bool title: Rate Counters diff --git a/packages/prometheus/manifest.yml b/packages/prometheus/manifest.yml index 95061ee5b67..81565133234 100644 --- a/packages/prometheus/manifest.yml +++ b/packages/prometheus/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.10.0 name: prometheus title: Prometheus -version: 1.14.0 +version: 1.14.1 description: Collect metrics from Prometheus servers with Elastic Agent. type: integration categories: From 4efd95037467d5e54270006bcd71c3b0b6982932 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Molins Date: Wed, 6 Mar 2024 09:58:33 +0100 Subject: [PATCH 06/34] Update terraform lock files in aws package (#9212) Update terraform lock files to install and use the latest aws provider, currently 5.39.1 version. --- .../_dev/deploy/tf/.terraform.lock.hcl | 30 +++++++++++-------- .../_dev/deploy/tf/.terraform.lock.hcl | 29 ++++++++++-------- 2 files changed, 33 insertions(+), 26 deletions(-) diff --git a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/.terraform.lock.hcl b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/.terraform.lock.hcl index d8769bd6de8..d1947fa596b 100644 --- a/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/.terraform.lock.hcl +++ b/packages/aws/data_stream/ec2_metrics/_dev/deploy/tf/.terraform.lock.hcl @@ -2,19 +2,23 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.0.0" + version = "5.39.1" hashes = [ - "h1:G0toIzBkhRr/UNRdksvnIyPXnGT9nH0A7gWmu93I1Eg=", - "zh:02937cb37860b022e7d996726e7584ca23904baf7852d266f2dd7891ee088ae4", - "zh:259dd5790ec5f4e6814c9584c79834dce3d719e932ce662b21f13434e9441194", - "zh:2d230c8c92c3cb2c07471a4324d802c44365dcf99fe0d562cc737d1f964e9c1d", - "zh:380b04e78934519469e699c537516ae1674d15f77c6778c2738cd69374b661aa", - "zh:3d7121da1fa92166c9ea26f3c9839cef06833420d6c46978b4cbbfd0b5050791", - "zh:6b7f5a3b28ec3a631d689f599a39bfe98ca5b785353b01e374cff655b097a791", - "zh:7882291716d2d03df5ece721429770452db76c712fcff08964c3a7c0b639f703", - "zh:95250c5768610d69a28501f03176b6a05a5d5ac2ae317cb582d94b044b3272b3", - "zh:b16a622a76bee455c8b256d828f8a60515e1e9dad38420a4db1be9b9e16d474a", - "zh:c805822f0ba57e8063b6201e1f351aa4dbd5ad8886dedd25d809e5aeb9aa0259", - "zh:e1c3a0da5576aec4a48f897cd04b739c1f533cdb0005ce4c7f5bc45808b799b1", + "h1:hQLlAd6O1LdQHy1GdWtgT5fcOlc3TWW+SaaFkpe+e8E=", + "zh:05c50a5d8edb3ba4ebc4eb6e0d0b5e319142f5983b27821710ed7d475d335bdc", + "zh:082986a5784dd21957e632371b289e549f051a4ea21d5c78c6d744c3537f03c5", + "zh:192ae622ba562eacc4921ed549a794506179233d724fdd15a4f147f3400724a0", + "zh:19a1d4637a62de90b0da174c0bf01000cd900488f7e8f709d8a37f082c59756b", + "zh:1d7689a8583515f1705972d7ce57ccfab96215b19905530d2c78c02dcfaff583", + "zh:22c446a21209a52ab74b4ba1ede0b220531e97ce479430047e493a2c45e1d8cb", + "zh:4154de82290ab4e9f81bac1ea62342de8b3b7a608f99258c190d4dd1c6663e47", + "zh:6bc4859ccdc54f28af9286b2fa090a31dcb345138d68c471510b737f6a052011", + "zh:73c69e000e0b321e78a4a12fef60d37285f2afec0ea7be9e06163d985101cb59", + "zh:890a3422f5e445b49bae30facf448d0ec9cd647e9155d0b685b5b39e9d331a94", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9cd88bec0f5205df9032e3126d4e57edd1c5cc8d45cda25626882dafc485a3b0", + "zh:a3a8e3276d0fbf051bbafa192a2998b05745f2cf285ac8c36a9ad167a75c037f", + "zh:d47e4dcf4c0ad71b9a7c720be4f3a89f6786a82e77bbe8d950794562792a1da5", + "zh:f74e5b2af508c7de80a6ae5198df54a795eeba5058a0cd247828943f0c54f6e0", ] } diff --git a/packages/aws/data_stream/redshift/_dev/deploy/tf/.terraform.lock.hcl b/packages/aws/data_stream/redshift/_dev/deploy/tf/.terraform.lock.hcl index f3740741719..d1947fa596b 100644 --- a/packages/aws/data_stream/redshift/_dev/deploy/tf/.terraform.lock.hcl +++ b/packages/aws/data_stream/redshift/_dev/deploy/tf/.terraform.lock.hcl @@ -2,20 +2,23 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "4.18.0" + version = "5.39.1" hashes = [ - "h1:62MWy6fGx/cVk1DnLcc8rUxCCKhi6/R9fi/Af/ph9ag=", - "zh:100a11324326bf849b4c85d3c40a81e485726eee99c5a229387b8485a7a8da8b", - "zh:2226bbf97101af90e43cd5606d8678f35d7e7b477657d9297c42a1bd2ed42750", - "zh:27d51694300c08c32312f8832b889c57a2821dc022d49d38f9b1e14810f8a3fb", - "zh:2b8792c76986facfd415f967c5d61022f7ceeaa46c158037fe8939e36d954f99", - "zh:3ea787967de772cc3a13469753080c8fa81be5aefc735d3753c7627f63c948e5", - "zh:64d58463cbb2b93d5202ef311a101890a1e083f9587f3eabb9f2e26dd0cf8f43", + "h1:hQLlAd6O1LdQHy1GdWtgT5fcOlc3TWW+SaaFkpe+e8E=", + "zh:05c50a5d8edb3ba4ebc4eb6e0d0b5e319142f5983b27821710ed7d475d335bdc", + "zh:082986a5784dd21957e632371b289e549f051a4ea21d5c78c6d744c3537f03c5", + "zh:192ae622ba562eacc4921ed549a794506179233d724fdd15a4f147f3400724a0", + "zh:19a1d4637a62de90b0da174c0bf01000cd900488f7e8f709d8a37f082c59756b", + "zh:1d7689a8583515f1705972d7ce57ccfab96215b19905530d2c78c02dcfaff583", + "zh:22c446a21209a52ab74b4ba1ede0b220531e97ce479430047e493a2c45e1d8cb", + "zh:4154de82290ab4e9f81bac1ea62342de8b3b7a608f99258c190d4dd1c6663e47", + "zh:6bc4859ccdc54f28af9286b2fa090a31dcb345138d68c471510b737f6a052011", + "zh:73c69e000e0b321e78a4a12fef60d37285f2afec0ea7be9e06163d985101cb59", + "zh:890a3422f5e445b49bae30facf448d0ec9cd647e9155d0b685b5b39e9d331a94", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:b10eecf4c034a229712825124e7c0b765c5904648550dc8f844f68638531d337", - "zh:d9a3cc46e2746c40ea69bcfb2d12e765ee6bda3e1ed8ce73f272d492ff4836bb", - "zh:df625e57aa3b5fb3e4562da44daf6565289818ba2a7e66f86ad968b43fdb5148", - "zh:eaaa3a5d2a15a87b346e521872120a3ca7f6777a04226a55f51022eaf4097963", - "zh:ec6f4b00ae4f9d536f2a6c2e5a5f149867194268ce9068a9c348bc3e678fbfce", + "zh:9cd88bec0f5205df9032e3126d4e57edd1c5cc8d45cda25626882dafc485a3b0", + "zh:a3a8e3276d0fbf051bbafa192a2998b05745f2cf285ac8c36a9ad167a75c037f", + "zh:d47e4dcf4c0ad71b9a7c720be4f3a89f6786a82e77bbe8d950794562792a1da5", + "zh:f74e5b2af508c7de80a6ae5198df54a795eeba5058a0cd247828943f0c54f6e0", ] } From f0b47d02c8a6634f00961136c2d18db4cd4c8f81 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Molins Date: Wed, 6 Mar 2024 18:57:36 +0100 Subject: [PATCH 07/34] Check whether or not jenkins folder exists in backport branches (#9280) Add safeguards when running backport branches pipeline, to avoid errors if ".ci" (jenkins folder) does not exist or if there are no changes in the stage. --- .buildkite/scripts/backport_branch.sh | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.buildkite/scripts/backport_branch.sh b/.buildkite/scripts/backport_branch.sh index 4481c1cd325..20fd31c3d2c 100755 --- a/.buildkite/scripts/backport_branch.sh +++ b/.buildkite/scripts/backport_branch.sh @@ -84,6 +84,7 @@ removeOtherPackages() { updateBackportBranchContents() { local BUILDKITE_FOLDER_PATH=".buildkite" local JENKINS_FOLDER_PATH=".ci" + local files_cached_num="" if git ls-tree -d --name-only main:.ci >/dev/null 2>&1; then git checkout $BACKPORT_BRANCH_NAME echo "Copying $BUILDKITE_FOLDER_PATH from $SOURCE_BRANCH..." @@ -108,15 +109,26 @@ updateBackportBranchContents() { git config --global user.name "${GITHUB_USERNAME_SECRET}" git config --global user.email "${GITHUB_EMAIL_SECRET}" + echo "Commiting" + git add $BUILDKITE_FOLDER_PATH + if [ -d "${JENKINS_FOLDER_PATH}" ]; then + git add $JENKINS_FOLDER_PATH + fi + git add $PACKAGES_FOLDER_PATH/ + git status + + files_cached_num=$(git diff --name-only --cached | wc -l) + if [ "${files_cached_num}" -gt 0 ]; then + git commit -m "Add $BUILDKITE_FOLDER_PATH and $JENKINS_FOLDER_PATH to backport branch: $BACKPORT_BRANCH_NAME from the $SOURCE_BRANCH branch" + else + echo "Nothing to commit, skip." + fi + if [ "$DRY_RUN" == "true" ];then echo "DRY_RUN mode, nothing will be pushed." git diff $SOURCE_BRANCH...$BACKPORT_BRANCH_NAME else - echo "Commiting and pushing..." - git add $BUILDKITE_FOLDER_PATH - git add $JENKINS_FOLDER_PATH - git add $PACKAGES_FOLDER_PATH/ - git commit -m "Add $BUILDKITE_FOLDER_PATH and $JENKINS_FOLDER_PATH to backport branch: $BACKPORT_BRANCH_NAME from the $SOURCE_BRANCH branch" + echo "Pushing..." git push origin $BACKPORT_BRANCH_NAME fi } @@ -172,4 +184,7 @@ MSG="The backport branch: **$BACKPORT_BRANCH_NAME** has been created." echo "Adding CI files into the branch ${BACKPORT_BRANCH_NAME}" updateBackportBranchContents +if [ "${DRY_RUN}" == "true" ]; then + MSG="[DRY_RUN] ${MSG}." +fi buildkite-agent annotate "$MSG" --style "success" From d16a0f72b1e590c4be2a676fd431de363323e7a1 Mon Sep 17 00:00:00 2001 From: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com> Date: Wed, 6 Mar 2024 15:14:53 -0500 Subject: [PATCH 08/34] [Security Rules] Update security rules package to v8.13.1-beta.1 (#9284) * [Security Rules] Update security rules package to v8.13.1-beta.1 * Add changelog entry for 8.13.1-beta.1 --------- Co-authored-by: protectionsmachine <72879786+protectionsmachine@users.noreply.github.com> --- .../security_detection_engine/changelog.yml | 5 + ...6b315-b566-482f-866c-1d8e2477ba16_103.json | 90 ++++++++++++ ...24bd9-d23f-4ec1-8674-3cf1a21e130b_103.json | 89 ++++++++++++ ...54db96b-fd34-43b3-9af2-587b3bd33964_3.json | 100 +++++++++++++ ...5cad2fb-200c-407f-b472-02ea8c9e5e4a_3.json | 99 +++++++++++++ ...6487d-8069-4888-9ddd-61b52490cebc_103.json | 98 +++++++++++++ ...2157a-8e96-4a95-a6e3-5faae5081a74_103.json | 83 +++++++++++ ...a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_107.json | 122 ++++++++++++++++ ...68dba-ce29-497b-8e13-b4fde1db5a2d_104.json | 97 +++++++++++++ ...724808c-ba5d-48b2-86d2-0002103df753_3.json | 110 +++++++++++++++ ...a6484-2663-46db-a532-ef734bf9a796_103.json | 91 ++++++++++++ ...7c15a-91f8-4c3d-8b9e-1f99cc030a51_103.json | 94 +++++++++++++ ...0c9c2-bcd7-4d6e-9eba-faf3891ba450_109.json | 131 ++++++++++++++++++ ...10e77-c144-4e69-afb7-344e7127abd0_104.json | 88 ++++++++++++ ...0bfddd7-2954-4c9d-bbc6-19a99ca47e23_7.json | 101 ++++++++++++++ ...728c08d-9b70-456b-b6b8-007c7d246128_4.json | 128 +++++++++++++++++ ...e12a439-d002-4944-bc42-171c0dcb9b96_4.json | 96 +++++++++++++ ...ee4f0-182a-40a8-a835-102c68a4175d_104.json | 87 ++++++++++++ ...8819484-9826-4083-9eba-1da74cd0eaf2_2.json | 94 +++++++++++++ ...b868f1f-15ff-4ba3-8c11-d5a7a6356d37_3.json | 89 ++++++++++++ ...121ce-c7b6-474a-8237-68ff71672379_103.json | 93 +++++++++++++ ...1a09737-80f7-4551-a3be-dac8ef5d181a_2.json | 99 +++++++++++++ ...0658c-2107-4afc-91af-e0e55b7f7184_103.json | 95 +++++++++++++ ...b18eef4-842c-4b47-970f-f08d24004bde_4.json | 93 +++++++++++++ ...52599-ddec-4e14-bad1-28aa42404388_103.json | 94 +++++++++++++ ...3adec-1df9-4104-9c75-b97d9f078b25_103.json | 90 ++++++++++++ ...6c058f3-99f4-4d18-952b-43348f2577a0_2.json | 101 ++++++++++++++ ...239ea-c1bc-4467-a6d3-b9e2cc7f676d_103.json | 91 ++++++++++++ ...554fc-0777-47ce-8c9b-3d01f198d7f8_103.json | 97 +++++++++++++ ...ace94ba-f02c-4d55-9f53-87d99b6f9af4_6.json | 95 +++++++++++++ ...999d0-7ab2-44bf-b328-6e63367b9b29_103.json | 90 ++++++++++++ ...71231-6626-4e1b-abb7-6e361a171fbb_103.json | 88 ++++++++++++ ...14185-2568-4561-ae81-f3e480e5e695_103.json | 90 ++++++++++++ ...95807-5b09-4e37-8a54-5cae5dc932d7_103.json | 90 ++++++++++++ ...9fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_103.json | 90 ++++++++++++ ...c8805f6-1e08-406c-962e-3937057fa86f_5.json | 111 +++++++++++++++ ...51150-658f-4a60-832f-a00d1e6c6745_103.json | 90 ++++++++++++ ...1b212-b85c-41c6-9b28-be0e5cdfc9b1_103.json | 83 +++++++++++ ...1a775-8267-41fa-9232-20e5582596ac_104.json | 93 +++++++++++++ ...9768e-40e1-4e45-a097-0e5fbc876ac2_103.json | 90 ++++++++++++ ...4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_5.json | 95 +++++++++++++ ...eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_103.json | 90 ++++++++++++ ...3ff2a-203e-4a46-a3e3-40512cfe8fbb_103.json | 89 ++++++++++++ ...c71c186-9fe4-4437-a4d0-85ebb32b8204_7.json | 94 +++++++++++++ ...ff20a-46bc-4a4d-bae5-5cdd14222795_109.json | 99 +++++++++++++ ...0cc3807-e108-483c-bf66-5a4fbe0d7e89_3.json | 83 +++++++++++ ...eb8ba-a983-41d9-9c93-a1c05112ca5e_109.json | 98 +++++++++++++ ...efb0c-604d-42fa-ac46-ed1cfbc38f78_103.json | 116 ++++++++++++++++ ...530ca17-153b-4a7a-8cd3-98dd4b4ddf73_5.json | 100 +++++++++++++ ...ac52c69-2646-4e79-89c0-fd7653461010_5.json | 98 +++++++++++++ ...dd44a-0ac6-44c4-8609-3f81bc820f02_103.json | 90 ++++++++++++ .../security_detection_engine/manifest.yml | 4 +- 52 files changed, 4809 insertions(+), 2 deletions(-) create mode 100644 packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_3.json create mode 100644 packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_3.json create mode 100644 packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_107.json create mode 100644 packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_104.json create mode 100644 packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_3.json create mode 100644 packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_109.json create mode 100644 packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_104.json create mode 100644 packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_7.json create mode 100644 packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_4.json create mode 100644 packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_4.json create mode 100644 packages/security_detection_engine/kibana/security_rule/3efee4f0-182a-40a8-a835-102c68a4175d_104.json create mode 100644 packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_2.json create mode 100644 packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_3.json create mode 100644 packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_2.json create mode 100644 packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_4.json create mode 100644 packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_2.json create mode 100644 packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_6.json create mode 100644 packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/ac8805f6-1e08-406c-962e-3937057fa86f_5.json create mode 100644 packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_104.json create mode 100644 packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_5.json create mode 100644 packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_7.json create mode 100644 packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_109.json create mode 100644 packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_3.json create mode 100644 packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_109.json create mode 100644 packages/security_detection_engine/kibana/security_rule/ec8efb0c-604d-42fa-ac46-ed1cfbc38f78_103.json create mode 100644 packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_5.json create mode 100644 packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_5.json create mode 100644 packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_103.json diff --git a/packages/security_detection_engine/changelog.yml b/packages/security_detection_engine/changelog.yml index 20ae7908a32..4f092e3fab0 100644 --- a/packages/security_detection_engine/changelog.yml +++ b/packages/security_detection_engine/changelog.yml @@ -1,5 +1,10 @@ # newer versions go on top # NOTE: please use pre-release versions (e.g. -beta.0) until a package is ready for production +- version: 8.13.1-beta.1 + changes: + - description: Release security rules update + type: enhancement + link: https://github.com/elastic/integrations/pull/9284 - version: 8.12.5 changes: - description: Release security rules update diff --git a/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_103.json b/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_103.json new file mode 100644 index 00000000000..2d78d99c09e --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/0136b315-b566-482f-866c-1d8e2477ba16_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Austin Songer" + ], + "description": "Identifies when a user has been restricted from sending email due to exceeding sending limits of the service policies per the Security Compliance Center.", + "false_positives": [ + "A user sending emails using personal distribution folders may trigger the event." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 User Restricted from Sending Email", + "note": "", + "query": "event.dataset:o365.audit and event.provider:SecurityComplianceCenter and event.category:web and event.action:\"User restricted from sending email\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy", + "https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "0136b315-b566-482f-866c-1d8e2477ba16", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1078", + "name": "Valid Accounts", + "reference": "https://attack.mitre.org/techniques/T1078/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "0136b315-b566-482f-866c-1d8e2477ba16_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_103.json b/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_103.json new file mode 100644 index 00000000000..c506239682e --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/03024bd9-d23f-4ec1-8674-3cf1a21e130b_103.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a safe attachment rule is disabled in Microsoft 365. Safe attachment rules can extend malware protections to include routing all messages and attachments without a known malware signature to a special hypervisor environment. An adversary or insider threat may disable a safe attachment rule to exfiltrate data or evade defenses.", + "false_positives": [ + "A safe attachment rule may be disabled by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Safe Attachment Rule Disabled", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Disable-SafeAttachmentRule\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-safeattachmentrule?view=exchange-ps" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "03024bd9-d23f-4ec1-8674-3cf1a21e130b", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "low", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "03024bd9-d23f-4ec1-8674-3cf1a21e130b_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_3.json b/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_3.json new file mode 100644 index 00000000000..c361e1bad70 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/054db96b-fd34-43b3-9af2-587b3bd33964_3.json @@ -0,0 +1,100 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Monitors for the creation of rule files that are used by systemd-udevd to manage device nodes and handle kernel device events in the Linux operating system. Systemd-udevd can be exploited for persistence by adversaries by creating malicious udev rules that trigger on specific events, executing arbitrary commands or payloads whenever a certain device is plugged in or recognized by the system.", + "from": "now-9m", + "history_window_start": "now-14d", + "index": [ + "logs-endpoint.events.*", + "endgame-*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Potential Persistence Through Systemd-udevd", + "new_terms_fields": [ + "host.id", + "process.executable", + "file.path" + ], + "query": "host.os.type:\"linux\" and event.category:\"file\" and\nevent.type:(\"change\" or \"file_modify_event\" or \"creation\" or \"file_create_event\") and\nfile.path:/lib/udev/* and process.executable:* and not (\n process.name:(\"dockerd\" or \"docker\" or \"dpkg\" or \"dnf\" or \"dnf-automatic\" or \"yum\" or \"rpm\" or \"systemd-hwdb\" or\n \"podman\" or \"buildah\") or file.extension : (\"swp\" or \"swpx\")\n)\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "file.extension", + "type": "keyword" + }, + { + "ecs": true, + "name": "file.path", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.executable", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "054db96b-fd34-43b3-9af2-587b3bd33964", + "setup": "## Setup\n\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows\nthe Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click Add integrations.\n- In the query bar, search for Elastic Defend and select the integration to see more details about it.\n- Click Add Elastic Defend.\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either Traditional Endpoints or Cloud Workloads.\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest to select \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in New agent policy name. If other agent policies already exist, you can click the Existing hosts tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click Save and Continue.\n- To complete the integration, select Add Elastic Agent to your hosts and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Persistence", + "Data Source: Elastic Endgame", + "Data Source: Elastic Defend" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1037", + "name": "Boot or Logon Initialization Scripts", + "reference": "https://attack.mitre.org/techniques/T1037/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "new_terms", + "version": 3 + }, + "id": "054db96b-fd34-43b3-9af2-587b3bd33964_3", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_3.json b/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_3.json new file mode 100644 index 00000000000..471abafa76b --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/05cad2fb-200c-407f-b472-02ea8c9e5e4a_3.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors the syslog log file for messages related to instances of a tainted kernel module load. Rootkits often leverage kernel modules as their main defense evasion technique. Detecting tainted kernel module loads is crucial for ensuring system security and integrity, as malicious or unauthorized modules can compromise the kernel and lead to system vulnerabilities or unauthorized access.", + "from": "now-9m", + "index": [ + "logs-system.syslog-*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Tainted Kernel Module Load", + "query": "host.os.type:linux and event.dataset:\"system.syslog\" and process.name:kernel and \nmessage:\"module verification failed: signature and/or required key missing - tainting kernel\"\n", + "related_integrations": [ + { + "package": "system", + "version": "^1.6.4" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "message", + "type": "match_only_text" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "05cad2fb-200c-407f-b472-02ea8c9e5e4a", + "setup": "\nThis rule requires data coming in from one of the following integrations:\n- Filebeat\n\n### Filebeat Setup\nFilebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing.\n\n#### The following steps should be executed in order to add the Filebeat for the Linux System:\n- Elastic provides repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.\n- To install the APT and YUM repositories follow the setup instructions in this [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html).\n- To run Filebeat on Docker follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html).\n- To run Filebeat on Kubernetes follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html).\n- For quick start information for Filebeat refer to the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/8.11/filebeat-installation-configuration.html).\n- For complete Setup and Run Filebeat information refer to the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/setting-up-and-running.html).\n\n#### Rule Specific Setup Note\n- This rule requires the Filebeat System Module to be enabled.\n- The system module collects and parses logs created by the system logging service of common Unix/Linux based distributions.\n- To run the system module of Filebeat on Linux follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-system.html).\n\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Persistence", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "reference": "https://attack.mitre.org/techniques/T1547/", + "subtechnique": [ + { + "id": "T1547.006", + "name": "Kernel Modules and Extensions", + "reference": "https://attack.mitre.org/techniques/T1547/006/" + } + ] + } + ] + }, + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1014", + "name": "Rootkit", + "reference": "https://attack.mitre.org/techniques/T1014/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 3 + }, + "id": "05cad2fb-200c-407f-b472-02ea8c9e5e4a_3", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_103.json b/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_103.json new file mode 100644 index 00000000000..58735bf3432 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/0ce6487d-8069-4888-9ddd-61b52490cebc_103.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "author": [ + "Elastic", + "Austin Songer" + ], + "description": "Identifies the assignment of rights to access content from another mailbox. An adversary may use the compromised account to send messages to other accounts in the network of the target organization while creating inbox rules, so messages can evade spam/phishing detection mechanisms.", + "false_positives": [ + "Assignment of rights to a service account." + ], + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "O365 Exchange Suspicious Mailbox Right Delegation", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.action:Add-MailboxPermission and\no365.audit.Parameters.AccessRights:(FullAccess or SendAs or SendOnBehalf) and event.outcome:success and\nnot user.id : \"NT AUTHORITY\\SYSTEM (Microsoft.Exchange.Servicehost)\"\n", + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.AccessRights", + "type": "unknown" + }, + { + "ecs": true, + "name": "user.id", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "0ce6487d-8069-4888-9ddd-61b52490cebc", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "low", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1098", + "name": "Account Manipulation", + "reference": "https://attack.mitre.org/techniques/T1098/", + "subtechnique": [ + { + "id": "T1098.002", + "name": "Additional Email Delegate Permissions", + "reference": "https://attack.mitre.org/techniques/T1098/002/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "0ce6487d-8069-4888-9ddd-61b52490cebc_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_103.json b/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_103.json new file mode 100644 index 00000000000..4413414c00e --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/0e52157a-8e96-4a95-a6e3-5faae5081a74_103.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies the occurence of files uploaded to SharePoint being detected as Malware by the file scanning engine. Attackers can use File Sharing and Organization Repositories to spread laterally within the company and amplify their access. Users can inadvertently share these files without knowing their maliciousness, giving adversaries opportunities to gain initial access to other endpoints in the environment.", + "false_positives": [ + "Benign files can trigger signatures in the built-in virus protection" + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "SharePoint Malware File Upload", + "note": "", + "query": "event.dataset:o365.audit and event.provider:SharePoint and event.code:SharePointFileOperation and event.action:FileMalwareDetected\n", + "references": [ + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/virus-detection-in-spo?view=o365-worldwide" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.code", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 73, + "rule_id": "0e52157a-8e96-4a95-a6e3-5faae5081a74", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "high", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Tactic: Lateral Movement" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0008", + "name": "Lateral Movement", + "reference": "https://attack.mitre.org/tactics/TA0008/" + }, + "technique": [ + { + "id": "T1080", + "name": "Taint Shared Content", + "reference": "https://attack.mitre.org/techniques/T1080/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "0e52157a-8e96-4a95-a6e3-5faae5081a74_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_107.json b/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_107.json new file mode 100644 index 00000000000..19c7eb5748e --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_107.json @@ -0,0 +1,122 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Detects when a user grants permissions to an Azure-registered application or when an administrator grants tenant-wide permissions to an application. An adversary may create an Azure-registered application that requests access to data such as contact information, email, or documents.", + "from": "now-25m", + "index": [ + "filebeat-*", + "logs-azure*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Possible Consent Grant Attack via Azure-Registered Application", + "note": "## Triage and analysis\n\n### Investigating Possible Consent Grant Attack via Azure-Registered Application\n\nIn an illicit consent grant attack, the attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end user into granting that application consent to access their data either through a phishing attack, or by injecting illicit code into a trusted website. After the illicit application has been granted consent, it has account-level access to data without the need for an organizational account. Normal remediation steps like resetting passwords for breached accounts or requiring multi-factor authentication (MFA) on accounts are not effective against this type of attack, since these are third-party applications and are external to the organization.\n\nOfficial Microsoft guidance for detecting and remediating this attack can be found [here](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants).\n\n#### Possible investigation steps\n\n- From the Azure AD portal, Review the application that was granted permissions:\n - Click on the `Review permissions` button on the `Permissions` blade of the application.\n - An app should require only permissions related to the app's purpose. If that's not the case, the app might be risky.\n - Apps that require high privileges or admin consent are more likely to be risky.\n- Investigate the app and the publisher. The following characteristics can indicate suspicious apps:\n - A low number of downloads.\n - Low rating or score or bad comments.\n - Apps with a suspicious publisher or website.\n - Apps whose last update is not recent. This might indicate an app that is no longer supported.\n- Export and examine the [Oauth app auditing](https://docs.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions#oauth-app-auditing) to identify users affected.\n\n### False positive analysis\n\n- This mechanism can be used legitimately. Malicious applications abuse the same workflow used by legitimate apps. Thus, analysts must review each app consent to ensure that only desired apps are granted access.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Identify the possible impact of the incident and prioritize accordingly; the following actions can help you gain context:\n - Identify the account role in the cloud environment.\n - Assess the criticality of affected services and servers.\n - Work with your IT team to identify and minimize the impact on users.\n - Identify if the attacker is moving laterally and compromising other accounts, servers, or services.\n - Identify any regulatory or legal ramifications related to this activity.\n- Disable the malicious application to stop user access and the application access to your data.\n- Revoke the application Oauth consent grant. The `Remove-AzureADOAuth2PermissionGrant` cmdlet can be used to complete this task.\n- Remove the service principal application role assignment. The `Remove-AzureADServiceAppRoleAssignment` cmdlet can be used to complete this task.\n- Revoke the refresh token for all users assigned to the application. Azure provides a [playbook](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Revoke-AADSignInSessions) for this task.\n- [Report](https://docs.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions#send-feedback) the application as malicious to Microsoft.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords or delete API keys as needed to revoke the attacker's access to the environment. Work with your IT teams to minimize the impact on business operations during these actions.\n- Investigate the potential for data compromise from the user's email and file sharing services. Activate your Data Loss incident response playbook.\n- Disable the permission for a user to set consent permission on their behalf.\n - Enable the [Admin consent request](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consent-workflow) feature.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).", + "query": "event.dataset:(azure.activitylogs or azure.auditlogs or o365.audit) and\n (\n azure.activitylogs.operation_name:\"Consent to application\" or\n azure.auditlogs.operation_name:\"Consent to application\" or\n o365.audit.Operation:\"Consent to application.\"\n ) and\n event.outcome:(Success or success)\n", + "references": [ + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-worldwide", + "https://www.cloud-architekt.net/detection-and-mitigation-consent-grant-attacks-azuread/", + "https://docs.microsoft.com/en-us/defender-cloud-apps/investigate-risky-oauth#how-to-detect-risky-oauth-apps" + ], + "related_integrations": [ + { + "integration": "activitylogs", + "package": "azure", + "version": "^1.0.0" + }, + { + "package": "azure", + "version": "^1.0.0" + }, + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": false, + "name": "azure.activitylogs.operation_name", + "type": "keyword" + }, + { + "ecs": false, + "name": "azure.auditlogs.operation_name", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Operation", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38", + "setup": "The Azure Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Azure", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Resources: Investigation Guide", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1566", + "name": "Phishing", + "reference": "https://attack.mitre.org/techniques/T1566/", + "subtechnique": [ + { + "id": "T1566.002", + "name": "Spearphishing Link", + "reference": "https://attack.mitre.org/techniques/T1566/002/" + } + ] + } + ] + }, + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0006", + "name": "Credential Access", + "reference": "https://attack.mitre.org/tactics/TA0006/" + }, + "technique": [ + { + "id": "T1528", + "name": "Steal Application Access Token", + "reference": "https://attack.mitre.org/techniques/T1528/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 107 + }, + "id": "1c6a8c7a-5cb6-4a82-ba27-d5a5b8a40a38_107", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_104.json b/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_104.json new file mode 100644 index 00000000000..8366016c5db --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/26f68dba-ce29-497b-8e13-b4fde1db5a2d_104.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "author": [ + "Elastic", + "Willem D'Haese", + "Austin Songer" + ], + "description": "Identifies attempts to brute force a Microsoft 365 user account. An adversary may attempt a brute force attack to obtain unauthorized access to user accounts.", + "false_positives": [ + "Automated processes that attempt to authenticate using expired credentials and unbounded retries may lead to false positives." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Attempts to Brute Force a Microsoft 365 User Account", + "note": "", + "query": "event.dataset:o365.audit and event.provider:(AzureActiveDirectory or Exchange) and\n event.category:authentication and event.action:(UserLoginFailed or PasswordLogonInitialAuthUsingPassword) and\n not o365.audit.LogonError:(UserAccountNotFound or EntitlementGrantsNotFound or UserStrongAuthEnrollmentRequired or\n UserStrongAuthClientAuthNRequired or InvalidReplyTo)\n", + "references": [ + "https://blueteamblog.com/7-ways-to-monitor-your-office-365-logs-using-siem" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.LogonError", + "type": "keyword" + } + ], + "risk_score": 73, + "rule_id": "26f68dba-ce29-497b-8e13-b4fde1db5a2d", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "high", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Credential Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0006", + "name": "Credential Access", + "reference": "https://attack.mitre.org/tactics/TA0006/" + }, + "technique": [ + { + "id": "T1110", + "name": "Brute Force", + "reference": "https://attack.mitre.org/techniques/T1110/" + } + ] + } + ], + "threshold": { + "field": [ + "user.id" + ], + "value": 10 + }, + "timestamp_override": "event.ingested", + "type": "threshold", + "version": 104 + }, + "id": "26f68dba-ce29-497b-8e13-b4fde1db5a2d_104", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_3.json b/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_3.json new file mode 100644 index 00000000000..17834dbdc1a --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/2724808c-ba5d-48b2-86d2-0002103df753_3.json @@ -0,0 +1,110 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Monitors for the deletion of the kernel ring buffer events through dmesg. Attackers may clear kernel ring buffer events to evade detection after installing a Linux kernel module (LKM).", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Attempt to Clear Kernel Ring Buffer", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"dmesg\" and process.args == \"-c\"\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "2724808c-ba5d-48b2-86d2-0002103df753", + "setup": "\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/", + "subtechnique": [ + { + "id": "T1562.001", + "name": "Disable or Modify Tools", + "reference": "https://attack.mitre.org/techniques/T1562/001/" + } + ] + }, + { + "id": "T1070", + "name": "Indicator Removal", + "reference": "https://attack.mitre.org/techniques/T1070/", + "subtechnique": [ + { + "id": "T1070.002", + "name": "Clear Linux or Mac System Logs", + "reference": "https://attack.mitre.org/techniques/T1070/002/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 3 + }, + "id": "2724808c-ba5d-48b2-86d2-0002103df753_3", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_103.json b/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_103.json new file mode 100644 index 00000000000..87b31135047 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/272a6484-2663-46db-a532-ef734bf9a796_103.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a transport rule has been disabled or deleted in Microsoft 365. Mail flow rules (also known as transport rules) are used to identify and take action on messages that flow through your organization. An adversary or insider threat may modify a transport rule to exfiltrate data or evade defenses.", + "false_positives": [ + "A transport rule may be modified by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Transport Rule Modification", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Remove-TransportRule\" or \"Disable-TransportRule\") and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-transportrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-transportrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "272a6484-2663-46db-a532-ef734bf9a796", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Exfiltration" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0010", + "name": "Exfiltration", + "reference": "https://attack.mitre.org/tactics/TA0010/" + }, + "technique": [ + { + "id": "T1537", + "name": "Transfer Data to Cloud Account", + "reference": "https://attack.mitre.org/techniques/T1537/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "272a6484-2663-46db-a532-ef734bf9a796_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_103.json b/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_103.json new file mode 100644 index 00000000000..c31a3814904 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_103.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when external access is enabled in Microsoft Teams. External access lets Teams and Skype for Business users communicate with other users that are outside their organization. An adversary may enable external access or add an allowed domain to exfiltrate data or maintain persistence in an environment.", + "false_positives": [ + "Teams external access may be enabled by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Teams External Access Enabled", + "note": "", + "query": "event.dataset:o365.audit and event.provider:(SkypeForBusiness or MicrosoftTeams) and\nevent.category:web and event.action:\"Set-CsTenantFederationConfiguration\" and\no365.audit.Parameters.AllowFederatedUsers:True and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/microsoftteams/manage-external-access" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.AllowFederatedUsers", + "type": "unknown" + } + ], + "risk_score": 47, + "rule_id": "27f7c15a-91f8-4c3d-8b9e-1f99cc030a51", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1098", + "name": "Account Manipulation", + "reference": "https://attack.mitre.org/techniques/T1098/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "27f7c15a-91f8-4c3d-8b9e-1f99cc030a51_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_109.json b/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_109.json new file mode 100644 index 00000000000..3d399c3effd --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/2820c9c2-bcd7-4d6e-9eba-faf3891ba450_109.json @@ -0,0 +1,131 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies an attempt to reset a potentially privileged account password remotely. Adversaries may manipulate account passwords to maintain access or evade password duration policies and preserve compromised credentials.", + "false_positives": [ + "Legitimate remote account administration." + ], + "from": "now-9m", + "index": [ + "winlogbeat-*", + "logs-system.security*", + "logs-windows.forwarded*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Account Password Reset Remotely", + "note": "This rule may cause medium to high performance impact due to logic scoping all remote Windows logon activity.", + "query": "sequence by winlog.computer_name with maxspan=1m\n [authentication where event.action == \"logged-in\" and\n /* event 4624 need to be logged */\n winlog.logon.type : \"Network\" and event.outcome == \"success\" and source.ip != null and\n source.ip != \"127.0.0.1\" and source.ip != \"::1\" and\n not winlog.event_data.TargetUserName : (\"svc*\", \"PIM_*\", \"_*_\", \"*-*-*\", \"*$\")] by winlog.event_data.TargetLogonId\n /* event 4724 need to be logged */\n [iam where event.action == \"reset-password\" and\n (\n /*\n This rule is very noisy if not scoped to privileged accounts, duplicate the\n rule and add your own naming convention and accounts of interest here.\n */\n winlog.event_data.TargetUserName: (\"*Admin*\", \"*super*\", \"*SVC*\", \"*DC0*\", \"*service*\", \"*DMZ*\", \"*ADM*\") or\n winlog.event_data.TargetSid : (\"S-1-5-21-*-500\", \"S-1-12-1-*-500\")\n )\n ] by winlog.event_data.SubjectLogonId\n", + "references": [ + "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4724", + "https://stealthbits.com/blog/manipulating-user-passwords-with-mimikatz/", + "https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Credential%20Access/remote_pwd_reset_rpc_mimikatz_postzerologon_target_DC.evtx", + "https://www.elastic.co/security-labs/detect-credential-access" + ], + "related_integrations": [ + { + "package": "system", + "version": "^1.6.4" + }, + { + "package": "windows", + "version": "^1.5.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "source.ip", + "type": "ip" + }, + { + "ecs": false, + "name": "winlog.computer_name", + "type": "keyword" + }, + { + "ecs": false, + "name": "winlog.event_data.SubjectLogonId", + "type": "keyword" + }, + { + "ecs": false, + "name": "winlog.event_data.TargetLogonId", + "type": "keyword" + }, + { + "ecs": false, + "name": "winlog.event_data.TargetSid", + "type": "unknown" + }, + { + "ecs": false, + "name": "winlog.event_data.TargetUserName", + "type": "keyword" + }, + { + "ecs": false, + "name": "winlog.logon.type", + "type": "unknown" + } + ], + "risk_score": 47, + "rule_id": "2820c9c2-bcd7-4d6e-9eba-faf3891ba450", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Windows", + "Use Case: Threat Detection", + "Tactic: Persistence", + "Tactic: Impact" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1098", + "name": "Account Manipulation", + "reference": "https://attack.mitre.org/techniques/T1098/" + } + ] + }, + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0040", + "name": "Impact", + "reference": "https://attack.mitre.org/tactics/TA0040/" + }, + "technique": [ + { + "id": "T1531", + "name": "Account Access Removal", + "reference": "https://attack.mitre.org/techniques/T1531/" + } + ] + } + ], + "type": "eql", + "version": 109 + }, + "id": "2820c9c2-bcd7-4d6e-9eba-faf3891ba450_109", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_104.json b/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_104.json new file mode 100644 index 00000000000..a36767fd835 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/2de10e77-c144-4e69-afb7-344e7127abd0_104.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "author": [ + "Elastic", + "Austin Songer" + ], + "description": "Identifies accounts with a high number of single sign-on (SSO) logon errors. Excessive logon errors may indicate an attempt to brute force a password or SSO token.", + "false_positives": [ + "Automated processes that attempt to authenticate using expired credentials and unbounded retries may lead to false positives." + ], + "from": "now-20m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "O365 Excessive Single Sign-On Logon Errors", + "note": "", + "query": "event.dataset:o365.audit and event.provider:AzureActiveDirectory and event.category:authentication and o365.audit.LogonError:\"SsoArtifactInvalidOrExpired\"\n", + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.LogonError", + "type": "keyword" + } + ], + "risk_score": 73, + "rule_id": "2de10e77-c144-4e69-afb7-344e7127abd0", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "high", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Credential Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0006", + "name": "Credential Access", + "reference": "https://attack.mitre.org/tactics/TA0006/" + }, + "technique": [ + { + "id": "T1110", + "name": "Brute Force", + "reference": "https://attack.mitre.org/techniques/T1110/" + } + ] + } + ], + "threshold": { + "field": [ + "user.id" + ], + "value": 5 + }, + "timestamp_override": "event.ingested", + "type": "threshold", + "version": 104 + }, + "id": "2de10e77-c144-4e69-afb7-344e7127abd0_104", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_7.json b/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_7.json new file mode 100644 index 00000000000..ee021293cbf --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/30bfddd7-2954-4c9d-bbc6-19a99ca47e23_7.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies instances where the 'touch' command is executed on a Linux system with the \"-r\" flag, which is used to modify the timestamp of a file based on another file's timestamp. The rule targets specific VM-related paths, such as \"/etc/vmware/\", \"/usr/lib/vmware/\", or \"/vmfs/*\". These paths are associated with VMware virtualization software, and their presence in the touch command arguments may indicate that a threat actor is attempting to tamper with timestamps of VM-related files and configurations on the system.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "ESXI Timestomping using Touch Command", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"touch\" and process.args == \"-r\" and\nprocess.args : (\"/etc/vmware/*\", \"/usr/lib/vmware/*\", \"/vmfs/*\")\n", + "references": [ + "https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "30bfddd7-2954-4c9d-bbc6-19a99ca47e23", + "setup": "\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Endgame", + "Data Source: Elastic Defend", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1070", + "name": "Indicator Removal", + "reference": "https://attack.mitre.org/techniques/T1070/", + "subtechnique": [ + { + "id": "T1070.006", + "name": "Timestomp", + "reference": "https://attack.mitre.org/techniques/T1070/006/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 7 + }, + "id": "30bfddd7-2954-4c9d-bbc6-19a99ca47e23_7", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_4.json b/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_4.json new file mode 100644 index 00000000000..b2cc0f01bdc --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/3728c08d-9b70-456b-b6b8-007c7d246128_4.json @@ -0,0 +1,128 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for the potential edit of a suspicious file. In Linux, when editing a file through an editor, a temporary .swp file is created. By monitoring for the creation of this .swp file, we can detect potential file edits of suspicious files. The execution of this rule is not a clear sign of the file being edited, as just opening the file through an editor will trigger this event. Attackers may alter any of the files added in this rule to establish persistence, escalate privileges or perform reconnaisance on the system.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*" + ], + "language": "eql", + "license": "Elastic License v2", + "max_signals": 1, + "name": "Potential Suspicious File Edit", + "query": "file where event.action in (\"creation\", \"file_create_event\") and file.extension == \"swp\" and \nfile.path : (\n /* common interesting files and locations */\n \"/etc/.shadow.swp\", \"/etc/.shadow-.swp\", \"/etc/.shadow~.swp\", \"/etc/.gshadow.swp\", \"/etc/.gshadow-.swp\",\n \"/etc/.passwd.swp\", \"/etc/.pwd.db.swp\", \"/etc/.master.passwd.swp\", \"/etc/.spwd.db.swp\", \"/etc/security/.opasswd.swp\",\n \"/etc/.environment.swp\", \"/etc/.profile.swp\", \"/etc/sudoers.d/.*.swp\", \"/etc/ld.so.conf.d/.*.swp\",\n \"/etc/init.d/.*.swp\", \"/etc/.rc.local.swp\", \"/etc/rc*.d/.*.swp\", \"/dev/shm/.*.swp\", \"/etc/update-motd.d/.*.swp\",\n \"/usr/lib/update-notifier/.*.swp\",\n\n /* service, timer, want, socket and lock files */\n \"/etc/systemd/system/.*.swp\", \"/usr/local/lib/systemd/system/.*.swp\", \"/lib/systemd/system/.*.swp\",\n \"/usr/lib/systemd/system/.*.swp\",\"/home/*/.config/systemd/user/.*.swp\", \"/run/.*.swp\", \"/var/run/.*.swp/\",\n\n /* profile and shell configuration files */ \n \"/home/*.profile.swp\", \"/home/*.bash_profile.swp\", \"/home/*.bash_login.swp\", \"/home/*.bashrc.swp\", \"/home/*.bash_logout.swp\",\n \"/home/*.zshrc.swp\", \"/home/*.zlogin.swp\", \"/home/*.tcshrc.swp\", \"/home/*.kshrc.swp\", \"/home/*.config.fish.swp\",\n \"/root/*.profile.swp\", \"/root/*.bash_profile.swp\", \"/root/*.bash_login.swp\", \"/root/*.bashrc.swp\", \"/root/*.bash_logout.swp\",\n \"/root/*.zshrc.swp\", \"/root/*.zlogin.swp\", \"/root/*.tcshrc.swp\", \"/root/*.kshrc.swp\", \"/root/*.config.fish.swp\"\n)\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "file.extension", + "type": "keyword" + }, + { + "ecs": true, + "name": "file.path", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "3728c08d-9b70-456b-b6b8-007c7d246128", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Persistence", + "Tactic: Privilege Escalation", + "Data Source: Elastic Endgame", + "Data Source: Elastic Defend" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1037", + "name": "Boot or Logon Initialization Scripts", + "reference": "https://attack.mitre.org/techniques/T1037/", + "subtechnique": [ + { + "id": "T1037.004", + "name": "RC Scripts", + "reference": "https://attack.mitre.org/techniques/T1037/004/" + } + ] + }, + { + "id": "T1574", + "name": "Hijack Execution Flow", + "reference": "https://attack.mitre.org/techniques/T1574/", + "subtechnique": [ + { + "id": "T1574.006", + "name": "Dynamic Linker Hijacking", + "reference": "https://attack.mitre.org/techniques/T1574/006/" + } + ] + }, + { + "id": "T1543", + "name": "Create or Modify System Process", + "reference": "https://attack.mitre.org/techniques/T1543/", + "subtechnique": [ + { + "id": "T1543.002", + "name": "Systemd Service", + "reference": "https://attack.mitre.org/techniques/T1543/002/" + } + ] + } + ] + }, + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0004", + "name": "Privilege Escalation", + "reference": "https://attack.mitre.org/tactics/TA0004/" + }, + "technique": [ + { + "id": "T1548", + "name": "Abuse Elevation Control Mechanism", + "reference": "https://attack.mitre.org/techniques/T1548/", + "subtechnique": [ + { + "id": "T1548.003", + "name": "Sudo and Sudo Caching", + "reference": "https://attack.mitre.org/techniques/T1548/003/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 4 + }, + "id": "3728c08d-9b70-456b-b6b8-007c7d246128_4", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_4.json b/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_4.json new file mode 100644 index 00000000000..cc1921cc53d --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/3e12a439-d002-4944-bc42-171c0dcb9b96_4.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Detects the loading of a Linux kernel module through system calls. Threat actors may leverage Linux kernel modules to load a rootkit on a system providing them with complete control and the ability to hide from security products. As other rules monitor for the addition of Linux kernel modules through system utilities or .ko files, this rule covers the gap that evasive rootkits leverage by monitoring for kernel module additions on the lowest level through auditd_manager.", + "from": "now-9m", + "index": [ + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Kernel Driver Load", + "query": "driver where host.os.type == \"linux\" and event.action == \"loaded-kernel-module\" and\nauditd.data.syscall in (\"init_module\", \"finit_module\")\n", + "related_integrations": [ + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": false, + "name": "auditd.data.syscall", + "type": "unknown" + }, + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "3e12a439-d002-4944-bc42-171c0dcb9b96", + "setup": "## Setup\nThis rule requires the use of the `auditd_manager` integration. `Auditd_manager` is a tool designed to simplify and enhance the management of the audit subsystem in Linux systems. It provides a user-friendly interface and automation capabilities for configuring and monitoring system auditing through the auditd daemon. With `auditd_manager`, administrators can easily define audit rules, track system events, and generate comprehensive audit reports, improving overall security and compliance in the system. The following steps should be executed in order to install and deploy `auditd_manager` on a Linux system. \n\n```\nKibana -->\nManagement -->\nIntegrations -->\nAuditd Manager -->\nAdd Auditd Manager\n```\n\n`Auditd_manager` subscribes to the kernel and receives events as they occur without any additional configuration. However, if more advanced configuration is required to detect specific behavior, audit rules can be added to the integration in either the \"audit rules\" configuration box or the \"auditd rule files\" box by specifying a file to read the audit rules from. \n\nFor this detection rule to trigger, the following additional audit rules are required to be added to the integration:\n```\n-a always,exit -F arch=b64 -S finit_module -S init_module -S delete_module -F auid!=-1 -k modules\n-a always,exit -F arch=b32 -S finit_module -S init_module -S delete_module -F auid!=-1 -k modules\n```\n\nAdd the newly installed `auditd manager` to an agent policy, and deploy the agent on a Linux system from which auditd log files are desirable.\n", + "severity": "low", + "tags": [ + "Data Source: Auditd Manager", + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Persistence", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "reference": "https://attack.mitre.org/techniques/T1547/", + "subtechnique": [ + { + "id": "T1547.006", + "name": "Kernel Modules and Extensions", + "reference": "https://attack.mitre.org/techniques/T1547/006/" + } + ] + } + ] + }, + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1014", + "name": "Rootkit", + "reference": "https://attack.mitre.org/techniques/T1014/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 4 + }, + "id": "3e12a439-d002-4944-bc42-171c0dcb9b96_4", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/3efee4f0-182a-40a8-a835-102c68a4175d_104.json b/packages/security_detection_engine/kibana/security_rule/3efee4f0-182a-40a8-a835-102c68a4175d_104.json new file mode 100644 index 00000000000..8c475b5aec5 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/3efee4f0-182a-40a8-a835-102c68a4175d_104.json @@ -0,0 +1,87 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies a high number (25) of failed Microsoft 365 user authentication attempts from a single IP address within 30 minutes, which could be indicative of a password spraying attack. An adversary may attempt a password spraying attack to obtain unauthorized access to user accounts.", + "false_positives": [ + "Automated processes that attempt to authenticate using expired credentials and unbounded retries may lead to false positives." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Potential Password Spraying of Microsoft 365 User Accounts", + "note": "", + "query": "event.dataset:o365.audit and event.provider:(Exchange or AzureActiveDirectory) and event.category:authentication and\nevent.action:(\"UserLoginFailed\" or \"PasswordLogonInitialAuthUsingPassword\")\n", + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 73, + "rule_id": "3efee4f0-182a-40a8-a835-102c68a4175d", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "high", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Credential Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0006", + "name": "Credential Access", + "reference": "https://attack.mitre.org/tactics/TA0006/" + }, + "technique": [ + { + "id": "T1110", + "name": "Brute Force", + "reference": "https://attack.mitre.org/techniques/T1110/" + } + ] + } + ], + "threshold": { + "field": [ + "source.ip" + ], + "value": 25 + }, + "timestamp_override": "event.ingested", + "type": "threshold", + "version": 104 + }, + "id": "3efee4f0-182a-40a8-a835-102c68a4175d_104", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_2.json b/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_2.json new file mode 100644 index 00000000000..a8afcd5c5bc --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/48819484-9826-4083-9eba-1da74cd0eaf2_2.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a Microsoft 365 Mailbox is accessed by a ClientAppId that was observed for the fist time during the last 10 days.", + "false_positives": [ + "User using a new mail client." + ], + "from": "now-30m", + "history_window_start": "now-10d", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Suspicious Microsoft 365 Mail Access by ClientAppId", + "new_terms_fields": [ + "o365.audit.ClientAppId", + "user.id" + ], + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:MailItemsAccessed and event.outcome:success\n", + "references": [ + "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "48819484-9826-4083-9eba-1da74cd0eaf2", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1078", + "name": "Valid Accounts", + "reference": "https://attack.mitre.org/techniques/T1078/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "new_terms", + "version": 2 + }, + "id": "48819484-9826-4083-9eba-1da74cd0eaf2_2", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_3.json b/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_3.json new file mode 100644 index 00000000000..f1266166585 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_3.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for the execution of the ProxyChains utility. ProxyChains is a command-line tool that enables the routing of network connections through intermediary proxies, enhancing anonymity and enabling access to restricted resources. Attackers can exploit the ProxyChains utility to hide their true source IP address, evade detection, and perform malicious activities through a chain of proxy servers, potentially masking their identity and intentions.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "ProxyChains Activity", + "note": "## Triage and analysis\n\n### Investigating ProxyChains Activity\n\nAttackers can leverage `proxychains` to obfuscate their origin and bypass network defenses by routing their malicious traffic through multiple intermediary servers.\n\nThis rule looks for processes spawned through `proxychains` by analyzing `proxychains` process execution.\n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/master/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n> This investigation guide uses [placeholder fields](https://www.elastic.co/guide/en/security/current/osquery-placeholder-fields.html) to dynamically pass alert data into Osquery queries. Placeholder fields were introduced in Elastic Stack version 8.7.0. If you're using Elastic Stack version 8.6.0 or earlier, you'll need to manually adjust this investigation guide's queries to ensure they properly run.\n\n#### Possible investigation steps\n\n- Identify any signs of suspicious network activity or anomalies that may indicate network obfuscation. This could include unexpected traffic patterns or unusual network behavior.\n - Investigate listening ports and open sockets to look for potential protocol tunneling, reverse shells, or data exfiltration.\n - !{osquery{\"label\":\"Osquery - Retrieve Listening Ports\",\"query\":\"SELECT pid, address, port, socket, protocol, path FROM listening_ports\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Open Sockets\",\"query\":\"SELECT pid, family, remote_address, remote_port, socket, state FROM process_open_sockets\"}}\n- Identify the user account that performed the action, analyze it, and check whether it should perform this kind of action.\n - !{osquery{\"label\":\"Osquery - Retrieve Information for a Specific User\",\"query\":\"SELECT * FROM users WHERE username = {{user.name}}\"}}\n- Investigate whether the user is currently logged in and active.\n - !{osquery{\"label\":\"Osquery - Investigate the Account Authentication Status\",\"query\":\"SELECT * FROM logged_in_users WHERE user = {{user.name}}\"}}\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence and whether they are located in expected locations.\n - !{osquery{\"label\":\"Osquery - Retrieve Running Processes by User\",\"query\":\"SELECT pid, username, name FROM processes p JOIN users u ON u.uid = p.uid ORDER BY username\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Process Info\",\"query\":\"SELECT name, cmdline, parent, path, uid FROM processes\"}}\n- Investigate other alerts associated with the user/host during the past 48 hours.\n - If scripts or executables were dropped, retrieve the files and determine if they are malicious:\n - Use a private sandboxed malware analysis system to perform analysis.\n - Observe and collect information about the following activities:\n - Attempts to contact external domains and addresses.\n - Check if the domain is newly registered or unexpected.\n - Check the reputation of the domain or IP address.\n - File access, modification, and creation activities.\n\n### Related rules\n\n- Suspicious Utility Launched via ProxyChains - 6ace94ba-f02c-4d55-9f53-87d99b6f9af4\n- Potential Protocol Tunneling via Chisel Client - 3f12325a-4cc6-410b-8d4c-9fbbeb744cfd\n- Potential Protocol Tunneling via Chisel Server - ac8805f6-1e08-406c-962e-3937057fa86f\n- Potential Linux Tunneling and/or Port Forwarding - 6ee947e9-de7e-4281-a55d-09289bdf947e\n- Potential Protocol Tunneling via EarthWorm - 9f1c4ca3-44b5-481d-ba42-32dc215a2769\n\n### False positive analysis\n\n- If this activity is related to new benign software installation activity, consider adding exceptions \u2014 preferably with a combination of user and command line conditions.\n- If this activity is related to a system administrator or developer who uses this utility for benign purposes, consider adding exceptions for specific user accounts or hosts. \n- Try to understand the context of the execution by thinking about the user, machine, or business purpose. A small number of endpoints, such as servers with unique software, might appear unusual but satisfy a specific business need.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors, such as reverse shells, reverse proxies, or droppers, that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Leverage the incident response data and logging to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"proxychains\"\n", + "references": [ + "https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "4b868f1f-15ff-4ba3-8c11-d5a7a6356d37", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Command and Control", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0011", + "name": "Command and Control", + "reference": "https://attack.mitre.org/tactics/TA0011/" + }, + "technique": [ + { + "id": "T1572", + "name": "Protocol Tunneling", + "reference": "https://attack.mitre.org/techniques/T1572/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 3 + }, + "id": "4b868f1f-15ff-4ba3-8c11-d5a7a6356d37_3", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_103.json b/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_103.json new file mode 100644 index 00000000000..3f5e28f19aa --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/514121ce-c7b6-474a-8237-68ff71672379_103.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a DomainKeys Identified Mail (DKIM) signing configuration is disabled in Microsoft 365. With DKIM in Microsoft 365, messages that are sent from Exchange Online will be cryptographically signed. This will allow the receiving email system to validate that the messages were generated by a server that the organization authorized and were not spoofed.", + "false_positives": [ + "Disabling a DKIM configuration may be done by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange DKIM Signing Configuration Disabled", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Set-DkimSigningConfig\" and o365.audit.Parameters.Enabled:False and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/set-dkimsigningconfig?view=exchange-ps" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.Enabled", + "type": "unknown" + } + ], + "risk_score": 47, + "rule_id": "514121ce-c7b6-474a-8237-68ff71672379", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1556", + "name": "Modify Authentication Process", + "reference": "https://attack.mitre.org/techniques/T1556/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "514121ce-c7b6-474a-8237-68ff71672379_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_2.json b/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_2.json new file mode 100644 index 00000000000..afeae342851 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/51a09737-80f7-4551-a3be-dac8ef5d181a_2.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors the syslog log file for messages related to instances of a out-of-tree kernel module load, indicating the taining of the kernel. Rootkits often leverage kernel modules as their main defense evasion technique. Detecting tainted kernel module loads is crucial for ensuring system security and integrity, as malicious or unauthorized modules can compromise the kernel and lead to system vulnerabilities or unauthorized access.", + "from": "now-9m", + "index": [ + "logs-system.syslog-*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Tainted Out-Of-Tree Kernel Module Load", + "query": "host.os.type:linux and event.dataset:\"system.syslog\" and process.name:kernel and \nmessage:\"loading out-of-tree module taints kernel.\"\n", + "related_integrations": [ + { + "package": "system", + "version": "^1.6.4" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "message", + "type": "match_only_text" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "51a09737-80f7-4551-a3be-dac8ef5d181a", + "setup": "## Setup\n\nThis rule requires data coming in from one of the following integrations:\n- Filebeat\n\n### Filebeat Setup\nFilebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing.\n\n#### The following steps should be executed in order to add the Filebeat for the Linux System:\n- Elastic provides repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.\n- To install the APT and YUM repositories follow the setup instructions in this [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html).\n- To run Filebeat on Docker follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html).\n- To run Filebeat on Kubernetes follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html).\n- For quick start information for Filebeat refer to the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/8.11/filebeat-installation-configuration.html).\n- For complete Setup and Run Filebeat information refer to the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/setting-up-and-running.html).\n\n#### Rule Specific Setup Note\n- This rule requires the Filebeat System Module to be enabled.\n- The system module collects and parses logs created by the system logging service of common Unix/Linux based distributions.\n- To run the system module of Filebeat on Linux follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-system.html).\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Persistence", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1547", + "name": "Boot or Logon Autostart Execution", + "reference": "https://attack.mitre.org/techniques/T1547/", + "subtechnique": [ + { + "id": "T1547.006", + "name": "Kernel Modules and Extensions", + "reference": "https://attack.mitre.org/techniques/T1547/006/" + } + ] + } + ] + }, + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1014", + "name": "Rootkit", + "reference": "https://attack.mitre.org/techniques/T1014/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 2 + }, + "id": "51a09737-80f7-4551-a3be-dac8ef5d181a_2", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_103.json b/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_103.json new file mode 100644 index 00000000000..eb1228a0759 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/5930658c-2107-4afc-91af-e0e55b7f7184_103.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Detects the occurrence of emails reported as Phishing or Malware by Users. Security Awareness training is essential to stay ahead of scammers and threat actors, as security products can be bypassed, and the user can still receive a malicious message. Educating users to report suspicious messages can help identify gaps in security controls and prevent malware infections and Business Email Compromise attacks.", + "false_positives": [ + "Legitimate files reported by the users" + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "O365 Email Reported by User as Malware or Phish", + "note": "", + "query": "event.dataset:o365.audit and event.provider:SecurityComplianceCenter and event.action:AlertTriggered and rule.name:\"Email reported by user as malware or phish\"\n", + "references": [ + "https://support.microsoft.com/en-us/office/use-the-report-message-add-in-b5caa9f1-cdf3-4443-af8c-ff724ea719d2?ui=en-us&rs=en-us&ad=us" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": true, + "name": "rule.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "5930658c-2107-4afc-91af-e0e55b7f7184", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1566", + "name": "Phishing", + "reference": "https://attack.mitre.org/techniques/T1566/", + "subtechnique": [ + { + "id": "T1566.001", + "name": "Spearphishing Attachment", + "reference": "https://attack.mitre.org/techniques/T1566/001/" + }, + { + "id": "T1566.002", + "name": "Spearphishing Link", + "reference": "https://attack.mitre.org/techniques/T1566/002/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "5930658c-2107-4afc-91af-e0e55b7f7184_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_4.json b/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_4.json new file mode 100644 index 00000000000..bce414651e0 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/5b18eef4-842c-4b47-970f-f08d24004bde_4.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for the usage of the which command with an unusual amount of process arguments. Attackers may leverage the which command to enumerate the system for useful installed utilities that may be used after compromising a system to escalate privileges or move latteraly across the network.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Suspicious which Enumeration", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\") and event.type == \"start\" and \nprocess.name == \"which\" and process.args_count >= 10 and not process.parent.name == \"jem\" and \nnot process.args == \"--tty-only\"\n\n/* potential tuning if rule would turn out to be noisy\nand process.args in (\"nmap\", \"nc\", \"ncat\", \"netcat\", nc.traditional\", \"gcc\", \"g++\", \"socat\") and \nprocess.parent.name in (\"bash\", \"dash\", \"ash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\")\n*/ \n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args_count", + "type": "long" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.parent.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "5b18eef4-842c-4b47-970f-f08d24004bde", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Discovery", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0007", + "name": "Discovery", + "reference": "https://attack.mitre.org/tactics/TA0007/" + }, + "technique": [ + { + "id": "T1082", + "name": "System Information Discovery", + "reference": "https://attack.mitre.org/techniques/T1082/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 4 + }, + "id": "5b18eef4-842c-4b47-970f-f08d24004bde_4", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_103.json b/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_103.json new file mode 100644 index 00000000000..86b2e7fbd17 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/5e552599-ddec-4e14-bad1-28aa42404388_103.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when guest access is enabled in Microsoft Teams. Guest access in Teams allows people outside the organization to access teams and channels. An adversary may enable guest access to maintain persistence in an environment.", + "false_positives": [ + "Teams guest access may be enabled by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Teams Guest Access Enabled", + "note": "", + "query": "event.dataset:o365.audit and event.provider:(SkypeForBusiness or MicrosoftTeams) and\nevent.category:web and event.action:\"Set-CsTeamsClientConfiguration\" and\no365.audit.Parameters.AllowGuestUser:True and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/skype/get-csteamsclientconfiguration?view=skype-ps" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.AllowGuestUser", + "type": "unknown" + } + ], + "risk_score": 47, + "rule_id": "5e552599-ddec-4e14-bad1-28aa42404388", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1098", + "name": "Account Manipulation", + "reference": "https://attack.mitre.org/techniques/T1098/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "5e552599-ddec-4e14-bad1-28aa42404388_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_103.json b/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_103.json new file mode 100644 index 00000000000..5055889f5c4 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/60f3adec-1df9-4104-9c75-b97d9f078b25_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a Data Loss Prevention (DLP) policy is removed in Microsoft 365. An adversary may remove a DLP policy to evade existing DLP monitoring.", + "false_positives": [ + "A DLP policy may be removed by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange DLP Policy Removed", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Remove-DlpPolicy\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-dlppolicy?view=exchange-ps", + "https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "60f3adec-1df9-4104-9c75-b97d9f078b25", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "60f3adec-1df9-4104-9c75-b97d9f078b25_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_2.json b/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_2.json new file mode 100644 index 00000000000..b197bbc4e8e --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/66c058f3-99f4-4d18-952b-43348f2577a0_2.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for potential memory dumping through gdb. Attackers may leverage memory dumping techniques to attempt secret extraction from privileged processes. Tools that display this behavior include \"truffleproc\" and \"bash-memory-dump\". This behavior should not happen by default, and should be investigated thoroughly.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Linux Process Hooking via GDB", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"gdb\" and process.args in (\"--pid\", \"-p\") and \n/* Covered by d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f */\nprocess.args != \"1\"\n", + "references": [ + "https://github.com/controlplaneio/truffleproc", + "https://github.com/hajzer/bash-memory-dump" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "66c058f3-99f4-4d18-952b-43348f2577a0", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Credential Access", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0006", + "name": "Credential Access", + "reference": "https://attack.mitre.org/tactics/TA0006/" + }, + "technique": [ + { + "id": "T1003", + "name": "OS Credential Dumping", + "reference": "https://attack.mitre.org/techniques/T1003/", + "subtechnique": [ + { + "id": "T1003.007", + "name": "Proc Filesystem", + "reference": "https://attack.mitre.org/techniques/T1003/007/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 2 + }, + "id": "66c058f3-99f4-4d18-952b-43348f2577a0_2", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_103.json b/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_103.json new file mode 100644 index 00000000000..eba65d4a0a3 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/675239ea-c1bc-4467-a6d3-b9e2cc7f676d_103.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Detects the occurrence of mailbox audit bypass associations. The mailbox audit is responsible for logging specified mailbox events (like accessing a folder or a message or permanently deleting a message). However, actions taken by some authorized accounts, such as accounts used by third-party tools or accounts used for lawful monitoring, can create a large number of mailbox audit log entries and may not be of interest to your organization. Because of this, administrators can create bypass associations, allowing certain accounts to perform their tasks without being logged. Attackers can abuse this allowlist mechanism to conceal actions taken, as the mailbox audit will log no activity done by the account.", + "false_positives": [ + "Legitimate allowlisting of noisy accounts" + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "O365 Mailbox Audit Logging Bypass", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.action:Set-MailboxAuditBypassAssociation and event.outcome:success\n", + "references": [ + "https://twitter.com/misconfig/status/1476144066807140355" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "675239ea-c1bc-4467-a6d3-b9e2cc7f676d", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Tactic: Initial Access", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/", + "subtechnique": [ + { + "id": "T1562.001", + "name": "Disable or Modify Tools", + "reference": "https://attack.mitre.org/techniques/T1562/001/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "675239ea-c1bc-4467-a6d3-b9e2cc7f676d_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_103.json b/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_103.json new file mode 100644 index 00000000000..32baae485fc --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/684554fc-0777-47ce-8c9b-3d01f198d7f8_103.json @@ -0,0 +1,97 @@ +{ + "attributes": { + "author": [ + "Austin Songer" + ], + "description": "Identifies a new or modified federation domain, which can be used to create a trust between O365 and an external identity provider.", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "New or Modified Federation Domain", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Set-AcceptedDomain\" or\n\"Set-MsolDomainFederationSettings\" or \"Add-FederatedDomain\" or \"New-AcceptedDomain\" or \"Remove-AcceptedDomain\" or \"Remove-FederatedDomain\") and\nevent.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-accepteddomain?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-federateddomain?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/new-accepteddomain?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/add-federateddomain?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/set-accepteddomain?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoldomainfederationsettings?view=azureadps-1.0" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "684554fc-0777-47ce-8c9b-3d01f198d7f8", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "low", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Privilege Escalation" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0004", + "name": "Privilege Escalation", + "reference": "https://attack.mitre.org/tactics/TA0004/" + }, + "technique": [ + { + "id": "T1484", + "name": "Domain Policy Modification", + "reference": "https://attack.mitre.org/techniques/T1484/", + "subtechnique": [ + { + "id": "T1484.002", + "name": "Domain Trust Modification", + "reference": "https://attack.mitre.org/techniques/T1484/002/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "684554fc-0777-47ce-8c9b-3d01f198d7f8_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_6.json b/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_6.json new file mode 100644 index 00000000000..b94bc1c8ea4 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/6ace94ba-f02c-4d55-9f53-87d99b6f9af4_6.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for the execution of suspicious linux tools through ProxyChains. ProxyChains is a command-line tool that enables the routing of network connections through intermediary proxies, enhancing anonymity and enabling access to restricted resources. Attackers can exploit the ProxyChains utility to hide their true source IP address, evade detection, and perform malicious activities through a chain of proxy servers, potentially masking their identity and intentions.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Suspicious Utility Launched via ProxyChains", + "note": "## Triage and analysis\n\n### Investigating Suspicious Utility Launched via ProxyChains\n\nAttackers can leverage `proxychains` to obfuscate their origin and bypass network defenses by routing their malicious traffic through multiple intermediary servers.\n\nThis rule looks for a list of suspicious processes spawned through `proxychains` by analyzing process command line arguments. \n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/master/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n> This investigation guide uses [placeholder fields](https://www.elastic.co/guide/en/security/current/osquery-placeholder-fields.html) to dynamically pass alert data into Osquery queries. Placeholder fields were introduced in Elastic Stack version 8.7.0. If you're using Elastic Stack version 8.6.0 or earlier, you'll need to manually adjust this investigation guide's queries to ensure they properly run.\n\n#### Possible investigation steps\n\n- Identify any signs of suspicious network activity or anomalies that may indicate network obfuscation. This could include unexpected traffic patterns or unusual network behavior.\n - Investigate listening ports and open sockets to look for potential protocol tunneling, reverse shells, or data exfiltration.\n - !{osquery{\"label\":\"Osquery - Retrieve Listening Ports\",\"query\":\"SELECT pid, address, port, socket, protocol, path FROM listening_ports\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Open Sockets\",\"query\":\"SELECT pid, family, remote_address, remote_port, socket, state FROM process_open_sockets\"}}\n- Identify the user account that performed the action, analyze it, and check whether it should perform this kind of action.\n - !{osquery{\"label\":\"Osquery - Retrieve Information for a Specific User\",\"query\":\"SELECT * FROM users WHERE username = {{user.name}}\"}}\n- Investigate whether the user is currently logged in and active.\n - !{osquery{\"label\":\"Osquery - Investigate the Account Authentication Status\",\"query\":\"SELECT * FROM logged_in_users WHERE user = {{user.name}}\"}}\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence and whether they are located in expected locations.\n - !{osquery{\"label\":\"Osquery - Retrieve Running Processes by User\",\"query\":\"SELECT pid, username, name FROM processes p JOIN users u ON u.uid = p.uid ORDER BY username\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Process Info\",\"query\":\"SELECT name, cmdline, parent, path, uid FROM processes\"}}\n- Investigate other alerts associated with the user/host during the past 48 hours.\n - If scripts or executables were dropped, retrieve the files and determine if they are malicious:\n - Use a private sandboxed malware analysis system to perform analysis.\n - Observe and collect information about the following activities:\n - Attempts to contact external domains and addresses.\n - Check if the domain is newly registered or unexpected.\n - Check the reputation of the domain or IP address.\n - File access, modification, and creation activities.\n\n### Related rules\n\n- ProxyChains Activity - 4b868f1f-15ff-4ba3-8c11-d5a7a6356d37\n- Potential Protocol Tunneling via Chisel Client - 3f12325a-4cc6-410b-8d4c-9fbbeb744cfd\n- Potential Protocol Tunneling via Chisel Server - ac8805f6-1e08-406c-962e-3937057fa86f\n- Potential Linux Tunneling and/or Port Forwarding - 6ee947e9-de7e-4281-a55d-09289bdf947e\n- Potential Protocol Tunneling via EarthWorm - 9f1c4ca3-44b5-481d-ba42-32dc215a2769\n\n### False positive analysis\n\n- If this activity is related to new benign software installation activity, consider adding exceptions \u2014 preferably with a combination of user and command line conditions.\n- If this activity is related to a system administrator or developer who uses this utility for benign purposes, consider adding exceptions for specific user accounts or hosts. \n- Try to understand the context of the execution by thinking about the user, machine, or business purpose. A small number of endpoints, such as servers with unique software, might appear unusual but satisfy a specific business need.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors, such as reverse shells, reverse proxies, or droppers, that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Leverage the incident response data and logging to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"proxychains\" and process.args : (\n \"ssh\", \"sshd\", \"sshuttle\", \"socat\", \"iodine\", \"iodined\", \"dnscat\", \"hans\", \"hans-ubuntu\", \"ptunnel-ng\",\n \"ssf\", \"3proxy\", \"ngrok\", \"gost\", \"pivotnacci\", \"chisel*\", \"nmap\", \"ping\", \"python*\", \"php*\", \"perl\", \"ruby\",\n \"lua*\", \"openssl\", \"nc\", \"netcat\", \"ncat\", \"telnet\", \"awk\", \"java\", \"telnet\", \"ftp\", \"curl\", \"wget\"\n)\n", + "references": [ + "https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "6ace94ba-f02c-4d55-9f53-87d99b6f9af4", + "setup": "This rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Command and Control", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0011", + "name": "Command and Control", + "reference": "https://attack.mitre.org/tactics/TA0011/" + }, + "technique": [ + { + "id": "T1572", + "name": "Protocol Tunneling", + "reference": "https://attack.mitre.org/techniques/T1572/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 6 + }, + "id": "6ace94ba-f02c-4d55-9f53-87d99b6f9af4_6", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_103.json b/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_103.json new file mode 100644 index 00000000000..37813249c8f --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/721999d0-7ab2-44bf-b328-6e63367b9b29_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Austin Songer" + ], + "description": "Identifies when Microsoft Cloud App Security reports that a user has uploaded files to the cloud that might be infected with ransomware.", + "false_positives": [ + "If Cloud App Security identifies, for example, a high rate of file uploads or file deletion activities it may represent an adverse encryption process." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Potential ransomware activity", + "note": "", + "query": "event.dataset:o365.audit and event.provider:SecurityComplianceCenter and event.category:web and event.action:\"Potential ransomware activity\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy", + "https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "721999d0-7ab2-44bf-b328-6e63367b9b29", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Impact" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0040", + "name": "Impact", + "reference": "https://attack.mitre.org/tactics/TA0040/" + }, + "technique": [ + { + "id": "T1486", + "name": "Data Encrypted for Impact", + "reference": "https://attack.mitre.org/techniques/T1486/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "721999d0-7ab2-44bf-b328-6e63367b9b29_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_103.json b/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_103.json new file mode 100644 index 00000000000..cec0b69667c --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/88671231-6626-4e1b-abb7-6e361a171fbb_103.json @@ -0,0 +1,88 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "In Azure Active Directory (Azure AD), permissions to manage resources are assigned using roles. The Global Administrator is a role that enables users to have access to all administrative features in Azure AD and services that use Azure AD identities like the Microsoft 365 Defender portal, the Microsoft 365 compliance center, Exchange, SharePoint Online, and Skype for Business Online. Attackers can add users as Global Administrators to maintain access and manage all subscriptions and their settings and resources.", + "from": "now-25m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Global Administrator Role Assigned", + "note": "", + "query": "event.dataset:o365.audit and event.code:\"AzureActiveDirectory\" and event.action:\"Add member to role.\" and\no365.audit.ModifiedProperties.Role_DisplayName.NewValue:\"Global Administrator\"\n", + "references": [ + "https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#global-administrator" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.code", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.ModifiedProperties.Role_DisplayName.NewValue", + "type": "unknown" + } + ], + "risk_score": 47, + "rule_id": "88671231-6626-4e1b-abb7-6e361a171fbb", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1098", + "name": "Account Manipulation", + "reference": "https://attack.mitre.org/techniques/T1098/", + "subtechnique": [ + { + "id": "T1098.003", + "name": "Additional Cloud Roles", + "reference": "https://attack.mitre.org/techniques/T1098/003/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "88671231-6626-4e1b-abb7-6e361a171fbb_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_103.json b/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_103.json new file mode 100644 index 00000000000..3a39a12b625 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/97314185-2568-4561-ae81-f3e480e5e695_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies the modification of an anti-phishing rule in Microsoft 365. By default, Microsoft 365 includes built-in features that help protect users from phishing attacks. Anti-phishing rules increase this protection by refining settings to better detect and prevent attacks.", + "false_positives": [ + "An anti-phishing rule may be deleted by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Anti-Phish Rule Modification", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Remove-AntiPhishRule\" or \"Disable-AntiPhishRule\") and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-antiphishrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-antiphishrule?view=exchange-ps" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "97314185-2568-4561-ae81-f3e480e5e695", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1566", + "name": "Phishing", + "reference": "https://attack.mitre.org/techniques/T1566/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "97314185-2568-4561-ae81-f3e480e5e695_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_103.json b/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_103.json new file mode 100644 index 00000000000..db733711642 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/98995807-5b09-4e37-8a54-5cae5dc932d7_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a new role is assigned to a management group in Microsoft 365. An adversary may attempt to add a role in order to maintain persistence in an environment.", + "false_positives": [ + "A new role may be assigned to a management group by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Management Group Role Assignment", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"New-ManagementRoleAssignment\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/new-managementroleassignment?view=exchange-ps", + "https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "98995807-5b09-4e37-8a54-5cae5dc932d7", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [ + { + "id": "T1098", + "name": "Account Manipulation", + "reference": "https://attack.mitre.org/techniques/T1098/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "98995807-5b09-4e37-8a54-5cae5dc932d7_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_103.json b/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_103.json new file mode 100644 index 00000000000..bc9010293dc --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a Safe Link policy is disabled in Microsoft 365. Safe Link policies for Office applications extend phishing protection to documents that contain hyperlinks, even after they have been delivered to a user.", + "false_positives": [ + "Disabling safe links may be done by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Safe Link Policy Disabled", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Disable-SafeLinksRule\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-safelinksrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/atp-safe-links?view=o365-worldwide" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Identity and Access Audit", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1566", + "name": "Phishing", + "reference": "https://attack.mitre.org/techniques/T1566/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "a989fa1b-9a11-4dd8-a3e9-f0de9c6eb5f2_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/ac8805f6-1e08-406c-962e-3937057fa86f_5.json b/packages/security_detection_engine/kibana/security_rule/ac8805f6-1e08-406c-962e-3937057fa86f_5.json new file mode 100644 index 00000000000..db941bc0f27 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/ac8805f6-1e08-406c-962e-3937057fa86f_5.json @@ -0,0 +1,111 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for common command line flags leveraged by the Chisel server utility followed by a received connection within a timespan of 1 minute. Chisel is a command-line utility used for creating and managing TCP and UDP tunnels, enabling port forwarding and secure communication between machines. Attackers can abuse the Chisel utility to establish covert communication channels, bypass network restrictions, and carry out malicious activities by creating tunnels that allow unauthorized access to internal systems.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Potential Protocol Tunneling via Chisel Server", + "note": "## Triage and analysis\n\n### Investigating Potential Protocol Tunneling via Chisel Server\n\nAttackers can leverage `chisel` to clandestinely tunnel network communications and evade security measures, potentially gaining unauthorized access to sensitive systems.\n\nThis rule looks for a sequence of command line arguments that are consistent with `chisel` server tunneling behavior, followed by a network event by an uncommon process. \n\n> **Note**:\n> This investigation guide uses the [Osquery Markdown Plugin](https://www.elastic.co/guide/en/security/master/invest-guide-run-osquery.html) introduced in Elastic Stack version 8.5.0. Older Elastic Stack versions will display unrendered Markdown in this guide.\n> This investigation guide uses [placeholder fields](https://www.elastic.co/guide/en/security/current/osquery-placeholder-fields.html) to dynamically pass alert data into Osquery queries. Placeholder fields were introduced in Elastic Stack version 8.7.0. If you're using Elastic Stack version 8.6.0 or earlier, you'll need to manually adjust this investigation guide's queries to ensure they properly run.\n\n#### Possible investigation steps\n\n- Identify any signs of suspicious network activity or anomalies that may indicate protocol tunneling. This could include unexpected traffic patterns or unusual network behavior.\n - Investigate listening ports and open sockets to look for potential protocol tunneling, reverse shells, or data exfiltration.\n - !{osquery{\"label\":\"Osquery - Retrieve Listening Ports\",\"query\":\"SELECT pid, address, port, socket, protocol, path FROM listening_ports\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Open Sockets\",\"query\":\"SELECT pid, family, remote_address, remote_port, socket, state FROM process_open_sockets\"}}\n- Identify the user account that performed the action, analyze it, and check whether it should perform this kind of action.\n - !{osquery{\"label\":\"Osquery - Retrieve Information for a Specific User\",\"query\":\"SELECT * FROM users WHERE username = {{user.name}}\"}}\n- Investigate whether the user is currently logged in and active.\n - !{osquery{\"label\":\"Osquery - Investigate the Account Authentication Status\",\"query\":\"SELECT * FROM logged_in_users WHERE user = {{user.name}}\"}}\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence and whether they are located in expected locations.\n - !{osquery{\"label\":\"Osquery - Retrieve Running Processes by User\",\"query\":\"SELECT pid, username, name FROM processes p JOIN users u ON u.uid = p.uid ORDER BY username\"}}\n - !{osquery{\"label\":\"Osquery - Retrieve Process Info\",\"query\":\"SELECT name, cmdline, parent, path, uid FROM processes\"}}\n- Investigate other alerts associated with the user/host during the past 48 hours.\n - If scripts or executables were dropped, retrieve the files and determine if they are malicious:\n - Use a private sandboxed malware analysis system to perform analysis.\n - Observe and collect information about the following activities:\n - Attempts to contact external domains and addresses.\n - Check if the domain is newly registered or unexpected.\n - Check the reputation of the domain or IP address.\n - File access, modification, and creation activities.\n\n### Related rules\n\n- Potential Protocol Tunneling via Chisel Client - 3f12325a-4cc6-410b-8d4c-9fbbeb744cfd\n- Potential Linux Tunneling and/or Port Forwarding - 6ee947e9-de7e-4281-a55d-09289bdf947e\n- Potential Protocol Tunneling via EarthWorm - 9f1c4ca3-44b5-481d-ba42-32dc215a2769\n\n### False positive analysis\n\n- If this activity is related to new benign software installation activity, consider adding exceptions \u2014 preferably with a combination of user and command line conditions.\n- If this activity is related to a system administrator or developer who uses port tunneling for benign purposes, consider adding exceptions for specific user accounts or hosts. \n- Try to understand the context of the execution by thinking about the user, machine, or business purpose. A small number of endpoints, such as servers with unique software, might appear unusual but satisfy a specific business need.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further post-compromise behavior.\n- If the triage identified malware, search the environment for additional compromised hosts.\n - Implement temporary network rules, procedures, and segmentation to contain the malware.\n - Stop suspicious processes.\n - Immediately block the identified indicators of compromise (IoCs).\n - Inspect the affected systems for additional malware backdoors, such as reverse shells, reverse proxies, or droppers, that attackers could use to reinfect the system.\n- Remove and block malicious artifacts identified during triage.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Leverage the incident response data and logging to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n", + "query": "sequence by host.id, process.entity_id with maxspan=1m\n [process where host.os.type == \"linux\" and event.action == \"exec\" and event.type == \"start\" and \n process.args == \"server\" and process.args in (\"--port\", \"-p\", \"--reverse\", \"--backend\", \"--socks5\") and \n process.args_count >= 3 and process.parent.name in (\"bash\", \"dash\", \"ash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\")]\n [network where host.os.type == \"linux\" and event.action == \"connection_accepted\" and event.type == \"start\" and \n destination.ip != null and destination.ip != \"127.0.0.1\" and destination.ip != \"::1\" and \n not process.name : (\n \"python*\", \"php*\", \"perl\", \"ruby\", \"lua*\", \"openssl\", \"nc\", \"netcat\", \"ncat\", \"telnet\", \"awk\", \"java\", \"telnet\",\n \"ftp\", \"socat\", \"curl\", \"wget\", \"dpkg\", \"docker\", \"dockerd\", \"yum\", \"apt\", \"rpm\", \"dnf\", \"ssh\", \"sshd\", \"hugo\")]\n", + "references": [ + "https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform", + "https://book.hacktricks.xyz/generic-methodologies-and-resources/tunneling-and-port-forwarding" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "destination.ip", + "type": "ip" + }, + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.id", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args_count", + "type": "long" + }, + { + "ecs": true, + "name": "process.entity_id", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.parent.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "ac8805f6-1e08-406c-962e-3937057fa86f", + "setup": "This rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Command and Control", + "Data Source: Elastic Defend" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0011", + "name": "Command and Control", + "reference": "https://attack.mitre.org/tactics/TA0011/" + }, + "technique": [ + { + "id": "T1572", + "name": "Protocol Tunneling", + "reference": "https://attack.mitre.org/techniques/T1572/" + } + ] + } + ], + "type": "eql", + "version": 5 + }, + "id": "ac8805f6-1e08-406c-962e-3937057fa86f_5", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_103.json b/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_103.json new file mode 100644 index 00000000000..49188602516 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/b2951150-658f-4a60-832f-a00d1e6c6745_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Austin Songer" + ], + "description": "Identifies that a user has deleted an unusually large volume of files as reported by Microsoft Cloud App Security.", + "false_positives": [ + "Users or System Administrator cleaning out folders." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Unusual Volume of File Deletion", + "note": "", + "query": "event.dataset:o365.audit and event.provider:SecurityComplianceCenter and event.category:web and event.action:\"Unusual volume of file deletion\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy", + "https://docs.microsoft.com/en-us/cloud-app-security/policy-template-reference" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "b2951150-658f-4a60-832f-a00d1e6c6745", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Impact" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0040", + "name": "Impact", + "reference": "https://attack.mitre.org/tactics/TA0040/" + }, + "technique": [ + { + "id": "T1485", + "name": "Data Destruction", + "reference": "https://attack.mitre.org/techniques/T1485/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "b2951150-658f-4a60-832f-a00d1e6c6745_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_103.json b/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_103.json new file mode 100644 index 00000000000..4224ff9b548 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_103.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies the occurence of files uploaded to OneDrive being detected as Malware by the file scanning engine. Attackers can use File Sharing and Organization Repositories to spread laterally within the company and amplify their access. Users can inadvertently share these files without knowing their maliciousness, giving adversaries opportunity to gain initial access to other endpoints in the environment.", + "false_positives": [ + "Benign files can trigger signatures in the built-in virus protection" + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "OneDrive Malware File Upload", + "note": "", + "query": "event.dataset:o365.audit and event.provider:OneDrive and event.code:SharePointFileOperation and event.action:FileMalwareDetected\n", + "references": [ + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/virus-detection-in-spo?view=o365-worldwide" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.code", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 73, + "rule_id": "bba1b212-b85c-41c6-9b28-be0e5cdfc9b1", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "high", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Tactic: Lateral Movement" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0008", + "name": "Lateral Movement", + "reference": "https://attack.mitre.org/tactics/TA0008/" + }, + "technique": [ + { + "id": "T1080", + "name": "Taint Shared Content", + "reference": "https://attack.mitre.org/techniques/T1080/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "bba1b212-b85c-41c6-9b28-be0e5cdfc9b1_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_104.json b/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_104.json new file mode 100644 index 00000000000..06185193e59 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/bbd1a775-8267-41fa-9232-20e5582596ac_104.json @@ -0,0 +1,93 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when custom applications are allowed in Microsoft Teams. If an organization requires applications other than those available in the Teams app store, custom applications can be developed as packages and uploaded. An adversary may abuse this behavior to establish persistence in an environment.", + "false_positives": [ + "Custom applications may be allowed by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Teams Custom Application Interaction Allowed", + "note": "", + "query": "event.dataset:o365.audit and event.provider:MicrosoftTeams and\nevent.category:web and event.action:TeamsTenantSettingChanged and\no365.audit.Name:\"Allow sideloading and interaction of custom apps\" and\no365.audit.NewValue:True and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/apps-upload" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Name", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.NewValue", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "bbd1a775-8267-41fa-9232-20e5582596ac", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Persistence" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0003", + "name": "Persistence", + "reference": "https://attack.mitre.org/tactics/TA0003/" + }, + "technique": [] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 104 + }, + "id": "bbd1a775-8267-41fa-9232-20e5582596ac_104", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_103.json b/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_103.json new file mode 100644 index 00000000000..83d9bff20d9 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/ca79768e-40e1-4e45-a097-0e5fbc876ac2_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a malware filter rule has been deleted or disabled in Microsoft 365. An adversary or insider threat may want to modify a malware filter rule to evade detection.", + "false_positives": [ + "A malware filter rule may be deleted by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Malware Filter Rule Modification", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:(\"Remove-MalwareFilterRule\" or \"Disable-MalwareFilterRule\") and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-malwarefilterrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/powershell/module/exchange/disable-malwarefilterrule?view=exchange-ps" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "ca79768e-40e1-4e45-a097-0e5fbc876ac2", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "ca79768e-40e1-4e45-a097-0e5fbc876ac2_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_5.json b/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_5.json new file mode 100644 index 00000000000..870c78f4388 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_5.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for the potential memory dump of the init process (PID 1) through gdb. Attackers may leverage memory dumping techniques to attempt secret extraction from privileged processes. Tools that display this behavior include \"truffleproc\" and \"bash-memory-dump\". This behavior should not happen by default, and should be investigated thoroughly.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Linux init (PID 1) Secret Dump via GDB", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\") and event.type == \"start\" and \nprocess.name == \"gdb\" and process.args in (\"--pid\", \"-p\") and process.args == \"1\"\n", + "references": [ + "https://github.com/controlplaneio/truffleproc", + "https://github.com/hajzer/bash-memory-dump" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f", + "setup": "\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Credential Access", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0006", + "name": "Credential Access", + "reference": "https://attack.mitre.org/tactics/TA0006/" + }, + "technique": [ + { + "id": "T1003", + "name": "OS Credential Dumping", + "reference": "https://attack.mitre.org/techniques/T1003/", + "subtechnique": [ + { + "id": "T1003.007", + "name": "Proc Filesystem", + "reference": "https://attack.mitre.org/techniques/T1003/007/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 5 + }, + "id": "d4ff2f53-c802-4d2e-9fb9-9ecc08356c3f_5", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_103.json b/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_103.json new file mode 100644 index 00000000000..8562fce4d93 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies the deletion of an anti-phishing policy in Microsoft 365. By default, Microsoft 365 includes built-in features that help protect users from phishing attacks. Anti-phishing polices increase this protection by refining settings to better detect and prevent attacks.", + "false_positives": [ + "An anti-phishing policy may be deleted by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Anti-Phish Policy Deletion", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Remove-AntiPhishPolicy\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-antiphishpolicy?view=exchange-ps", + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Initial Access" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0001", + "name": "Initial Access", + "reference": "https://attack.mitre.org/tactics/TA0001/" + }, + "technique": [ + { + "id": "T1566", + "name": "Phishing", + "reference": "https://attack.mitre.org/techniques/T1566/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "d68eb1b5-5f1c-4b6d-9e63-5b6b145cd4aa_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_103.json b/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_103.json new file mode 100644 index 00000000000..48515d9b128 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/d743ff2a-203e-4a46-a3e3-40512cfe8fbb_103.json @@ -0,0 +1,89 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when a malware filter policy has been deleted in Microsoft 365. A malware filter policy is used to alert administrators that an internal user sent a message that contained malware. This may indicate an account or machine compromise that would need to be investigated. Deletion of a malware filter policy may be done to evade detection.", + "false_positives": [ + "A malware filter policy may be deleted by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Malware Filter Policy Deletion", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"Remove-MalwareFilterPolicy\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/remove-malwarefilterpolicy?view=exchange-ps" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "d743ff2a-203e-4a46-a3e3-40512cfe8fbb", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Defense Evasion" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "d743ff2a-203e-4a46-a3e3-40512cfe8fbb_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_7.json b/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_7.json new file mode 100644 index 00000000000..41515a59147 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/dc71c186-9fe4-4437-a4d0-85ebb32b8204_7.json @@ -0,0 +1,94 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies the execution of mount process with hidepid parameter, which can make processes invisible to other users from the system. Adversaries using Linux kernel version 3.2+ (or RHEL/CentOS v6.5+ above) can hide the process from other users. When hidepid=2 option is executed to mount the /proc filesystem, only the root user can see all processes and the logged-in user can only see their own process. This provides a defense evasion mechanism for the adversaries to hide their process executions from all other commands such as ps, top, pgrep and more. With the Linux kernel hardening hidepid option all the user has to do is remount the /proc filesystem with the option, which can now be monitored and detected.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Potential Hidden Process via Mount Hidepid", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"mount\" and process.args == \"/proc\" and process.args == \"-o\" and\nprocess.args : \"*hidepid=2*\"\n", + "references": [ + "https://www.cyberciti.biz/faq/linux-hide-processes-from-other-users/" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "dc71c186-9fe4-4437-a4d0-85ebb32b8204", + "setup": "\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Endgame", + "Data Source: Elastic Defend", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1564", + "name": "Hide Artifacts", + "reference": "https://attack.mitre.org/techniques/T1564/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 7 + }, + "id": "dc71c186-9fe4-4437-a4d0-85ebb32b8204_7", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_109.json b/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_109.json new file mode 100644 index 00000000000..6313be6e764 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/debff20a-46bc-4a4d-bae5-5cdd14222795_109.json @@ -0,0 +1,99 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Adversaries may encode/decode data in an attempt to evade detection by host- or network-based security controls.", + "false_positives": [ + "Automated tools such as Jenkins may encode or decode files as part of their normal behavior. These events can be filtered by the process executable or username values." + ], + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Base16 or Base32 Encoding/Decoding Activity", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name in (\"base16\", \"base32\", \"base32plain\", \"base32hex\") and\nnot process.args in (\"--help\", \"--version\")\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "debff20a-46bc-4a4d-bae5-5cdd14222795", + "setup": "\nThis rule requires data coming in from one of the following integrations:\n- Elastic Defend\n- Auditbeat\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n### Auditbeat Setup\nAuditbeat is a lightweight shipper that you can install on your servers to audit the activities of users and processes on your systems. For example, you can use Auditbeat to collect and centralize audit events from the Linux Audit Framework. You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations.\n\n#### The following steps should be executed in order to add the Auditbeat on a Linux System:\n- Elastic provides repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.\n- To install the APT and YUM repositories follow the setup instructions in this [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/setup-repositories.html).\n- To run Auditbeat on Docker follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/running-on-docker.html).\n- To run Auditbeat on Kubernetes follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/running-on-kubernetes.html).\n- For complete \u201cSetup and Run Auditbeat\u201d information refer to the [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/setting-up-and-running.html).\n\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Endgame", + "Data Source: Elastic Defend", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1027", + "name": "Obfuscated Files or Information", + "reference": "https://attack.mitre.org/techniques/T1027/" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information", + "reference": "https://attack.mitre.org/techniques/T1140/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 109 + }, + "id": "debff20a-46bc-4a4d-bae5-5cdd14222795_109", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_3.json b/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_3.json new file mode 100644 index 00000000000..9e12a3aa287 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/e0cc3807-e108-483c-bf66-5a4fbe0d7e89_3.json @@ -0,0 +1,83 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for the execution of suspicious commands via screen and tmux. When launching a command and detaching directly, the commands will be executed in the background via its parent process. Attackers may leverage screen or tmux to execute commands while attempting to evade detection.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Potentially Suspicious Process Started via tmux or screen", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\") and event.type == \"start\" and \nprocess.parent.name in (\"screen\", \"tmux\") and process.name : (\n \"nmap\", \"nc\", \"ncat\", \"netcat\", \"socat\", \"nc.openbsd\", \"ngrok\", \"ping\", \"java\", \"python*\", \"php*\", \"perl\", \"ruby\",\n \"lua*\", \"openssl\", \"telnet\", \"awk\", \"wget\", \"curl\", \"id\"\n )\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.parent.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "e0cc3807-e108-483c-bf66-5a4fbe0d7e89", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1218", + "name": "System Binary Proxy Execution", + "reference": "https://attack.mitre.org/techniques/T1218/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 3 + }, + "id": "e0cc3807-e108-483c-bf66-5a4fbe0d7e89_3", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_109.json b/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_109.json new file mode 100644 index 00000000000..fa9407afffd --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_109.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies potential attempts to disable Security-Enhanced Linux (SELinux), which is a Linux kernel security feature to support access control policies. Adversaries may disable security tools to avoid possible detection of their tools and activities.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Potential Disabling of SELinux", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and process.name == \"setenforce\" and process.args == \"0\"\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "eb9eb8ba-a983-41d9-9c93-a1c05112ca5e", + "setup": "\nThis rule requires data coming in from one of the following integrations:\n- Elastic Defend\n- Auditbeat\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n### Auditbeat Setup\nAuditbeat is a lightweight shipper that you can install on your servers to audit the activities of users and processes on your systems. For example, you can use Auditbeat to collect and centralize audit events from the Linux Audit Framework. You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations.\n\n#### The following steps should be executed in order to add the Auditbeat on a Linux System:\n- Elastic provides repositories available for APT and YUM-based distributions. Note that we provide binary packages, but no source packages.\n- To install the APT and YUM repositories follow the setup instructions in this [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/setup-repositories.html).\n- To run Auditbeat on Docker follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/running-on-docker.html).\n- To run Auditbeat on Kubernetes follow the setup instructions in the [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/running-on-kubernetes.html).\n- For complete \u201cSetup and Run Auditbeat\u201d information refer to the [helper guide](https://www.elastic.co/guide/en/beats/auditbeat/current/setting-up-and-running.html).\n\n", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Endgame", + "Data Source: Elastic Defend", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/", + "subtechnique": [ + { + "id": "T1562.001", + "name": "Disable or Modify Tools", + "reference": "https://attack.mitre.org/techniques/T1562/001/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 109 + }, + "id": "eb9eb8ba-a983-41d9-9c93-a1c05112ca5e_109", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/ec8efb0c-604d-42fa-ac46-ed1cfbc38f78_103.json b/packages/security_detection_engine/kibana/security_rule/ec8efb0c-604d-42fa-ac46-ed1cfbc38f78_103.json new file mode 100644 index 00000000000..36a8192039c --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/ec8efb0c-604d-42fa-ac46-ed1cfbc38f78_103.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "author": [ + "Elastic", + "Gary Blackwell", + "Austin Songer" + ], + "description": "Identifies when a new Inbox forwarding rule is created in Microsoft 365. Inbox rules process messages in the Inbox based on conditions and take actions. In this case, the rules will forward the emails to a defined address. Attackers can abuse Inbox Rules to intercept and exfiltrate email data without making organization-wide configuration changes or having the corresponding privileges.", + "false_positives": [ + "Users and Administrators can create inbox rules for legitimate purposes. Verify if it complies with the company policy and done with the user's consent. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Inbox Forwarding Rule Created", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and\nevent.category:web and event.action:(\"New-InboxRule\" or \"Set-InboxRule\") and\n (\n o365.audit.Parameters.ForwardTo:* or\n o365.audit.Parameters.ForwardAsAttachmentTo:* or\n o365.audit.Parameters.RedirectTo:*\n )\n and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide", + "https://docs.microsoft.com/en-us/powershell/module/exchange/new-inboxrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-worldwide", + "https://raw.githubusercontent.com/PwC-IR/Business-Email-Compromise-Guide/main/Extractor%20Cheat%20Sheet.pdf" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.ForwardAsAttachmentTo", + "type": "unknown" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.ForwardTo", + "type": "unknown" + }, + { + "ecs": false, + "name": "o365.audit.Parameters.RedirectTo", + "type": "unknown" + } + ], + "risk_score": 47, + "rule_id": "ec8efb0c-604d-42fa-ac46-ed1cfbc38f78", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Collection" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0009", + "name": "Collection", + "reference": "https://attack.mitre.org/tactics/TA0009/" + }, + "technique": [ + { + "id": "T1114", + "name": "Email Collection", + "reference": "https://attack.mitre.org/techniques/T1114/", + "subtechnique": [ + { + "id": "T1114.003", + "name": "Email Forwarding Rule", + "reference": "https://attack.mitre.org/techniques/T1114/003/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "ec8efb0c-604d-42fa-ac46-ed1cfbc38f78_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_5.json b/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_5.json new file mode 100644 index 00000000000..6f87626e320 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_5.json @@ -0,0 +1,100 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies when the openssl command-line utility is used to encrypt multiple files on a host within a short time window. Adversaries may encrypt data on a single or multiple systems in order to disrupt the availability of their target's data and may attempt to hold the organization's data to ransom for the purposes of extortion.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Suspicious Data Encryption via OpenSSL Utility", + "query": "sequence by host.id, user.name, process.parent.entity_id with maxspan=5s\n [ process where host.os.type == \"linux\" and event.action == \"exec\" and \n process.name == \"openssl\" and process.parent.name : (\"bash\", \"dash\", \"sh\", \"tcsh\", \"csh\", \"zsh\", \"ksh\", \"fish\", \"perl*\", \"php*\", \"python*\", \"xargs\") and\n process.args == \"-in\" and process.args == \"-out\" and\n process.args in (\"-k\", \"-K\", \"-kfile\", \"-pass\", \"-iv\", \"-md\") and\n /* excluding base64 encoding options and including encryption password or key params */\n not process.args in (\"-d\", \"-a\", \"-A\", \"-base64\", \"-none\", \"-nosalt\") ] with runs=10\n", + "references": [ + "https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/", + "https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html" + ], + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.id", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.parent.entity_id", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.parent.name", + "type": "keyword" + }, + { + "ecs": true, + "name": "user.name", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "f530ca17-153b-4a7a-8cd3-98dd4b4ddf73", + "setup": "\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n", + "severity": "medium", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Impact", + "Data Source: Elastic Defend" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0040", + "name": "Impact", + "reference": "https://attack.mitre.org/tactics/TA0040/" + }, + "technique": [ + { + "id": "T1486", + "name": "Data Encrypted for Impact", + "reference": "https://attack.mitre.org/techniques/T1486/" + } + ] + } + ], + "type": "eql", + "version": 5 + }, + "id": "f530ca17-153b-4a7a-8cd3-98dd4b4ddf73_5", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_5.json b/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_5.json new file mode 100644 index 00000000000..75343b30d69 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/fac52c69-2646-4e79-89c0-fd7653461010_5.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "This rule monitors for potential attempts to disable AppArmor. AppArmor is a Linux security module that enforces fine-grained access control policies to restrict the actions and resources that specific applications and processes can access. Adversaries may disable security tools to avoid possible detection of their tools and activities.", + "from": "now-9m", + "index": [ + "logs-endpoint.events.*", + "endgame-*", + "auditbeat-*", + "logs-auditd_manager.auditd-*" + ], + "language": "eql", + "license": "Elastic License v2", + "name": "Potential Disabling of AppArmor", + "query": "process where host.os.type == \"linux\" and event.action in (\"exec\", \"exec_event\", \"executed\", \"process_started\") and\nevent.type == \"start\" and (\n (process.name == \"systemctl\" and process.args == \"disable\" and process.args == \"apparmor\") or\n (process.name == \"ln\" and process.args : \"/etc/apparmor.d/*\" and process.args == \"/etc/apparmor.d/disable/\")\n)\n", + "related_integrations": [ + { + "package": "endpoint", + "version": "^8.2.0" + }, + { + "package": "auditd_manager", + "version": "^1.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "host.os.type", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.args", + "type": "keyword" + }, + { + "ecs": true, + "name": "process.name", + "type": "keyword" + } + ], + "risk_score": 21, + "rule_id": "fac52c69-2646-4e79-89c0-fd7653461010", + "setup": "\nThis rule requires data coming in from Elastic Defend.\n\n### Elastic Defend Integration Setup\nElastic Defend is integrated into the Elastic Agent using Fleet. Upon configuration, the integration allows the Elastic Agent to monitor events on your host and send data to the Elastic Security app.\n\n#### Prerequisite Requirements:\n- Fleet is required for Elastic Defend.\n- To configure Fleet Server refer to the [documentation](https://www.elastic.co/guide/en/fleet/current/fleet-server.html).\n\n#### The following steps should be executed in order to add the Elastic Defend integration on a Linux System:\n- Go to the Kibana home page and click \"Add integrations\".\n- In the query bar, search for \"Elastic Defend\" and select the integration to see more details about it.\n- Click \"Add Elastic Defend\".\n- Configure the integration name and optionally add a description.\n- Select the type of environment you want to protect, either \"Traditional Endpoints\" or \"Cloud Workloads\".\n- Select a configuration preset. Each preset comes with different default settings for Elastic Agent, you can further customize these later by configuring the Elastic Defend integration policy. [Helper guide](https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html).\n- We suggest selecting \"Complete EDR (Endpoint Detection and Response)\" as a configuration setting, that provides \"All events; all preventions\"\n- Enter a name for the agent policy in \"New agent policy name\". If other agent policies already exist, you can click the \"Existing hosts\" tab and select an existing policy instead.\nFor more details on Elastic Agent configuration settings, refer to the [helper guide](https://www.elastic.co/guide/en/fleet/8.10/agent-policy.html).\n- Click \"Save and Continue\".\n- To complete the integration, select \"Add Elastic Agent to your hosts\" and continue to the next section to install the Elastic Agent on your hosts.\nFor more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).\n\n", + "severity": "low", + "tags": [ + "Domain: Endpoint", + "OS: Linux", + "Use Case: Threat Detection", + "Tactic: Defense Evasion", + "Data Source: Elastic Defend", + "Data Source: Elastic Endgame", + "Data Source: Auditd Manager" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0005", + "name": "Defense Evasion", + "reference": "https://attack.mitre.org/tactics/TA0005/" + }, + "technique": [ + { + "id": "T1562", + "name": "Impair Defenses", + "reference": "https://attack.mitre.org/techniques/T1562/", + "subtechnique": [ + { + "id": "T1562.001", + "name": "Disable or Modify Tools", + "reference": "https://attack.mitre.org/techniques/T1562/001/" + } + ] + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "eql", + "version": 5 + }, + "id": "fac52c69-2646-4e79-89c0-fd7653461010_5", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_103.json b/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_103.json new file mode 100644 index 00000000000..34730c50592 --- /dev/null +++ b/packages/security_detection_engine/kibana/security_rule/ff4dd44a-0ac6-44c4-8609-3f81bc820f02_103.json @@ -0,0 +1,90 @@ +{ + "attributes": { + "author": [ + "Elastic" + ], + "description": "Identifies a transport rule creation in Microsoft 365. As a best practice, Exchange Online mail transport rules should not be set to forward email to domains outside of your organization. An adversary may create transport rules to exfiltrate data.", + "false_positives": [ + "A new transport rule may be created by a system or network administrator. Verify that the configuration change was expected. Exceptions can be added to this rule to filter expected behavior." + ], + "from": "now-30m", + "index": [ + "filebeat-*", + "logs-o365*" + ], + "language": "kuery", + "license": "Elastic License v2", + "name": "Microsoft 365 Exchange Transport Rule Creation", + "note": "", + "query": "event.dataset:o365.audit and event.provider:Exchange and event.category:web and event.action:\"New-TransportRule\" and event.outcome:success\n", + "references": [ + "https://docs.microsoft.com/en-us/powershell/module/exchange/new-transportrule?view=exchange-ps", + "https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules" + ], + "related_integrations": [ + { + "package": "o365", + "version": "^2.0.0" + } + ], + "required_fields": [ + { + "ecs": true, + "name": "event.action", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.category", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.dataset", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.outcome", + "type": "keyword" + }, + { + "ecs": true, + "name": "event.provider", + "type": "keyword" + } + ], + "risk_score": 47, + "rule_id": "ff4dd44a-0ac6-44c4-8609-3f81bc820f02", + "setup": "The Office 365 Logs Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.", + "severity": "medium", + "tags": [ + "Domain: Cloud", + "Data Source: Microsoft 365", + "Use Case: Configuration Audit", + "Tactic: Exfiltration" + ], + "threat": [ + { + "framework": "MITRE ATT&CK", + "tactic": { + "id": "TA0010", + "name": "Exfiltration", + "reference": "https://attack.mitre.org/tactics/TA0010/" + }, + "technique": [ + { + "id": "T1537", + "name": "Transfer Data to Cloud Account", + "reference": "https://attack.mitre.org/techniques/T1537/" + } + ] + } + ], + "timestamp_override": "event.ingested", + "type": "query", + "version": 103 + }, + "id": "ff4dd44a-0ac6-44c4-8609-3f81bc820f02_103", + "type": "security-rule" +} \ No newline at end of file diff --git a/packages/security_detection_engine/manifest.yml b/packages/security_detection_engine/manifest.yml index 59949577389..a148028d009 100644 --- a/packages/security_detection_engine/manifest.yml +++ b/packages/security_detection_engine/manifest.yml @@ -4,7 +4,7 @@ conditions: elastic: subscription: basic kibana: - version: ^8.12.0 + version: ^8.13.0 description: Prebuilt detection rules for Elastic Security format_version: 3.0.0 icons: @@ -19,4 +19,4 @@ source: license: Elastic-2.0 title: Prebuilt Security Detection Rules type: integration -version: 8.12.5 +version: 8.13.1-beta.1 From af6092f7815460b3fdb3178ce1ee7b8d99adaed5 Mon Sep 17 00:00:00 2001 From: Richa Talwar <102972658+ritalwar@users.noreply.github.com> Date: Thu, 7 Mar 2024 14:18:27 +0530 Subject: [PATCH 09/34] Disable secrets for packages with older stack versions due to errors. (#9279) * Disable secrets for packages with older stack versions due to errors. --- packages/activemq/changelog.yml | 5 +++++ packages/activemq/manifest.yml | 4 ++-- packages/apache_tomcat/changelog.yml | 5 +++++ packages/apache_tomcat/manifest.yml | 4 ++-- packages/azure_app_service/changelog.yml | 5 +++++ packages/azure_app_service/manifest.yml | 6 +++--- packages/azure_billing/changelog.yml | 5 +++++ packages/azure_billing/manifest.yml | 4 ++-- packages/azure_functions/changelog.yml | 5 +++++ .../data_stream/functionapplogs/manifest.yml | 4 ++-- packages/azure_functions/data_stream/metrics/manifest.yml | 2 +- packages/azure_functions/manifest.yml | 2 +- packages/cassandra/changelog.yml | 5 +++++ packages/cassandra/manifest.yml | 4 ++-- packages/ceph/changelog.yml | 5 +++++ packages/ceph/manifest.yml | 4 ++-- packages/citrix_adc/changelog.yml | 5 +++++ packages/citrix_adc/manifest.yml | 4 ++-- packages/cockroachdb/changelog.yml | 5 +++++ packages/cockroachdb/data_stream/status/manifest.yml | 2 +- packages/cockroachdb/manifest.yml | 2 +- packages/golang/changelog.yml | 5 +++++ packages/golang/manifest.yml | 4 ++-- packages/kafka/changelog.yml | 5 +++++ packages/kafka/data_stream/consumergroup/manifest.yml | 2 +- packages/kafka/data_stream/partition/manifest.yml | 2 +- packages/kafka/manifest.yml | 4 ++-- packages/kafka_log/changelog.yml | 5 +++++ packages/kafka_log/data_stream/generic/manifest.yml | 4 ++-- packages/kafka_log/manifest.yml | 2 +- packages/mysql/changelog.yml | 5 +++++ packages/mysql/manifest.yml | 4 ++-- packages/nginx/changelog.yml | 5 +++++ packages/nginx/manifest.yml | 6 +++--- packages/oracle_weblogic/changelog.yml | 5 +++++ packages/oracle_weblogic/manifest.yml | 4 ++-- packages/postgresql/changelog.yml | 5 +++++ packages/postgresql/manifest.yml | 4 ++-- packages/prometheus/changelog.yml | 5 +++++ packages/prometheus/data_stream/collector/manifest.yml | 3 +-- packages/prometheus/manifest.yml | 2 +- packages/prometheus_input/changelog.yml | 5 +++++ packages/prometheus_input/manifest.yml | 4 ++-- packages/rabbitmq/changelog.yml | 5 +++++ packages/rabbitmq/manifest.yml | 4 ++-- packages/salesforce/changelog.yml | 5 +++++ packages/salesforce/manifest.yml | 6 +++--- packages/spring_boot/changelog.yml | 5 +++++ packages/spring_boot/manifest.yml | 4 ++-- packages/websphere_application_server/changelog.yml | 5 +++++ packages/websphere_application_server/manifest.yml | 4 ++-- 51 files changed, 162 insertions(+), 53 deletions(-) diff --git a/packages/activemq/changelog.yml b/packages/activemq/changelog.yml index 65dceedb2a9..60efb32b5c6 100644 --- a/packages/activemq/changelog.yml +++ b/packages/activemq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.1.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.1.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index 58886964ea3..979c7652c8a 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -1,6 +1,6 @@ name: activemq title: ActiveMQ -version: "1.1.0" +version: "1.1.1" description: Collect logs and metrics from ActiveMQ instances with Elastic Agent. type: integration icons: @@ -79,7 +79,7 @@ policy_templates: multi: false required: true show_user: true - secret: true + secret: false description: Password for authentication of ActiveMQ instance. default: admin - name: ssl diff --git a/packages/apache_tomcat/changelog.yml b/packages/apache_tomcat/changelog.yml index d3768510c71..4d07f6c2338 100644 --- a/packages/apache_tomcat/changelog.yml +++ b/packages/apache_tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.3.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/apache_tomcat/manifest.yml b/packages/apache_tomcat/manifest.yml index 79d382637e0..bb8323644d4 100644 --- a/packages/apache_tomcat/manifest.yml +++ b/packages/apache_tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: apache_tomcat title: Apache Tomcat -version: "1.3.0" +version: "1.3.1" description: Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent. categories: ["web", "observability"] type: integration @@ -33,7 +33,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: false diff --git a/packages/azure_app_service/changelog.yml b/packages/azure_app_service/changelog.yml index c55bf6e5412..2b020212123 100644 --- a/packages/azure_app_service/changelog.yml +++ b/packages/azure_app_service/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.2.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 0.2.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/azure_app_service/manifest.yml b/packages/azure_app_service/manifest.yml index 313c4ab9ed9..8b22b6b0f4d 100644 --- a/packages/azure_app_service/manifest.yml +++ b/packages/azure_app_service/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: azure_app_service title: "Azure App Service" -version: "0.2.0" +version: "0.2.1" source: license: "Elastic-2.0" description: "Collect logs and metrics from Azure App Service with Elastic Agent." @@ -33,7 +33,7 @@ vars: - name: connection_string type: password title: Connection String - secret: true + secret: false multi: false required: true show_user: true @@ -50,7 +50,7 @@ vars: - name: storage_account_key type: password title: Storage Account Key - secret: true + secret: false multi: false required: true show_user: true diff --git a/packages/azure_billing/changelog.yml b/packages/azure_billing/changelog.yml index ae455720f4f..c9c31756437 100644 --- a/packages/azure_billing/changelog.yml +++ b/packages/azure_billing/changelog.yml @@ -1,3 +1,8 @@ +- version: 1.4.2 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.4.1 changes: - description: Add documentation for assigning roles for department and billing account scopes. diff --git a/packages/azure_billing/manifest.yml b/packages/azure_billing/manifest.yml index be24fa9aa1a..476026344cb 100644 --- a/packages/azure_billing/manifest.yml +++ b/packages/azure_billing/manifest.yml @@ -1,6 +1,6 @@ name: azure_billing title: Azure Billing Metrics -version: "1.4.1" +version: "1.4.2" description: Collect billing metrics with Elastic Agent. type: integration icons: @@ -33,7 +33,7 @@ vars: - name: client_secret type: password title: Client Secret - secret: true + secret: false description: The secret key of the App Registration. multi: false required: true diff --git a/packages/azure_functions/changelog.yml b/packages/azure_functions/changelog.yml index a0f384e8320..cc8e3731fad 100644 --- a/packages/azure_functions/changelog.yml +++ b/packages/azure_functions/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.3.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 0.3.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/azure_functions/data_stream/functionapplogs/manifest.yml b/packages/azure_functions/data_stream/functionapplogs/manifest.yml index 58644692675..0c4d933367c 100644 --- a/packages/azure_functions/data_stream/functionapplogs/manifest.yml +++ b/packages/azure_functions/data_stream/functionapplogs/manifest.yml @@ -25,7 +25,7 @@ streams: - name: connection_string type: password title: Connection String - secret: true + secret: false multi: false required: true show_user: true @@ -42,7 +42,7 @@ streams: - name: storage_account_key type: password title: Storage Account Key - secret: true + secret: false multi: false required: true show_user: true diff --git a/packages/azure_functions/data_stream/metrics/manifest.yml b/packages/azure_functions/data_stream/metrics/manifest.yml index 3a924c18ed0..cb893b60a36 100644 --- a/packages/azure_functions/data_stream/metrics/manifest.yml +++ b/packages/azure_functions/data_stream/metrics/manifest.yml @@ -16,7 +16,7 @@ streams: - name: client_secret type: password title: Client Secret - secret: true + secret: false multi: false required: true show_user: true diff --git a/packages/azure_functions/manifest.yml b/packages/azure_functions/manifest.yml index 5a3dbebe14b..c9136c64a96 100644 --- a/packages/azure_functions/manifest.yml +++ b/packages/azure_functions/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: azure_functions title: "Azure Functions" -version: "0.3.0" +version: "0.3.1" source: license: "Elastic-2.0" description: "Get metrics and logs from Azure Functions" diff --git a/packages/cassandra/changelog.yml b/packages/cassandra/changelog.yml index 7f5f6c9ce0f..635798580fd 100644 --- a/packages/cassandra/changelog.yml +++ b/packages/cassandra/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.11.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.11.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/cassandra/manifest.yml b/packages/cassandra/manifest.yml index 7013a1ad9cf..5b42c604683 100644 --- a/packages/cassandra/manifest.yml +++ b/packages/cassandra/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: cassandra title: Cassandra -version: "1.11.0" +version: "1.11.1" description: This Elastic integration collects logs and metrics from cassandra. type: integration categories: @@ -61,7 +61,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: false diff --git a/packages/ceph/changelog.yml b/packages/ceph/changelog.yml index 55b1af27704..b360624f4d6 100644 --- a/packages/ceph/changelog.yml +++ b/packages/ceph/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.3.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/ceph/manifest.yml b/packages/ceph/manifest.yml index 054fecfd9d1..a1019491bbe 100644 --- a/packages/ceph/manifest.yml +++ b/packages/ceph/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: ceph title: Ceph -version: "1.3.0" +version: "1.3.1" description: This Elastic integration collects metrics from Ceph instance. type: integration categories: @@ -63,7 +63,7 @@ policy_templates: - name: api_secret type: password title: API Secret Key - secret: true + secret: false show_user: true required: true default: 52dffd92-a103-4a10-bfce-5b60f48f764e diff --git a/packages/citrix_adc/changelog.yml b/packages/citrix_adc/changelog.yml index 247eb13f588..58e8ec93da6 100644 --- a/packages/citrix_adc/changelog.yml +++ b/packages/citrix_adc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.3.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/citrix_adc/manifest.yml b/packages/citrix_adc/manifest.yml index 0dc5a7656bb..39ab8da96e7 100644 --- a/packages/citrix_adc/manifest.yml +++ b/packages/citrix_adc/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: citrix_adc title: Citrix ADC -version: "1.3.0" +version: "1.3.1" description: This Elastic integration collects metrics from Citrix ADC product. type: integration categories: @@ -76,7 +76,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false show_user: true required: false default: nsroot diff --git a/packages/cockroachdb/changelog.yml b/packages/cockroachdb/changelog.yml index ef82ef22799..c3312cc5334 100644 --- a/packages/cockroachdb/changelog.yml +++ b/packages/cockroachdb/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.8.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.8.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/cockroachdb/data_stream/status/manifest.yml b/packages/cockroachdb/data_stream/status/manifest.yml index b3aa554c9c4..4e17b479694 100644 --- a/packages/cockroachdb/data_stream/status/manifest.yml +++ b/packages/cockroachdb/data_stream/status/manifest.yml @@ -54,7 +54,7 @@ streams: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: true diff --git a/packages/cockroachdb/manifest.yml b/packages/cockroachdb/manifest.yml index e8de4a04213..452ab488bb4 100644 --- a/packages/cockroachdb/manifest.yml +++ b/packages/cockroachdb/manifest.yml @@ -1,6 +1,6 @@ name: cockroachdb title: CockroachDB Metrics -version: "1.8.0" +version: "1.8.1" description: Collect metrics from CockroachDB servers with Elastic Agent. type: integration icons: diff --git a/packages/golang/changelog.yml b/packages/golang/changelog.yml index d6599ad14fa..742f0e4c8dd 100644 --- a/packages/golang/changelog.yml +++ b/packages/golang/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.3.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/golang/manifest.yml b/packages/golang/manifest.yml index 8a3a096ffc6..e2d25765b51 100644 --- a/packages/golang/manifest.yml +++ b/packages/golang/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: golang title: Golang -version: "1.3.0" +version: "1.3.1" description: This Elastic integration collects metrics from Golang applications. type: integration categories: @@ -64,7 +64,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false show_user: false required: false description: Enter password of Golang application. diff --git a/packages/kafka/changelog.yml b/packages/kafka/changelog.yml index 2806c58e09b..03694915687 100644 --- a/packages/kafka/changelog.yml +++ b/packages/kafka/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.12.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/kafka/data_stream/consumergroup/manifest.yml b/packages/kafka/data_stream/consumergroup/manifest.yml index 7ef20f36209..c52b4a388fd 100644 --- a/packages/kafka/data_stream/consumergroup/manifest.yml +++ b/packages/kafka/data_stream/consumergroup/manifest.yml @@ -15,7 +15,7 @@ streams: title: SASL username - name: password type: password - secret: true + secret: false title: SASL password - name: mechanism type: text diff --git a/packages/kafka/data_stream/partition/manifest.yml b/packages/kafka/data_stream/partition/manifest.yml index 62f6052253f..901b976bfb3 100644 --- a/packages/kafka/data_stream/partition/manifest.yml +++ b/packages/kafka/data_stream/partition/manifest.yml @@ -16,7 +16,7 @@ streams: - name: password type: password title: SASL password - secret: true + secret: false - name: mechanism type: text title: SASL mechanism diff --git a/packages/kafka/manifest.yml b/packages/kafka/manifest.yml index 9f2c6d741f8..1b293ba7dc4 100644 --- a/packages/kafka/manifest.yml +++ b/packages/kafka/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: kafka title: Kafka -version: "1.12.0" +version: "1.12.1" description: Collect logs and metrics from Kafka servers with Elastic Agent. type: integration categories: @@ -68,7 +68,7 @@ policy_templates: - name: ssl.key_passphrase type: password title: SSL Key Passphrase - secret: true + secret: false show_user: true - name: ssl.verification_mode type: text diff --git a/packages/kafka_log/changelog.yml b/packages/kafka_log/changelog.yml index 8c4dd698308..84976d7a41a 100644 --- a/packages/kafka_log/changelog.yml +++ b/packages/kafka_log/changelog.yml @@ -1,3 +1,8 @@ +- version: 1.5.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.5.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/kafka_log/data_stream/generic/manifest.yml b/packages/kafka_log/data_stream/generic/manifest.yml index a544b4efa59..eab470ebbc1 100644 --- a/packages/kafka_log/data_stream/generic/manifest.yml +++ b/packages/kafka_log/data_stream/generic/manifest.yml @@ -85,7 +85,7 @@ streams: - name: password type: password title: Password - secret: true + secret: false description: Password used for SASL authentication. required: false show_user: true @@ -118,7 +118,7 @@ streams: - name: kerberos_password type: password title: Kerberos Password - secret: true + secret: false description: If you configured password for Auth Type, you have to provide a password for the selected principal. required: false show_user: false diff --git a/packages/kafka_log/manifest.yml b/packages/kafka_log/manifest.yml index 7e723560232..f4b3d2bc40c 100644 --- a/packages/kafka_log/manifest.yml +++ b/packages/kafka_log/manifest.yml @@ -3,7 +3,7 @@ name: kafka_log title: Custom Kafka Logs description: Collect data from kafka topic with Elastic Agent. type: integration -version: "1.5.0" +version: "1.5.1" conditions: kibana: version: "^7.16.0 || ^8.0.0" diff --git a/packages/mysql/changelog.yml b/packages/mysql/changelog.yml index 3d7c426b9e0..888a068f645 100644 --- a/packages/mysql/changelog.yml +++ b/packages/mysql/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.18.2 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.18.1 changes: - description: Add missing dimension to the performance datastream. diff --git a/packages/mysql/manifest.yml b/packages/mysql/manifest.yml index 0ca6361e276..37e56a9555a 100644 --- a/packages/mysql/manifest.yml +++ b/packages/mysql/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: mysql title: MySQL -version: "1.18.1" +version: "1.18.2" description: Collect logs and metrics from MySQL servers with Elastic Agent. type: integration categories: @@ -53,7 +53,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false default: test owner: github: elastic/obs-infraobs-integrations diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index e9e778e2938..7e77c7f2392 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.19.0" changes: - description: Add support for tags in stub status metrics diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index e5e1747d75d..f54ad2a4ef6 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: nginx title: Nginx -version: "1.19.0" +version: "1.19.1" description: Collect logs and metrics from Nginx HTTP servers with Elastic Agent. type: integration categories: @@ -65,12 +65,12 @@ policy_templates: type: password title: Splunk REST API Password show_user: true - secret: true + secret: false required: false - name: token type: password title: Splunk Authorization Token - secret: true + secret: false description: | Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." or "Splunk 192fd3e...". Cannot be used with username diff --git a/packages/oracle_weblogic/changelog.yml b/packages/oracle_weblogic/changelog.yml index 18947be3a73..73343c1466f 100644 --- a/packages/oracle_weblogic/changelog.yml +++ b/packages/oracle_weblogic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.4.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/oracle_weblogic/manifest.yml b/packages/oracle_weblogic/manifest.yml index 62a0b69a575..157886926c9 100644 --- a/packages/oracle_weblogic/manifest.yml +++ b/packages/oracle_weblogic/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: oracle_weblogic title: Oracle WebLogic -version: "1.4.0" +version: "1.4.1" description: Collect logs and metrics from Oracle WebLogic with Elastic Agent. type: integration categories: @@ -54,7 +54,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: false diff --git a/packages/postgresql/changelog.yml b/packages/postgresql/changelog.yml index 86b2c919a5e..89ff8123d28 100644 --- a/packages/postgresql/changelog.yml +++ b/packages/postgresql/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.18.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.18.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/postgresql/manifest.yml b/packages/postgresql/manifest.yml index 200df5b4010..d16b88ddd46 100644 --- a/packages/postgresql/manifest.yml +++ b/packages/postgresql/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: postgresql title: PostgreSQL -version: "1.18.0" +version: "1.18.1" description: Collect logs and metrics from PostgreSQL servers with Elastic Agent. type: integration categories: @@ -56,7 +56,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false owner: github: elastic/obs-infraobs-integrations type: elastic diff --git a/packages/prometheus/changelog.yml b/packages/prometheus/changelog.yml index b7c52571908..32741cd68d5 100644 --- a/packages/prometheus/changelog.yml +++ b/packages/prometheus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.14.2" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.14.1" changes: - description: Add Certificate Authorities for Remote Write diff --git a/packages/prometheus/data_stream/collector/manifest.yml b/packages/prometheus/data_stream/collector/manifest.yml index be3974e406b..4fcb192db8a 100644 --- a/packages/prometheus/data_stream/collector/manifest.yml +++ b/packages/prometheus/data_stream/collector/manifest.yml @@ -94,13 +94,12 @@ streams: default: user - name: password type: password - secret: true + secret: false title: 'HTTP config options: Password' description: The password to use for basic authentication. multi: false required: false show_user: false - default: secret - name: connect_timeout type: text title: 'HTTP config options: connect_timeout' diff --git a/packages/prometheus/manifest.yml b/packages/prometheus/manifest.yml index 81565133234..90dc57cefe7 100644 --- a/packages/prometheus/manifest.yml +++ b/packages/prometheus/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.10.0 name: prometheus title: Prometheus -version: 1.14.1 +version: 1.14.2 description: Collect metrics from Prometheus servers with Elastic Agent. type: integration categories: diff --git a/packages/prometheus_input/changelog.yml b/packages/prometheus_input/changelog.yml index bdacf080bfa..fd580cb7325 100644 --- a/packages/prometheus_input/changelog.yml +++ b/packages/prometheus_input/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.3.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 0.3.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/prometheus_input/manifest.yml b/packages/prometheus_input/manifest.yml index 8b0816c2019..138a7c669b1 100644 --- a/packages/prometheus_input/manifest.yml +++ b/packages/prometheus_input/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: prometheus_input title: "Prometheus Input" -version: "0.3.0" +version: "0.3.1" description: "Collects metrics from Prometheus exporter." type: input categories: @@ -84,7 +84,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: true diff --git a/packages/rabbitmq/changelog.yml b/packages/rabbitmq/changelog.yml index 236b9c8d117..ae863e464e7 100644 --- a/packages/rabbitmq/changelog.yml +++ b/packages/rabbitmq/changelog.yml @@ -1,3 +1,8 @@ +- version: 1.12.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.12.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/rabbitmq/manifest.yml b/packages/rabbitmq/manifest.yml index 02284941c34..6865c20c838 100644 --- a/packages/rabbitmq/manifest.yml +++ b/packages/rabbitmq/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: rabbitmq title: RabbitMQ Logs and Metrics -version: "1.12.0" +version: "1.12.1" description: Collect and parse logs from RabbitMQ servers with Elastic Agent. type: integration categories: @@ -60,7 +60,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: false diff --git a/packages/salesforce/changelog.yml b/packages/salesforce/changelog.yml index d8c9cf6af15..f95f80c0abe 100644 --- a/packages/salesforce/changelog.yml +++ b/packages/salesforce/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.1" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "0.13.0" changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/salesforce/manifest.yml b/packages/salesforce/manifest.yml index 2da91db3501..6641d7e2a94 100644 --- a/packages/salesforce/manifest.yml +++ b/packages/salesforce/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: salesforce title: Salesforce -version: "0.13.0" +version: "0.13.1" description: Collect logs from Salesforce with Elastic Agent. type: integration categories: @@ -53,7 +53,7 @@ vars: title: Client Secret description: OAuth 2.0 client secret. required: true - secret: true + secret: false show_user: true default: client_secret - name: username @@ -66,7 +66,7 @@ vars: - name: password type: password title: Password - secret: true + secret: false description: The password used as part of the authentication flow. required: true show_user: true diff --git a/packages/spring_boot/changelog.yml b/packages/spring_boot/changelog.yml index 815c6291b7b..09b231a201e 100644 --- a/packages/spring_boot/changelog.yml +++ b/packages/spring_boot/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: "1.3.1" changes: - description: Update README to follow documentation guidelines. diff --git a/packages/spring_boot/manifest.yml b/packages/spring_boot/manifest.yml index 0b4ad85fa90..c1799c4ca53 100644 --- a/packages/spring_boot/manifest.yml +++ b/packages/spring_boot/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: spring_boot title: Spring Boot -version: "1.3.1" +version: "1.3.2" description: This Elastic integration collects logs and metrics from Spring Boot integration. type: integration categories: @@ -88,7 +88,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: false diff --git a/packages/websphere_application_server/changelog.yml b/packages/websphere_application_server/changelog.yml index 2a073c28547..11b281aad5f 100644 --- a/packages/websphere_application_server/changelog.yml +++ b/packages/websphere_application_server/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.2.1 + changes: + - description: Disable secrets for older stack versions due to errors. + type: bugfix + link: https://github.com/elastic/integrations/pull/9279 - version: 1.2.0 changes: - description: Enable 'secret' for the sensitive fields, supported from 8.12. diff --git a/packages/websphere_application_server/manifest.yml b/packages/websphere_application_server/manifest.yml index 87bf8107dc2..88ee7950ff6 100644 --- a/packages/websphere_application_server/manifest.yml +++ b/packages/websphere_application_server/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: websphere_application_server title: WebSphere Application Server -version: "1.2.0" +version: "1.2.1" description: Collects metrics from IBM WebSphere Application Server with Elastic Agent. type: integration categories: @@ -65,7 +65,7 @@ policy_templates: - name: password type: password title: Password - secret: true + secret: false multi: false required: false show_user: false From 8f6a4441dbc33575106951690ceea41435270dee Mon Sep 17 00:00:00 2001 From: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com> Date: Thu, 7 Mar 2024 09:27:00 -0500 Subject: [PATCH 10/34] [Security Rules] Update security rules package to v8.13.1 (#9301) --- packages/security_detection_engine/changelog.yml | 5 +++++ packages/security_detection_engine/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/security_detection_engine/changelog.yml b/packages/security_detection_engine/changelog.yml index 4f092e3fab0..c8e4dfc8468 100644 --- a/packages/security_detection_engine/changelog.yml +++ b/packages/security_detection_engine/changelog.yml @@ -1,5 +1,10 @@ # newer versions go on top # NOTE: please use pre-release versions (e.g. -beta.0) until a package is ready for production +- version: 8.13.1 + changes: + - description: Release security rules update + type: enhancement + link: https://github.com/elastic/integrations/pull/9301 - version: 8.13.1-beta.1 changes: - description: Release security rules update diff --git a/packages/security_detection_engine/manifest.yml b/packages/security_detection_engine/manifest.yml index a148028d009..60c93691ca3 100644 --- a/packages/security_detection_engine/manifest.yml +++ b/packages/security_detection_engine/manifest.yml @@ -19,4 +19,4 @@ source: license: Elastic-2.0 title: Prebuilt Security Detection Rules type: integration -version: 8.13.1-beta.1 +version: 8.13.1 From b8da31eac0835513745b90cc225e06f0d105fb21 Mon Sep 17 00:00:00 2001 From: ShourieG <105607378+ShourieG@users.noreply.github.com> Date: Thu, 7 Mar 2024 20:03:20 +0530 Subject: [PATCH 11/34] [Carbon Black Cloud] - Introduced data stream specific SQS queues (#9303) * refactored the integration, added new parameters and improved documentation for making integration GA * Fixed data loss issue by providing option for data stream specific SQS queues, updated docs accordingly * updated changelog * updated docs as per PR suggestions --- .../carbon_black_cloud/_dev/build/docs/README.md | 16 ++++++++++++---- packages/carbon_black_cloud/changelog.yml | 8 ++++++++ .../alert/agent/stream/aws-s3.yml.hbs | 4 +++- .../data_stream/alert/manifest.yml | 13 +++++++++++-- .../endpoint_event/agent/stream/aws-s3.yml.hbs | 4 +++- .../data_stream/endpoint_event/manifest.yml | 13 +++++++++++-- .../watchlist_hit/agent/stream/aws-s3.yml.hbs | 4 +++- .../data_stream/watchlist_hit/manifest.yml | 13 +++++++++++-- packages/carbon_black_cloud/docs/README.md | 16 ++++++++++++---- packages/carbon_black_cloud/manifest.yml | 9 ++++++--- 10 files changed, 80 insertions(+), 20 deletions(-) diff --git a/packages/carbon_black_cloud/_dev/build/docs/README.md b/packages/carbon_black_cloud/_dev/build/docs/README.md index 0b965795fac..e384d96d393 100644 --- a/packages/carbon_black_cloud/_dev/build/docs/README.md +++ b/packages/carbon_black_cloud/_dev/build/docs/README.md @@ -6,6 +6,12 @@ The VMware Carbon Black Cloud integration collects and parses data from the Carb This module has been tested against `Alerts API (v6)`, `Audit Log Events (v3)` and `Vulnerability Assessment (v1)`. +## Version 1.21+ Update Disclaimer +Starting from version 1.21, if using multiple AWS data streams simultaneously configured to use AWS SQS, separate SQS queues should be configured per +data stream. The default values of file selector regexes have been commented out for this reason. The only reason the global queue now exists is to avoid +a breaking change while upgrading to version 1.21 and above. A separate SQS queue per data stream should help fix the data loss that's been occurring in the +older versions. + ## Requirements ### In order to ingest data from the AWS S3 bucket you must: @@ -21,21 +27,23 @@ This module has been tested against `Alerts API (v6)`, `Audit Log Events (v3)` a ### To collect data from AWS SQS, follow the below steps: 1. If data forwarding to an AWS S3 Bucket hasn't been configured, then first setup an AWS S3 Bucket as mentioned in the above documentation. -2. To setup an SQS queue, follow "Step 1: Create an Amazon SQS queue" mentioned in the [Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.html). +2. To set up an SQS queue, follow "Step 1: Create an Amazon SQS queue" mentioned in the [Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.html). - While creating an SQS Queue, please provide the same bucket ARN that has been generated after creating an AWS S3 Bucket. -3. Setup event notification for an S3 bucket. Follow this [Link](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html). - - The user has to perform Step 3 for all the data-streams individually, and each time prefix parameter should be set the same as the S3 Bucket List Prefix as created earlier. (for example, `alert_logs/` for alert data stream.) +3. Set up event notification for an S3 bucket. Follow this [Link](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html). + - The user has to perform Step 3 for all the data streams individually, and each time prefix parameter should be set the same as the S3 Bucket List Prefix as created earlier. (for example, `alert_logs/` for the alert data stream.) - For all the event notifications that have been created, select the event type as s3:ObjectCreated:*, select the destination type SQS Queue, and select the queue that has been created in Step 2. **Note**: - Credentials for the above AWS S3 and SQS input types should be configured using the [link](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-s3.html#aws-credentials-config). - Data collection via AWS S3 Bucket and AWS SQS are mutually exclusive in this case. + - When configuring SQS queues, separate queues should be used for each data stream instead of the global SQS queue from version 1.21 onwards to avoid data + loss. File selectors should not be used to filter out data stream logs using the global queue as it was in versions prior. ### In order to ingest data from the APIs you must generate API keys and API Secret Keys: 1. In Carbon Black Cloud, On the left navigation pane, click **Settings > API Access**. 2. Click Add API Key. 3. Give the API key a unique name and description. - - Select the appropriate access level type. Please check required Access Levels & Permissions for integration in below table. + - Select the appropriate access level type. Please check the required Access Levels & Permissions for integration in the table below. **Note:** To use a custom access level, select Custom from the Access Level type drop-down menu and specify the Custom Access Level. - Optional: Add authorized IP addresses. - You can restrict the use of an API key to a specific set of IP addresses for security reasons. diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 196ee4b2a4a..aebcfbd8781 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "1.21.0" + changes: + - description: Introduced data stream specific SQS queues. + type: enhancement + link: https://github.com/elastic/integrations/pull/9303 + - description: Fixed data loss issue by providing option for local SQS queues. + type: bugfix + link: https://github.com/elastic/integrations/pull/9303 - version: "1.20.0" changes: - description: Set sensitive values as secret and add missing mappings. diff --git a/packages/carbon_black_cloud/data_stream/alert/agent/stream/aws-s3.yml.hbs b/packages/carbon_black_cloud/data_stream/alert/agent/stream/aws-s3.yml.hbs index 26c4d05045f..017d6e7fe37 100644 --- a/packages/carbon_black_cloud/data_stream/alert/agent/stream/aws-s3.yml.hbs +++ b/packages/carbon_black_cloud/data_stream/alert/agent/stream/aws-s3.yml.hbs @@ -15,7 +15,9 @@ bucket_list_prefix: {{bucket_list_prefix}} {{else}} -{{#if queue_url}} +{{#if queue_url_alert}} +queue_url: {{queue_url_alert}} +{{else if queue_url}} queue_url: {{queue_url}} {{/if}} {{#if visibility_timeout}} diff --git a/packages/carbon_black_cloud/data_stream/alert/manifest.yml b/packages/carbon_black_cloud/data_stream/alert/manifest.yml index d5d4c58ad08..77c34847c23 100644 --- a/packages/carbon_black_cloud/data_stream/alert/manifest.yml +++ b/packages/carbon_black_cloud/data_stream/alert/manifest.yml @@ -52,6 +52,15 @@ streams: description: Collect alerts from Carbon Black Cloud. template_path: aws-s3.yml.hbs vars: + - name: queue_url_alert + type: text + title: "[Alert][SQS] Queue URL" + multi: false + required: false + show_user: true + description: |- + URL of the AWS SQS queue that messages will be received from. This is only required if you want to collect logs via AWS SQS. + This is an alert data stream specific queue URL. This will override the global queue URL if provided. - name: bucket_list_prefix type: text title: "[S3] Bucket Prefix" @@ -106,8 +115,8 @@ streams: required: false show_user: false default: | - - regex: "alert_logs/" - description: If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Regexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed. + # - regex: "alert_logs/" + description: "If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. \nThis is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. \nIf file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. \nRegexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed.\n[NOTE]: It is recommended to use data stream specific SQS queues instead of file_selectors to avoid data loss." - name: tags type: text title: Tags diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/agent/stream/aws-s3.yml.hbs b/packages/carbon_black_cloud/data_stream/endpoint_event/agent/stream/aws-s3.yml.hbs index 26c4d05045f..a2585da6986 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/agent/stream/aws-s3.yml.hbs +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/agent/stream/aws-s3.yml.hbs @@ -15,7 +15,9 @@ bucket_list_prefix: {{bucket_list_prefix}} {{else}} -{{#if queue_url}} +{{#if queue_url_endpoint_event}} +queue_url: {{queue_url_endpoint_event}} +{{else if queue_url}} queue_url: {{queue_url}} {{/if}} {{#if visibility_timeout}} diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/manifest.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/manifest.yml index 97d31940eb8..17a921e3466 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/manifest.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/manifest.yml @@ -6,6 +6,15 @@ streams: description: Collect endpoint events from Carbon Black Cloud. template_path: aws-s3.yml.hbs vars: + - name: queue_url_endpoint_event + type: text + title: "[Endpoint Event][SQS] Queue URL" + multi: false + required: false + show_user: true + description: |- + URL of the AWS SQS queue that messages will be received from. This is only required if you want to collect logs via AWS SQS. + This is an endpoint event data stream specific queue URL. This will override the global queue URL if provided. - name: bucket_list_prefix type: text title: "[S3] Bucket Prefix" @@ -60,8 +69,8 @@ streams: required: false show_user: false default: | - - regex: "endpoint_event_logs/" - description: If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Regexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed. + # - regex: "endpoint_event_logs/" + description: "If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. \nThis is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. \nIf file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. \nRegexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed.\n[NOTE]: It is recommended to use data stream specific SQS queues instead of file_selectors to avoid data loss." - name: tags type: text title: Tags diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/agent/stream/aws-s3.yml.hbs b/packages/carbon_black_cloud/data_stream/watchlist_hit/agent/stream/aws-s3.yml.hbs index 26c4d05045f..3cda66cf74d 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/agent/stream/aws-s3.yml.hbs +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/agent/stream/aws-s3.yml.hbs @@ -15,7 +15,9 @@ bucket_list_prefix: {{bucket_list_prefix}} {{else}} -{{#if queue_url}} +{{#if queue_url_watchlist_hit}} +queue_url: {{queue_url_watchlist_hit}} +{{else if queue_url}} queue_url: {{queue_url}} {{/if}} {{#if visibility_timeout}} diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/manifest.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/manifest.yml index 24fc8610729..7f859df620f 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/manifest.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/manifest.yml @@ -6,6 +6,15 @@ streams: description: Collect watchlist hit from Carbon Black Cloud. template_path: aws-s3.yml.hbs vars: + - name: queue_url_watchlist_hit + type: text + title: "[Watchlist Hit][SQS] Queue URL" + multi: false + required: false + show_user: true + description: |- + URL of the AWS SQS queue that messages will be received from. This is only required if you want to collect logs via AWS SQS. + This is a watchlist hit data stream specific queue URL. This will override the global queue URL if provided. - name: bucket_list_prefix type: text title: "[S3] Bucket Prefix" @@ -60,8 +69,8 @@ streams: required: false show_user: false default: | - - regex: "watchlist_hit_logs/" - description: If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Regexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed. + # - regex: "watchlist_hit_logs/" + description: "If the SQS queue will have events that correspond to files that this integration shouldn’t process, file_selectors can be used to limit the files that are downloaded. \nThis is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. \nIf file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. \nRegexes use [RE2 syntax](https://pkg.go.dev/regexp/syntax). Files that don’t match one of the regexes will not be processed.\n[NOTE]: It is recommended to use data stream specific SQS queues instead of file_selectors to avoid data loss." - name: tags type: text title: Tags diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index e7808a45063..9a458d7825f 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -6,6 +6,12 @@ The VMware Carbon Black Cloud integration collects and parses data from the Carb This module has been tested against `Alerts API (v6)`, `Audit Log Events (v3)` and `Vulnerability Assessment (v1)`. +## Version 1.21+ Update Disclaimer +Starting from version 1.21, if using multiple AWS data streams simultaneously configured to use AWS SQS, separate SQS queues should be configured per +data stream. The default values of file selector regexes have been commented out for this reason. The only reason the global queue now exists is to avoid +a breaking change while upgrading to version 1.21 and above. A separate SQS queue per data stream should help fix the data loss that's been occurring in the +older versions. + ## Requirements ### In order to ingest data from the AWS S3 bucket you must: @@ -21,21 +27,23 @@ This module has been tested against `Alerts API (v6)`, `Audit Log Events (v3)` a ### To collect data from AWS SQS, follow the below steps: 1. If data forwarding to an AWS S3 Bucket hasn't been configured, then first setup an AWS S3 Bucket as mentioned in the above documentation. -2. To setup an SQS queue, follow "Step 1: Create an Amazon SQS queue" mentioned in the [Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.html). +2. To set up an SQS queue, follow "Step 1: Create an Amazon SQS queue" mentioned in the [Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ways-to-add-notification-config-to-bucket.html). - While creating an SQS Queue, please provide the same bucket ARN that has been generated after creating an AWS S3 Bucket. -3. Setup event notification for an S3 bucket. Follow this [Link](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html). - - The user has to perform Step 3 for all the data-streams individually, and each time prefix parameter should be set the same as the S3 Bucket List Prefix as created earlier. (for example, `alert_logs/` for alert data stream.) +3. Set up event notification for an S3 bucket. Follow this [Link](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-event-notifications.html). + - The user has to perform Step 3 for all the data streams individually, and each time prefix parameter should be set the same as the S3 Bucket List Prefix as created earlier. (for example, `alert_logs/` for the alert data stream.) - For all the event notifications that have been created, select the event type as s3:ObjectCreated:*, select the destination type SQS Queue, and select the queue that has been created in Step 2. **Note**: - Credentials for the above AWS S3 and SQS input types should be configured using the [link](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-aws-s3.html#aws-credentials-config). - Data collection via AWS S3 Bucket and AWS SQS are mutually exclusive in this case. + - When configuring SQS queues, separate queues should be used for each data stream instead of the global SQS queue from version 1.21 onwards to avoid data + loss. File selectors should not be used to filter out data stream logs using the global queue as it was in versions prior. ### In order to ingest data from the APIs you must generate API keys and API Secret Keys: 1. In Carbon Black Cloud, On the left navigation pane, click **Settings > API Access**. 2. Click Add API Key. 3. Give the API key a unique name and description. - - Select the appropriate access level type. Please check required Access Levels & Permissions for integration in below table. + - Select the appropriate access level type. Please check the required Access Levels & Permissions for integration in the table below. **Note:** To use a custom access level, select Custom from the Access Level type drop-down menu and specify the Custom Access Level. - Optional: Add authorized IP addresses. - You can restrict the use of an API key to a specific set of IP addresses for security reasons. diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index ba5cdde7d9a..8a9b5778546 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.20.0" +version: "1.21.0" description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration categories: @@ -125,11 +125,14 @@ policy_templates: description: It is a required parameter for collecting logs via the AWS S3 Bucket. - name: queue_url type: text - title: "[SQS] Queue URL" + title: "[Global][SQS] Queue URL" multi: false required: false show_user: true - description: URL of the AWS SQS queue that messages will be received from. It is a required parameter for collecting logs via the AWS SQS. + description: |- + URL of the AWS SQS queue that messages will be received from. + This is only required if you want to collect logs via AWS SQS. + This is a global queue URL, i.e this can be overridden by specific local queue URLs for each data stream if required. - name: access_key_id type: password title: Access Key ID From 0ae35e65a7c7f53115ff7288df7d0f5ff378c873 Mon Sep 17 00:00:00 2001 From: Mario Rodriguez Molins Date: Thu, 7 Mar 2024 17:50:36 +0100 Subject: [PATCH 12/34] [Buildkite] Avoid fail job if no XML files are downloaded in sonarqube step (#9302) Avoid fail job if no XML files are downloaded in sonarqube step, following the same strategy as in JUnit plugin. That means if downloading artifacts command fails, this step will not be considered as a failure. In that case a warning message will be added as an annotation. --- .buildkite/scripts/run_sonar_scanner.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.buildkite/scripts/run_sonar_scanner.sh b/.buildkite/scripts/run_sonar_scanner.sh index ecd564c5c6a..55650d26ee7 100755 --- a/.buildkite/scripts/run_sonar_scanner.sh +++ b/.buildkite/scripts/run_sonar_scanner.sh @@ -2,8 +2,17 @@ set -euo pipefail run_sonar_scanner() { + local message="" echo "--- Download coverage reports and merge them" - buildkite-agent artifact download build/test-coverage/coverage-*.xml . + if ! buildkite-agent artifact download build/test-coverage/coverage-*.xml . ; then + message="Could not download XML artifacts. Skip coverage." + echo "--- :boom: ${message}" + buildkite-agent annotate \ + "[Code inspection] ${message}" \ + --context "ctx-sonarqube-no-files" \ + --style "warning" + exit 0 + fi echo "Merge all coverage reports" .buildkite/scripts/merge_xml.sh From 916a5b637e57c285c6e34d3b35343e962ca7bfd0 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Fri, 8 Mar 2024 08:11:32 +1030 Subject: [PATCH 13/34] ti_crowdstrike: ensure timestamp is rendered as an integer (#9288) Without the int conversion the timestamp will be rendered as a double using e-notation. Timestamps are under 1p53, so no special care is required to ensure no loss of precision. --- packages/ti_crowdstrike/_dev/deploy/docker/files/config.yml | 1 + packages/ti_crowdstrike/changelog.yml | 5 +++++ .../data_stream/intel/agent/stream/cel.yml.hbs | 6 +++--- packages/ti_crowdstrike/manifest.yml | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/ti_crowdstrike/_dev/deploy/docker/files/config.yml b/packages/ti_crowdstrike/_dev/deploy/docker/files/config.yml index a6318ece4af..1045d4232e3 100644 --- a/packages/ti_crowdstrike/_dev/deploy/docker/files/config.yml +++ b/packages/ti_crowdstrike/_dev/deploy/docker/files/config.yml @@ -16,6 +16,7 @@ rules: query_params: offset: 0 limit: 1 + filter: '{filter:_marker:>"[0-9]+"}' responses: - status_code: 200 headers: diff --git a/packages/ti_crowdstrike/changelog.yml b/packages/ti_crowdstrike/changelog.yml index 867599051fc..dc238000b4e 100644 --- a/packages/ti_crowdstrike/changelog.yml +++ b/packages/ti_crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.3" + changes: + - description: Ensure integer timestamp is rendered as an integer. + type: bugfix + link: https://github.com/elastic/integrations/pull/9288 - version: "0.5.2" changes: - description: Add ilm policy to intel data stream. diff --git a/packages/ti_crowdstrike/data_stream/intel/agent/stream/cel.yml.hbs b/packages/ti_crowdstrike/data_stream/intel/agent/stream/cel.yml.hbs index eb2d646e13e..c716222fd22 100644 --- a/packages/ti_crowdstrike/data_stream/intel/agent/stream/cel.yml.hbs +++ b/packages/ti_crowdstrike/data_stream/intel/agent/stream/cel.yml.hbs @@ -35,10 +35,10 @@ program: | !state.want_more ? request("GET", state.url + "/intel/combined/indicators/v1?offset=0&sort=_marker.asc&limit=" + string(state.batch_size) + '&filter=_marker:>"' + ( has(state.cursor) && has(state.cursor.last_timestamp) && state.cursor.last_timestamp != null ? - string(state.cursor.last_timestamp) + '"' + string(int(state.cursor.last_timestamp)) : - string(int(now - duration(state.initial_interval))) + '"' - )) + string(int(now - duration(state.initial_interval))) + ) + '"') : request("GET", state.url + string(state.next_url[0])) ).do_request().as(resp, diff --git a/packages/ti_crowdstrike/manifest.yml b/packages/ti_crowdstrike/manifest.yml index 843c5edf643..3a481a39ab3 100644 --- a/packages/ti_crowdstrike/manifest.yml +++ b/packages/ti_crowdstrike/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: ti_crowdstrike title: CrowdStrike Falcon Intelligence -version: 0.5.2 +version: 0.5.3 description: Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent. type: integration categories: From a5822e0db073d9fee6d22456541bb9ce29b6d012 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Fri, 8 Mar 2024 19:04:05 +1030 Subject: [PATCH 14/34] ti_mandiant_advantage: remove invalid non-leaf field definition (#9309) --- packages/ti_mandiant_advantage/changelog.yml | 5 +++++ .../data_stream/threat_intelligence/fields/ecs.yml | 2 -- packages/ti_mandiant_advantage/docs/README.md | 1 - packages/ti_mandiant_advantage/manifest.yml | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/packages/ti_mandiant_advantage/changelog.yml b/packages/ti_mandiant_advantage/changelog.yml index 88e0502b5ca..239aec69d00 100644 --- a/packages/ti_mandiant_advantage/changelog.yml +++ b/packages/ti_mandiant_advantage/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.1" + changes: + - description: Remove invalid field definition. + type: bugfix + link: https://github.com/elastic/integrations/pull/9309 - version: "1.1.0" changes: - description: Set sensitive values as secret. diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml index 0090bbfe7aa..b99f4c3fe77 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml @@ -1,5 +1,3 @@ -- external: ecs - name: cloud - external: ecs name: cloud.account.id dimension: true diff --git a/packages/ti_mandiant_advantage/docs/README.md b/packages/ti_mandiant_advantage/docs/README.md index 0d0da3633c9..3e1267d9baf 100644 --- a/packages/ti_mandiant_advantage/docs/README.md +++ b/packages/ti_mandiant_advantage/docs/README.md @@ -167,7 +167,6 @@ An example event for `threat_intelligence` looks as following: | Field | Description | Type | |---|---|---| | @timestamp | Event timestamp. | date | -| cloud | Fields related to the cloud or infrastructure the events are coming from. | group | | cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | | cloud.account.name | The cloud account name or alias used to identify different entities in a multi-tenant environment. Examples: AWS account name, Google Cloud ORG display name. | keyword | | cloud.availability_zone | Availability zone in which this host, resource, or service is located. | keyword | diff --git a/packages/ti_mandiant_advantage/manifest.yml b/packages/ti_mandiant_advantage/manifest.yml index c7dd6a239a1..fc5877734e3 100644 --- a/packages/ti_mandiant_advantage/manifest.yml +++ b/packages/ti_mandiant_advantage/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: ti_mandiant_advantage title: "Mandiant Advantage" -version: 1.1.0 +version: 1.1.1 source: license: "Elastic-2.0" description: "Collect Threat Intelligence from products within the Mandiant Advantage platform." From 0bc4817632a3df0af9c8ae2250c85cb535987b31 Mon Sep 17 00:00:00 2001 From: Mohit Jha <138874484+mohitjha-elastic@users.noreply.github.com> Date: Fri, 8 Mar 2024 15:08:45 +0530 Subject: [PATCH 15/34] [ti_threatconnect] Update Fingerprint Processor and Description for Configuration Parameters (#9231) * Update mapping of event.id and resolve review comment. 1. In the recent threatconnect discussion, they suggested to map event.id with the summary field as summary will be the unique identifier for the event. 2. Add escape_string in access and secret and remove double quote from them for handling special characters in secrets. --- .../ti_threatconnect/_dev/build/docs/README.md | 1 + .../_dev/deploy/docker/files/config-indicator.yml | 4 ++-- packages/ti_threatconnect/changelog.yml | 11 +++++++++++ .../pipeline/test-indicator.log-expected.json | 2 +- .../_dev/test/system/test-default-config.yml | 2 +- .../indicator/agent/stream/cel.yml.hbs | 4 ++-- .../elasticsearch/ingest_pipeline/default.yml | 12 ++++++------ .../data_stream/indicator/manifest.yml | 6 +++--- .../data_stream/indicator/sample_event.json | 14 +++++++------- packages/ti_threatconnect/docs/README.md | 15 ++++++++------- packages/ti_threatconnect/manifest.yml | 8 ++++---- 11 files changed, 46 insertions(+), 33 deletions(-) diff --git a/packages/ti_threatconnect/_dev/build/docs/README.md b/packages/ti_threatconnect/_dev/build/docs/README.md index 16265138023..6e963366896 100644 --- a/packages/ti_threatconnect/_dev/build/docs/README.md +++ b/packages/ti_threatconnect/_dev/build/docs/README.md @@ -34,6 +34,7 @@ There are some minimum requirements for running Elastic Agent and for more infor The minimum **kibana.version** required is **8.11.0**. This module has been tested against the **ThreatConnect API Version v3**. +The minimum required ThreatConnect Platform version needs to be **7.3.1**. ## Setup diff --git a/packages/ti_threatconnect/_dev/deploy/docker/files/config-indicator.yml b/packages/ti_threatconnect/_dev/deploy/docker/files/config-indicator.yml index 5469396403b..ef2b12fa46b 100644 --- a/packages/ti_threatconnect/_dev/deploy/docker/files/config-indicator.yml +++ b/packages/ti_threatconnect/_dev/deploy/docker/files/config-indicator.yml @@ -398,7 +398,7 @@ rules: "threatAssessScore": 281, "threatAssessScoreObserved": 0, "threatAssessScoreFalsePositive": 0, - "summary": "http://www.testingmcafeesites.com/testcat_pc.html", + "summary": "http://www.testingmcafeesites.com/testcat_pc1.html", "privateFlag": false, "active": true, "activeLocked": false, @@ -572,7 +572,7 @@ rules: ] }, "type": "EmailAddress", - "lastModified": "2023-12-05T06:38:53Z", + "lastModified": "2023-12-06T06:38:53Z", "threatAssessRating": 0, "threatAssessConfidence": 0, "threatAssessScore": 281, diff --git a/packages/ti_threatconnect/changelog.yml b/packages/ti_threatconnect/changelog.yml index 3faf13d2197..80776133e35 100644 --- a/packages/ti_threatconnect/changelog.yml +++ b/packages/ti_threatconnect/changelog.yml @@ -1,4 +1,15 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update Readme and Description for configuration parameters. + type: enhancement + link: https://github.com/elastic/integrations/pull/9231 + - description: Update field for Fingerprint processor and mapping of Event ID. + type: enhancement + link: https://github.com/elastic/integrations/pull/9231 + - description: Resolve Signature Mismatch error with special character starting secret_key. + type: enhancement + link: https://github.com/elastic/integrations/pull/9231 - version: "0.2.0" changes: - description: Set sensitive values as secret, upgrade to package spec 3.0.3, and add missing mapping. diff --git a/packages/ti_threatconnect/data_stream/indicator/_dev/test/pipeline/test-indicator.log-expected.json b/packages/ti_threatconnect/data_stream/indicator/_dev/test/pipeline/test-indicator.log-expected.json index 54991f042d3..6608d11900c 100644 --- a/packages/ti_threatconnect/data_stream/indicator/_dev/test/pipeline/test-indicator.log-expected.json +++ b/packages/ti_threatconnect/data_stream/indicator/_dev/test/pipeline/test-indicator.log-expected.json @@ -22,7 +22,7 @@ "category": [ "threat" ], - "id": "891599", + "id": "johnbae@poverts.com", "kind": "enrichment", "original": "{\"id\": 891599,\"dateAdded\": \"2023-08-25T12:57:24Z\",\"description\": \"bad email\",\"securityLabels\": {\"data\": [{\"id\": 3,\"name\": \"TLP:AMBER\",\"source\": \"https://fp.tools/api/v4/indicators/attribute/pN0psYjPUQ6a_sxPSW5XjQ\",\"description\": \"Thissecuritylabelisusedforinformationthatrequiressupporttobeeffectivelyactedupon,yetcarriesriskstoprivacy,reputation,oroperationsifsharedoutsideoftheorganizationsinvolved.Informationwiththislabelcanbesharedwithmembersofanorganizationanditsclients.\",\"color\": \"FFC000\",\"owner\": \"System\",\"dateAdded\": \"2016-08-31T00:00:00Z\"}]},\"ownerId\": 51,\"ownerName\": \"Elastic\",\"webLink\": \"https://partnerstage-intel.threatconnect.com/\",\"tags\": {\"data\": [{\"id\": 1,\"name\": \"userexecution:maliciouslink\",\"lastUsed\": \"2023-08-25T13:15:30Z\",\"description\": \"ApplythisTagtoobjectsrelatedtoransomwareattacks\",\"owner\": \"Demoorganization\",\"techniqueId\": \"T1055.005\",\"platforms\": {\"data\": [\"Windows\"],\"count\": 1}}]},\"type\": \"EmailAddress\",\"lastModified\": \"2023-12-01T08:26:48Z\",\"rating\": 3,\"confidence\": 61,\"threatAssessRating\": 3,\"threatAssessConfidence\": 61,\"threatAssessScore\": 382,\"threatAssessScoreObserved\": 0,\"threatAssessScoreFalsePositive\": 0,\"summary\": \"johnbae@poverts.com\",\"privateFlag\": false,\"active\": true,\"activeLocked\": false,\"Key Name\": \"HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\Setup\\\\Status\\\\ChildCompletion\",\"Value Name\": \"0\",\"Value Type\": \"REG_QWORD\",\"AS Number\": \"ASN1234\",\"md5\": \"F5A2496CF66CXXCFFE66CXXB27D7XXXX\",\"sha256\": \"7D5FFFBFE8D098E369466164F705B4D692517A2B4659A03901DAF67CF78XXXXX\",\"sha1\": \"samplesha1\",\"hostName\": \"samplehost\",\"size\": 123,\"ip\": \"0.0.0.0\",\"text\": \"http://www.testingmcafeesites.com/tes_pc.html\",\"firstSeen\": \"2023-10-04T12:34:56Z\",\"lastSeen\": \"2023-10-04T12:34:56Z\",\"Hashtag\": \"#testabc\",\"Mutex\": \"Test.Mutex()\",\"dnsActive\": false,\"whoisActive\": true,\"Subject\": \"Spam\",\"source\": \"https://fp.tools/api/v4/indicators/attribute/pN0psYjPUQ6a_sxXXXXX\",\"externalDateAdded\": \"2023-10-04T12:34:56Z\",\"externalDateExpires\": \"2023-10-04T12:34:56Z\",\"externalLastModified\": \"2023-10-04T12:34:56Z\",\"Block\": \"0.0.0.0\",\"User Agent String\": \"PostmanRuntime/7.32.3\",\"associatedGroups\": {\"data\": [{\"id\": 6,\"ownerId\": 51,\"ownerName\": \"DemoOrganization\",\"dateAdded\": \"2021-11-03T14:57:45Z\",\"webLink\": \"https://app.threatconnect.com/#/details/groups/3/overview\",\"type\": \"Incident\",\"name\": \"BadIncident\",\"createdBy\": {\"userName\": \"johnsmithxyz@gmail.com\",\"firstName\": \"john\",\"lastName\": \"smith\",\"pseudonym\": \"jsmithAPI\",\"owner\": \"DemoOrganization\",\"id\": 3},\"upVoteCount\": \"0\",\"downVoteCount\": \"0\",\"generatedReport\": true,\"password\": \"duwyhfsjhsi\",\"malware\": true,\"lastModified\": \"2021-10-21T19:54:59Z\",\"legacyLink\": \"https://app.threatconnect.com/auth/document/document.xhtml?document=10\",\"to\": \"demo@sample.com\",\"from\": \"auto-confirm@bad.com\",\"subject\": \"YourAmazon.comorderfordemo@sample.com\",\"header\": \"emailheadergoeshere\",\"body\": \"Pleasevisitbad.comtoseeyourorderandgiveusallyourmoney\",\"scoreIncludesBody\": true,\"emailDate\": \"2021-09-17T12:50:19Z\",\"scoreBreakdown\": \"RuleSPFNeutralwasmatchedagainst'neutral'.\",\"eventDate\": \"2021-09-17T12:50:19Z\",\"status\": \"New\",\"publishDate\": \"2021-09-17T12:50:19Z\",\"fileText\": \"Filetext\",\"assignments\": {\"data\": [{\"type\": \"Assigned\",\"user\": {\"id\": 12}}]},\"dueDate\": \"2021-09-17T12:50:19Z\",\"escalationDate\": \"2021-09-17T12:50:19Z\",\"reminderDate\": \"2021-09-17T12:50:19Z\",\"externalDateAdded\": \"2021-09-17T12:50:19Z\",\"externalDateExpires\": \"2021-09-17T12:50:19Z\",\"externalLastModified\": \"2021-09-17T12:50:19Z\",\"firstSeen\": \"2021-09-17T12:50:19Z\",\"lastSeen\": \"2021-09-17T12:50:19Z\",\"xid\": \"a1a1a1a1-a1a1-a1a1-a1a1-a1a1a1a1a1a1\",\"upVote\": false,\"fileName\": \"indicators.txt\",\"fileSize\": 36,\"documentType\": \"Text\",\"documentDateAdded\": \"2021-10-21T19:54:59Z\",\"fileType\": \"Hash\"}]},\"associatedIndicators\": {\"data\": [{\"lastModified\": \"2021-11-02T13:07:08Z\",\"description\": \"A bad email found\",\"Subject\": \"Spam\",\"id\": 10,\"md5\": \"F5A2496CF66CB8CFFE66CB1B27DXXXXX\",\"sha256\": \"7D5FFFBFE8D098E369466164F705B4D692517A2B4659A03901DAF67CF78XXXXX\",\"sha1\": \"samplesha1\",\"size\": 124,\"Block\": \"0.0.0.0\",\"hostName\": \"samplehost\",\"type\": \"File\",\"summary\": \"F5A2496CF66CB8CFFE66CB1B27D7DEDE\",\"confidence\": 20,\"ip\": \"0.0.0.0\",\"text\": \"http://www.testingmcafeesites.com/test_pc.html\",\"Key Name\": \"HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\Setup\\\\Status\\\\ChildCompletion\",\"Value Name\": \"0\",\"Value Type\": \"REG_QWORD\",\"AS Number\": \"ASN1234\",\"address\": \"johnxyz@newnime.com\",\"User Agent String\": \"PostmanRuntime/7.32.3\",\"ownerId\": 1,\"ownerName\": \"DemoOrganization\",\"dateAdded\": \"2021-11-02T13:07:08Z\",\"webLink\": \"https://app.threatconnect.com/#/details/indicators/10/overview\",\"privateFlag\": false,\"active\": true,\"activeLocked\": false,\"legacyLink\": \"https://app.threatconnect.com/auth/indicators/details/file.xhtml?file=F5A2496CF66CB8CFFE66CB1B27D7DEDE&owner=Demo+Organization\",\"Hashtag\": \"#testabc\",\"rating\": 3,\"Mutex\": \"Test.Mutex()\",\"dnsActive\": false,\"whoisActive\": true,\"externalDateAdded\": \"2023-10-04T12:34:56Z\",\"externalDateExpires\": \"2023-10-04T12:34:56Z\",\"externalLastModified\": \"2023-10-04T12:34:56Z\",\"firstSeen\": \"2023-10-04T12:34:56Z\",\"lastSeen\": \"2023-10-04T12:34:56Z\"},{\"lastModified\": \"2021-11-02T13:07:08Z\",\"description\": \"A bad email found\",\"Subject\": \"Spam\",\"id\": 11,\"md5\": \"F5A2496CF66CB8CFFE66CB1B27DXXXXX\",\"sha256\": \"7D5FFFBFE8D098E369466164F705B4D692517A2B4659A03901DAF67CF78XXXXX\",\"sha1\": \"samplesha1\",\"size\": \"124\",\"Block\": \"0.0.0.0/8\",\"hostName\": \"samplehost\",\"type\": \"File\",\"summary\": \"F5A2496CF66CB8CFFE66CB1B27D7DEDE\",\"confidence\": 20,\"ip\": \"0.0.0.0\",\"text\": \"http://www.testingmcafeesites.com/test_pc.html\",\"Key Name\": \"HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\Setup\\\\Status\\\\ChildCompletion\",\"Value Name\": \"0\",\"Value Type\": \"REG_QWORD\",\"AS Number\": \"ASN1234\",\"address\": \"johnxyz@newnime.com\",\"User Agent String\": \"PostmanRuntime/7.32.3\",\"ownerId\": 1,\"ownerName\": \"DemoOrganization\",\"dateAdded\": \"2021-11-02T13:07:08Z\",\"webLink\": \"https://app.threatconnect.com/#/details/indicators/10/overview\",\"privateFlag\": false,\"active\": true,\"activeLocked\": false,\"legacyLink\": \"https://app.threatconnect.com/auth/indicators/details/file.xhtml?file=F5A2496CF66CB8CFFE66CB1B27D7DEDE&owner=Demo+Organization\",\"Hashtag\": \"#testabc\",\"rating\": 3,\"Mutex\": \"Test.Mutex()\",\"dnsActive\": false,\"whoisActive\": true,\"externalDateAdded\": \"2023-10-04T12:34:56Z\",\"externalDateExpires\": \"2023-10-04T12:34:56Z\",\"externalLastModified\": \"2023-10-04T12:34:56Z\",\"firstSeen\": \"2023-10-04T12:34:56Z\",\"lastSeen\": \"2023-10-04T12:34:56Z\"},{\"lastModified\": \"2021-11-02T13:07:08Z\",\"description\": \"A bad email found\",\"Subject\": \"Spam\",\"id\": 12,\"md5\": \"F5A2496CF66CB8CFFE66CB1B27DXXXXX\",\"sha256\": \"7D5FFFBFE8D098E369466164F705B4D692517A2B4659A03901DAF67CF78XXXXX\",\"sha1\": \"samplesha1\",\"size\": \"124\",\"Block\": \"0.0.0.0/125\",\"hostName\": \"samplehost\",\"type\": \"File\",\"summary\": \"F5A2496CF66CB8CFFE66CB1B27D7DEDE\",\"confidence\": 20,\"ip\": \"0.0.0.0\",\"text\": \"http://www.testingmcafeesites.com/test_pc.html\",\"Key Name\": \"HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\Setup\\\\Status\\\\ChildCompletion\",\"Value Name\": \"0\",\"Value Type\": \"REG_QWORD\",\"AS Number\": \"ASN1234\",\"address\": \"johnxyz@newnime.com\",\"User Agent String\": \"PostmanRuntime/7.32.3\",\"ownerId\": 1,\"ownerName\": \"DemoOrganization\",\"dateAdded\": \"2021-11-02T13:07:08Z\",\"webLink\": \"https://app.threatconnect.com/#/details/indicators/10/overview\",\"privateFlag\": false,\"active\": true,\"activeLocked\": false,\"legacyLink\": \"https://app.threatconnect.com/auth/indicators/details/file.xhtml?file=F5A2496CF66CB8CFFE66CB1B27D7DEDE&owner=Demo+Organization\",\"Hashtag\": \"#testabc\",\"rating\": 3,\"Mutex\": \"Test.Mutex()\",\"dnsActive\": false,\"whoisActive\": true,\"externalDateAdded\": \"2023-10-04T12:34:56Z\",\"externalDateExpires\": \"2023-10-04T12:34:56Z\",\"externalLastModified\": \"2023-10-04T12:34:56Z\",\"firstSeen\": \"2023-10-04T12:34:56Z\",\"lastSeen\": \"2023-10-04T12:34:56Z\"}]},\"attributes\": {\"data\": [{\"id\": 6843246,\"dateAdded\": \"2023-08-25T13:16:12Z\",\"type\": \"EmailAddressUsage\",\"value\": \"PhishingEmailSender\",\"createdBy\": {\"id\": 69,\"userName\": \"johnxys@abc.co\",\"firstName\": \"John\",\"lastName\": \"Smith\",\"pseudonym\": \"JohnS\",\"owner\": \"Elastic\"},\"lastModified\": \"2023-08-25T13:16:12Z\",\"pinned\": false,\"default\": false}]},\"address\": \"hohnabc@xyz.com\",\"legacyLink\": \"https://partnerstage-intel.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=misoyil388%40poverts.com&owner=Elastic\",\"associatedArtifacts\": {\"data\": [{\"id\": 12345}]},\"associatedCases\": {\"data\": [{\"id\": 123457}]},\"fileActions\": {\"data\": [{\"id\": 123456}]},\"fileOccurrences\": {\"data\": [{\"fileName\": \"win999301.dll\",\"path\": \"C:\\\\Windows\\\\System\",\"date\": \"2022-06-14T10:00:00Z\"}]},\"customAssociations\": {\"data\": [{\"id\": 123458}]},\"dnsResolution\": {\"data\": [{\"id\": 123459}]},\"enrichment\": {\"data\": [{\"id\": 123455}]},\"falsePositives\": 1,\"lastFalsePositive\": \"2023-10-04T12:34:56Z\",\"falsePositiveReportedByUser\": false,\"genericCustomIndicatorValues\": {\"data\": [{\"id\": 1234551}]},\"geoLocation\": {\"data\": [{\"id\": 1234552}]},\"investigationLinks\": {\"data\": [{\"id\": 1234553}]},\"observations\": {\"data\": [{\"id\": 1234556}]},\"trackedUsers\": {\"data\": [{\"id\": 1234557}]},\"whoIs\": {\"data\": [{\"id\": 1234558}]}}", "type": [ diff --git a/packages/ti_threatconnect/data_stream/indicator/_dev/test/system/test-default-config.yml b/packages/ti_threatconnect/data_stream/indicator/_dev/test/system/test-default-config.yml index baabbe68189..7c50d5d0e73 100644 --- a/packages/ti_threatconnect/data_stream/indicator/_dev/test/system/test-default-config.yml +++ b/packages/ti_threatconnect/data_stream/indicator/_dev/test/system/test-default-config.yml @@ -2,7 +2,7 @@ input: cel service: threatconnect-indicator vars: url: http://{{Hostname}}:{{Port}} - access_id: 1234 + access_id: "1234" secret_key: xxxx data_stream: vars: diff --git a/packages/ti_threatconnect/data_stream/indicator/agent/stream/cel.yml.hbs b/packages/ti_threatconnect/data_stream/indicator/agent/stream/cel.yml.hbs index 0120c338e13..25b3190b3ed 100644 --- a/packages/ti_threatconnect/data_stream/indicator/agent/stream/cel.yml.hbs +++ b/packages/ti_threatconnect/data_stream/indicator/agent/stream/cel.yml.hbs @@ -21,8 +21,8 @@ resource.timeout: {{http_client_timeout}} {{/if}} resource.url: {{url}} state: - access_id: "{{access_id}}" - secret_key: {{secret_key}} + access_id: {{escape_string access_id}} + secret_key: {{escape_string secret_key}} counter: 0 want_more: false batch: {{batch_size}} diff --git a/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml index 320851d4b83..bbb271b23cc 100644 --- a/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml @@ -39,7 +39,7 @@ processors: value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - fingerprint: fields: - - json.id + - json.summary - json.lastModified target_field: _id ignore_missing: true @@ -1641,11 +1641,6 @@ processors: target_field: threat_connect.indicator.id type: string ignore_missing: true - - set: - field: event.id - tag: set_event_id_from_indicator_id - copy_from: threat_connect.indicator.id - ignore_empty_value: true - rename: field: json.investigationLinks tag: rename_investigationLinks @@ -1980,6 +1975,11 @@ processors: tag: rename_summary target_field: threat_connect.indicator.summary ignore_missing: true + - set: + field: event.id + tag: set_event_id_from_indicator_summary + copy_from: threat_connect.indicator.summary + ignore_empty_value: true - foreach: field: json.tags.data if: ctx.json?.tags?.data != null diff --git a/packages/ti_threatconnect/data_stream/indicator/manifest.yml b/packages/ti_threatconnect/data_stream/indicator/manifest.yml index b720acd3868..349bab0f8c3 100644 --- a/packages/ti_threatconnect/data_stream/indicator/manifest.yml +++ b/packages/ti_threatconnect/data_stream/indicator/manifest.yml @@ -10,14 +10,14 @@ streams: - name: tql type: text title: TQL - description: Filter results based on query written in TQL. + description: Filter results based on query written in [TQL](https://knowledge.threatconnect.com/docs/threatconnect-query-language-tql). multi: false required: false show_user: true - name: initial_interval type: text title: Initial Interval - description: How far back to pull the Indicator logs from ThreatConnect. Supported units for this parameter are h/m/s. + description: How far back to pull Indicators and the groups associated with those indicators from ThreatConnect. Supported units for this parameter are h/m/s. multi: false required: true show_user: true @@ -30,7 +30,7 @@ streams: show_user: true default: "90d" description: >- - Enforces all IOCs to expire after this duration. This setting is required to avoid "orphaned" IOCs that never expire. Specify [Elasticsearch time units](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#time-units)) using only days, hours, or minutes (e.g., 10d), avoiding mixed time units. + Enforces all IOCs to expire after this duration. This setting is required to avoid "orphaned" IOCs that never expire. Specify [Elasticsearch time units](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#time-units) using only days, hours, or minutes (e.g., 10d), avoiding mixed time units. - name: interval type: text title: Interval diff --git a/packages/ti_threatconnect/data_stream/indicator/sample_event.json b/packages/ti_threatconnect/data_stream/indicator/sample_event.json index c79ea14e8fe..1401563c952 100644 --- a/packages/ti_threatconnect/data_stream/indicator/sample_event.json +++ b/packages/ti_threatconnect/data_stream/indicator/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2023-12-05T06:38:53.000Z", "agent": { - "ephemeral_id": "73eb1fd1-6255-48b8-b68b-6a818934f210", - "id": "76879be1-c9e8-439d-9738-d2d596fe4eb9", + "ephemeral_id": "6dfff0ee-3e69-419f-941e-9b8b053ed0a5", + "id": "69df163b-6251-4779-af90-125b908727c2", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.11.0" + "version": "8.12.0" }, "data_stream": { "dataset": "ti_threatconnect.indicator", @@ -16,9 +16,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "76879be1-c9e8-439d-9738-d2d596fe4eb9", + "id": "69df163b-6251-4779-af90-125b908727c2", "snapshot": false, - "version": "8.11.0" + "version": "8.12.0" }, "event": { "agent_id_status": "verified", @@ -26,8 +26,8 @@ "threat" ], "dataset": "ti_threatconnect.indicator", - "id": "736758", - "ingested": "2024-01-16T12:47:02Z", + "id": "test.user@elastic.co", + "ingested": "2024-03-08T06:55:44Z", "kind": "enrichment", "original": "{\"active\":true,\"activeLocked\":false,\"address\":\"test.user@elastic.co\",\"associatedGroups\":{\"data\":[{\"createdBy\":{\"firstName\":\"test\",\"id\":69,\"lastName\":\"user\",\"owner\":\"Elastic\",\"pseudonym\":\"testW\",\"userName\":\"test.user@elastic.co\"},\"dateAdded\":\"2023-12-05T06:38:33Z\",\"downVoteCount\":\"0\",\"id\":609427,\"lastModified\":\"2023-12-05T06:43:21Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/vulnerability/vulnerability.xhtml?vulnerability=609427\",\"name\":\"Test2 \",\"ownerId\":51,\"ownerName\":\"Elastic\",\"type\":\"Vulnerability\",\"upVoteCount\":\"0\",\"webLink\":\"https://app.threatconnect.com/#/details/groups/609427/overview\"},{\"createdBy\":{\"firstName\":\"test\",\"id\":69,\"lastName\":\"user\",\"owner\":\"Elastic\",\"pseudonym\":\"testW\",\"userName\":\"test.user@elastic.co\"},\"dateAdded\":\"2023-12-04T07:18:52Z\",\"documentDateAdded\":\"2023-12-04T07:18:53Z\",\"documentType\":\"PDF\",\"downVoteCount\":\"0\",\"fileName\":\"testthreatgroup.pdf\",\"fileSize\":24467,\"generatedReport\":true,\"id\":601237,\"lastModified\":\"2023-12-05T06:38:46Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/report/report.xhtml?report=601237\",\"name\":\"TestThreatGroup\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"status\":\"Success\",\"type\":\"Report\",\"upVoteCount\":\"0\",\"webLink\":\"https://app.threatconnect.com/#/details/groups/601237/overview\"}]},\"associatedIndicators\":{\"data\":[{\"active\":true,\"activeLocked\":false,\"address\":\"testing@poverts.com\",\"confidence\":61,\"dateAdded\":\"2023-08-25T12:57:24Z\",\"id\":891599,\"lastModified\":\"2023-12-05T06:50:06Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=testing%40poverts.com\\u0026owner=Elastic\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"privateFlag\":false,\"rating\":3,\"summary\":\"testing@poverts.com\",\"type\":\"EmailAddress\",\"webLink\":\"https://app.threatconnect.com/#/details/indicators/891599/overview\"},{\"active\":true,\"activeLocked\":false,\"dateAdded\":\"2023-08-24T06:28:17Z\",\"id\":738667,\"lastModified\":\"2023-12-05T06:47:59Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/indicators/details/url.xhtml?orgid=738667\\u0026owner=Elastic\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"privateFlag\":false,\"summary\":\"http://www.testingmcafeesites.com/testcat_pc.html\",\"text\":\"http://www.testingmcafeesites.com/testcat_pc.html\",\"type\":\"URL\",\"webLink\":\"https://app.threatconnect.com/#/details/indicators/738667/overview\"}]},\"attributes\":{},\"dateAdded\":\"2023-08-24T06:19:58Z\",\"id\":736758,\"lastModified\":\"2023-12-05T06:38:53Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=test.user%40elastic.co\\u0026owner=Elastic\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"privateFlag\":false,\"securityLabels\":{\"data\":[{\"color\":\"FFC000\",\"dateAdded\":\"2016-08-31T00:00:00Z\",\"description\":\"This security label is used for information that requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Information with this label can be shared with members of an organization and its clients.\",\"id\":3,\"name\":\"TLP:AMBER\",\"owner\":\"System\"}]},\"summary\":\"test.user@elastic.co\",\"tags\":{\"data\":[{\"description\":\"Adversaries may steal monetary resources from targets through extortion, social engineering, technical theft, or other methods aimed at their own financial gain at the expense of the availability of these resources for victims. Financial theft is the ultimate objective of several popular campaign types including extortion by ransomware,(Citation: FBI-ransomware) business email compromise (BEC) and fraud,(Citation: FBI-BEC) \\\"pig butchering,\\\"(Citation: wired-pig butchering) bank hacking,(Citation: DOJ-DPRK Heist) and exploiting cryptocurrency networks.(Citation: BBC-Ronin) \\n\\nAdversaries may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) to conduct unauthorized transfers of funds.(Citation: Internet crime report 2022) In the case of business email compromise or email fraud, an adversary may utilize [Impersonation](https://attack.mitre.org/techniques/T1656) of a trusted entity. Once the social engineering is successful, victims can be deceived into sending money to financial accounts controlled by an adversary.(Citation: FBI-BEC) This creates the potential for multiple victims (i.e., compromised accounts as well as the ultimate monetary loss) in incidents involving financial theft.(Citation: VEC)\\n\\nExtortion by ransomware may occur, for example, when an adversary demands payment from a victim after [Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486) (Citation: NYT-Colonial) and [Exfiltration](https://attack.mitre.org/tactics/TA0010) of data, followed by threatening public exposure unless payment is made to the adversary.(Citation: Mandiant-leaks)\\n\\nDue to the potentially immense business impact of financial theft, an adversary may abuse the possibility of financial theft and seeking monetary gain to divert attention from their true goals such as [Data Destruction](https://attack.mitre.org/techniques/T1485) and business disruption.(Citation: AP-NotPetya)\",\"id\":463701,\"lastUsed\":\"2023-12-04T06:44:44Z\",\"name\":\"Financial Theft\",\"platforms\":{\"count\":6,\"data\":[\"Linux\",\"macOS\",\"Windows\",\"Office 365\",\"SaaS\",\"Google Workspace\"]},\"techniqueId\":\"T1657\"}]},\"threatAssessConfidence\":0,\"threatAssessRating\":0,\"threatAssessScore\":281,\"threatAssessScoreFalsePositive\":0,\"threatAssessScoreObserved\":0,\"type\":\"EmailAddress\",\"webLink\":\"https://app.threatconnect.com/#/details/indicators/736758/overview\"}", "type": [ diff --git a/packages/ti_threatconnect/docs/README.md b/packages/ti_threatconnect/docs/README.md index 17fbf3e1163..72552f9a39e 100644 --- a/packages/ti_threatconnect/docs/README.md +++ b/packages/ti_threatconnect/docs/README.md @@ -34,6 +34,7 @@ There are some minimum requirements for running Elastic Agent and for more infor The minimum **kibana.version** required is **8.11.0**. This module has been tested against the **ThreatConnect API Version v3**. +The minimum required ThreatConnect Platform version needs to be **7.3.1**. ## Setup @@ -82,11 +83,11 @@ An example event for `indicator` looks as following: { "@timestamp": "2023-12-05T06:38:53.000Z", "agent": { - "ephemeral_id": "73eb1fd1-6255-48b8-b68b-6a818934f210", - "id": "76879be1-c9e8-439d-9738-d2d596fe4eb9", + "ephemeral_id": "6dfff0ee-3e69-419f-941e-9b8b053ed0a5", + "id": "69df163b-6251-4779-af90-125b908727c2", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.11.0" + "version": "8.12.0" }, "data_stream": { "dataset": "ti_threatconnect.indicator", @@ -97,9 +98,9 @@ An example event for `indicator` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "76879be1-c9e8-439d-9738-d2d596fe4eb9", + "id": "69df163b-6251-4779-af90-125b908727c2", "snapshot": false, - "version": "8.11.0" + "version": "8.12.0" }, "event": { "agent_id_status": "verified", @@ -107,8 +108,8 @@ An example event for `indicator` looks as following: "threat" ], "dataset": "ti_threatconnect.indicator", - "id": "736758", - "ingested": "2024-01-16T12:47:02Z", + "id": "test.user@elastic.co", + "ingested": "2024-03-08T06:55:44Z", "kind": "enrichment", "original": "{\"active\":true,\"activeLocked\":false,\"address\":\"test.user@elastic.co\",\"associatedGroups\":{\"data\":[{\"createdBy\":{\"firstName\":\"test\",\"id\":69,\"lastName\":\"user\",\"owner\":\"Elastic\",\"pseudonym\":\"testW\",\"userName\":\"test.user@elastic.co\"},\"dateAdded\":\"2023-12-05T06:38:33Z\",\"downVoteCount\":\"0\",\"id\":609427,\"lastModified\":\"2023-12-05T06:43:21Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/vulnerability/vulnerability.xhtml?vulnerability=609427\",\"name\":\"Test2 \",\"ownerId\":51,\"ownerName\":\"Elastic\",\"type\":\"Vulnerability\",\"upVoteCount\":\"0\",\"webLink\":\"https://app.threatconnect.com/#/details/groups/609427/overview\"},{\"createdBy\":{\"firstName\":\"test\",\"id\":69,\"lastName\":\"user\",\"owner\":\"Elastic\",\"pseudonym\":\"testW\",\"userName\":\"test.user@elastic.co\"},\"dateAdded\":\"2023-12-04T07:18:52Z\",\"documentDateAdded\":\"2023-12-04T07:18:53Z\",\"documentType\":\"PDF\",\"downVoteCount\":\"0\",\"fileName\":\"testthreatgroup.pdf\",\"fileSize\":24467,\"generatedReport\":true,\"id\":601237,\"lastModified\":\"2023-12-05T06:38:46Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/report/report.xhtml?report=601237\",\"name\":\"TestThreatGroup\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"status\":\"Success\",\"type\":\"Report\",\"upVoteCount\":\"0\",\"webLink\":\"https://app.threatconnect.com/#/details/groups/601237/overview\"}]},\"associatedIndicators\":{\"data\":[{\"active\":true,\"activeLocked\":false,\"address\":\"testing@poverts.com\",\"confidence\":61,\"dateAdded\":\"2023-08-25T12:57:24Z\",\"id\":891599,\"lastModified\":\"2023-12-05T06:50:06Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=testing%40poverts.com\\u0026owner=Elastic\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"privateFlag\":false,\"rating\":3,\"summary\":\"testing@poverts.com\",\"type\":\"EmailAddress\",\"webLink\":\"https://app.threatconnect.com/#/details/indicators/891599/overview\"},{\"active\":true,\"activeLocked\":false,\"dateAdded\":\"2023-08-24T06:28:17Z\",\"id\":738667,\"lastModified\":\"2023-12-05T06:47:59Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/indicators/details/url.xhtml?orgid=738667\\u0026owner=Elastic\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"privateFlag\":false,\"summary\":\"http://www.testingmcafeesites.com/testcat_pc.html\",\"text\":\"http://www.testingmcafeesites.com/testcat_pc.html\",\"type\":\"URL\",\"webLink\":\"https://app.threatconnect.com/#/details/indicators/738667/overview\"}]},\"attributes\":{},\"dateAdded\":\"2023-08-24T06:19:58Z\",\"id\":736758,\"lastModified\":\"2023-12-05T06:38:53Z\",\"legacyLink\":\"https://app.threatconnect.com/auth/indicators/details/emailaddress.xhtml?emailaddress=test.user%40elastic.co\\u0026owner=Elastic\",\"ownerId\":51,\"ownerName\":\"Elastic\",\"privateFlag\":false,\"securityLabels\":{\"data\":[{\"color\":\"FFC000\",\"dateAdded\":\"2016-08-31T00:00:00Z\",\"description\":\"This security label is used for information that requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Information with this label can be shared with members of an organization and its clients.\",\"id\":3,\"name\":\"TLP:AMBER\",\"owner\":\"System\"}]},\"summary\":\"test.user@elastic.co\",\"tags\":{\"data\":[{\"description\":\"Adversaries may steal monetary resources from targets through extortion, social engineering, technical theft, or other methods aimed at their own financial gain at the expense of the availability of these resources for victims. Financial theft is the ultimate objective of several popular campaign types including extortion by ransomware,(Citation: FBI-ransomware) business email compromise (BEC) and fraud,(Citation: FBI-BEC) \\\"pig butchering,\\\"(Citation: wired-pig butchering) bank hacking,(Citation: DOJ-DPRK Heist) and exploiting cryptocurrency networks.(Citation: BBC-Ronin) \\n\\nAdversaries may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) to conduct unauthorized transfers of funds.(Citation: Internet crime report 2022) In the case of business email compromise or email fraud, an adversary may utilize [Impersonation](https://attack.mitre.org/techniques/T1656) of a trusted entity. Once the social engineering is successful, victims can be deceived into sending money to financial accounts controlled by an adversary.(Citation: FBI-BEC) This creates the potential for multiple victims (i.e., compromised accounts as well as the ultimate monetary loss) in incidents involving financial theft.(Citation: VEC)\\n\\nExtortion by ransomware may occur, for example, when an adversary demands payment from a victim after [Data Encrypted for Impact](https://attack.mitre.org/techniques/T1486) (Citation: NYT-Colonial) and [Exfiltration](https://attack.mitre.org/tactics/TA0010) of data, followed by threatening public exposure unless payment is made to the adversary.(Citation: Mandiant-leaks)\\n\\nDue to the potentially immense business impact of financial theft, an adversary may abuse the possibility of financial theft and seeking monetary gain to divert attention from their true goals such as [Data Destruction](https://attack.mitre.org/techniques/T1485) and business disruption.(Citation: AP-NotPetya)\",\"id\":463701,\"lastUsed\":\"2023-12-04T06:44:44Z\",\"name\":\"Financial Theft\",\"platforms\":{\"count\":6,\"data\":[\"Linux\",\"macOS\",\"Windows\",\"Office 365\",\"SaaS\",\"Google Workspace\"]},\"techniqueId\":\"T1657\"}]},\"threatAssessConfidence\":0,\"threatAssessRating\":0,\"threatAssessScore\":281,\"threatAssessScoreFalsePositive\":0,\"threatAssessScoreObserved\":0,\"type\":\"EmailAddress\",\"webLink\":\"https://app.threatconnect.com/#/details/indicators/736758/overview\"}", "type": [ diff --git a/packages/ti_threatconnect/manifest.yml b/packages/ti_threatconnect/manifest.yml index aa7210dfb16..35e4d9d80fe 100644 --- a/packages/ti_threatconnect/manifest.yml +++ b/packages/ti_threatconnect/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: ti_threatconnect title: ThreatConnect -version: 0.2.0 +version: 0.3.0 description: Collect logs from ThreatConnect with Elastic Agent. type: integration categories: @@ -34,21 +34,21 @@ policy_templates: - name: url type: text title: URL - description: Base URL of the ThreatConnect API. Default URL given is for the ThreatConnect's Public Cloud instance. + description: "Base URL of the ThreatConnect API. Default URL given is for the ThreatConnect's Public Cloud instance. Note: Do not include trailing slash “/” character." default: https://app.threatconnect.com required: true show_user: true - name: access_id type: text title: Access ID - description: Access ID for the ThreatConnect. + description: Access ID of a ThreatConnect API User. multi: false required: true show_user: true - name: secret_key type: password title: Secret Key - description: Secret Key for the ThreatConnect. + description: Secret Key of a ThreatConnect API User. multi: false required: true show_user: true From bade2433848997ab8847d23590c0daec80c1415e Mon Sep 17 00:00:00 2001 From: Bharat Pasupula <123897612+bhapas@users.noreply.github.com> Date: Fri, 8 Mar 2024 10:40:58 +0100 Subject: [PATCH 16/34] [cisco_meraki] fix uri parts in log datastream (#9310) * fix uri parts in log datastream * Update packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/urls.yml Co-authored-by: Krishna Chaitanya Reddy Burri --------- Co-authored-by: Krishna Chaitanya Reddy Burri --- packages/cisco_meraki/changelog.yml | 5 + .../log/_dev/test/pipeline/test-urls.log | 1 + .../test/pipeline/test-urls.log-expected.json | 103 +++++++++++++++++- .../elasticsearch/ingest_pipeline/urls.yml | 9 ++ .../data_stream/log/fields/ecs.yml | 2 + packages/cisco_meraki/docs/README.md | 1 + packages/cisco_meraki/manifest.yml | 2 +- 7 files changed, 119 insertions(+), 4 deletions(-) diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index 628c740e0a5..fe8169c78d5 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.21.1" + changes: + - description: Fix url processing. + type: bugfix + link: https://github.com/elastic/integrations/pull/9310 - version: "1.21.0" changes: - description: Set sensitive values as secret. diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log index 56be8864bea..a62fadbd6eb 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log @@ -1,3 +1,4 @@ <134>1 1647479503.348215340 MX84 urls src=10.0.1.29:60336 dst=89.160.20.156:80 mac=78:7B:8A:CC:05:18 request: UNKNOWN https://bitbucket.org/... <134>1 1647479503.676404537 MX84 urls src=10.0.0.234:56424 dst=89.160.20.112:443 mac=64:1C:AE:68:2A:01 request: GET https://lh3.googleusercontent.com/p/AFVnnY=w2048-h1024 <134>1 1647479503.676404537 MX84 urls src=10.0.0.234:56424 dst=89.160.20.112:443 mac=64:1C:AE:68:2A:01 agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0' request: GET https://lh3.googleusercontent.com/p/AFVnnY=w2048-h1024 +<134>1 1709836794.196198735 BOS_WAP2_Service urls src=10.0.1.29:60336 dst=89.160.20.112:443 mac=64:1C:AE:68:2A:01 agent='Microsoft NCSI' request: GET http://www.msftconnecttest.com/connecttest.txt diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json index 4172aac2ad2..0805b8cc605 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json @@ -63,7 +63,12 @@ "preserve_original_event" ], "url": { - "original": "https://bitbucket.org/..." + "domain": "bitbucket.org", + "original": "https://bitbucket.org/...", + "path": "/...", + "registered_domain": "bitbucket.org", + "scheme": "https", + "top_level_domain": "org" } }, { @@ -129,7 +134,13 @@ "preserve_original_event" ], "url": { - "original": "https://lh3.googleusercontent.com/p/AFVnnY=w2048-h1024" + "domain": "lh3.googleusercontent.com", + "original": "https://lh3.googleusercontent.com/p/AFVnnY=w2048-h1024", + "path": "/p/AFVnnY=w2048-h1024", + "registered_domain": "googleusercontent.com", + "scheme": "https", + "subdomain": "lh3", + "top_level_domain": "com" } }, { @@ -195,7 +206,13 @@ "preserve_original_event" ], "url": { - "original": "https://lh3.googleusercontent.com/p/AFVnnY=w2048-h1024" + "domain": "lh3.googleusercontent.com", + "original": "https://lh3.googleusercontent.com/p/AFVnnY=w2048-h1024", + "path": "/p/AFVnnY=w2048-h1024", + "registered_domain": "googleusercontent.com", + "scheme": "https", + "subdomain": "lh3", + "top_level_domain": "com" }, "user_agent": { "device": { @@ -210,6 +227,86 @@ }, "version": "108.0." } + }, + { + "@timestamp": "2024-03-07T18:39:54.196Z", + "cisco_meraki": { + "event_subtype": "http_access", + "event_type": "urls", + "urls": { + "mac": "64-1C-AE-68-2A-01" + } + }, + "destination": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112", + "port": 443 + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "http-access", + "category": [ + "network", + "web" + ], + "original": "<134>1 1709836794.196198735 BOS_WAP2_Service urls src=10.0.1.29:60336 dst=89.160.20.112:443 mac=64:1C:AE:68:2A:01 agent='Microsoft NCSI' request: GET http://www.msftconnecttest.com/connecttest.txt", + "type": [ + "info", + "access" + ] + }, + "http": { + "request": { + "method": "GET" + } + }, + "observer": { + "hostname": "BOS_WAP2_Service" + }, + "source": { + "ip": "10.0.1.29", + "port": 60336 + }, + "tags": [ + "forwarded", + "preserve_original_event" + ], + "url": { + "domain": "www.msftconnecttest.com", + "extension": "txt", + "original": "http://www.msftconnecttest.com/connecttest.txt", + "path": "/connecttest.txt", + "registered_domain": "msftconnecttest.com", + "scheme": "http", + "subdomain": "www", + "top_level_domain": "com" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Other", + "original": "'Microsoft NCSI'" + } } ] } \ No newline at end of file diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/urls.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/urls.yml index 6238d122ade..f284cc5a6bd 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/urls.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/urls.yml @@ -73,6 +73,15 @@ processors: - user_agent: field: user_agent.original ignore_missing: true +# url processing +- uri_parts: + field: url.original + target_field: url + if: ctx.url?.original != null && ctx.url.original != "" +- registered_domain: + field: url.domain + target_field: url + ignore_missing: true on_failure: - set: field: event.kind diff --git a/packages/cisco_meraki/data_stream/log/fields/ecs.yml b/packages/cisco_meraki/data_stream/log/fields/ecs.yml index 37c048e439f..c44c63e7226 100644 --- a/packages/cisco_meraki/data_stream/log/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/log/fields/ecs.yml @@ -236,6 +236,8 @@ name: url.registered_domain - external: ecs name: url.scheme +- external: ecs + name: url.subdomain - external: ecs name: url.top_level_domain - external: ecs diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index 9c1fc2c54fd..3cf417cf830 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -274,6 +274,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | url.query | The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. | keyword | | url.registered_domain | The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | url.scheme | Scheme of the request, such as "https". Note: The `:` is not part of the scheme. | keyword | +| url.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | | url.top_level_domain | The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". | keyword | | user.domain | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | keyword | | user.full_name | User's full name, if available. | keyword | diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 96146cbaa04..5c802388aac 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: cisco_meraki title: Cisco Meraki -version: "1.21.0" +version: "1.21.1" description: Collect logs from Cisco Meraki with Elastic Agent. type: integration categories: From bc3a87ebe41cf9624c9295a52b08fe82486132ac Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Sat, 9 Mar 2024 06:15:09 +1030 Subject: [PATCH 17/34] ti_otx: fix type mapping inconsistency for otx.id field (#9308) --- packages/ti_otx/changelog.yml | 5 +++ ...x-pulses-subscribed-json.log-expected.json | 12 +++---- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../pulses_subscribed/fields/fields.yml | 2 +- .../pulses_subscribed/sample_event.json | 14 ++++---- .../data_stream/threat/sample_event.json | 20 +++++------ packages/ti_otx/docs/README.md | 35 +++++++++---------- .../transform/latest_ioc/fields/fields.yml | 2 +- packages/ti_otx/manifest.yml | 2 +- 9 files changed, 49 insertions(+), 45 deletions(-) diff --git a/packages/ti_otx/changelog.yml b/packages/ti_otx/changelog.yml index e29d84288ac..f9f9c620b70 100644 --- a/packages/ti_otx/changelog.yml +++ b/packages/ti_otx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.24.1" + changes: + - description: Fix type-mapping inconsistency for `otx.id` field. + type: bugfix + link: https://github.com/elastic/integrations/pull/9308 - version: "1.24.0" changes: - description: Set sensitive values as secret. diff --git a/packages/ti_otx/data_stream/pulses_subscribed/_dev/test/pipeline/test-otx-pulses-subscribed-json.log-expected.json b/packages/ti_otx/data_stream/pulses_subscribed/_dev/test/pipeline/test-otx-pulses-subscribed-json.log-expected.json index 464e6a9f90b..1ea8e5b9aad 100644 --- a/packages/ti_otx/data_stream/pulses_subscribed/_dev/test/pipeline/test-otx-pulses-subscribed-json.log-expected.json +++ b/packages/ti_otx/data_stream/pulses_subscribed/_dev/test/pipeline/test-otx-pulses-subscribed-json.log-expected.json @@ -18,7 +18,7 @@ "otx": { "count": 1, "created": "2023-08-09T05:05:15.000Z", - "id": 3735598369, + "id": "3735598369", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { @@ -70,7 +70,7 @@ "otx": { "count": 1, "created": "2023-08-09T05:05:15.000Z", - "id": 3735598370, + "id": "3735598370", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { @@ -121,7 +121,7 @@ "count": 1, "created": "2023-08-09T05:05:15.000Z", "expiration": "2023-09-07T00:00:00.000Z", - "id": 3450933144, + "id": "3450933144", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { @@ -170,7 +170,7 @@ "otx": { "count": 1, "created": "2023-08-09T05:05:15.000Z", - "id": 3735598395, + "id": "3735598395", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { @@ -224,7 +224,7 @@ "otx": { "count": 1, "created": "2023-08-09T05:05:15.000Z", - "id": 3735598410, + "id": "3735598410", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { @@ -274,7 +274,7 @@ "otx": { "count": 1, "created": "2023-08-09T05:05:15.000Z", - "id": 3735598429, + "id": "3735598429", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { diff --git a/packages/ti_otx/data_stream/pulses_subscribed/elasticsearch/ingest_pipeline/default.yml b/packages/ti_otx/data_stream/pulses_subscribed/elasticsearch/ingest_pipeline/default.yml index 0fe8c1691cf..2c10fabe8fe 100644 --- a/packages/ti_otx/data_stream/pulses_subscribed/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_otx/data_stream/pulses_subscribed/elasticsearch/ingest_pipeline/default.yml @@ -101,7 +101,7 @@ processors: if: "ctx.otx?.expiration != null" - convert: field: otx.id - type: long + type: string if: "ctx.otx?.id != null" tag: convert_otx_id - convert: diff --git a/packages/ti_otx/data_stream/pulses_subscribed/fields/fields.yml b/packages/ti_otx/data_stream/pulses_subscribed/fields/fields.yml index 8bd47549ec9..2cef0721657 100644 --- a/packages/ti_otx/data_stream/pulses_subscribed/fields/fields.yml +++ b/packages/ti_otx/data_stream/pulses_subscribed/fields/fields.yml @@ -5,7 +5,7 @@ fields: - name: id - type: long + type: keyword description: > The ID of the indicator. diff --git a/packages/ti_otx/data_stream/pulses_subscribed/sample_event.json b/packages/ti_otx/data_stream/pulses_subscribed/sample_event.json index 3536db11a61..e96d8cc2c2d 100644 --- a/packages/ti_otx/data_stream/pulses_subscribed/sample_event.json +++ b/packages/ti_otx/data_stream/pulses_subscribed/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2023-08-08T05:05:15.000Z", "agent": { - "ephemeral_id": "613b36ba-6bb7-4e3d-9a90-b5e6ec5a860c", - "id": "8130bdff-3530-4540-8c03-ba091c47a24f", + "ephemeral_id": "98babf94-9cf4-45af-aef8-2d57d61d9876", + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.11.0" + "version": "8.12.1" }, "data_stream": { "dataset": "ti_otx.pulses_subscribed", @@ -16,9 +16,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "8130bdff-3530-4540-8c03-ba091c47a24f", + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", "snapshot": false, - "version": "8.11.0" + "version": "8.12.1" }, "event": { "agent_id_status": "verified", @@ -26,7 +26,7 @@ "threat" ], "dataset": "ti_otx.pulses_subscribed", - "ingested": "2023-12-22T11:25:24Z", + "ingested": "2024-03-08T02:54:50Z", "kind": "enrichment", "original": "{\"content\":\"\",\"count\":2,\"created\":\"2023-08-08T05:05:15\",\"description\":\"\",\"expiration\":null,\"id\":3454375108,\"indicator\":\"pinup-casino-tr.site\",\"is_active\":1,\"prefetch_pulse_ids\":false,\"pulse_raw\":\"{\\\"adversary\\\":\\\"\\\",\\\"attack_ids\\\":[\\\"T1531\\\",\\\"T1059\\\",\\\"T1566\\\"],\\\"author_name\\\":\\\"SampleUser\\\",\\\"created\\\":\\\"2023-08-22T09:43:18.855000\\\",\\\"description\\\":\\\"\\\",\\\"extract_source\\\":[],\\\"id\\\":\\\"64e38336d783f91d6948a7b1\\\",\\\"industries\\\":[],\\\"malware_families\\\":[\\\"WHIRLPOOL\\\"],\\\"modified\\\":\\\"2023-08-22T09:43:18.855000\\\",\\\"more_indicators\\\":false,\\\"name\\\":\\\"Sample Pulse\\\",\\\"public\\\":1,\\\"references\\\":[\\\"https://www.cisa.gov/news-events/analysis-reports/ar23-230a\\\"],\\\"revision\\\":1,\\\"tags\\\":[\\\"cisa\\\",\\\"backdoor\\\",\\\"whirlpool\\\",\\\"malware\\\"],\\\"targeted_countries\\\":[],\\\"tlp\\\":\\\"white\\\"}\",\"role\":null,\"t\":0,\"t2\":0.0050694942474365234,\"t3\":2.7960586547851562,\"title\":\"\",\"type\":\"domain\"}", "type": [ @@ -40,7 +40,7 @@ "count": 2, "created": "2023-08-08T05:05:15.000Z", "expiration": "2023-08-13T05:05:15.000Z", - "id": 3454375108, + "id": "3454375108", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { diff --git a/packages/ti_otx/data_stream/threat/sample_event.json b/packages/ti_otx/data_stream/threat/sample_event.json index 08c2f8c6cbb..568c834280a 100644 --- a/packages/ti_otx/data_stream/threat/sample_event.json +++ b/packages/ti_otx/data_stream/threat/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-09-26T06:02:18.318Z", + "@timestamp": "2024-03-08T02:55:33.690Z", "agent": { - "ephemeral_id": "7e240822-d6d7-44de-a74b-02c744232f29", - "id": "ce0bce5a-6e51-4f74-abca-79147f80e169", + "ephemeral_id": "8edc1f21-05cd-4fa5-aadc-66e64f44856a", + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.11.0" + "version": "8.12.1" }, "data_stream": { "dataset": "ti_otx.threat", @@ -16,18 +16,18 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "ce0bce5a-6e51-4f74-abca-79147f80e169", - "snapshot": true, - "version": "8.11.0" + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", + "snapshot": false, + "version": "8.12.1" }, "event": { "agent_id_status": "verified", "category": [ "threat" ], - "created": "2023-09-26T06:02:18.318Z", + "created": "2024-03-08T02:55:33.690Z", "dataset": "ti_otx.threat", - "ingested": "2023-09-26T06:02:21Z", + "ingested": "2024-03-08T02:55:45Z", "kind": "enrichment", "original": "{\"count\":40359,\"next\":\"https://otx.alienvault.com/api/v1/indicators/export?types=domain%2CIPv4%2Chostname%2Curl%2CFileHash-SHA256\\u0026modified_since=2020-11-29T01%3A10%3A00+00%3A00\\u0026page=2\",\"previous\":null,\"results\":{\"content\":\"\",\"description\":null,\"id\":1251,\"indicator\":\"info.3000uc.com\",\"title\":null,\"type\":\"hostname\"}}", "type": [ @@ -51,4 +51,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/ti_otx/docs/README.md b/packages/ti_otx/docs/README.md index 12ac13d1d16..d4989dc3553 100644 --- a/packages/ti_otx/docs/README.md +++ b/packages/ti_otx/docs/README.md @@ -102,13 +102,13 @@ An example event for `threat` looks as following: ```json { - "@timestamp": "2023-09-26T06:02:18.318Z", + "@timestamp": "2024-03-08T02:55:33.690Z", "agent": { - "ephemeral_id": "7e240822-d6d7-44de-a74b-02c744232f29", - "id": "ce0bce5a-6e51-4f74-abca-79147f80e169", + "ephemeral_id": "8edc1f21-05cd-4fa5-aadc-66e64f44856a", + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.11.0" + "version": "8.12.1" }, "data_stream": { "dataset": "ti_otx.threat", @@ -119,18 +119,18 @@ An example event for `threat` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "ce0bce5a-6e51-4f74-abca-79147f80e169", - "snapshot": true, - "version": "8.11.0" + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", + "snapshot": false, + "version": "8.12.1" }, "event": { "agent_id_status": "verified", "category": [ "threat" ], - "created": "2023-09-26T06:02:18.318Z", + "created": "2024-03-08T02:55:33.690Z", "dataset": "ti_otx.threat", - "ingested": "2023-09-26T06:02:21Z", + "ingested": "2024-03-08T02:55:45Z", "kind": "enrichment", "original": "{\"count\":40359,\"next\":\"https://otx.alienvault.com/api/v1/indicators/export?types=domain%2CIPv4%2Chostname%2Curl%2CFileHash-SHA256\\u0026modified_since=2020-11-29T01%3A10%3A00+00%3A00\\u0026page=2\",\"previous\":null,\"results\":{\"content\":\"\",\"description\":null,\"id\":1251,\"indicator\":\"info.3000uc.com\",\"title\":null,\"type\":\"hostname\"}}", "type": [ @@ -155,7 +155,6 @@ An example event for `threat` looks as following: } } } - ``` ### Pulses Subscribed (Recommended) @@ -233,7 +232,7 @@ The following subscriptions are included by this API: | otx.created | | date | | otx.description | | keyword | | otx.expiration | | date | -| otx.id | The ID of the indicator. | long | +| otx.id | The ID of the indicator. | keyword | | otx.indicator | | keyword | | otx.is_active | | integer | | otx.prefetch_pulse_ids | | boolean | @@ -291,11 +290,11 @@ An example event for `pulses_subscribed` looks as following: { "@timestamp": "2023-08-08T05:05:15.000Z", "agent": { - "ephemeral_id": "613b36ba-6bb7-4e3d-9a90-b5e6ec5a860c", - "id": "8130bdff-3530-4540-8c03-ba091c47a24f", + "ephemeral_id": "98babf94-9cf4-45af-aef8-2d57d61d9876", + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.11.0" + "version": "8.12.1" }, "data_stream": { "dataset": "ti_otx.pulses_subscribed", @@ -306,9 +305,9 @@ An example event for `pulses_subscribed` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "8130bdff-3530-4540-8c03-ba091c47a24f", + "id": "f29e7d89-991e-4f0a-838f-9c2eb93d876e", "snapshot": false, - "version": "8.11.0" + "version": "8.12.1" }, "event": { "agent_id_status": "verified", @@ -316,7 +315,7 @@ An example event for `pulses_subscribed` looks as following: "threat" ], "dataset": "ti_otx.pulses_subscribed", - "ingested": "2023-12-22T11:25:24Z", + "ingested": "2024-03-08T02:54:50Z", "kind": "enrichment", "original": "{\"content\":\"\",\"count\":2,\"created\":\"2023-08-08T05:05:15\",\"description\":\"\",\"expiration\":null,\"id\":3454375108,\"indicator\":\"pinup-casino-tr.site\",\"is_active\":1,\"prefetch_pulse_ids\":false,\"pulse_raw\":\"{\\\"adversary\\\":\\\"\\\",\\\"attack_ids\\\":[\\\"T1531\\\",\\\"T1059\\\",\\\"T1566\\\"],\\\"author_name\\\":\\\"SampleUser\\\",\\\"created\\\":\\\"2023-08-22T09:43:18.855000\\\",\\\"description\\\":\\\"\\\",\\\"extract_source\\\":[],\\\"id\\\":\\\"64e38336d783f91d6948a7b1\\\",\\\"industries\\\":[],\\\"malware_families\\\":[\\\"WHIRLPOOL\\\"],\\\"modified\\\":\\\"2023-08-22T09:43:18.855000\\\",\\\"more_indicators\\\":false,\\\"name\\\":\\\"Sample Pulse\\\",\\\"public\\\":1,\\\"references\\\":[\\\"https://www.cisa.gov/news-events/analysis-reports/ar23-230a\\\"],\\\"revision\\\":1,\\\"tags\\\":[\\\"cisa\\\",\\\"backdoor\\\",\\\"whirlpool\\\",\\\"malware\\\"],\\\"targeted_countries\\\":[],\\\"tlp\\\":\\\"white\\\"}\",\"role\":null,\"t\":0,\"t2\":0.0050694942474365234,\"t3\":2.7960586547851562,\"title\":\"\",\"type\":\"domain\"}", "type": [ @@ -330,7 +329,7 @@ An example event for `pulses_subscribed` looks as following: "count": 2, "created": "2023-08-08T05:05:15.000Z", "expiration": "2023-08-13T05:05:15.000Z", - "id": 3454375108, + "id": "3454375108", "is_active": 1, "prefetch_pulse_ids": false, "pulse": { diff --git a/packages/ti_otx/elasticsearch/transform/latest_ioc/fields/fields.yml b/packages/ti_otx/elasticsearch/transform/latest_ioc/fields/fields.yml index a113d8baba5..f39d7ddc81e 100644 --- a/packages/ti_otx/elasticsearch/transform/latest_ioc/fields/fields.yml +++ b/packages/ti_otx/elasticsearch/transform/latest_ioc/fields/fields.yml @@ -161,7 +161,7 @@ fields: - name: id - type: long + type: keyword description: > The ID of the indicator. diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index 9fda62c54b7..1364cc0a303 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -1,6 +1,6 @@ name: ti_otx title: AlienVault OTX -version: "1.24.0" +version: "1.24.1" description: Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent. type: integration format_version: "3.0.2" From 0da0ea5c0edff9412757495b5afafa7778fb7288 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20K=C3=B6tting?= <145989254+SimonKoetting@users.noreply.github.com> Date: Mon, 11 Mar 2024 10:08:17 +0100 Subject: [PATCH 18/34] New Exchange Server integration (#9197) * initial commit new Exchange Server integration Co-authored-by: Simon Schneider <95302847+smnschneider@users.noreply.github.com> * Remove License file * change Codeowner * rename test-files for validation check * add validation.yml * Update Changelog, switch to filestream and fix docs * adjust manifest description * Change Codeowner * Added failure processors, switch to copy_from and remove duplicates --------- Co-authored-by: Simon Schneider <95302847+smnschneider@users.noreply.github.com> --- .github/CODEOWNERS | 1 + .../_dev/build/build.yml | 3 + .../microsoft_exchange_server/changelog.yml | 6 + .../_dev/test/pipeline/test-common-config.yml | 5 + .../_dev/test/pipeline/test-httpproxy.log | 1 + .../pipeline/test-httpproxy.log-expected.json | 94 + .../httpproxy/agent/stream/filestream.yml.hbs | 14 + .../elasticsearch/ingest_pipeline/default.yml | 285 ++++ .../httpproxy/fields/base-fields.yml | 12 + .../data_stream/httpproxy/fields/ecs.yml | 20 + .../data_stream/httpproxy/fields/fields.yml | 138 ++ .../data_stream/httpproxy/manifest.yml | 21 + .../_dev/test/pipeline/test-common-config.yml | 5 + .../_dev/test/pipeline/test-imap4-pop3.json | 52 + .../test-imap4-pop3.json-expected.json | 210 +++ .../agent/stream/filestream.yml.hbs | 14 + .../elasticsearch/ingest_pipeline/default.yml | 72 + .../imap4_pop3/fields/base-fields.yml | 12 + .../data_stream/imap4_pop3/fields/ecs.yml | 8 + .../data_stream/imap4_pop3/fields/fields.yml | 26 + .../data_stream/imap4_pop3/manifest.yml | 22 + .../_dev/test/pipeline/test-common-config.yml | 5 + .../test/pipeline/test-messagetracking.log | 3 + .../test-messagetracking.log-expected.json | 178 ++ .../agent/stream/filestream.yml.hbs | 14 + .../elasticsearch/ingest_pipeline/default.yml | 81 + .../messagetracking/fields/base-fields.yml | 12 + .../messagetracking/fields/ecs.yml | 28 + .../messagetracking/fields/fields.yml | 38 + .../data_stream/messagetracking/manifest.yml | 21 + .../_dev/test/pipeline/test-common-config.yml | 5 + .../smtp/_dev/test/pipeline/test-smtp.json | 60 + .../pipeline/test-smtp.json-expected.json | 193 +++ .../smtp/agent/stream/filestream.yml.hbs | 14 + .../elasticsearch/ingest_pipeline/default.yml | 49 + .../data_stream/smtp/fields/base-fields.yml | 12 + .../data_stream/smtp/fields/ecs.yml | 6 + .../data_stream/smtp/fields/fields.yml | 18 + .../data_stream/smtp/manifest.yml | 22 + .../microsoft_exchange_server/docs/README.md | 25 + .../img/exchange.svg | 63 + .../img/screenshot_httpproxy.png | Bin 0 -> 216317 bytes .../img/screenshot_messagtracking.png | Bin 0 -> 123942 bytes ...-2b868ef0-c041-11ee-a682-0f218cc418af.json | 729 ++++++++ ...-e52391d0-c034-11ee-a682-0f218cc418af.json | 1519 +++++++++++++++++ ...-75b14bd0-c034-11ee-a682-0f218cc418af.json | 77 + ...-ee0a5030-c03f-11ee-a682-0f218cc418af.json | 76 + .../microsoft_exchange_server/manifest.yml | 45 + .../microsoft_exchange_server/validation.yml | 3 + 49 files changed, 4317 insertions(+) create mode 100644 packages/microsoft_exchange_server/_dev/build/build.yml create mode 100644 packages/microsoft_exchange_server/changelog.yml create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log-expected.json create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/agent/stream/filestream.yml.hbs create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/fields/base-fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/manifest.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json-expected.json create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/agent/stream/filestream.yml.hbs create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/base-fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/manifest.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/agent/stream/filestream.yml.hbs create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/fields/base-fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/manifest.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json-expected.json create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/agent/stream/filestream.yml.hbs create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/fields/base-fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/manifest.yml create mode 100644 packages/microsoft_exchange_server/docs/README.md create mode 100644 packages/microsoft_exchange_server/img/exchange.svg create mode 100644 packages/microsoft_exchange_server/img/screenshot_httpproxy.png create mode 100644 packages/microsoft_exchange_server/img/screenshot_messagtracking.png create mode 100644 packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json create mode 100644 packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json create mode 100644 packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json create mode 100644 packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json create mode 100644 packages/microsoft_exchange_server/manifest.yml create mode 100644 packages/microsoft_exchange_server/validation.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 4f50d4ea42b..896e5f2f771 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -227,6 +227,7 @@ /packages/microsoft_defender_endpoint @elastic/security-service-integrations /packages/microsoft_dhcp @elastic/sec-windows-platform /packages/microsoft_exchange_online_message_trace @elastic/security-service-integrations +/packages/microsoft_exchange_server @elastic/sec-windows-platform /packages/microsoft_sqlserver @elastic/obs-infraobs-integrations /packages/mimecast @elastic/security-service-integrations /packages/modsecurity @elastic/sec-deployment-and-devices diff --git a/packages/microsoft_exchange_server/_dev/build/build.yml b/packages/microsoft_exchange_server/_dev/build/build.yml new file mode 100644 index 00000000000..2bfcfc223b0 --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/build/build.yml @@ -0,0 +1,3 @@ +dependencies: + ecs: + reference: "git@v8.11.0" diff --git a/packages/microsoft_exchange_server/changelog.yml b/packages/microsoft_exchange_server/changelog.yml new file mode 100644 index 00000000000..94df0450626 --- /dev/null +++ b/packages/microsoft_exchange_server/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.1.0" + changes: + - description: Initial release of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/9197 diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-common-config.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..a06dda74051 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,5 @@ +dynamic_fields: + "event.ingested": ".*" +fields: + tags: + - preserve_original_event diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log new file mode 100644 index 00000000000..ba3975e6fbe --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log @@ -0,0 +1 @@ +2024-01-24T15:26:47.957Z,3422ea93-768f-4cd4-8b0c-578038deb0b2,15,1,2507,35,R:{750498CA-0EBD-4E7F-B2F6-377AD1BDD198}:20373;RT:Execute;CI:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6}:155680117;CID:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6},Mapi,mail.domain.tld,/mapi/emsmdb/,,Negotiate,true,DOMAIN\user,domain.tld,MailboxGuid~0aa89cf8-aa07-4103-8a1d-ca9e619f223e,Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.16731; Pro),10.12.13.14,Host123,200,200,,POST,Proxy,Host456.domain.tld,15.01.2507.000,CrossForest,MailboxGuidWithDomain,Database~a6c4dbb1-3265-4fbf-9dc6-754dffd67275~~2024-02-23T15:26:43,,,70,132,,,0,1,,0,,0,,0,0,,0,10,0,0,0,0,3,0,0,0,2,0,10,0,4,7,7,7,10,,?MailboxId=0e36a769-e2a9-4d1d-98df-80be2753326c@domain.tld,,BeginRequest=2024-01-24T15:26:47.947Z;CorrelationID=;ProxyState-Run=None;FEAuth=BEVersion-1942063563;BeginGetRequestStream=2024-01-24T15:26:47.953Z;OnRequestStreamReady=2024-01-24T15:26:47.953Z;BeginGetResponse=2024-01-24T15:26:47.953Z;OnResponseReady=2024-01-24T15:26:47.957Z;EndGetResponse=2024-01-24T15:26:47.957Z;ProxyState-Complete=ProxyResponseData;SharedCacheGuard=0;EndRequest=2024-01-24T15:26:47.957Z;,,,|RoutingDB:0cb2fd35-94c0-44de-9860-134d27654078,,,CafeV1 diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log-expected.json b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log-expected.json new file mode 100644 index 00000000000..55090d00c93 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/pipeline/test-httpproxy.log-expected.json @@ -0,0 +1,94 @@ +{ + "expected": [ + { + "@timestamp": "2024-01-24T15:26:47.957Z", + "event": { + "ingested": "2024-03-06T14:46:17.645261012Z", + "original": "2024-01-24T15:26:47.957Z,3422ea93-768f-4cd4-8b0c-578038deb0b2,15,1,2507,35,R:{750498CA-0EBD-4E7F-B2F6-377AD1BDD198}:20373;RT:Execute;CI:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6}:155680117;CID:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6},Mapi,mail.domain.tld,/mapi/emsmdb/,,Negotiate,true,DOMAIN\\user,domain.tld,MailboxGuid~0aa89cf8-aa07-4103-8a1d-ca9e619f223e,Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.16731; Pro),10.12.13.14,Host123,200,200,,POST,Proxy,Host456.domain.tld,15.01.2507.000,CrossForest,MailboxGuidWithDomain,Database~a6c4dbb1-3265-4fbf-9dc6-754dffd67275~~2024-02-23T15:26:43,,,70,132,,,0,1,,0,,0,,0,0,,0,10,0,0,0,0,3,0,0,0,2,0,10,0,4,7,7,7,10,,?MailboxId=0e36a769-e2a9-4d1d-98df-80be2753326c@domain.tld,,BeginRequest=2024-01-24T15:26:47.947Z;CorrelationID=;ProxyState-Run=None;FEAuth=BEVersion-1942063563;BeginGetRequestStream=2024-01-24T15:26:47.953Z;OnRequestStreamReady=2024-01-24T15:26:47.953Z;BeginGetResponse=2024-01-24T15:26:47.953Z;OnResponseReady=2024-01-24T15:26:47.957Z;EndGetResponse=2024-01-24T15:26:47.957Z;ProxyState-Complete=ProxyResponseData;SharedCacheGuard=0;EndRequest=2024-01-24T15:26:47.957Z;,,,|RoutingDB:0cb2fd35-94c0-44de-9860-134d27654078,,,CafeV1" + }, + "http": { + "request": { + "bytes": 70, + "method": "POST" + }, + "response": { + "bytes": 132, + "status_code": 200 + } + }, + "message": "2024-01-24T15:26:47.957Z,3422ea93-768f-4cd4-8b0c-578038deb0b2,15,1,2507,35,R:{750498CA-0EBD-4E7F-B2F6-377AD1BDD198}:20373;RT:Execute;CI:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6}:155680117;CID:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6},Mapi,mail.domain.tld,/mapi/emsmdb/,,Negotiate,true,DOMAIN\\user,domain.tld,MailboxGuid~0aa89cf8-aa07-4103-8a1d-ca9e619f223e,Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.16731; Pro),10.12.13.14,Host123,200,200,,POST,Proxy,Host456.domain.tld,15.01.2507.000,CrossForest,MailboxGuidWithDomain,Database~a6c4dbb1-3265-4fbf-9dc6-754dffd67275~~2024-02-23T15:26:43,,,70,132,,,0,1,,0,,0,,0,0,,0,10,0,0,0,0,3,0,0,0,2,0,10,0,4,7,7,7,10,,?MailboxId=0e36a769-e2a9-4d1d-98df-80be2753326c@domain.tld,,BeginRequest=2024-01-24T15:26:47.947Z;CorrelationID=;ProxyState-Run=None;FEAuth=BEVersion-1942063563;BeginGetRequestStream=2024-01-24T15:26:47.953Z;OnRequestStreamReady=2024-01-24T15:26:47.953Z;BeginGetResponse=2024-01-24T15:26:47.953Z;OnResponseReady=2024-01-24T15:26:47.957Z;EndGetResponse=2024-01-24T15:26:47.957Z;ProxyState-Complete=ProxyResponseData;SharedCacheGuard=0;EndRequest=2024-01-24T15:26:47.957Z;,,,|RoutingDB:0cb2fd35-94c0-44de-9860-134d27654078,,,CafeV1", + "microsoft": { + "exchange": { + "activitycontextlifetime": 10, + "adlatency": 0, + "anchormailbox": "MailboxGuid~0aa89cf8-aa07-4103-8a1d-ca9e619f223e", + "authenticateduser": "DOMAIN\\user", + "authenticationtype": "Negotiate", + "backendcookie": "Database~a6c4dbb1-3265-4fbf-9dc6-754dffd67275~~2024-02-23T15:26:43", + "backendprocessinglatency": 3, + "backendreqinitlatency": 0, + "backendreqstreamlatency": 0, + "backendrespinitlatency": 0, + "backendrespstreamlatency": 0, + "backendstatus": 200, + "buildversion": 2507, + "calculatetargetbackendlatency": 1, + "clientipaddress": [ + "10.12.13.14" + ], + "clientreqstreamlatency": 0, + "clientrequestid": "R:{750498CA-0EBD-4E7F-B2F6-377AD1BDD198}:20373;RT:Execute;CI:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6}:155680117;CID:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6}", + "clientrespstreamlatency": 0, + "corelatency": 7, + "databaseguid": "|RoutingDB:0cb2fd35-94c0-44de-9860-134d27654078", + "genericinfo": "BeginRequest=2024-01-24T15:26:47.947Z;CorrelationID=;ProxyState-Run=None;FEAuth=BEVersion-1942063563;BeginGetRequestStream=2024-01-24T15:26:47.953Z;OnRequestStreamReady=2024-01-24T15:26:47.953Z;BeginGetResponse=2024-01-24T15:26:47.953Z;OnResponseReady=2024-01-24T15:26:47.957Z;EndGetResponse=2024-01-24T15:26:47.957Z;ProxyState-Complete=ProxyResponseData;SharedCacheGuard=0;EndRequest=2024-01-24T15:26:47.957Z;", + "handlercompletionlatency": 0, + "handlertomoduleswitchinglatency": 0, + "httppipelinelatency": 0, + "httpproxyoverhead": 7, + "isauthenticated": "true", + "kerberosauthheaderlatency": 2, + "logtype": "httpproxy", + "majorversion": 15, + "minorversion": 1, + "moduletohandlerswitchinglatency": 0, + "organization": "domain.tld", + "protocol": "Mapi", + "proxyaction": "Proxy", + "proxytime": 4, + "requesthandlerlatency": 10, + "requestid": "3422ea93-768f-4cd4-8b0c-578038deb0b2", + "revisionversion": 35, + "routinghint": "MailboxGuidWithDomain", + "routinglatency": 7, + "routingstatus": "CafeV1", + "routingtype": "CrossForest", + "targetserver": "Host456.domain.tld", + "targetserverversion": "15.01.2507.000", + "totalaccountforestlatency": 0, + "totalglslatency": 0, + "totalrequesttime": 10, + "totalresourceforestlatency": 0, + "totalsharedcachelatency": 0, + "urlhost": "mail.domain.tld", + "urlstem": "/mapi/emsmdb/" + } + }, + "observer": { + "hostname": "Host123" + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "query": "?MailboxId=0e36a769-e2a9-4d1d-98df-80be2753326c@domain.tld" + }, + "user": { + "name": "user" + }, + "user_agent": { + "original": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.16731; Pro)" + } + } + ] +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/agent/stream/filestream.yml.hbs b/packages/microsoft_exchange_server/data_stream/httpproxy/agent/stream/filestream.yml.hbs new file mode 100644 index 00000000000..da3f585997c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/agent/stream/filestream.yml.hbs @@ -0,0 +1,14 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +exclude_files: [".gz$"] +processors: + - add_locale: ~ diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..fd606c91250 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,285 @@ +--- +description: Pipeline for processing Exchange Server HTTPProxy Logs +processors: +- drop: + if: "ctx.message =~ /^[^0-9]/ || ctx.message =~ /^#/" +- set: + field: event.original + copy_from: message +- csv: + field: event.original + ignore_failure: true + ignore_missing: true + target_fields: + - "@timestamp" + - microsoft.exchange.requestid + - microsoft.exchange.majorversion + - microsoft.exchange.minorversion + - microsoft.exchange.buildversion + - microsoft.exchange.revisionversion + - microsoft.exchange.clientrequestid + - microsoft.exchange.protocol + - microsoft.exchange.urlhost + - microsoft.exchange.urlstem + - microsoft.exchange.protocolaction + - microsoft.exchange.authenticationtype + - microsoft.exchange.isauthenticated + - microsoft.exchange.authenticateduser + - microsoft.exchange.organization + - microsoft.exchange.anchormailbox + - user_agent.original + - microsoft.exchange.clientipaddress + - observer.hostname + - http.response.status_code + - microsoft.exchange.backendstatus + - microsoft.exchange.errorcode + - http.request.method + - microsoft.exchange.proxyaction + - microsoft.exchange.targetserver + - microsoft.exchange.targetserverversion + - microsoft.exchange.routingtype + - microsoft.exchange.routinghint + - microsoft.exchange.backendcookie + - microsoft.exchange.serverlocatorhost + - microsoft.exchange.serverlocatorlatency + - http.request.bytes + - http.response.bytes + - microsoft.exchange.targetoutstandingrequests + - microsoft.exchange.authmoduleperfcontext + - microsoft.exchange.httppipelinelatency + - microsoft.exchange.calculatetargetbackendlatency + - microsoft.exchange.glslatencybreakup + - microsoft.exchange.totalglslatency + - microsoft.exchange.accountforestlatencybreakup + - microsoft.exchange.totalaccountforestlatency + - microsoft.exchange.resourceforestlatencybreakup + - microsoft.exchange.totalresourceforestlatency + - microsoft.exchange.adlatency + - microsoft.exchange.sharedcachelatencybreakup + - microsoft.exchange.totalsharedcachelatency + - microsoft.exchange.activitycontextlifetime + - microsoft.exchange.moduletohandlerswitchinglatency + - microsoft.exchange.clientreqstreamlatency + - microsoft.exchange.backendreqinitlatency + - microsoft.exchange.backendreqstreamlatency + - microsoft.exchange.backendprocessinglatency + - microsoft.exchange.backendrespinitlatency + - microsoft.exchange.backendrespstreamlatency + - microsoft.exchange.clientrespstreamlatency + - microsoft.exchange.kerberosauthheaderlatency + - microsoft.exchange.handlercompletionlatency + - microsoft.exchange.requesthandlerlatency + - microsoft.exchange.handlertomoduleswitchinglatency + - microsoft.exchange.proxytime + - microsoft.exchange.corelatency + - microsoft.exchange.routinglatency + - microsoft.exchange.httpproxyoverhead + - microsoft.exchange.totalrequesttime + - microsoft.exchange.routerefresherlatency + - url.query + - microsoft.exchange.backendgenericinfo + - microsoft.exchange.genericinfo + - microsoft.exchange.genericerrors + - microsoft.exchange.edgetraceid + - microsoft.exchange.databaseguid + - microsoft.exchange.useradobjectguid + - microsoft.exchange.partitionendpointlookuplatency + - microsoft.exchange.routingstatus +- set: + field: microsoft.exchange.logtype + value: httpproxy + ignore_empty_value: true + ignore_failure: true +- grok: + field: microsoft.exchange.authenticateduser + patterns: + - "%{DATA}\\\\%{NOTSPACE:user.name}" + ignore_failure: true + ignore_missing: true +- grok: + field: microsoft.exchange.clientipaddress + patterns: + - "^%{IP:microsoft.exchange.clientipaddress_external}%{SPACE}%{IP:microsoft.exchange.clientipaddress_internal}$" + ignore_failure: true + ignore_missing: true +- split: + field: microsoft.exchange.clientipaddress + separator: " " + ignore_failure: true + ignore_missing: true +- convert: + field: "http.request.bytes" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "http.response.bytes" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "http.response.status_code" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.adlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.backendprocessinglatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.backendreqinitlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.backendreqstreamlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.backendrespinitlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.backendrespstreamlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.backendstatus" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.buildversion" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.calculatetargetbackendlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.clientreqstreamlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.clientrespstreamlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.corelatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.handlercompletionlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.handlertomoduleswitchinglatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.httppipelinelatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.kerberosauthheaderlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.majorversion" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.minorversion" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.moduletohandlerswitchinglatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.requesthandlerlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.revisionversion" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.routinglatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.totalaccountforestlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.totalglslatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.totalrequesttime" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.totalresourceforestlatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.totalsharedcachelatency" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.activitycontextlifetime" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.httpproxyoverhead" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "microsoft.exchange.proxytime" + type: long + ignore_failure: true + ignore_missing: true +- set: + field: event.ingested + copy_from: _ingest.timestamp + ignore_failure: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/base-fields.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml new file mode 100644 index 00000000000..2b27b8981dd --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml @@ -0,0 +1,20 @@ +- external: ecs + name: message +- external: ecs + name: http.response.status_code +- external: ecs + name: url.query +- external: ecs + name: http.request.method +- external: ecs + name: user_agent.original +- external: ecs + name: http.response.bytes +- external: ecs + name: http.request.bytes +- external: ecs + name: observer.hostname +- external: ecs + name: tags +- external: ecs + name: user.name diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml new file mode 100644 index 00000000000..fff82215084 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml @@ -0,0 +1,138 @@ +- name: microsoft.exchange.requestid + type: keyword +- name: microsoft.exchange.majorversion + type: long +- name: microsoft.exchange.minorversion + type: long +- name: microsoft.exchange.buildversion + type: long +- name: microsoft.exchange.revisionversion + type: long +- name: microsoft.exchange.clientrequestid + type: keyword +- name: microsoft.exchange.protocol + type: keyword +- name: microsoft.exchange.urlhost + type: keyword +- name: microsoft.exchange.urlstem + type: keyword +- name: microsoft.exchange.protocolaction + type: keyword +- name: microsoft.exchange.authenticationtype + type: keyword +- name: microsoft.exchange.isauthenticated + type: keyword +- name: microsoft.exchange.authenticateduser + type: keyword +- name: microsoft.exchange.organization + type: keyword +- name: microsoft.exchange.anchormailbox + type: keyword +- name: microsoft.exchange.clientipaddress + type: ip +- name: microsoft.exchange.backendstatus + type: long +- name: microsoft.exchange.errorcode + type: keyword +- name: microsoft.exchange.proxyaction + type: keyword +- name: microsoft.exchange.targetserver + type: keyword +- name: microsoft.exchange.targetserverversion + type: keyword +- name: microsoft.exchange.routingtype + type: keyword +- name: microsoft.exchange.routinghint + type: keyword +- name: microsoft.exchange.backendcookie + type: keyword +- name: microsoft.exchange.serverlocatorhost + type: keyword +- name: microsoft.exchange.serverlocatorlatency + type: long +- name: microsoft.exchange.targetoutstandingrequests + type: keyword +- name: microsoft.exchange.authmoduleperfcontext + type: keyword +- name: microsoft.exchange.httppipelinelatency + type: long +- name: microsoft.exchange.calculatetargetbackendlatency + type: long +- name: microsoft.exchange.glslatencybreakup + type: keyword +- name: microsoft.exchange.totalglslatency + type: long +- name: microsoft.exchange.accountforestlatencybreakup + type: keyword +- name: microsoft.exchange.totalaccountforestlatency + type: long +- name: microsoft.exchange.resourceforestlatencybreakup + type: keyword +- name: microsoft.exchange.totalresourceforestlatency + type: long +- name: microsoft.exchange.adlatency + type: long +- name: microsoft.exchange.sharedcachelatencybreakup + type: keyword +- name: microsoft.exchange.totalsharedcachelatency + type: long +- name: microsoft.exchange.activitycontextlifetime + type: long +- name: microsoft.exchange.moduletohandlerswitchinglatency + type: long +- name: microsoft.exchange.clientreqstreamlatency + type: long +- name: microsoft.exchange.backendreqinitlatency + type: long +- name: microsoft.exchange.backendreqstreamlatency + type: long +- name: microsoft.exchange.backendprocessinglatency + type: long +- name: microsoft.exchange.backendrespinitlatency + type: long +- name: microsoft.exchange.backendrespstreamlatency + type: long +- name: microsoft.exchange.clientrespstreamlatency + type: long +- name: microsoft.exchange.kerberosauthheaderlatency + type: long +- name: microsoft.exchange.handlercompletionlatency + type: long +- name: microsoft.exchange.requesthandlerlatency + type: long +- name: microsoft.exchange.handlertomoduleswitchinglatency + type: long +- name: microsoft.exchange.proxytime + type: long +- name: microsoft.exchange.corelatency + type: long +- name: microsoft.exchange.routinglatency + type: long +- name: microsoft.exchange.httpproxyoverhead + type: long +- name: microsoft.exchange.totalrequesttime + type: long +- name: microsoft.exchange.routerefresherlatency + type: long +- name: microsoft.exchange.backendgenericinfo + type: keyword +- name: microsoft.exchange.genericinfo + type: keyword +- name: microsoft.exchange.genericerrors + type: keyword +- name: microsoft.exchange.edgetraceid + type: keyword +- name: microsoft.exchange.databaseguid + type: keyword +- name: microsoft.exchange.useradobjectguid + type: keyword +- name: microsoft.exchange.partitionendpointlookuplatency + type: long +- name: microsoft.exchange.routingstatus + type: keyword +- name: microsoft.exchange.logtype + type: keyword +- name: microsoft.exchange.clientipaddress_external + type: ip +- name: microsoft.exchange.clientipaddress_internal + type: ip diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/manifest.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/manifest.yml new file mode 100644 index 00000000000..94c9fcabbab --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/manifest.yml @@ -0,0 +1,21 @@ +title: "Exchange HTTPProxy" +type: logs +streams: + - input: filestream + title: Exchange HTTPProxy Logs + description: Collects HTTPProxy Logs + vars: + - name: paths + type: text + title: Paths + required: true + multi: true + show_user: true + default: + - "C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Logging\\HttpProxy\\*\\*.LOG" + - name: tags + type: text + title: Tags + multi: true + required: false + show_user: false diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-common-config.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..a06dda74051 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,5 @@ +dynamic_fields: + "event.ingested": ".*" +fields: + tags: + - preserve_original_event diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json new file mode 100644 index 00000000000..6275f53cc8e --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json @@ -0,0 +1,52 @@ +{ + "events": [ + { + "log": { + "file": { + "path": "Pop3" + } + }, + "message": "2024-01-24T15:31:51.231Z,00000000000ABC12,2,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,163,10,34,pass,*****,\"R=OK;Msg=\"\"Proxy:Host123.domain.tld:1995:SSL;ProxySuccess\"\";ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078\"," + }, + { + "log": { + "file": { + "path": "Pop3" + } + }, + "message": "2024-01-24T15:31:51.435Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,,0,0,0,CloseSession,,," + }, + { + "log": { + "file": { + "path": "Pop3" + } + }, + "message": "2024-01-24T15:31:51.067Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,1,17,5,user,ccw.altitude,R=OK," + }, + { + "log": { + "file": { + "path": "Imap4" + } + }, + "message": "2024-01-24T15:30:19.847Z,00000000000ABC12,2,1.2.3.4:143,10.11.12.13:65468,example123,118,31,34,authenticate,PLAIN,\"R=OK;Msg=\"\"Proxy:Host123.domain.tld:1993:SSL;ProxySuccess\"\";LiveIdAR=OK;ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078\"," + }, + { + "log": { + "file": { + "path": "Imap4" + } + }, + "message": "2024-01-24T15:30:18.896Z,00000000000ABC12,4,1.2.3.4:1993,10.11.12.13:25882,example123,15,18,262,examine,INBOX,\"R=OK;Rows=0;Recent=0;UidValidity=14;UidNext=2644;ActivityContextData=\"\"Dbl:ST.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:RPC.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0.7692308,I32:RPC.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,Dbl:STCPU.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=15,I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=266,I32:ROP.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=827177561,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,Dbl:EXR.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:BudgUse.T[]=15.0116996765137\"\";Budget=\"\"Owner:Sid~S-1-2-34-1234567890-1234567890-123456789-123456~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599988,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_0e36a769-e2a9-4d1d-98df-80be2753326c,IsServiceAccount:False,LiveTime:00:04:30.6615435\"\"\"," + }, + { + "log": { + "file": { + "path": "Imap4" + } + }, + "message": "2024-01-24T15:30:18.925Z,00000000000ABC12,5,1.2.3.4:1993,10.11.12.13:25882,example123,1,10,26,close,,\"R=OK;UidValidity=14;UidNext=2644;ActivityContextData=\"\"I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0\"\";Budget=\"\"Owner:Sid~S-1-2-34-5678910111-1213141516-171819202-212223~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599993,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_81f0fddf-6fcd-4e2e-9330-ca4a38f4057a,IsServiceAccount:False,LiveTime:00:04:30.6905655\"\"\"," + } + ] +} diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json-expected.json b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json-expected.json new file mode 100644 index 00000000000..85dbc75a6a1 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/pipeline/test-imap4-pop3.json-expected.json @@ -0,0 +1,210 @@ +{ + "expected": [ + { + "@timestamp": "2024-01-24T15:31:51.231Z", + "event": { + "ingested": "2024-03-06T14:49:25.165868250Z", + "original": "2024-01-24T15:31:51.231Z,00000000000ABC12,2,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,163,10,34,pass,*****,\"R=OK;Msg=\"\"Proxy:Host123.domain.tld:1995:SSL;ProxySuccess\"\";ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078\"," + }, + "log": { + "file": { + "path": "Pop3" + } + }, + "message": "2024-01-24T15:31:51.231Z,00000000000ABC12,2,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,163,10,34,pass,*****,\"R=OK;Msg=\"\"Proxy:Host123.domain.tld:1995:SSL;ProxySuccess\"\";ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078\",", + "microsoft": { + "exchange": { + "cip": "10.11.12.13:12345", + "command": "pass", + "context": "R=OK;Msg=\"Proxy:Host123.domain.tld:1995:SSL;ProxySuccess\";ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078", + "duration": 163, + "logtype": "pop3", + "parameters": "*****", + "rpsize": 34, + "rqsize": 10, + "seqnumber": 2, + "sessionid": "00000000000ABC12", + "sip": "1.2.3.4:110", + "user": "ccw.altitude" + } + }, + "source": { + "ip": "10.11.12.13" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-24T15:31:51.435Z", + "event": { + "ingested": "2024-03-06T14:49:25.165884866Z", + "original": "2024-01-24T15:31:51.435Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,,0,0,0,CloseSession,,," + }, + "log": { + "file": { + "path": "Pop3" + } + }, + "message": "2024-01-24T15:31:51.435Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,,0,0,0,CloseSession,,,", + "microsoft": { + "exchange": { + "cip": "10.11.12.13:12345", + "command": "CloseSession", + "duration": 0, + "logtype": "pop3", + "rpsize": 0, + "rqsize": 0, + "seqnumber": 1, + "sessionid": "00000000000ABC12", + "sip": "1.2.3.4:110" + } + }, + "source": { + "ip": "10.11.12.13" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-24T15:31:51.067Z", + "event": { + "ingested": "2024-03-06T14:49:25.165888148Z", + "original": "2024-01-24T15:31:51.067Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,1,17,5,user,ccw.altitude,R=OK," + }, + "log": { + "file": { + "path": "Pop3" + } + }, + "message": "2024-01-24T15:31:51.067Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,1,17,5,user,ccw.altitude,R=OK,", + "microsoft": { + "exchange": { + "cip": "10.11.12.13:12345", + "command": "user", + "context": "R=OK", + "duration": 1, + "logtype": "pop3", + "parameters": "ccw.altitude", + "rpsize": 5, + "rqsize": 17, + "seqnumber": 1, + "sessionid": "00000000000ABC12", + "sip": "1.2.3.4:110", + "user": "ccw.altitude" + } + }, + "source": { + "ip": "10.11.12.13" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-24T15:30:19.847Z", + "event": { + "ingested": "2024-03-06T14:49:25.165893874Z", + "original": "2024-01-24T15:30:19.847Z,00000000000ABC12,2,1.2.3.4:143,10.11.12.13:65468,example123,118,31,34,authenticate,PLAIN,\"R=OK;Msg=\"\"Proxy:Host123.domain.tld:1993:SSL;ProxySuccess\"\";LiveIdAR=OK;ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078\"," + }, + "log": { + "file": { + "path": "Imap4" + } + }, + "message": "2024-01-24T15:30:19.847Z,00000000000ABC12,2,1.2.3.4:143,10.11.12.13:65468,example123,118,31,34,authenticate,PLAIN,\"R=OK;Msg=\"\"Proxy:Host123.domain.tld:1993:SSL;ProxySuccess\"\";LiveIdAR=OK;ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078\",", + "microsoft": { + "exchange": { + "cip": "10.11.12.13:65468", + "command": "authenticate", + "context": "R=OK;Msg=\"Proxy:Host123.domain.tld:1993:SSL;ProxySuccess\";LiveIdAR=OK;ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078", + "duration": 118, + "logtype": "imap4", + "parameters": "PLAIN", + "rpsize": 34, + "rqsize": 31, + "seqnumber": 2, + "sessionid": "00000000000ABC12", + "sip": "1.2.3.4:143", + "user": "example123" + } + }, + "source": { + "ip": "10.11.12.13" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-24T15:30:18.896Z", + "event": { + "ingested": "2024-03-06T14:49:25.165896724Z", + "original": "2024-01-24T15:30:18.896Z,00000000000ABC12,4,1.2.3.4:1993,10.11.12.13:25882,example123,15,18,262,examine,INBOX,\"R=OK;Rows=0;Recent=0;UidValidity=14;UidNext=2644;ActivityContextData=\"\"Dbl:ST.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:RPC.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0.7692308,I32:RPC.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,Dbl:STCPU.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=15,I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=266,I32:ROP.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=827177561,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,Dbl:EXR.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:BudgUse.T[]=15.0116996765137\"\";Budget=\"\"Owner:Sid~S-1-2-34-1234567890-1234567890-123456789-123456~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599988,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_0e36a769-e2a9-4d1d-98df-80be2753326c,IsServiceAccount:False,LiveTime:00:04:30.6615435\"\"\"," + }, + "log": { + "file": { + "path": "Imap4" + } + }, + "message": "2024-01-24T15:30:18.896Z,00000000000ABC12,4,1.2.3.4:1993,10.11.12.13:25882,example123,15,18,262,examine,INBOX,\"R=OK;Rows=0;Recent=0;UidValidity=14;UidNext=2644;ActivityContextData=\"\"Dbl:ST.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:RPC.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0.7692308,I32:RPC.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,Dbl:STCPU.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=15,I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=266,I32:ROP.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=827177561,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,Dbl:EXR.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:BudgUse.T[]=15.0116996765137\"\";Budget=\"\"Owner:Sid~S-1-2-34-1234567890-1234567890-123456789-123456~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599988,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_0e36a769-e2a9-4d1d-98df-80be2753326c,IsServiceAccount:False,LiveTime:00:04:30.6615435\"\"\",", + "microsoft": { + "exchange": { + "cip": "10.11.12.13:25882", + "command": "examine", + "context": "R=OK;Rows=0;Recent=0;UidValidity=14;UidNext=2644;ActivityContextData=\"Dbl:ST.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:RPC.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0.7692308,I32:RPC.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=13,Dbl:STCPU.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=15,I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=266,I32:ROP.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=827177561,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=10,Dbl:EXR.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,Dbl:BudgUse.T[]=15.0116996765137\";Budget=\"Owner:Sid~S-1-2-34-1234567890-1234567890-123456789-123456~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599988,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_0e36a769-e2a9-4d1d-98df-80be2753326c,IsServiceAccount:False,LiveTime:00:04:30.6615435\"", + "duration": 15, + "logtype": "imap4", + "parameters": "INBOX", + "rpsize": 262, + "rqsize": 18, + "seqnumber": 4, + "sessionid": "00000000000ABC12", + "sip": "1.2.3.4:1993", + "user": "example123" + } + }, + "source": { + "ip": "10.11.12.13" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-24T15:30:18.925Z", + "event": { + "ingested": "2024-03-06T14:49:25.165899267Z", + "original": "2024-01-24T15:30:18.925Z,00000000000ABC12,5,1.2.3.4:1993,10.11.12.13:25882,example123,1,10,26,close,,\"R=OK;UidValidity=14;UidNext=2644;ActivityContextData=\"\"I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0\"\";Budget=\"\"Owner:Sid~S-1-2-34-5678910111-1213141516-171819202-212223~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599993,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_81f0fddf-6fcd-4e2e-9330-ca4a38f4057a,IsServiceAccount:False,LiveTime:00:04:30.6905655\"\"\"," + }, + "log": { + "file": { + "path": "Imap4" + } + }, + "message": "2024-01-24T15:30:18.925Z,00000000000ABC12,5,1.2.3.4:1993,10.11.12.13:25882,example123,1,10,26,close,,\"R=OK;UidValidity=14;UidNext=2644;ActivityContextData=\"\"I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0\"\";Budget=\"\"Owner:Sid~S-1-2-34-5678910111-1213141516-171819202-212223~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599993,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_81f0fddf-6fcd-4e2e-9330-ca4a38f4057a,IsServiceAccount:False,LiveTime:00:04:30.6905655\"\"\",", + "microsoft": { + "exchange": { + "cip": "10.11.12.13:25882", + "command": "close", + "context": "R=OK;UidValidity=14;UidNext=2644;ActivityContextData=\"I32:MAPI.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=3,I32:MB.C[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,F:MB.AL[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0,Dbl:MAPI.T[Host123.0e36a769-e2a9-4d1d-98df-80be2753326c]=0\";Budget=\"Owner:Sid~S-1-2-34-5678910111-1213141516-171819202-212223~Imap~false,Conn:1,MaxConn:Unlimited,MaxBurst:3600000,Balance:3599993,Cutoff:Unlimited,RechargeRate:600000,Policy:GlobalThrottlingPolicy_81f0fddf-6fcd-4e2e-9330-ca4a38f4057a,IsServiceAccount:False,LiveTime:00:04:30.6905655\"", + "duration": 1, + "logtype": "imap4", + "rpsize": 26, + "rqsize": 10, + "seqnumber": 5, + "sessionid": "00000000000ABC12", + "sip": "1.2.3.4:1993", + "user": "example123" + } + }, + "source": { + "ip": "10.11.12.13" + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/agent/stream/filestream.yml.hbs b/packages/microsoft_exchange_server/data_stream/imap4_pop3/agent/stream/filestream.yml.hbs new file mode 100644 index 00000000000..da3f585997c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/agent/stream/filestream.yml.hbs @@ -0,0 +1,14 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +exclude_files: [".gz$"] +processors: + - add_locale: ~ diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..45e168671e5 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,72 @@ +--- +description: Pipeline for processing sample logs +processors: +- drop: + if: "ctx.message =~ /^[^0-9]/ || ctx.message =~ /^#/" +- set: + field: event.original + copy_from: message +- csv: + field: event.original + ignore_failure: true + ignore_missing: true + target_fields: + - "@timestamp" + - microsoft.exchange.sessionid + - microsoft.exchange.seqnumber + - microsoft.exchange.sip + - microsoft.exchange.cip + - microsoft.exchange.user + - microsoft.exchange.duration + - microsoft.exchange.rqsize + - microsoft.exchange.rpsize + - microsoft.exchange.command + - microsoft.exchange.parameters + - microsoft.exchange.context + - microsoft.exchange.puid +- grok: + field: microsoft.exchange.cip + patterns: + - "%{NOTSPACE:source.ip}:%{NUMBER}" + ignore_missing: true + if: ctx.microsoft?.exchange?.cip != null + ignore_failure: true +- set: + field: microsoft.exchange.logtype + if: ctx.log?.file?.path =~ /Imap4/ + value: imap4 + ignore_empty_value: true + ignore_failure: true +- set: + field: microsoft.exchange.logtype + if: ctx.log?.file?.path =~ /Pop3/ + value: pop3 + ignore_empty_value: true + ignore_failure: true +- convert: + field: microsoft.exchange.duration + type: long + ignore_failure: true +- convert: + field: microsoft.exchange.rpsize + type: long + ignore_failure: true +- convert: + field: microsoft.exchange.rqsize + type: long + ignore_failure: true +- convert: + field: microsoft.exchange.seqnumber + type: long + ignore_failure: true +- set: + field: event.ingested + copy_from: _ingest.timestamp + ignore_failure: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/base-fields.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml new file mode 100644 index 00000000000..e404a5c3aa5 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml @@ -0,0 +1,8 @@ +- external: ecs + name: message +- external: ecs + name: log.file.path +- external: ecs + name: source.ip +- external: ecs + name: tags diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml new file mode 100644 index 00000000000..f892677c4d6 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml @@ -0,0 +1,26 @@ +- name: microsoft.exchange.sessionid + type: keyword +- name: microsoft.exchange.seqnumber + type: long +- name: microsoft.exchange.sip + type: keyword +- name: microsoft.exchange.cip + type: keyword +- name: microsoft.exchange.user + type: keyword +- name: microsoft.exchange.duration + type: long +- name: microsoft.exchange.rqsize + type: long +- name: microsoft.exchange.rpsize + type: long +- name: microsoft.exchange.command + type: keyword +- name: microsoft.exchange.parameters + type: keyword +- name: microsoft.exchange.context + type: keyword +- name: microsoft.exchange.puid + type: keyword +- name: microsoft.exchange.logtype + type: keyword diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/manifest.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/manifest.yml new file mode 100644 index 00000000000..d6fa54f923f --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/manifest.yml @@ -0,0 +1,22 @@ +title: "Exchange Server IMAP4 POP3" +type: logs +streams: + - input: filestream + title: Exchange Server IMAP4 POP3 Logs + description: Collect Exchange Server IMAP4 POP3 logs + vars: + - name: paths + type: text + title: Paths + multi: true + required: true + show_user: true + default: + - "C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Logging\\Imap4\\IMAP*.LOG" + - "C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Logging\\Pop3\\POP*.LOG" + - name: tags + type: text + title: Tags + multi: true + required: false + show_user: false diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-common-config.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..a06dda74051 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,5 @@ +dynamic_fields: + "event.ingested": ".*" +fields: + tags: + - preserve_original_event diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log new file mode 100644 index 00000000000..c841eff3559 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log @@ -0,0 +1,3 @@ +2024-01-25T15:16:09.843Z,,,,exchange-mail,No suitable shadow servers,,SMTP,HAREDIRECTFAIL,70971234566456,<20240124222112.B4AE1234EF@host01.my.domain.com>,2fd37dca-1234-5bfb-175d-08dc1db88f52,mailuser@my.domain.com,,15054,1,,,Undelivered Mail Returned to Sender,MAILER-DAEMON@host01.my.domain.com,root@host01.my.domain.com,,Incoming,,,,S:DeliveryPriority=Normal;S:OriginalFromAddress=root@host01.my.domain.com;S:AccountForest=my.domain.com,Email,dc69df25-1234-564c-41c4-08dc1db88f7f,15.02.0330.005 +2024-01-25T15:16:09.949Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE5;2024-01-25T15:16:09.544Z;0,exchange-mail\Default exchange-mail,SMTP,RECEIVE,70912345566403,<20240123200014.123F425E28@host01.my.domain.com>,1e6eb197-c6b4-1234-1b69-56dc1db88f50,mailuser@my.domain.com,,7229,1,,,vzdump backup status (host01.my.domain.com): backup successful,root@host01.my.domain.com,root@host01.my.domain.com,0cA: ,Incoming,,10.11.12.13,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.13;S:ProxiedClientHostname=host01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,05503123-c5b9-46fe-1234-56dc1db88f8f,15.02.0330.005 +2024-01-25T15:16:14.415Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE9;2024-01-25T15:16:12.885Z;0,exchange-mail\Default exchange-mail,SMTP,RECEIVE,70912345566407,<20240123200018.123C42553@pve-vhost01.my.domain.com>,c95b5dd1-f520-1234-e6dc-56dc1db8914d,mailuser@my.domain.com,,8251,1,,,vzdump backup status (pve-vhost01.my.domain.com): backup successful,root@pve-vhost01.my.domain.com,root@pve-vhost01.my.domain.com,0cA: ,Incoming,,10.11.12.15,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.15;S:ProxiedClientHostname=pve-vhost01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,d6aef52d-0e05-1234-e29b-56dc1db89238,15.02.0330.005 diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json new file mode 100644 index 00000000000..c8c153958cf --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/pipeline/test-messagetracking.log-expected.json @@ -0,0 +1,178 @@ +{ + "expected": [ + { + "@timestamp": "2024-01-25T15:16:09.843Z", + "email": { + "direction": "Incoming", + "from": { + "address": [ + "MAILER-DAEMON@host01.my.domain.com" + ] + }, + "local_id": "70971234566456", + "message_id": "<20240124222112.B4AE1234EF@host01.my.domain.com>", + "sender": { + "address": [ + "MAILER-DAEMON@host01.my.domain.com" + ] + }, + "subject": "Undelivered Mail Returned to Sender", + "to": { + "address": [ + "mailuser@my.domain.com" + ] + } + }, + "event": { + "ingested": "2024-03-06T15:06:25.588990186Z", + "original": "2024-01-25T15:16:09.843Z,,,,exchange-mail,No suitable shadow servers,,SMTP,HAREDIRECTFAIL,70971234566456,<20240124222112.B4AE1234EF@host01.my.domain.com>,2fd37dca-1234-5bfb-175d-08dc1db88f52,mailuser@my.domain.com,,15054,1,,,Undelivered Mail Returned to Sender,MAILER-DAEMON@host01.my.domain.com,root@host01.my.domain.com,,Incoming,,,,S:DeliveryPriority=Normal;S:OriginalFromAddress=root@host01.my.domain.com;S:AccountForest=my.domain.com,Email,dc69df25-1234-564c-41c4-08dc1db88f7f,15.02.0330.005" + }, + "message": "2024-01-25T15:16:09.843Z,,,,exchange-mail,No suitable shadow servers,,SMTP,HAREDIRECTFAIL,70971234566456,<20240124222112.B4AE1234EF@host01.my.domain.com>,2fd37dca-1234-5bfb-175d-08dc1db88f52,mailuser@my.domain.com,,15054,1,,,Undelivered Mail Returned to Sender,MAILER-DAEMON@host01.my.domain.com,root@host01.my.domain.com,,Incoming,,,,S:DeliveryPriority=Normal;S:OriginalFromAddress=root@host01.my.domain.com;S:AccountForest=my.domain.com,Email,dc69df25-1234-564c-41c4-08dc1db88f7f,15.02.0330.005", + "microsoft": { + "exchange": { + "customdata": "S:DeliveryPriority=Normal;S:OriginalFromAddress=root@host01.my.domain.com;S:AccountForest=my.domain.com", + "eventid": "HAREDIRECTFAIL", + "logid": "dc69df25-1234-564c-41c4-08dc1db88f7f", + "networkmessageid": "2fd37dca-1234-5bfb-175d-08dc1db88f52", + "recipientcount": 1, + "returnpath": "root@host01.my.domain.com", + "schemaversion": "15.02.0330.005", + "source": "SMTP", + "sourcecontext": "No suitable shadow servers", + "transporttraffictype": "Email" + } + }, + "network": { + "bytes": 15054 + }, + "server": { + "domain": "exchange-mail" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:16:09.949Z", + "client": { + "domain": "exchange-mail.my.domain.com", + "ip": "10.11.12.14" + }, + "email": { + "direction": "Incoming", + "from": { + "address": [ + "root@host01.my.domain.com" + ] + }, + "local_id": "70912345566403", + "message_id": "<20240123200014.123F425E28@host01.my.domain.com>", + "sender": { + "address": [ + "root@host01.my.domain.com" + ] + }, + "subject": "vzdump backup status (host01.my.domain.com): backup successful", + "to": { + "address": [ + "mailuser@my.domain.com" + ] + } + }, + "event": { + "ingested": "2024-03-06T15:06:25.589003926Z", + "original": "2024-01-25T15:16:09.949Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE5;2024-01-25T15:16:09.544Z;0,exchange-mail\\Default exchange-mail,SMTP,RECEIVE,70912345566403,<20240123200014.123F425E28@host01.my.domain.com>,1e6eb197-c6b4-1234-1b69-56dc1db88f50,mailuser@my.domain.com,,7229,1,,,vzdump backup status (host01.my.domain.com): backup successful,root@host01.my.domain.com,root@host01.my.domain.com,0cA: ,Incoming,,10.11.12.13,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.13;S:ProxiedClientHostname=host01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,05503123-c5b9-46fe-1234-56dc1db88f8f,15.02.0330.005" + }, + "message": "2024-01-25T15:16:09.949Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE5;2024-01-25T15:16:09.544Z;0,exchange-mail\\Default exchange-mail,SMTP,RECEIVE,70912345566403,<20240123200014.123F425E28@host01.my.domain.com>,1e6eb197-c6b4-1234-1b69-56dc1db88f50,mailuser@my.domain.com,,7229,1,,,vzdump backup status (host01.my.domain.com): backup successful,root@host01.my.domain.com,root@host01.my.domain.com,0cA: ,Incoming,,10.11.12.13,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.13;S:ProxiedClientHostname=host01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,05503123-c5b9-46fe-1234-56dc1db88f8f,15.02.0330.005", + "microsoft": { + "exchange": { + "connectorid": "exchange-mail\\Default exchange-mail", + "customdata": "S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.13;S:ProxiedClientHostname=host01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com", + "eventid": "RECEIVE", + "logid": "05503123-c5b9-46fe-1234-56dc1db88f8f", + "messageinfo": "0cA: ", + "networkmessageid": "1e6eb197-c6b4-1234-1b69-56dc1db88f50", + "originalclientip": "10.11.12.13", + "originalserverip": "10.11.12.14", + "recipientcount": 1, + "returnpath": "root@host01.my.domain.com", + "schemaversion": "15.02.0330.005", + "source": "SMTP", + "sourcecontext": "08DC1DB12C345BE5;2024-01-25T15:16:09.544Z;0", + "transporttraffictype": "Email" + } + }, + "network": { + "bytes": 7229 + }, + "server": { + "domain": "exchange-mail", + "ip": "10.11.12.14" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:16:14.415Z", + "client": { + "domain": "exchange-mail.my.domain.com", + "ip": "10.11.12.14" + }, + "email": { + "direction": "Incoming", + "from": { + "address": [ + "root@pve-vhost01.my.domain.com" + ] + }, + "local_id": "70912345566407", + "message_id": "<20240123200018.123C42553@pve-vhost01.my.domain.com>", + "sender": { + "address": [ + "root@pve-vhost01.my.domain.com" + ] + }, + "subject": "vzdump backup status (pve-vhost01.my.domain.com): backup successful", + "to": { + "address": [ + "mailuser@my.domain.com" + ] + } + }, + "event": { + "ingested": "2024-03-06T15:06:25.589006572Z", + "original": "2024-01-25T15:16:14.415Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE9;2024-01-25T15:16:12.885Z;0,exchange-mail\\Default exchange-mail,SMTP,RECEIVE,70912345566407,<20240123200018.123C42553@pve-vhost01.my.domain.com>,c95b5dd1-f520-1234-e6dc-56dc1db8914d,mailuser@my.domain.com,,8251,1,,,vzdump backup status (pve-vhost01.my.domain.com): backup successful,root@pve-vhost01.my.domain.com,root@pve-vhost01.my.domain.com,0cA: ,Incoming,,10.11.12.15,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.15;S:ProxiedClientHostname=pve-vhost01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,d6aef52d-0e05-1234-e29b-56dc1db89238,15.02.0330.005" + }, + "message": "2024-01-25T15:16:14.415Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE9;2024-01-25T15:16:12.885Z;0,exchange-mail\\Default exchange-mail,SMTP,RECEIVE,70912345566407,<20240123200018.123C42553@pve-vhost01.my.domain.com>,c95b5dd1-f520-1234-e6dc-56dc1db8914d,mailuser@my.domain.com,,8251,1,,,vzdump backup status (pve-vhost01.my.domain.com): backup successful,root@pve-vhost01.my.domain.com,root@pve-vhost01.my.domain.com,0cA: ,Incoming,,10.11.12.15,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.15;S:ProxiedClientHostname=pve-vhost01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,d6aef52d-0e05-1234-e29b-56dc1db89238,15.02.0330.005", + "microsoft": { + "exchange": { + "connectorid": "exchange-mail\\Default exchange-mail", + "customdata": "S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.15;S:ProxiedClientHostname=pve-vhost01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com", + "eventid": "RECEIVE", + "logid": "d6aef52d-0e05-1234-e29b-56dc1db89238", + "messageinfo": "0cA: ", + "networkmessageid": "c95b5dd1-f520-1234-e6dc-56dc1db8914d", + "originalclientip": "10.11.12.15", + "originalserverip": "10.11.12.14", + "recipientcount": 1, + "returnpath": "root@pve-vhost01.my.domain.com", + "schemaversion": "15.02.0330.005", + "source": "SMTP", + "sourcecontext": "08DC1DB12C345BE9;2024-01-25T15:16:12.885Z;0", + "transporttraffictype": "Email" + } + }, + "network": { + "bytes": 8251 + }, + "server": { + "domain": "exchange-mail", + "ip": "10.11.12.14" + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/agent/stream/filestream.yml.hbs b/packages/microsoft_exchange_server/data_stream/messagetracking/agent/stream/filestream.yml.hbs new file mode 100644 index 00000000000..da3f585997c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/agent/stream/filestream.yml.hbs @@ -0,0 +1,14 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +exclude_files: [".gz$"] +processors: + - add_locale: ~ diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..72a02d020cd --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,81 @@ +--- +description: Pipeline for processing Exchange Server Messagetracking logs +processors: +- drop: + if: "ctx.message =~ /^[^0-9]/ || ctx.message =~ /^#/" +- set: + field: event.original + value: "{{{message}}}" +- csv: + field: event.original + ignore_failure: true + ignore_missing: true + target_fields: + - "@timestamp" + - client.ip + - client.domain + - server.ip + - server.domain + - microsoft.exchange.sourcecontext + - microsoft.exchange.connectorid + - microsoft.exchange.source + - microsoft.exchange.eventid + - email.local_id + - email.message_id + - microsoft.exchange.networkmessageid + - email.to.address + - microsoft.exchange.recipientstatus + - network.bytes + - microsoft.exchange.recipientcount + - microsoft.exchange.relatedrecipientaddress + - microsoft.exchange.reference + - email.subject + - microsoft.exchange.senderaddress + - microsoft.exchange.returnpath + - microsoft.exchange.messageinfo + - email.direction + - microsoft.exchange.tenantid + - microsoft.exchange.originalclientip + - microsoft.exchange.originalserverip + - microsoft.exchange.customdata + - microsoft.exchange.transporttraffictype + - microsoft.exchange.logid + - microsoft.exchange.schemaversion + if: ctx.message =~ /^\d/ +- split: + field: email.to.address + separator: ";" + preserve_trailing: true + ignore_missing: true + ignore_failure: true +- append: + field: email.sender.address + value: "{{{microsoft.exchange.senderaddress}}}" + ignore_failure: true +- append: + field: email.from.address + value: "{{{microsoft.exchange.senderaddress}}}" + ignore_failure: true +- remove: + field: microsoft.exchange.senderaddress +- convert: + field: "microsoft.exchange.recipientcount" + type: long + ignore_failure: true + ignore_missing: true +- convert: + field: "network.bytes" + type: long + ignore_failure: true + ignore_missing: true +- set: + field: event.ingested + value: "{{{_ingest.timestamp}}}" + ignore_failure: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/base-fields.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml new file mode 100644 index 00000000000..274f45cc7ba --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml @@ -0,0 +1,28 @@ +- external: ecs + name: message +- external: ecs + name: client.ip +- external: ecs + name: client.domain +- external: ecs + name: server.ip +- external: ecs + name: server.domain +- external: ecs + name: email.to.address +- external: ecs + name: email.sender.address +- external: ecs + name: email.from.address +- external: ecs + name: email.subject +- external: ecs + name: email.direction +- external: ecs + name: email.message_id +- external: ecs + name: email.local_id +- external: ecs + name: network.bytes +- external: ecs + name: tags diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml new file mode 100644 index 00000000000..64e7b183408 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml @@ -0,0 +1,38 @@ +- name: microsoft.exchange.sourcecontext + type: keyword +- name: microsoft.exchange.connectorid + type: keyword +- name: microsoft.exchange.source + type: keyword +- name: microsoft.exchange.eventid + type: keyword +- name: microsoft.exchange.networkmessageid + type: keyword +- name: microsoft.exchange.recipientstatus + type: long +- name: microsoft.exchange.recipientcount + type: long +- name: microsoft.exchange.relatedrecipientaddress + type: ip +- name: microsoft.exchange.reference + type: keyword +- name: microsoft.exchange.returnpath + type: keyword +- name: microsoft.exchange.messageinfo + type: keyword +- name: microsoft.exchange.tenantid + type: keyword +- name: microsoft.exchange.originalclientip + type: ip +- name: microsoft.exchange.originalserverip + type: ip +- name: microsoft.exchange.customdata + type: keyword +- name: microsoft.exchange.transporttraffictype + type: keyword +- name: microsoft.exchange.logid + type: keyword +- name: microsoft.exchange.schemaversion + type: keyword +- name: microsoft.exchange.logtype + type: keyword diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/manifest.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/manifest.yml new file mode 100644 index 00000000000..3a6dff8d2e0 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/manifest.yml @@ -0,0 +1,21 @@ +title: "Exchange Messagetracking" +type: logs +streams: + - input: filestream + title: Exchange Messagetracking Logs + description: Collect Exchange Messagetracking logs + vars: + - name: paths + type: text + title: Paths + required: true + multi: true + show_user: true + default: + - "C:\\Program Files\\Microsoft\\Exchange Server\\V15\\TransportRoles\\Logs\\MessageTracking\\*.LOG" + - name: tags + type: text + title: Tags + multi: true + required: false + show_user: false diff --git a/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-common-config.yml b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..a06dda74051 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,5 @@ +dynamic_fields: + "event.ingested": ".*" +fields: + tags: + - preserve_original_event diff --git a/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json new file mode 100644 index 00000000000..1ed50a5fcbc --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json @@ -0,0 +1,60 @@ +{ + "events": [ + { + "log": { + "file": { + "path": "SmtpSend" + } + }, + "message": "2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,0,,10.11.12.13:2525,*,None,Set Session Permissions" + }, + { + "log": { + "file": { + "path": "SmtpSend" + } + }, + "message": "2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,1,,10.11.12.13:2525,*,,attempting to connect" + }, + { + "log": { + "file": { + "path": "SmtpSend" + } + }, + "message": "2024-01-25T15:14:40.508Z,Inbound Proxy Internal Send Connector,08DC1DB8591B229F,2,,10.11.12.13:2525,*,,\"Failed to connect. Winsock error code: 10061, Win32 error code: 10061, Destination domain: internalproxy, Error Message: No connection could be made because the target machine actively refused it 10.11.12.13:2525.\"" + }, + { + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.026Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,1,10.11.12.13:25,10.11.12.14:53228,>,\"220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100\"," + }, + { + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.026Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229B,0,10.11.12.13:25,10.11.12.14:53230,+,," + }, + { + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.031Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,2,10.11.12.13:25,10.11.12.14:53228,<,EHLO mgt.my.domain.tld," + }, + { + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.066Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229B,1,10.11.12.13:25,10.11.12.14:53230,>,\"220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100\"," + } + ] +} diff --git a/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json-expected.json b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json-expected.json new file mode 100644 index 00000000000..49bca327506 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/pipeline/test-smtp.json-expected.json @@ -0,0 +1,193 @@ +{ + "expected": [ + { + "@timestamp": "2024-01-25T15:14:39.460Z", + "event": { + "ingested": "2024-03-06T15:08:18.600372171Z", + "original": "2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,0,,10.11.12.13:2525,*,None,Set Session Permissions" + }, + "log": { + "file": { + "path": "SmtpSend" + } + }, + "message": "2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,0,,10.11.12.13:2525,*,None,Set Session Permissions", + "microsoft": { + "exchange": { + "connectorid": "Inbound Proxy Internal Send Connector", + "context": "Set Session Permissions", + "data": "None", + "event": "*", + "logtype": "smtpsend", + "remoteendpoint": "10.11.12.13:2525", + "sequencenumber": 0, + "sessionid": "08DC1DB8591B22A0" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:14:39.460Z", + "event": { + "ingested": "2024-03-06T15:08:18.600384925Z", + "original": "2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,1,,10.11.12.13:2525,*,,attempting to connect" + }, + "log": { + "file": { + "path": "SmtpSend" + } + }, + "message": "2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,1,,10.11.12.13:2525,*,,attempting to connect", + "microsoft": { + "exchange": { + "connectorid": "Inbound Proxy Internal Send Connector", + "context": "attempting to connect", + "event": "*", + "logtype": "smtpsend", + "remoteendpoint": "10.11.12.13:2525", + "sequencenumber": 1, + "sessionid": "08DC1DB8591B22A0" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:14:40.508Z", + "event": { + "ingested": "2024-03-06T15:08:18.600387259Z", + "original": "2024-01-25T15:14:40.508Z,Inbound Proxy Internal Send Connector,08DC1DB8591B229F,2,,10.11.12.13:2525,*,,\"Failed to connect. Winsock error code: 10061, Win32 error code: 10061, Destination domain: internalproxy, Error Message: No connection could be made because the target machine actively refused it 10.11.12.13:2525.\"" + }, + "log": { + "file": { + "path": "SmtpSend" + } + }, + "message": "2024-01-25T15:14:40.508Z,Inbound Proxy Internal Send Connector,08DC1DB8591B229F,2,,10.11.12.13:2525,*,,\"Failed to connect. Winsock error code: 10061, Win32 error code: 10061, Destination domain: internalproxy, Error Message: No connection could be made because the target machine actively refused it 10.11.12.13:2525.\"", + "microsoft": { + "exchange": { + "connectorid": "Inbound Proxy Internal Send Connector", + "context": "Failed to connect. Winsock error code: 10061, Win32 error code: 10061, Destination domain: internalproxy, Error Message: No connection could be made because the target machine actively refused it 10.11.12.13:2525.", + "event": "*", + "logtype": "smtpsend", + "remoteendpoint": "10.11.12.13:2525", + "sequencenumber": 2, + "sessionid": "08DC1DB8591B229F" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:14:39.026Z", + "event": { + "ingested": "2024-03-06T15:08:18.600391894Z", + "original": "2024-01-25T15:14:39.026Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,1,10.11.12.13:25,10.11.12.14:53228,>,\"220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100\"," + }, + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.026Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,1,10.11.12.13:25,10.11.12.14:53228,>,\"220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100\",", + "microsoft": { + "exchange": { + "connectorid": "NETBIOS\\Default Frontend NETBIOS", + "data": "220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100", + "event": ">", + "localendpoint": "10.11.12.13:25", + "remoteendpoint": "10.11.12.14:53228", + "sequencenumber": 1, + "sessionid": "08DC1DB8591B229A" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:14:39.026Z", + "event": { + "ingested": "2024-03-06T15:08:18.600394286Z", + "original": "2024-01-25T15:14:39.026Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229B,0,10.11.12.13:25,10.11.12.14:53230,+,," + }, + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.026Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229B,0,10.11.12.13:25,10.11.12.14:53230,+,,", + "microsoft": { + "exchange": { + "connectorid": "NETBIOS\\Default Frontend NETBIOS", + "event": "+", + "localendpoint": "10.11.12.13:25", + "remoteendpoint": "10.11.12.14:53230", + "sequencenumber": 0, + "sessionid": "08DC1DB8591B229B" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:14:39.031Z", + "event": { + "ingested": "2024-03-06T15:08:18.600396278Z", + "original": "2024-01-25T15:14:39.031Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,2,10.11.12.13:25,10.11.12.14:53228,<,EHLO mgt.my.domain.tld," + }, + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.031Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,2,10.11.12.13:25,10.11.12.14:53228,<,EHLO mgt.my.domain.tld,", + "microsoft": { + "exchange": { + "connectorid": "NETBIOS\\Default Frontend NETBIOS", + "data": "EHLO mgt.my.domain.tld", + "event": "<", + "localendpoint": "10.11.12.13:25", + "remoteendpoint": "10.11.12.14:53228", + "sequencenumber": 2, + "sessionid": "08DC1DB8591B229A" + } + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2024-01-25T15:14:39.066Z", + "event": { + "ingested": "2024-03-06T15:08:18.60039812Z", + "original": "2024-01-25T15:14:39.066Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229B,1,10.11.12.13:25,10.11.12.14:53230,>,\"220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100\"," + }, + "log": { + "file": { + "path": "SmtpRecive" + } + }, + "message": "2024-01-25T15:14:39.066Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229B,1,10.11.12.13:25,10.11.12.14:53230,>,\"220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100\",", + "microsoft": { + "exchange": { + "connectorid": "NETBIOS\\Default Frontend NETBIOS", + "data": "220 my-mail.my.domain.tld Microsoft ESMTP MAIL Service ready at Thu, 25 Jan 2024 16:14:38 +0100", + "event": ">", + "localendpoint": "10.11.12.13:25", + "remoteendpoint": "10.11.12.14:53230", + "sequencenumber": 1, + "sessionid": "08DC1DB8591B229B" + } + }, + "tags": [ + "preserve_original_event" + ] + } + ] +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/data_stream/smtp/agent/stream/filestream.yml.hbs b/packages/microsoft_exchange_server/data_stream/smtp/agent/stream/filestream.yml.hbs new file mode 100644 index 00000000000..da3f585997c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/agent/stream/filestream.yml.hbs @@ -0,0 +1,14 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +exclude_files: [".gz$"] +processors: + - add_locale: ~ diff --git a/packages/microsoft_exchange_server/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_exchange_server/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..f398cf32fe5 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,49 @@ +--- +description: Pipeline for processing Exchange Server SMTP Logs +processors: +- drop: + if: "ctx.message =~ /^[^0-9]/ || ctx.message =~ /^#/" +- set: + field: event.original + copy_from: message +- csv: + field: event.original + ignore_failure: true + ignore_missing: true + target_fields: + - "@timestamp" + - microsoft.exchange.connectorid + - microsoft.exchange.sessionid + - microsoft.exchange.sequencenumber + - microsoft.exchange.localendpoint + - microsoft.exchange.remoteendpoint + - microsoft.exchange.event + - microsoft.exchange.data + - microsoft.exchange.context +- set: + field: microsoft.exchange.logtype + if: ctx.log?.file?.path =~ /SmtpSend/ + value: smtpsend + ignore_empty_value: true + ignore_failure: true +- set: + field: microsoft.exchange.logtype + if: ctx.log?.file?.path =~ /SmtpReceive/ + value: smtpreceive + ignore_empty_value: true + ignore_failure: true +- convert: + field: microsoft.exchange.sequencenumber + type: long + ignore_failure: true +- set: + field: event.ingested + copy_from: _ingest.timestamp + ignore_failure: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' diff --git a/packages/microsoft_exchange_server/data_stream/smtp/fields/base-fields.yml b/packages/microsoft_exchange_server/data_stream/smtp/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml new file mode 100644 index 00000000000..ddc5f4b0da3 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml @@ -0,0 +1,6 @@ +- external: ecs + name: message +- external: ecs + name: log.file.path +- external: ecs + name: tags diff --git a/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml new file mode 100644 index 00000000000..666f4652f17 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml @@ -0,0 +1,18 @@ +- name: microsoft.exchange.connectorid + type: keyword +- name: microsoft.exchange.sessionid + type: keyword +- name: microsoft.exchange.sequencenumber + type: long +- name: microsoft.exchange.localendpoint + type: keyword +- name: microsoft.exchange.remoteendpoint + type: keyword +- name: microsoft.exchange.event + type: keyword +- name: microsoft.exchange.data + type: keyword +- name: microsoft.exchange.context + type: keyword +- name: microsoft.exchange.logtype + type: keyword diff --git a/packages/microsoft_exchange_server/data_stream/smtp/manifest.yml b/packages/microsoft_exchange_server/data_stream/smtp/manifest.yml new file mode 100644 index 00000000000..f42569ed17d --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/manifest.yml @@ -0,0 +1,22 @@ +title: "Exchange SMTP" +type: logs +streams: + - input: filestream + title: Exchange SMTP logs + description: Collect Exchange SMTP logs + vars: + - name: paths + type: text + title: Paths + required: true + multi: true + show_user: true + default: + - "C:\\Program Files\\Microsoft\\Exchange Server\\V15\\TransportRoles\\Logs\\Hub\\ProtocolLog\\SmtpSend\\*.LOG" + - "C:\\Program Files\\Microsoft\\Exchange Server\\V15\\TransportRoles\\Logs\\FrontEnd\\ProtocolLog\\SmtpReceive\\*.LOG" + - name: tags + type: text + title: Tags + multi: true + required: false + show_user: false diff --git a/packages/microsoft_exchange_server/docs/README.md b/packages/microsoft_exchange_server/docs/README.md new file mode 100644 index 00000000000..144151317b4 --- /dev/null +++ b/packages/microsoft_exchange_server/docs/README.md @@ -0,0 +1,25 @@ +# Microsoft Exchange Server +The Microsoft Exchange Server integration allows you to monitor Exchange Server installations. + +## Data streams + +The Microsoft Exchange Server integration collects logs of the following streams: +- Exchange HTTPProxy Logs +- Exchange Server IMAP4 POP3 Logs +- Exchange Messagetracking Logs +- Exchange SMTP logs + +## Requirements + +You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. +You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware. + +## Setup + +For step-by-step instructions on how to set up an integration, see the +[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide. + +## Setup Exchange Server + +To collect the SMTP Logs, the logs have to be configured on the exchange Server. To enable it, you can follow this [guide](https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/configure-protocol-logging?view=exchserver-2019) +The other logs are enabled by default, and no further configurations are required diff --git a/packages/microsoft_exchange_server/img/exchange.svg b/packages/microsoft_exchange_server/img/exchange.svg new file mode 100644 index 00000000000..ad273e152dc --- /dev/null +++ b/packages/microsoft_exchange_server/img/exchange.svg @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packages/microsoft_exchange_server/img/screenshot_httpproxy.png b/packages/microsoft_exchange_server/img/screenshot_httpproxy.png new file mode 100644 index 0000000000000000000000000000000000000000..e8f1bf3fe91b57808a4440c908d146fea8113b91 GIT binary patch literal 216317 zcmeFZ2T)UAw>KPnLBI+E0#=YF(xewbL3$4zl-_$WK)}CB5d@STs`M5>dQGBq2!x){ zBP{^}L0XNF;R_S$Fdv(|5)v-WSTb3W;4snB0$ zy$k>V=v806&;tN2NC5z6Yc8Ir{c_Gzu9)`kl#iZ@BA^0wXO-4C>+oFjIRH=?F%k|kyuWyoPPqr8__tP$()xDo`q4?c} zZ+BlRTr;?O?wY`BI%B%=2*;Dx<$HTF6X;qQYs2Da24PdDlk%c2M%`_=ldP_F&pXna z6#YEtSutg0glM)yX1jlIYpb$za0uUOV(yi z|9cCdF!pWe(mz^v*K}6S{-br(@3HScB_pM7O8xURFW4_<{zDLu%MhmZ&z5e4BKJR9 z?~0XjZv3OAFqZS*tByxEhtv-dL9x=N5LL$S!?P_60KAKTAb17prAD4H|`_3 zUth8)=_^PPBLB9WtS{vkwL}j9e0zwJEJ{m)85+)jI6AvC^VY_rFuR{yuh6<&zogKN z@gh7PXZPlol(ud5*jF3*mCt0W8IYJko!TwK64TCuzffncvOujqX-PMPtYw5&fTeNX`W~^NNa`mC>A+E{P)tYnCyo;Lzo|~Mlx)Aj30nIGtKl>5CaCYQuq>kdIB@e ztM}VhM@JYWsjHaE=IL70^aF85ae@M;sXHgYIF`D6`7<4IHAV4r!m)%4MXPQ>AWgd_9AYHtOc5|1!_{B|GJ>vQlnuTCd(uB)2>u zo(J5mzD3A(rpbo?SJ}cV^SAy3-0!~s|7u}emVhLceExhx3N$rI!{ob(L~vUlRXEA7 zuZcGQt4=*e0D!{9n^MR~O1GNG(BMzK_S- z&3(RNXS*ls&}~cb3n?<}&Y;>Y8`P71gqQrLO_z~XY85}Wm{mY9%&RX|x-RkwNtDdI z9f9ea$5zj14!yUwEsRe?t0Uv2*n;KK-MwpjtB+0my&0`g_Q~AGJGpZfbw=*b5{Xs! z&W6q~4P4nKMGv@m^YJih?BhvN0_{yv6>})rK7+zL`PTN%!7wmv7e&lX+r8G z|2xCXeDXttP|$P1LvW7VK6>)VtrTZWW!~66S+;fVJ~T;dKBS8(1iUMz?9aj0n!ob!hKSl(_2P7i%@T zf@m#~OwZ^Lq`pfY$S7!#mt1Hee$OUtJ}Z!>oB})+)PArgSY~PVbQ&3e^%F1v_$vI9o#W!)tKPDxt#1}y`Hh2W~rzUk`)siYbGcN<) zUDllhnKUs;iO6LYm8?O#Rs0i=z@guql7wJ?c+?A3&1rCk_A?ryUoid&f4p*oCZ zo_d{G8QM-tI)+$FNN_VH6MF+~e8QbA5{napnW- zeYb#?ICtcPHD0fbA@y+8uUwQlaaRz1MLKjl!N-6Q-Lts8ta03giJgScI69RIiVMq= zU<12(&k&TTIk5{j9(MEc5Aul?@viU1xeXt#KDX?SPj7(OAibWQ-==;JhGw9fJvbW{ zSAf`{3@LDZeK={qv9hU~(sY0TP9n#`W1L0|1^kZ2F>B4H5K~h2EJ`kWXRu*4;iP}W zs;FR%N_wKRxGq@hI^`0$s84w3!nJnDS>F1)T{A?M4?a}7KVAEPdgqaZ8SQB!IGm9Z zmPekAa~k>(w>o?RDHT!`t0QwpN3VC9To1zmlfN~6P7+5M*I`U2%aTNnd~&vR`hvp< z1^|FTWFHFIS2YC55h#=Y;!do{0=tjO9w?|Ewmb`IF%gVOhcch+Bmy^N^Zh*HhATH4 z&>PA|Ds@Yt?&B7N{pdN))+y@TVzbL$^wdG#k;ZgXN;sk5B%hZIL#%xY`5-#pyBqsN zV+0l;Tk%MxV3F!TU<@Gluy3wURD23_n$iyp9J3YJAAC-@ShMkdK|S=uLsr(OhM_#v zLYwhUiM))6UV@x-z5rTCc9(?RkL_)F8G6!LelT!4p&vw^tbNY9Ctc+5BQB`UdFI82 zZ_u;zQ?iqRm3+QS(}SX@7b_&B||X!1h&!)?9QUtQ&J8*;*UV|rEy6mgz@ z4{}U3+PIaSR7&rk1u16OAgE_==&U(WbNVKlHLZ%Pq-tYHZnQ^jpKRLB_mHjV=YgSf zr)5bkw#!RPhHYAzQUyiFLA7#wuXDnWy(5n%dai0&*6T&gn3omLbk!S)WU-V^W;4Zi z%QhGnR$_As+Wn>lEr%WaZ3GZAE^4I=;AdtD%DaObIXVhIyc$7s7pO3;Eb&*N;^pOv z%TCYV2DIkhYcTDGPfHbZK6B~&Vn*Ik#OA@wtj6+=vPQ->SkOp#vAo9iEi1amzggJF zwFt+hN^oWGY)zO-LriMUV958)JAo>QCciIpb%JNZ_kuGp8vEG~kH{Ykr_!@L9Am2e zI{K&#Y650fd92L_7^|Sz>U!c319t>6Y1SCVaZ{|!4jz0-THEOfxkirGjw^-j#sCIbgM%D6hKFp zS45Bxp@?tbt6ReAHJC{g-Zy8Cm&EOCZYQ0KvY+KlFD+7*D>AZtt6{`WRgl&kv3(K< z3;m0OUH&CP{U9cU;vK~y8;}Xyt8+%IGvCWQ zvIH#%$sY9Ii~$XmK`MGFx3#=@zMv1;%ir4x)B&0{L173e*7(igOyUtLopw!Nim3JcV9_huGq z>qowKdW)GeV&#!$h+82CV)?X# z`lNKDdjh;-${b^5F$>4Gg3US|Oh8t@WcJ9c1U>PsvcOnpY5>@A63Fh%J{&FpxAmf+ z4eZ9<%Cw9o0!{&nuj;0xg!O**e4`winkK9#SZGU_vI-b%iM>_d%j!K_=bX@TWyC5| zHm5QttjCTuVDz09?qJMrZRSMC&)F4W-1Ip5f8K60`udQ4}E$@mcD%Mg&Yz zU(jDkX9plfhWlMaga-4NACO@AC1`$qg*m-Ee@)5)gv2Ry@QD&AP z;Ik?Z;9{$U!P;e!)n;{8NjB%Tk+LcEY&R6!Hni8Sc>*Eq@GwKLB`+TzJYMgPYOox| zmGC$Wh?-)C2XRho!~=rS(bVdkd_}c*kWYj)T@KQ(sn_w)&|+*rjVlh!2d*NV3EGPZ z-*gyi4C`NpJ<3j>yQtS5qD}DP;{o$52OVu=KB#{gVp7_D2DXled&r~d5Jxa&W2A>e z8rnl;C)>|ySE)@8Z))KIJ~R_AGOcVflZJoa?shSYoL8Xjyt}T{Z1uDw#?r(H=h(NjRT@~zMFJ8X4Qd_rx2>EY+{Lm z3DHJiaW}rGbi9QZM9`yVyVW0&R)R^8Lh3_h+$#N#r<+a4MzYSFR-v-8ZZ%1QAr*Nn z5j)FNG@M|%ge#y=r$$wF`urtD;Vkqo%NlXR%;w)?l+Qb7b*IW3`CBfVN%IidyFC9+ zZqoHpUQvL{+R4E-{90wOD>J;I0?Tw9Y-pHHm;&Ng2r(rGQ-K5Q(%O&bn_X^hR^9}> ztG=!YGHHbGxh4UR9X{E^;V%yCqK*%cgp51I66aTv49n{72dEAU{*9emSxAEn;Xb2A zt#bf{u+q=1(2UEODs|5Aq)4&)>z@Lw#yV65op=39a)8dgU2W&DA@ysLn|AyRSVHJe zVCc-xxm_y~lwgQIQAGqnnQgGer`|)bt{v*tkM$XgDI-{$w8)_c@s@{pUV%WbcQxEs zuqNG`&^2malaCU}S*-SY5Ai6Rqc<7CcswG7`e~}Vu`swW{(Vcg+_IsdKjQILO4XY@ z|Kf@Y;;i-ujvljSOWp#HNt`%EPj?|$3F|&xDwZDLs4~v9Hq?dLW&pf17I7R>kk*~9 zb&9Tcry9h`?nZLF{Z)jTd!_rn75W{-)BX#&DCP3ICShlR4sN%dF&+rBqQjn1<9(G? z#94la??Fo{C`~1+EI*nElA`QcW_(xR10KaqbyIg&ZRfsJ&2hG~%b`=cn`AI@g&5`v zOl|pg%wGm?&JX&M`5y?X)*e%+f?&C zLpFF>Wp=H$?=AqKQ=J!j$W7?w&X~(MpS>`h@It}=iYv^kUlnX;u8aekWmY9t^ zl;$A`=!;dy)h-=%Hig04I;;ZH4=`p$EFP6(IiIhvo60FGNgWvwH~lztQulV(c1F`o zg?+-&oJgH6BR;VpoRr0HKY}N{>7gu_>KHgHctTk%& zRwE13?YI_eZSKdLtl>7{sZfelZU}%YV;XwRHe0Kjb~b?EYAnd{_JW6FWwP4%=K%jQ z;B`s)*|A9YY|~Ut0}2EiF$*fg-gVaU7kPeze00M+NrKDT{1kObvXN z2+dfZ9faCQ)V~xdLVdR?0N@vXeTLkqBS*tb$rK}~49afVOPh?b@qp?NbYV)&;##0a z_1mf*{;P7?!qqnVrPZbNI+&JiJlMj+Dd*#83%R%6Go0VceAtqGjbpgAK@O;#_iXKp z^cam9xh1$j66Ve}$==2u5DpF44|omLk0JT^LiNne^$h9U7g=e}0a%Z*)tcV4y{wa$ zRUgzW5L$#;yY8F?@mNL>efe+mE>G#l!5*@L(61=9Z~Xr=0NUae7UW9_onkBpsi=>c z%ub~tXbLt1(VJ;uw)* z9lBR`o*<6sLtE+FGn+ho@|9S>mhfTZrJGrgM#Ha4Wwr!>z4Jh5|I_+6rIU)7bnN)5 zkMFGC0C<|Ve|uvj>QR9kNSCDCS2qShl3Wfcm1Zkt2>F7bP)X(P3PKqnn6cJ44i=O; zwGpCwM*2vrEUL6y5|mN6W0XRu9FL*2e#_h79KVX-xp>)cJd<^b+fqbjuGDHk!|z%1 zjEqMX2f=B(wWzjqe3W&x^5r#<>CZ)kvrd$yQ^U*9Mp))lZHu9H=#Wl;+>B9*X&ij5 zNN}};AWmRB@-R%fcQV!~8?k4}r4uYpf8ZlN9(;0(zRBTBvMAgLoMB;ajFskW)!*Wj za}Pc5<_=N|x^VP74vYToo2_jk0W&je$o^8%RR8NGJbHSCn_R$Nh6xi3Ez{1eKvYza zoAvVQF{arx+9ioEo+NA~C!%k&x$F2-|H#j1@Ho)A&(eZAW)QQg-!nvxp*kDuDV3{% zEXv@1^(K?EK1va5Mw{Dle%r(ctXZ@GT5(Aj2idq_+Jv!`75~izGqCkGK5duzZ_I(3 zt}e(V>Bd}!2r5vg1tF13Cnz!4WVF@)r7kK?FeGQhB|JLDDA;6>^S4cSD?a(x+bg3J z&@aP6tt^w<9nwDW$yHML3tDQX$Nv4nT9rhnvJ;AY!!$GfDS(1w%Pxm5NnI%*qHMht z+NhS%eXHQROl2czs>IdqtqZT5aj9(}|J%O1;v(HkRk1v;7>qfxwe6O`EPOQfq{)l* zcXxJ)(tdsoZEIQ_)r*A6bZDKs|BG|*-!AG=rynnkbF1*&u8!n{{?s3dmIq!3;$CXy z<-gQ=@Iuen@+B%Nxk}zJ8%kqe#IuH8ir3!*odx{j2QJ7|JPun1bqmYYnT7V(8-RD#-?zWKYGS&%#%daA&c*sS=`zt> zyz^K;Lj1{C3m-$7e@gc1u$hw4B#r&N3LBvWLqX9Eyk(P_YOF(wVi_AWw(#rwKfCM> zcqC^tQ-KkS(t8?#xbUen$3=JRZ&p`!yL$WO-%RnX8%mgea`y^%|6jB9H!O2%qI{xP zY>qayvi;FCC%lmI=`y)=0mO1y>3_+?ilEC3s;++#DT+>5zL#siDIW+!>3km z?MX=^8fX0YI*1bhC{VTpqWrxpYI3xqIbrIR;|SxlwMRFUxc3=tKb=E3-^Ty zx7L)Tk!}z2>c5Qpn`j_1^+haV^ z_{(9fSMGhK5oJ2gOLohjgK1frk32K2{g10v9D>aS49oQlO(q|D=ynnV#*3d@u*)Vt zzkUgz@Ugc~u3(YHL~2#m255*PqTWCfW>KCq%W=MAsBC2;wpcu|k<`p2YN zcFEljNeLNMWkrT%2D(Y5_QI#}ry{S|L#;(}TAIlE_(LDRHG^1&kfU;EgUUiuITb$+ zEh&AO+(a|3iHN>rro_BqJteU&BN3xEwT6+_#*gtghowEYJkR!D%%+x*5@xs}svdn+Y`n~zi!PW^{`GDN~Y(4WBh_q0N>Z!%k!Nca6jpj5!Z84oY~L%Qwk3s z{EP0>H!3v-MzSYyT~(!jof_B}Sgjb%J)@8>;?+m*%M~(Ng%nJNfd60_Pp$%Zy)IPzZyowhOgHk0FWW>Wh*6Cl#pKNtAw zy?y;PB;duFe?aEnFA@55t8a||3`D|Vi7>n>H#7@6xbl-h!Pj#!>66u8<Q9z^K^bI z<5dL{pEFZii`Wv=y0uc%y3$gE5^E118#65w&v=PGX6`)T>)(cap~O$(7))GPSSrD} z0^R{SsxKxj8rl~caac=SW%^@1Yikqoni#Z`d9c*5%)VPxynZrF>&Aq}JCW$noKeC6 zaJKmpO8s1lTLfHPC|^nlO$i@bEE??H@0u z>em+jJ?GnTru0FUi=pT?)96zL`*;3&yujs-4M}&uAT8d*;;tdG#eeUfFMr;!^18Yi zBp1|@DIKzK!$U8{y*%mmjh~#uQO39kVNEpn?fsnK9P}CQ5v+ zX3%b}jx86C+3WtG;g&68av~JEH$X%Wp)`Zj+rK<>NIm~~T2Kt6pkH`JSKlGX4mqH^ zHk*G6Y|4ji8HgbWj1zJy)OOs?>%>OdJz5Nf8&=LL5RT682gg>9uA2}tX9^^|2FhXt zDWg3Bt=l`nYBef;Ni%z?Y|={LxgV1e#z5hmZQ&DACEw;Ny_9hH0H81XlO2b)CSTUF zpl@2|Oy$~n+0f1UyDgU^T}a=$U|-hxAB>-1&jFYSkMYRZmr&Enp>_65)@3$vpffmRmhhBPsNyl{z6)a$B0KQ$Tq6!7xfER zn-mDvWN_c?6n*ygZDhD9vY#DQ?`gMzNz;)R3<&+P?Hr}dz)?K!QD}NiKsgcTbL9(M zw#UI<;6_($bv));TEGP8b?QipybC90D1zIirH1~ofHkD9!ob>SB{*UpJL5*nzZgzyMEBIQJm=R@})xdJiFBm{v1uHMRYTl_*pA)@vYdFA(mn zWPQ}UOC5}fYpN0%!_#NLBJDbF@CuUTPY!DDToJu4~kV9IQ?Zc7BQ*eeN*@yQx>#N%T) z#5LLCB&g=QL9BQg`@}-`?^zym5n!z3?o9N@LFX{5tNiPVdbq4}X`)=c4a85wX|=X- z!e^qA_BlwN@$p#WZ?l^!x?}jawwd;EY|AnYUnu8ZTobpv#kA7)JTK;=AxHLNlC0>| zer7B?C?O3~U2j*gw!c~yZFIFqts%~ZqNSCq`z+E9ZWG&U3_Nu?Bzy$U0<3^xE$OiV za4co>L8rji({gs#kbUYi0==f9C$a*pqh>n+=dWI_f+qTFU=}h_&3xR3(M8PSLcODh z4x<|s+2tIxzt>rX;Yd5(aDs-ytDJ>oiov113rS=G?u`)vKaMQ1PulZ>;4k?Wr^-0@EqNJd> zs+#n1xku*#D1n2c@atl-Qy7T^?1wW&?h0f~Ue~U8=7tS4)dPm-#_r8b)+pEv z?6QQkH%5>l_|X2L;X$YR{TVOxgXAQxqTJ7IP%?9%d;a#P=&eFJn*?>)NUx6S_^xUVO_Tab6Uvr*S{~0mt$>k+f$@*S@I|^^Qa=dqNrE2@wp?DW zlZ*S*gm1VJ_4zBhY2~xsR7$!(J9A{OA21k5=LXJPtqQOcYyIy6N6t45ZgKA#)oy)=useQq|1~(amXvx zo?mF%!O4}=C+UfWNRi+G^VRnGfgS^#SIr&tX25aDj z?AnooUeu^2xDDcwY7G`r!Q*4^)TT5r)~Z^_R8G%ra`wLd>vi5rWBYh!R<{nFJbD5J zf|G%-)(w=euoab6I{%W!1)yCTsB%7fbz8DnDil*#w+5kPP(xr-4jd;I^+b1x>?U%c ze(0M=h+UhJWwG*I;FHlkZYX{rXS{dvv#~vo6F(h3D2c5bj#jB;82#<_H)Pv-?g1;( zQgoRjZGf&BlIW>jwqr7c_#>|ufJ}sk>srmjeB~1i#U_n1oV@X`5(S=)$!cyuiZy)$tUMR_`u!x z3XGytI@*gF5}PvqCYVLagt}gq`zZx0ZT^9Hq=d#7Zw=$SpN|TB)?a#q!$A`i|)Y zvDLcXG+CV7c+LCgxSTUmILq@SM&~zaN51mpHJjvntOwN|43D+D->hM~TJ1~G!N2ID zV1c_j*0Gh3S+P}dfshy~W>ue0%WiXSq4ug%WsbZ@kKFdn2kPZ8;MGfO$2+!E63eipuS2M| zCSJshnlontM@f~4wTI?U3}$+U(qZN9Mm2iz8np7Z(7;W{>UNW7gw0I?mZ-tk_>;mg zOfq9DratIpmH)wfX3>46^oji=my%~8Z#?4R#>@TllZqDZj^BWB#t4e8d;fa*C7i6> z$P}Cz?Ev>FDV$(FGIQCHCOY*cQfgO{sAIc*XYKecABhlUQBOLmg=yi$f#t?<6tqRm zDVA*N)8+C)#b@18AjB`Z@-HR#I|)(`3mmgRaUL-S0elxon~<_9;@K`1Jb5mS1~_`% z3(`jFm@$*G4a`Mu`{iS;G~e-whG3%CT;rUxGdm_N#R?PEN+N#?mUS<;D^9}3nt%Ju z7U<~P_t>v0f=5dy0tLUlYyp>})J(wM{8f23aIySA_2~SX*shZ1?bpQWdXsKv_V$S^ zpry-`^&_VWe+Lspf|Yc3cl@WokzjXf`Jhd#$LBY!V>!7tCeL#a(dXV8x%4%*`uyY} zX=>aqD{Bz!*%+|oe-mP)_Gq?GH97S`?C7^kM5oblPUTHxsB zB4kwC#B;$U)kWf`_?~2BpXzvOZNg(SSwJbHWwdN+lAU(dxL@BfEe%LEYp823J<(>P z);F~hM2WK={bnJq=7lAQ?OI~}s=@kD zig%A`FE|w44I@mC%!yd>Trho-QcN zV<2sfA?GvBMMW9yU(P&cd@`+&QgVg+y_lQtSB>`xe<|7N0*;sIAkW$cFHHA)JrCW72w1DQKe2@djGQs1`>E=G8D~$ya z?iC&$yf5BnH_32}i%{y6h^;PSy#a5-3Bz-oP6hiLf7SP8sLrZDE#25|7OH z-`!Hr?072DPO*&oYyv_g00St);~dzaF}sFRj2OBLI({HJ!*tcM@<>EPoPS)}2aU&t zdx`Jr1k_m1<*`rg67-7#rW}t6td0EWQ zdoFIbuKg*A2JicTD(Km&eyKq+`83(=P+4ZXSK7$!c=Wrjm#EX7eH|+E+8`fJbBxM07l8O`N zEe>5oUL?Ff><8rq?LAQxTPa@(m>d0!i5CmB^&oHD=8n4+jOl+1%$wuQ6;mrm15Zn; z*A#sopU`D2KH1QODiFqZ!+?tW)s^F{R|WdydFWo`#dy95&Wmx0SOG~xGN6-0s_7Ic zF5kH=5+S9;*IDA`fDOXBJ%X=FLA5alay?Jb{)o88k-z19#Mp|5Kd>2xN&*ivg|!}V z)*o}ZBa~p_acEb>8=$BE-Q*-qe!e-%nzvXT%Fjp4F~dU(IV0h3lItO-uM%9|48JA9 zU*<6|Y<$UoP&GU7(tZ%{P4=4Y5bkMx_Rn_lMA6Q3GlJwwi4&5N{4u8y=DkSa;(t^2ckV+W$PvQ&N3ibETi zN}c5IB6c)^P$B#W;M{9gIDN>1Te;V6(hHxH7lIWPqqk9gjn&Y_9&l(1-*Dx%GQ7E! zlVP7uczVMavHa%;P0@aXv`e9x5sp8^+`VtxA1iCTd~`S2M2!vk-Xc3&v_sOvcR91n za`*=^qt8Q%NqRH!-;n27-y`6AaN$QaV>rEUXC1E0)dbG(vA)t?R%@MLvQ>>bT&H!Tuw{`fK1u`2U8jLU z_U*A){R|VC3p>Nm-ZUYXzra;oIUv54u(VnO(u`!LHv>Ul{dC~-r7Y3S;ix)PXJNnJ zLC=-xd2R~%S@~!MKiT>Px(Uh$QLs61H`JFQ()~E0BxSl|jfvGw zqAcfyQXc*2NX0b!?)O*rj*qY}L-}IXC)zOw?i+#Nz{iGcm^A4Pzv-CyhD5p}h?zVk zr#FqF6~*;gb>ug7x-2QF)_&8tXzPI`uXm(chn%&Es0 zYP?=t#7d?YRke^kf0F8X^MQSxSUc}IP+VTizL9;j4k99uyi@LeG9fzgbYX1X-^yi0 zj7=}89tt1aRcQnul8K_pS_E+uB2Ds^J6pKOD!nmAn0TG+4=^MLztP}*L_+@3LH zhx*uzI=bLSABg!>lJ1%b#kFhi(V}T^NA*JYRYRAY%`=*oDJ487vZng|euv2c#Y##+ z9w9;8E*(7$b-2i+3$mhmio6xPV?~IumZ(c*nc$MPOXAhIx=5RuzdDFKZ{*6l}CtqYV^5(YaSRXAnseTCEXnC6QtX)lGUCK72`AVy{=0JUeav9N+;86G( z{rl8|ox{YYw5IO77y1ou{te-2Ua;ly1zW<=753bmGvQ8$=yzXIhD_NrtlQGO+I>j^ z0V}wcc(Rk?k8@@AN20CiAoo&Q5rTXSYfA2xHf8izQIXSHqM@EFVJqt_h(X}{=AhxW zO?zTSe6H$ZyyyWt=`@EQ0^M(9cj-X#nNDj!($UPNy#9y1XrFS5*ny$dR^6(m`#h6^ zr|8u0PdUnLlB-jDbNmh~bLZ831$Tp{N}?e~%7j|Sh0_AhrVn;>F5ofQ*`a?)v<}M9 zr~=LExs${&E50fl53;rz`r{?7_)NbaYF{=|0DY>iUDXTVN(L8P5FDh{e@^1YgSWY+57a=>o!)Ui`3GOjWlO*IPTRcxy4F29WJc1bfM>HdM*z_H{04B zbqSfw)T1;*7tAMTS)@TChM+?DE?n+OYCEX7Id(Xe9*p;lz&p=;9)M#SY~9m~y+*-< zo{O;ogQum@ko^T;H%2meg(oKSO=ithoSKnov)|Gq83rR``7;W)Q5D8akGGOT)~sg( z1uo~zgHt3JH zGP4{QDOqG55S`*P;uzp498C^m&zNa<|I0%jb=lPlm-=K%yTnK&jy!8w1kuMi&uy8B z@s_ya4pbYD-q6>%#8SoHpq;He9iM63;CeJEKe}@^bssI|CZ8413ePC|t2r*jvV9<^ zIx7j@eR)S*uA)jcWjcr?s*82V(!(ahLvL#Q_MrBVSp6DA4oxb~`hljTAmC!if=1bA zN&6W$z9qCrPR^p9=vW9Gq!Fb|sk)AUwwoTJ%{4P?R3LTb*+R}4%Cif$HqYf%2oD2) zywH4`A9mdtR5u)WRDz~XxjhPE=TJlMow6f=PAA>7ZRKq@R?efxIva>j8K>vMaT5b0 zZr_wqzaOn;#UA9$ncy#;2ZM+|fI&aQceH%vH&Ru$h^J}B_ z-&lKF*VZgg9(NF1`Gkjl49JKN6`wTnbQ`fWx)7W%5p)%)#(|8Yz^b)8F{z`fn0cO=RSmeV zlrn4*r@l^%^^mm4csUt7(Pz#Q$}pGQ9mwU1HeZxX-)Lz|}bQ0>I? zem(jJ#`c+l^mlOS-2yIgT(ZxeQm`BIHz*T$mwjtP)y~=cpbJz~_AX3F5tfnqbnWQJ zTU@|jgHcMbW{3?-;Y*gLPam|6u}SY`#AS+gwVu?27an5?X2b?s0hde5{u62^yY^8U zTFBVzjapQA`di1&Ut4+cVCF5CI-_YEI#2EGor>=v=RKKd0ULk#QYpCXU@AsMfVQjj zxJT-FWR6?9IL$=>CCD2~4)x66$m}Y9G%D(roTP1%-98kumc8yWgIkq&0ZTLCYa$Lx zRf2y8THy}G#W^)}PEOY5rL&GkMcs2HyIpeUl>&>~VR2LRU9IYtBl&gk8KI2BnAE5~ zWqv+8emWka`8e|hs7=V*ZwImFuNl*)eHG#Z#jeORoQ0uoZjwdrc7=VmOFkWj%FViJ zdWOtO&H2MUcI{sAPI{IDI}iJvC1<)qxDR*i4N7}j9k6*$)M$qOf!G^Vgy{|()c>kZ z?B&pT3-VGvW!;U03oQl-UeTpcyQk#|c~x5TRUsZRVw99PqsrIJAG|4{#q;*oo-u}HQ(Uo0Pm;qF@?uh5YUfKlI>%Jv#Y83rnapG` z{y;(TIWumY#p#4ym-Ei+01^JYq-Vs2xpoJX=e_x098Ty4$M*={-kIwp40wX&F01Sg)TVCe`|!yJb_s^0-WHo=?uI^?Z~)7-#J#y&%L#{v{1 zu^vS62Ts4kXs+xwX005$VWk0{`26pr_B)_0Z;hw zEcVN4_Nh)8$riy`xQ5Bm#uq&{h$u0{wzY^a`S21M4DH{N1KcT37A| znL)Pgc}Jz1wmM9D4I@9I(jiWnH{PvXj%iW=XAb1d^Br7Q{jf=gRz6x#v=FCZ6_ za589sZeOqOi+5|^&e2dCwv3wU%+U$qG>?3poi{J*u4P${M>8zGjj}`7%gbmi2AD>K z5=GJ|1jRs4$YR4W!+VY(iENNW+;a_D(ox?DZlr>99y{VO&0`AO7O-k>Y_nFc@LVt! z`gp6R?JzU3=h%r=>TR{ZS@#en%!Kugxc8;DR*y=*jOTMTM;uX6lgmu$*Gl@tlEWZ; ziBTum!}^=EhZE*5j|72B)f^7T_3iua;UtSoU9sh8p1`j{KR(^!3J*KD_DGh&ER_}} z-|DD-uXal*s(nAWPxNF<8X=$ofgwEqX1Fd^LBC!8WH)aaz{kswO7V~_{80t$aA17# z_y*D$4Rz|Sb{;RCR39&ehh*$F!~O*{*t?sd)w%h{!!eDn%2vnLAveW$*xz)x49Xl>GnnT?7%gFCtq zr0_C$SK%z(tp-KZ@TYjym0cC=mujEz;q)7T+?ar9w1#;hM4e$;;7rSB4PdB93LW5u z5OFstO|<(8o{;3+fR4m6+NRRpcA_0u$(Pxicb9q-wgX{TEa>juZxWE0F&hQX`s!Ee z<|)H-BsBP?-8yT%SvG~xP3=xSwYQ~POrs~2(o%1Yvc`pbKUV3ezKmla+wfF#J3uAV zvC@4O{hh*a!5=1{{=Ej|{tcuIM;tp+LqkN}_)l#i%6rq3)nR_4*U;= zYyTUcBH*^oN$CA_>P589Rut`0O#gFz)}LaV=ek=_9RI)gmcf5>QQZGk_h)haZ(!~J zpwC|XU*G+o<~yw9m%4j#0@lUj0_t~Vn$mtBq4=Y_l&3^F~ zt_zyC5}ThLJIsD5Wck47L|7oLPJ#4nV`%fp(xI#Xn32}tT*5GWP-4`8R@;%7j`qa$ zLxLNy!K9c{qsj_aG3N=21y}NNhEzc`tEgu^AOuS6=@RdDYFleZomasWi8?9J;k9^7 z3kb@-H?L5<7MNmvyn)we>b5$y#Y3T_nZ) z5ZSRDRpa5}cm1+HVyojO2clM<&E_9Yh%A0Qlj^|7)+|>uD8KCm4qhiS31Xo!As{8o znH9Ir7zqa#9(I#&ODCBXuUGZHzF$(DcDOR!Xot#-=S7A_@B(PhiibQ-A+Pw)=)CEZ zIN709xa#l-Q(Ok(ozf^jncQX|CkGCSHObBUn;dIF>PBMa8?H~d{zDK_LJLH8%ip;3 z_?`~yrPci~#*OqJp^gAYR{J{bm0p`SxwtLZuy@LbJ=V9V-uO!dF|~Vc#~0~2(s>cp z)>&)`qCu|2`_YMWFdwmy{ucw&H)yY9gXr~Nu%ts(+1_)!45?!+##E}fyco0xUc3_1 zL0^yrcgl?qJ*j`j5%6q}?J1B`c4Vqa-+PraZZx5nu2vd3sgr7bxY42pKD>1;TbSaw zOZPx51T>62X=K~f-yUrrt1tex)Hjs};^}2QIi9~ORPm2eM&+k8Ti$g*FvYQzS3O5e z?|04$Yb<6rY7eNJ5oeNf(>c=#GdzWNn}&9ch_t-sA4BHR40)Mm$QO_8{<9%-G%l1- z62z=$aNjV@BvSGCyKZv#8;hi0WxC-59o0HvTHzJv-fufocdEjeB-`JZew91CtRzA6xLdWAB-oA4)Jw6}KSa4R*JN#!$K$M!@-K)xS;4HZ#6%4W#xak`23KwODMC@zf7+XaTa)ib8On&Hzv&AMN6 zEsc3dQY>|c{)U*hLVOlu-qq80qio&K`4I_;cW?pHKKn1|*^i;XkJrQ%w~lYSt}_7s z2V?IY&i32>59?5E)o4*g(dwX8w1`b~pjE3?dsWp;NsU+$REwhcXzjgss1iHT)*gv1 zwwkdLTM&`w?Q`Fs=l(v={XKri?>Y{DCGo!A*L7a!cwOiDI+Z1_gHN++wt-JHeM)vi zKI6*Gu;h?sDy{7H)S{|sTv+qAe*iGO1dK=+S>Bue84Q?_2K(=A8KYW z#8~&Ye^iat57kMN4uPjba+==WF4tRM*A`3bJQ5)|`6DD$A=`&9%~7WVo|W(i{a~;u<$qxogFi)~xG`^;T^TqnUi*H$bPvR8V`yR1me7LQA%WrjD$4x>;yM$GM{b{|7zAHQF7bKV4$d7vkRo-L&s$Sc_U%eS`XS%5fmY2Qr9 zoriEALE~0%v)s|41r3`x;2ND9H0b{^1M3h9?xuU2W- zTU=v&HT%k_!`u_i#r~!m1BJS&Romu!v|O`u%PxL`Ad&2c`bs-aef~9N1AlLpq9a7+%u_y9{tW*3Bfb{Wv*2zKcDS{D}xvfzF zzpcLsr7SrJS2oSRz3bS0Qj^*_ca2wcMsgcv#O;>jT6Okz>;pFuoeTC`7I%NN8OfCX zI0a{quOX`{rkmp?Tx`8xMhIuNafQMT>3`#x$V=_Nu*vXgnc{GM&ee{=WxUnS+wOXS zylML$y+#X-mz)IOlH$S9>Q*C$jz=FRmH0pn!p|Dvavq&+Bw0TZ!?_AA;{$M7X78!m zLVK!A^B^?05|P@Q{j6~y<7bFQVT(3PUtz&OtHr~OrM;7y=U&cjyJ_@gm)#g#NxU6e z#GBV747ckUUgDNcf2|u*!F4CmqpfDPm1nPJ$SF5Ndt2XxAnFe+#WhW@n%7a~Oa5=M zz9L4C;qH24JflUAyDhn?qi@5}RjV@oc##`@@XJ zTA;DBdi{cu;{NCpMX#*2>t5m@=;L@^x!=keZ0jC-j^TdS|1jDh9=0m={;tuziVA7(7jw!14u9qA1))_5Ha}g~^e(szj zdhWkS_^$bkue^~v^}rems(f^M_io}8D^}b9C*m34HhVvucSy-%R>%Z(8g^wj|KN<& zCE0qTI(5mDhPe^E&iZBsL&)@cY!MM4&~SEpf60m!e=l=27(N8^dK_@!DX9VHV8w!_ny(k>GUU0K~(` z59oh8eM>30Vw>rNE~*IUeSAeb>4K6>4X_%rsCDUY=MK z#4(UOcyflF^WC9Ide^?Ff0qxDYsW#K*#ei61S(aA;)ZIgOr{&}+;*#L_(Kmz_N(y( z=*e~d+3N%;(XU}sWWHWiKMb1$YSA0;E+57s_w zoJ!2`ay^VIt3^I()Uz#A{&*ng9O|LpIT%H+U&681m}KYKkhE!$&T`4MlAl@dCvcWc zjtGw9)6%UHfJyu!v~tKw*I{sLA&pK)AE&9aCCsxYLWJ#D2TFssBpvnNH-(F@&OOOs zd;eBcyLUKp%c9+0&NKRe)3!<9D|#4fuQHk&AnYMqkhni?N^~WSI-q*;)oL%7>J58| zxWYpNLDI@POl~SkKhqKmK_-m$S(dz%-58vANr?l`!j%bS!{w<$XDHgBgj0E!Xm0Sn zZ6rdvz%k!EF4cYceO)=pwt3ROEa^GmDzK*2r$IbEOpXILYuDXM_nM^42FH!MVV-rn z^Nd{1wcf8nZIT4mtgUr2G%fN9w8xQSB+b6IvVKWe$N0Fl&*oXCMX#!$NR#x6*U#`9 zu*A(KyYLGr1qBVX6UzoSolm_y)G>WV(hp6z`=bWB0lEbgndN^G?Z{K`98vu@_F zr=h(`iXJ{kGn(fXIzfGGiJf|!x{|NT+I*>A+IGf2I{+>Fu_<}FR8;T#!u|cLMui)Z z^L~?U?JJw9$HhrI9Wvn402!6hz93z6ivFqFkUq%K^B=Xr4nE25$~-B9rkdPy&6t;& zJ?E|%6@l#EDSya($P#{KSk5o(K;TwBkr>k->Nb@eCwV9RhF)-X-Xn(i*P<)Nw-qN6 z$yZ;dGvGrxQ$=Lf%(ZHVvK5M+ooK{@c!$(@uRzaQ3rz=2I+$cmDotIgePrta*^76^To=$)h3xrX=ibpeN=sX^gF;uDl-Gs8K9)`*zK zknyM*Zp9hmVRPr`x#hmRsxwR^iUw>eaJ%^nx@s2&dgkbjU9DhFx58LnL8#cJ$MSmF@!xhB>7@ZFTD|+ zO@1YkYW`kmLk9qjfb#tGmz&yj`3jScY#^!c8Bk=&@?hDj>Rfsca6&x#pMKLQOO?13C+>R;p} zC%N<4f$?Ttkglu!Ad7L6@-0_eUjK%!?Q4qD-6)r&IYE%UN$-pM$8NMp=7UGhjy@14 zjLgO4m~IW9mstdc5V(r0q`|kzb3V}KMeNekBqcQ-#{JLrNeg!B4_Lwt0j5+P*$ze8 zY5xuv&k|KI*Zql9SnP=9+(!qKWVSy7I*Uys*g7NKuH?r!GZW-4H?>Ezxwhw3LSLLh z-o^>n84&Mo^}%J(tGDzUk`Blud9qHNjS3=@4~5PtlB-aEy?FfzPzQcmekz|do=RVD z#Dz=bk5mJt461wBeaPLDepllh-*Ou!B9ja?g)n*B#LLNeV9(93#;hP|EEc9)u@8f0 z=~*MJ%3n%OCP+`{HUu8jqAyS?+NNelr>Qb3?XIDC_yhd(sb9e!NRB-HDss>I3vK)D zw#ntB(%#t4B9N6D#J$Y7!hpw?UP?#U396+wBrYsPpF~qI6P~otFOJu{^5(b%m#b(U zu*!Gafe_}XJ^Cb*?4>n+`qiAZEINr&E}Y(&|5e z@q4_@C*26`PRQ{hi5Hvw^{tCl9J9mYJ$z6#-_e-@qf^=7lU5v6bWoBpD!2WDKU)58c!B^v*sYuNMBDeDsBb zVNytjR?YRu{dZkaquAZphfrM88LzB};&@cWpPq)`*yWUYT^3mg(15W~U zi1ghh_Qw)-WIONFARa-J&xJVuq)ejUdXu`>$K`dXA1^TRT_`)|nmzf-?&usHNB42; zOchWOj*#au1?1vzaWlaw@{u4;OO^tnjNaulIZP zwoAnOZAnYRRhfsiYP_lOzykkR{F)jl`bJMNpdEzJyE<6a%C&} zBv87K^t8pMsUg;u9IBjH3f&DR#`1p7^ARTvRJS+++vpXgcYFW*lyWwz+p(5$H14o- z(i&XO9&?%U%UwXM#))|W9=V&eakKq8Z_009$G^|ptvjX1=PlmDBs54+Q}n(mGS3LA z=_&FI*->D{5U7fz_3VF=t)VHqY z~WCCbN=U zl?&gahAVyq=^%?fom9LDHWa(D`*V+%b58U zSvY0qB~Z-{@L}YBJ@#qK`tVA58If3#`@gdYi4@7{m`!09Zgx3m{Y@Kd8Hn$0asR*_ z*N>v*U{S*}+f9u;px!!k0D?YQ1TUGZ$CITxFbdOm{#8#U1vHa zVD!k<%q(5T*^tL0nEC7EgnUJdQMX=Ej_95KN45dWG5u|G*fstFXR(_E5v!nrINj}C zzGs8kQI91ZEV*_hPrcFn7P~xCd|AyM_smx0lHo>9{t3`-_h7W_hce7*w5*xIWX6$5 z%1*I$BD$|>gla4aDTgNI4Du4gKtLTlaM-RHe~JP$6ur91QL*Y5WBv4R{t4e)JN7K; zb4!FFz%5pE+54b^3kJF3C*eUSFWxKBs|%o~G`fPIx}S4T%Yz5HQUKo_$i6I0E_9hM z3>=+&x&D28f0^>jrBuV$j?DaG*>&=|u)pRpy zsBZz?#*rjwsdEvAea7U;m-S~PfYNn3|4scDfCK(2T7w9;{d9)r3tJbkb!pb%c$&ec z%*8kf>8N{;Xbb7KJy_}tCk34E5sR;Tcln+Tm!etwR_DH15|#- zdK5j*c3<2E3WFtV=PMOEE^MYA2J3dAtbW`UVVNxIuWJVY?YYf-D8c>K$~^m{eqpM` z*7wVfXJwL#C%V=I{2Jn`t&dn>>8zRq(-8qDpzi9|o%?4d zq|9{BH-%qz7`vO^lklwsG1hgpu0Wm9IGHgPD3V)^3GBX@TDgv_&#*KTDb?N50S%?2 zWlbPZ9PrtGQ3_f{OBwWv-7f`Y*j}eH2o3P(gkhIIdkd7iW zJHDs?=^ezM;lgaKkEv@JB6i~a(_;PWKRv8qT znmcin_1c!yThFPwypO_BO@S(hzAVE=CVlobfYN!=_H$68tT6xcms7#I6^iShRyyiH zLRI9*&Z6c9?Y_OpEf%kM%ypF;sphQNJ@Pt;v1nLA|H0c*VzIgJW9xTmdtVngq|VPy z*CZ;o8dcq#>?s^>_}1k{j#B)~NB#|Y^QzGdlm^xz$?_@y;9vEnPlJ#uya(}&skAEZ^K~N`J4iVo^_kS2 zYnIzg!)w8}{36@`h4X)h3*~h4XJD*OeJ%QJenU`C*YCljZvm*i(upS%P$=>VA;4xK zH7Ai=#xdaILG>(7lQz5IbYb!d5#XTTcWT&Q;L$5JHv>5gd|#{6xYsEQQ|APIZn0E; zaWMeV0D4`lsMAfsi)#wdql>Inp7m`nuGUA$?=BbYSF;MJ*SZ#{UsA>b7x<6*ZTJ-;|{ z&sW43Qj)8+AyN+9Y*cdZ)&~LPPp9v8VgmOYl5{;ziw(fM1dOO3cU5=qBDyV!qSKO7i5EWf`;E}kLKckUv* z^G{u85_R8$j0E>RUkp$zBfn1^yW0iD5ZAOQ|w~rzRKTTcR8}Y~e**)NJ(X zR8qdeD@eL|`yK8HiDZ`_rM)Wlk?pQnMB@6>5vCjGnsQ}O-fuH=zr0InXtfr~Roks* zSM+-R$D`sy$=T%6{+Xo_V{FO}K%Z^Bn$(@|SN^7D)$fZQS!dd^`<~|Ap1Ou@SJwsn zld7GqwO>=m_D^Z{h^-Td?mM1(&8N}5j|E_+C&`WKW6Q;(qWD|AiA_x?eH!OvfBhY8 z`#qwjPvfJ@0wp0k!!N8r6e^&Fql%fLgv{*sgRFM*y|P%F#aGt+diItQB@2s;1D9)b z>p~79t^#Dh;je<*Ry&rS>X6k^Uy3!X5RMU(ZL>fN9qrZKFS+$G#TmS_k4&$Sg)(Ll z-1647Un!DB@r;XuiTRZLr9`Uw*8>JcsYv6ABY%X(Ehjh2psUN{dN*1$239v32Nd2g z4lCab(d}2V0<9s-yj_$bAd#Ey-peLa(?AZSl~!m_K2v#Qj7 zN|HQ886|G~KDF$tY5AZt)BsA_N!JDqYJhBckQQ!x?vhHSUU-F4KNE;cBTk%NqWHHX8_O@kOje+Kl2(dNKNNOZM&EN$)i*4`}EXHo4}3 z@Ha2*1TS=nf-?tM{(9_*3@-^}{q>1B>G!?CRDH#eCkZ|IM2Na?(BwnE|$YK)fD z#}I~GoB8JbHiZUtd;1+D|FGb^DirTH)*)}ALaZ|u7PA4-NCY&J+xlCgJIVXZm%&W6 z!{D1AAI=1w=Nvve-EtGl$5XInFYv#l93B6M^C>{8)|2=ybU}@Zmc$d4sU#tnlNT*% z%t&YbaOSFtytaSZvc!CTB*<#HOPp9OHgeeM!HNJ8e9T?MntP7y%1cIA%?JI+<75Y5 z=p+CQTP|7yE;TkuP}KPk(t$(Mm3-nsXOY>MZVIeZMA6L^VGB^R{XKN<0N;+fi6|dh zbsOTyGncM>KXl?%3GabhM!CaMUk!SP>9~*0@pzSc7n~~Nbz4xd6=UV}H=kAFxsdYm z@_(6Dx@%wW*U0^w^XeZ0qrXYBRBp!(78~_PSPvHJ=>mU5lST}*6fo-l9?ImPSbx-0vyBv|u09DAgSh&2sbk&xH?#XSoJdOIzNQ?b9MuT^OUtNp@Ov(R` z*(;#=hq8MH!0X^N0oyvg5`j5d_`D-fu}a69py4C#+|g77?ayd{ovIZgB+b8u!kn(wIH6EQhdcnmrWKUe##@x{Iw%x7gAEwyBK{@X!6y zv5@4Q`0cg6V^tK z;v4PZdQLyLEXExdWGC6od1U}>hL!98vu}Tsouz*_To6_LFm{}{V%2NE5~8XV0W~G* z=4p+Lbs>#hx?JR1jk}|$o+}vV(Sz=Bu`gRc=vcqTSa5WlE-ut!*e)C_8Y36!6%{(@ z6^)2=7n+Q9y#b5<3DmeM@t^}7F+Z1FX?2|KXY}9XTmdsJKb8lJM#_p4*;>2a%*5A# zG{m$U-$_J@=`6b8C(>;g6q_JSYAqY<2bj{c%-a7L>myY-i`=O zEuYOu>)Y-%WnE?-vk5e$C0NifqyM{!^Y96g(%~gim5JMxq1qbg(bfccf=)T%y~};! zS0g7n55N?ReU0VmGct`pl5)rWv2oA&7BT5qF5v%i{G-4A2QA&BCUI%seKDIP9>U>l zl2Nz8qGSNQtbDrcicJGes(i201N@qw?$g|9iAH88-&KE(@6{)8?@uMcS6seHl83^r zj~;ZH9nRPBe`le4a>ONn>o^?Fs*JVEv^(T>zHR7k|oH+TT z$QeMYvd?`{6Lkd-zd3$V;{W*rDkob**P9_K+_N?khG(M4=Jwc=_89JXoYVg!d2+2T zk|igfN{7?B%^LWI;V$99hlgG7Po-Y;T;b0eH<9*o1@<(WUYf+-vPzD80larqTey7S z0}9m&FptVNU1qf`yL@R^jt_sxc(v}8@+q+Du^0&a^AljxH@avTBM-(@(u`6I2HT-z z-JEgwtD~60@&e*?3LpN{godZ{@4L(T{m@C%-_ z{7}|Ti#-;r(=E4YCdVRo@k-Jm6i^qLDzD#dHrxUf;bkWc7poW=(r7$>p@DQ+-pppg zTqC3Z-TPCC(_rm9lXb~XS%T-QA{$M;(o|aWKdKr4B5!JZ4AsqZiH=D@vI*AL1ZsKU zv>N?qxm={)=7O?5G*HHG9Y9Kfe&N$h~dv@a>3K5}2Tf3-|Hkf`Q3}En$sTu0}e% z`j3SKrgoSxnqBZB(KyGXYP-~`cJ)yn?G(UCsQ(P&t*{Hw;Qll6&*rMyJH+JLELk+V ztt6`Ic{I;omYHDCFHMy$`%l+0x@c+LtnE^xMDARG;m>2y*l*zjX-5C)e=JwJKs91LiJI?)U_=mC=2Q9e|bxFG+E#3dK zR?69D^&2Y~Q%Dg%GaR(jau@&c9e|n4&=1|6FwQj@E9N$&x&@bk0`ye>$7|H@dX~TcWy7D#}gp2GM}7c>j!7 z(V5G!$JB!_{zn%%9j?$qy#-;n%X%E)HiFuzuT&RU9!}xQtfm~chIl(Fb}15Mtb6&? zRDrIn`b3SIg^!mqkRRz@`JdMldY-WycOCB5a&jxE%5kc|mbPY%J|f%8MG;}UdpLaNoO$5dx4NdJtFzm!d`z^Nhx@l6#rpU4H&6BAx0TVX!v^Nb42ild3 z77~*v#|f+1(Hkz_%e4IS-{I>YC%FuM+&w@k#~$s%o>bXm}@Pn-1b9A zb$NNQNW(0^5H4lKK-{#~4+HGOmo;X6u z*$Vy7vpQZ{!n)$udX36+)p$p%qFQI2E9cskqL6^iD{v=n5h z$ts%%irm<*DJjU@a4~m2?g?O};8aQq8MOGpw-Ba=`QHESt7|p`{Dfe`n1>3 z&tc1Zq3OE0=qw!X*it`l-N5=x*g)mZ;O=gC5_mA96jPbnkHuI-^ZRzW5BcEa@gDa? zcgv^vDI;r<)Kzk;?=Hm(Ore&gQICeZef?H#8^Hg|#~dDh&xrEtF+fpB0r2i)KuL%m zvDr&ArOC;}i`=OCZa^vYmCH1Bzl{w4(MEM569j|X;x#)^Ae6k_*E_#K*lDWBP3^^4xL zZzfpLqPtR=V>8WRgD8jrFmdb%AmXg!qbLY$KE|LB=;MRC41lkHG%_TVl+43@-CEHWe%70p-_*8R(GZSIj5C3o1%<5QD^&`zcF7dsW@$wY8A z{^%&zEPr)q=eDLFq~u6umjjzp^|Z=k?G1UMzNSCi7`?!zD8C?fFxDgugID1;JslSN zo+mCI?#WO|+Oykmh<)GQ8<0c%V!eyq0?ZX2_0Lh%!ToU6S|U#HfDi=loV2}PBj@RQ zZ@j|(=;2ENj&?MDB|L#Ic`{S4@At;O0QAgLd`C*qjYib+%2VB4_ZxH`tc;4xN3$I7_LA$R9@j2KX? z(hI>?S#&13c9_%FJ9*{YXBgoB4!l0UwFh6Vg2GMv)KQS3zTRRD;^8g?&O`Sk=_in= zA}7qMDEHy;hn5#=dIf<)x9u7oSlViK$hsOsi3d$J|32kUa;aQPyN+3VwY!daVM!xZ z!YsW-Y|8I|cAn`k4?R1IdilEthj;iL)VveRK`u4OagzPeD8}puO#(rkCGY-QZL@|j z%WkixH4EXbFC47^0O}x33dsdOE0Fvwp<)#U37N3!|}pq48vpY2nwoRHg9$3X+{4M z)(eIXBaV3!lJiKK#={R>Mr~JCfi_yeXcCt|bZ)HPBk=j#MajD%CDihIYoeg3I9PDQ zK!~m&5k~jGEBtPt5_KOuBVQszKn_k#z!y&+}QKYoqz}7Ebt@K}Bwam6&{n zxUnqy<_)jC(e7lv6p_R8DKLlBqSQEZ$I|ZMnn}#xG5fX42?Zt>$cI+|!eB-t8!eo2 z3ip9GtVE${9c7!;@Xk1sV`vT0i+T0$#|U{al8HTCW<0BWe`!w*>uPp)Lmn>dejWE+ z6{bk_#n;HP(ALqwZELbc_sBAkbcipoK`oDNV^0wGNuSGs-i*hsEPssNapV5taQX?0 zhc7P38MbQT$IB*WFbI%o-^slad$79ki!;puUxkUzCe$0Y* zMUEd$SJotXMEzY_T|<^(LVU1uzTa=K_>MhJ8l2auAp#@PGrYxcFPqN^Ho7UHw{C^3Tdq9__mMwr8qBvRuS>d~jDKUB z-Of`vWbhZ$0AX`wHNduTry4m#`PXX479Tl8A|R@g;+Z*W1VB|JgZ`|-gtp`R2e?MHlNNwhQ}TJg7e=cgwrvaYwQzA><3fvpzetiw=^{U*QnnA7G5 zrRO6k{9jC-NH+g|S}s9_P<9Kwy|!ErBm}(?NvKME9-_tc*jZCnIS{3&X%26`z)afE zb;Qbp325x-a8>U*V$5gG|D}`|J}m7XU`cHAK9YJ+8}tAV->8LKh@#oIng}vBk_)Hb zl&KfIYd0%RA@0y>E5nS<-j|^v`xYv*I+=N%989Z!aD7?Yd zQO7BP-M6V-L*Pokccm=Vn`g|f8VHiTSKYnc1kN1qUarPUsV%;%KQgbr7H$8Wx*fWb zq8JD<>c$5M^#O)_=$&f09OnXaFWVRUefKF2N8--X_A<~-HI@al_ln#=^B%ac#_%Ld zS{FaB1uENFyiU2SJYr1TURd?qn3pRJQUml^<(l6<^#MidCF00zazG|*H%|`o+0BBs zhqfV3=HFn?>-@BTRrAKt0cz%vIevNd%kRp~zo79BO{soPv`7p&RR_@4%lL5*rmfIg z&XKAGpIa-@cyoqK4nWyjFL=7gn$1a8NgD}1Y%E!tTRlhg>6UeWEE1eTs8VI6`3fW5aZg_ipbG`z%*uGlOp&{?m2Dv=JTHv=V)4smT9wlWo7M63 z>F2rjg)z@x_}oc(oPhg|3fx|BL!rNi%s31T7$i*fJ{3EY(DIsJ*7dTWnMXMS5+A`M z;;J?hR=?EbKXYt@G~)S^bKC5Vr%*ND%Tz0f3#;d}N$=08-LN(Ftm+vN`0^<4!Jkl` z)v<&+so^RiKG*9qeJ1p$fDpdQ9g+Dh&vg~%fq~Llw_bR>-?5Ohdys{M_KJj;e8+=B z0_<;gvDW2Y>sw_xz&TLI9%k7a-%6VNVk6o)W$KqyF6bk|mVEiiQq&g9iY=}OWgz!h zmObZr)`I({o!03%zTu^JDl%Q|UlQ;;Rl+tSkEuYrJY-k%po*`e+IYtLiRctS;bik` zc@r7ki9Dv6m7JimDzyWj{oE5xxlkW;JvcHzmidH7MP@_@=HzE*BjUj>aq=v8_?;dS z6wx>&RSM4_*^TxcyBNe>5dk~}UNutHU^n=p+XI6a{rT2Y+paIKXnVz40=1Du-Sz#n zrc63ahOLh2$eFD&TReZ9Y$$F;@P?nYlIY$%Wq|UiT(FhPBOwzwlcgwU+ErjdL1?7?ZHJMyr`?l{&a5jcN$CcVz z`~+NE&DqYU*51N3Xte$54|d=0diZKheMhxe!+aFw$O!(LDUgSHawp(h5%?6UYSjvs zf^WzvB@;DfZ6!LsaYY;swHS;lI)9Vj9fCruCrAlNfGLF=j)9B4(x$8)T)nFrsikWu zHme&URIn}j9@oEIuNqm=y?#OrmL{fe$TqMcGdr@ zk>B2P_;#f6AY?Jb|Ha$P41+vb-#GizmfrrSqBlkKt7vJgUVH5@nS7KW*(@3t9fT!4eMR!i2HFQI?A3_r|^K+1X_rUe3ulKgFV%eM6 z37Jv$Io467JfU$(rC%5k^}HaAdCG-SKB@~YS--=^Lh$4k+|jHd3eDHX4xVt09dPr8 z33%(NXKeKo3l0Wv+;H1lfl89m`|A5+H{l8E%Tx1;Mr9%lN~RT$`fYH%2M{%oY%1V|^)dz*}d=l$LIjal0wpDEdxSvs8e@;|R^kvKDjx zk;qby4CZ9%wM=QA5PN~(c@A4 z65AaM*1HFQn^1UEv$0#da=@50T9xL*oA8(?Q8jbrROt5$7GX~-4}@)pN5i&)kT5gS z_VSk|S5SY(ukC}9mpSSrpG-xuno$fW{2g{c{`0-u>EQi|_^FYJIE$5cSY4#L9z1{Z z+{BsXlFkwo$)Jo!O;9AIz^0Y?r%ZFjD8E*E&;}{VBKqKQqF9b(0 zal1BaQs><97X7^@?z;AOL=1vLpmpNE?zr`3 zu?cawmhJ2_F%qv2YW&JH`}jOr(W|6r>giyS{vZk3P`TCl)N00GwxnePHrO3o=TCzFGgV!U_gImc9R)(k$pS6OAdP`CP@ z)=#Kt5`*3ZK4=_ewjX&YHq~drdr7R^FYVY#SBt~-^ik7B@UBq=Imfgik+BKiv=UPsl32d8X7q3ys#94WzHQxaA_NSLXXJ8+GI z6Ei?sDN0CZp19$y2Pq3p^mMElM>SONF3~K`?3;W?p#9$4qZElPtp@}q9Tz{E8wzuH z6pz?|JuPC!4IOGkZH+Q=kI*M-V?yd(-N*qOOq?K;)kgp+cvARkC3#$O97O;7_QRlh zH@G?pw($GQO{Y@Vb*Aqt9{9N;Ji?dUA{AMR z?5|O)kiwFiSygwb-Y;*;&Rv!}j!CCof=kW3+VDj@y#ye{T7}r#%+)9H><5vUn@uA@ zgnMcHUx5v(vQPU30Dhq5Ec|XEIG`D^)B^$J-B$00X|=gtacjc2v?&@vkry0gy~e`6cc{E-3#N?lV<|-=ikAx6Yp49qH63kEHB7Jj z)}7EsI)L1?%ZG4$Q#uf*(l}nV{__Y7?b2uJDtL@ss#IYRwwp70qg}zPk+@6l;Mnt# z5dS>QY{63v)=?o@xb88+lMA9^-T=2ZlH9-4;o;MZbGwl0%`m! z6c(Q~VK*s-(m$wOoo?wsEmx+6Z;h1bC`9H@-x~v4OuGh?N6i#n)L7`pTs6u%1j@X! zpL-(=5U>G}F1I%yD5n4zGiSuYyztO-W-cN5>eN-2g(3E>E@JyP!59EoeV!;;L5|7c zFaIHVB<9y2%ow*kZOKw-+fCx$8h?IZ-vA#dNr9e?3;io9s=%I>n#FK1m9F#(7+lCefe$oDYLTgdK zw$t~u;LXO!kq$ZMmwJVXexg3hgYDp(jb&@T?}vPb`RgcH@=7M7LlKbOgo|yHQ@Zh< zwu!Eb{?RBMwIfzq|4cEFV*I4GV}?LO5FC);&73pllUn3TyV=!^J7IXT!SGQ5e8^#E zT9LbNQ_#Kif`PLI%`@g+xbc1j;>7}V!Z()`ORV?a0b{6})LOZ7MHR!T008A!6Z3>TPLh*~b9vdt-C& zFeRMwO&Z&u!H?-j$5r(HEEAN9W2@a)z&ScE_xmQjVQ;U!64%IBRfPx zeV*&~)3BsL;-+wlqSA-%QkRJB^%-emO)i%4Jj;eO z{#rXpeDB90x>0y}&vcbcq%~-6q1J-ksI^$+^6K_YN%hSGSMXG!(a_qkq>Qwj*?Px*u&~T!2O4 zpY-jw`%`8uu^RQ3R9Atlm40UlWg+bMgH1|3cHi|W##QM@HXY*OoyQZ2tfw+wzNh2u zT?;hP{oq2|zqK=e^tceXl9;&Di+M)6Kc`2k;$e}!$e$hWoyJI` zLWHjm=1H*vFE};B4;zpC1zw3WS@Z!=@q^}c3h`v_9Xt2sVJ!w`-yAQ-*rkkL;6V(P zVW+nc<-JZIkEIRr=pG@>6>AHfZ%k#QGvXiRIZxJrh$hh~ST*LwdCg8Yd=7qba$!Hr zD#~GFrg<3v$pfkAxYz`byIw?w-J5F-^#`|s78x|Kx3%@gQTO)f5XY{8xqvuZna%pN1In<^(=r+ZA5>jBh)sV?^$n%Jy;*c^=LdNtsHet0^QbXfheKX zl58eMW&Cb@0{%ry_dGhpQm;uA6>G4~mgf zWN=IDu$gqnKK>0M5yi9J<`+JIx1a>Y=bt5{@#jHG?K8lNG=p%&2Gn~VN*fSKkso&T zm>geHMVfDgr1EZYQXOZKYSAXPUJ4+$rCXYAzCOvmwcEF5%45*2f)W~N5X0d+@$+SQ5~jxl3iYvT+Ewf znwJHD7^AALOC`+YSb8f4xp?V|L7Dv-=n%k5nP4m8}Ss?CUtzR`l#Q$593-sUOsj`qNN<8gDK8Jl968 zye~p4Y|Pog&kk2t%Mg0!yV(upJ>KOJQh9S;H0+B}m&gr+dIkrVWF_7b^IQ3QCA4Ya z@cl+8Y$ONsEeE*OTgs!7`qF&KpHS3i6JBZt6qt@|gb{5RK&5=@7N^Apn}keg!yEh* ze%bz$H8c(tmVQ(2+??;ves{gy%w@1pk+ACJA=S&~SWk9~gd;>MY>AU^r&6&R-G3sP zNk0hZJ=^5=g+z7zrCcRy=-*0g|5fwn>-+`HQvf<@Tn!Dz>_2Ga8|t2W_A5TDkTaDB zN+_aW#AFy`{R1>G)!RR{;J97Ek_PMuH=jo;?&%%3M8+mKM*dAh+|Uk>tVzz_t|yo# z>Jk=oe09SUkSJplip}+ZE$W@LB&(s_eMA57@#+J`a3+b4mqMhg1Gx;a?7i`W60Qtx zktyepwJC@MS?q3iS+NFuTX?oI7c&j&d^zKV0u@g19!zMHe!vBjAR4n$qC+L++0zO3 zLT@D_x_K})GPt7YGM+r1Tm!H`5?7&nU!~rz_mmBi*swn%j!x5rYJEJD_*s?1c(K?V zT`O9X9U_X6c|ibFgG!h%5FF_3x-{+}cRGX5+)={JoKN}el>2=n55+(HIMVd0ftnv0 z=8u>`5f`t+Ki`jLa@}w$>JKH`ij0m`%_9RPPEeUwZq{bj1mc9*I)H?j!;1Z#UE-k_ zc<`cd0yqg>3kyWRX&jDvYsp_DdwngoDi79n6<7DQrT-s}&N3jXwh6=19g@;5-QC^N zB@NOn-LNzQ(j_3>-Q6Whcf-=PG*U~$x9|7={5tc@nVIXp=Q)8*rtdu`#sRMue+h?R zpqvuQ^KO@F;~-BT%3xH@*Acaa`|b{iKA_sLO}#-y9N_EhQd{|dv$S7(=3>W;7&}jg zIc+RtkH83I^h zHm*Lk`II%DIg|rUu=7LAUatw1o!-iDp`Om#{VEVp3A3Dc**t&!9?gFlqjnB5%rdeX zKD%~nxqIf5=IFwhn@Zby9QXqL73ND#`cGk-lW6I#b3>V0M&YHEzy9+N*CAC(f#*wq zLV=#a#koT2(#t$P*l?CyH0G1vKF?fe*D z+`k6M6{KUl#rYG#-E~N%a%=N0DgemGHF%#Hqf%=Adn4WW)PYryTRc(FoU_ixIOuBP$Y(8%yQlsH|tRW>g2_DC+|Ba1wSK>8)Wngr7w3vQS+aw?8siR;z2@%xwd# z4j9{5O-pmLO!nnaU;aCF(rsa~x|vQ8YzXYV>4E%ZnI8vEbUyl}Uy6Om&wjOi&DuN6 z3^Vkocb0a&i8h`>`1)Z$Wuh@+M14Buk~k!yLSXW$Nj z=_?emaW^~Cu4RCVxPxeBI>Fgh#ivfQ?OB(4r%!R`kN5AXow|J{eDma953x4_GU?ge zW$xeq966c3Z%F_Ms3MT-x+p<%OO-j%73zEZITyS<+KX=&v4!QoEtS z1PDZcKqN^AHO6@>H&$7I_#K{JmgwUFz@Y%&vYb|e&I#?vD-t}|_Y|%h)U7+*XTt@=o0@>zC5U=E?aVqaV1~;mh8)W2t+1-Sb?k{x>HhrQ zv0~=otO>y#B>YQ8xOux?!_YCf^!evTeaqW~KVK<>&0GAvO|h_{#nvGW(wVQj%5R=_ zt7F`{-?xCxrQVru(F=gN-kJB>T#M;0*bm54czFL=Cw{W_>h>ci5Y;ZBFWSCz|BZt< z3e=YGb^Ws^)`c0FMh8A-a;F0o4-e2S-7Wy9&xe23wWA1|-6LyQEs;&!IcFbUeD?8$ zyoDOZZZ8<3g^@Nb96Q%;{$-hCra-m4yrn=F-JE+F;Wp^c;wPX;?wP-vANDQ69Srt} zuVA?N*HY?D#T3uTRr>0(?xap}mTBT^f65ceDf{}>+K)dAKy|qF+l7P`Z|Js@SC&WX ziv?=L$hWte0GsL0z<{I0oU@%j<5JAt4{J)lRM8pYlo&n8MIKTOOugeyjMdeEeJf=b z8&0z|Z63N)$MZsgFYPxBlzn8wbGPX#%I9~$thU*jxVq-$ut(n*h?mA+JYg{_qbnTF z9*lK!z{CqPKC3hASv0#xggcih4s@71$sIQYopO(N=z%kvdmtRObq*$n4i%)O0|QWY zeSVi`>RFUSnNH8`k=8LXC(v6PFmMKyjdW}qNdJTW{kLs36sxD>SZ8z1(@U$T3~SXJ zS!Y386Ms8)V>MmExrcKMMLuj>_$Bt#n{hwENV+_^c5^(l@++T2V>s7 zr2H8_1G%&Z4VseHy$A}4d;6sl@IuA)TPeP{Y?Vu^6tseGzXYe^Owx6YoK^JzWiuUr zqg5J2U>6F$Y_)j08yBanWyof-T!a5f%Dq#Z)rm zyK0qgyHi-=XSZ(Zc{`%9Se2f?>V7z?RTObTM=Ov3d;N>beW><*#^iFnJ_FHYb;^YO zOHL;ErY#J6RTQot6A7acwc~uDO$iYth;o%qchVoJ$F1>0_^ZO)sO^-@pfxJUT)8 zcA?FZv{W@O%Fi^~jO%UcRio)dmfuxvIQT{MW(0b(VP@wNIfNu>_|}D6E3UaZ-FA9_ zm~B36Bs(Z$y|58@*(tr;DJ>Pb2Py4!UwAZqiqMpONbkS|_)q+6`Dn382s(T0nfzhh=T_>%%&aGP%qjqh6&$IkLh=g|F+KrR>XVt&M>9xwD-x3(Lf92X8ejh=Px;f=*69P(| z20TK++ow_m`!|?}_p=-XA3X5VFcvloELG?qN(C2h?=sdI&HGJ5XJ_E4lj(u3lk-MT z39Dnn?ghLQ<<~@H?7?L0A0KJ`Z^XHsze%3h;cjo(p0SIg~4gw>$p>=piJvQ>4(^sIN`G9-a$m+$PfHGF+~lUzbus z9b7lQ@GcxSayX45d5#I!lX2*P=_s#wiO~Z&68wo;h3MHl+<>1oFtt~d=RIyy1nu2t zb=)7sw{Lqix&xG-15=e$E0F6)f5Nvj%py;Hmxj%OfqA<<9=@E5E^$B3D0`n2?|Tel zpDT{CsF1^GjwFC5vy6Y)Dn-Z^O+dQE?HT?=gTFVW3g?Saw!nzup#97E*p9Rqwfu5Y zGe2I+>f@?3+rUy|OIj>oHi_O;IKFHqmr1*t`lwIDjva|_*6@6~y~e+L`+IxaIQEnI z`uVMGf`*5qjM~$5KI6hd6^zZYSdSM0(%bppbm66IV*N(@YXJ1Fy9?DijP~RwzC|mM zfA8;{e90F^*EGt-1wrM|7zu~G87f4>ATv=Gkw;l3+>uT`Q?i#ApN1n~79Gt8 zT>X0kc*To$;7B*Rdm5HI^E)Z>U8JzH5hCG*B)z;aSq-{lO?-|$g*+HCc6V`)Cy0_b zKC&UWrHoVqw3kzIFNH&_J~K(T^<(FLE!4bB7tM<8k@96xTdEQqKMAwP(uO;$gok5} zc_L~3S)(ISh$^X|o{?*NlyPlxtJ&!|dw=^F&r6yeE{&X;MUl{+3+G2OxMu8@1Ml}V zlNDB~E>kp=eeiVFx$2b!Cuc22Yexz6x9AcZG8qoGc=D;6z1>&=9YNw>V`5*S{ou@L z7QtN4c;JpDGS4z0yrhfOOgio~R`7E{2{(3taUu)c=4PXeU*pgII=Mq0QdAv`kstmw zlt=kv*N#QJD9ImcRt?9Jb5%SZ4S;(2lL8nVys z23$kPc=_*?PoAi)=A)9LiLvDMC8NF|INF?oT?+jEco7>%MWxoV^vo-Gc9;_XDV9HDMCX(K6IHsJ~1*c;G=M zDAz0mJkCEJ!Mh~?zJe(#sIHU}AaY?{?|lGXXp#6nd|13MAJj=kcA)N$%D2d1YBiPl2j%_V$NgD20a)?F_Uu9DIa&4mn3+fEo&XSSkJnHlczK!Dwx zx#kN2N|0g0QR3#F|F`jRM|B_^^yVPYRBFF(b*{JieIo%f=3xBaXJy`A3kjWO&EM_4 zj_hf;t@vaw>`Z3`e%jdCFwnf=cUYf*nam4(2sLPRkc{&WIBqp`%5OQPVdU0guOnP1 zIfAf@eNyHHEacMz6Il7tT3O7RRUPMZ+WI&uKYgFmPboz5RmX^VBZ!Aj!P6H1Y?HVB zp&D9cdsxRT!8bqrolHFyIi8@Hub|}Bd=I=j3^FBCYpBp=DZb0Kv6*Yy*HV` z{-4#1TqO!eLq%_vw-5}45j@mT%68aFc6zQOiZj0T6`){>p?49=PL2R&Gz6v`7N1S5 zY8H-MiAF~jLC8A_{pa@3gv!bQe%g`o`**4=N99hE>lO|9Gw@72S2nmO^JMDw8kyhk zEt8JZ+om%xp;0zp%e941zD}p;v!g)vNK|B~g#-c(j`I%i*!1t1JuNOJGOSH|(V<#p zf{_lB(7*}-nGc5P0>UOvHHu$<9?J-L%*k+5k13k@{#g4wT3yiD5fR~Z6r0-g^b<$k zps4Ud*~jTs2NYBmZ8WBmYf5D6VXBa+;$l4eq)pJ%eC3>G z>S5DLrfh8pGaXw6y5)fAVhDW3ULWwz%FVMl!-v0z2@zTB+$nGx6l7dn!n->bv8IUR zqt(}HRI5*^56i1n*CMY(#Yk?8M@(&Pm)|k5ntXHm8?uI)%S*^+lrM{PD_Cw8l>bS) zoDA;4xVv&Tp`|3b&NCRE8&O_A!K@f&e4K6_M?t9R7u+G@5P0sju-TSPQ+7aE&X ztauz?#4cISpJ$hgoOdK7?uQDxDemdu!!Hf4X@c|`GUnP;vEjim(|6Ne)raRt1T%ehctO*sY#S{rgr=fUE`{tWhrWkoTabdDWujP4Xjh2fN|#~U%p+R(dOEH> z9YjLM<3dTTN!hePp-5KdvUGBl%IIU_I`V}2Y{#?$Y|HREvO8iu52J4J6)8NE{Xjou z&%23^-9eS!n}8I=WOPZlB@=gBiL7oTJ-Fs)!aDwg8+NRd_H5@H~uzw^JxYPET~Is}kbz9@zGM(s3sDAJoL8Lf@CQmu^jwIS3@1sb5U ztv)Oa^7Xv8=RP&t)7JCb72N6h!%0K^-lgF(`+!dfV5E$?I%k6sTvF}Mg3Ekf$wBuo zONliIb}Bn=y0qs9yiDs8Qb1|K%`}X99V}wt9k>}DKQpnR3apV;Wot_0f)F6Ii?{^E zE#l$3=qPs5?6*1nLEet`BEk(-Ss&_|e8rU!B?+$9ewYlIfQ!}U32q(ou5SO9XFYtC zh(_sQ_-EYHyyNU=d*Ga%8l77PO(E+NA5+x>^;(Aa3&H5Br0s0KfO*(lOW|by^W2!& zZ@@rI?Ln!J@QZItCyXTvOg|@bDcjL*aJ?I4Dr%nH2#|Enm~8cQo&5nHOP<_ysS`nK z$R5-KQ?up3l;pKmy2J(QW&s8w&Gd%JvkcEmna zWw|j7yrYKk^XLzfqmsZBTeHN?lwE}j#wV*wYd>*6!FLwqP%}AgQ`Ilg<0s?##6Emt z8#biEg&J13UJKtW{=DT!K1eeMm8J7f6(Q-p=q_ljFO}P?-X=FKHK`~bD9e^@tM(6N z=j1CBZf+Kc*PTZt*KN2hv|>6cJW3WIc%UsTN;1LXkbX@3drC%TrV%pbC3n|RqoGLq zs|XEZRirT)Wm$g0L{M(x6kmQ6%l$OmV*j=0QRHV$q6bzQ?fFiNx@i1i&TjOmP$mX1 zQ#G_rCS^b<`$U++q>G<3u-TeK9!U%rPyfWX`+(XiPlxtWG%wNhw8nNm&v-*H@FGAv z}~a>aroa-*_U`Yz(QAjr{eg#=B_ z#H4nKvCa6lL!wmOxXwXM0MR;xoV$uE(leQSj2_kr*zD?&YXqPJB~fLjJ&4AlgNLKS zL)#2{c|8k`zR7|42_V+v#HV+mO#uIj%@ZMAX4>RpQ3sf1r2IjC%$Xec$y@kdCEPWk zGI(OX7G!7u{U{;0X&#NEkY5T$lO5^6h_0C&@h3UL-R}9a`&Dp$qrfhgrJj=KWRCHJ zp)w22o0VQodp(;GCc(_^f7;~f4R;bZfK!fAO0vgWN4U)!HiFZMkGCZ>uN%v;-Fy8g zP+1)i)KEG97D9~>KMS*WS=C$6iipa86!$~$$E{p5yON(Kox3iQf&t%^L%)tVM3pJB z<^y%5{w&H6&t?DVLBv|Bx+nqJ!t-SztB#JNhT&{^ExjJ~Ac1=cFro9!fyx-|pMzF3 z0zj*{a(;1^5Y0^{-|;;4{& zrfTkJS;iHp9jhe&W}p?HMft>ZIwtpAIJbny5rvjFsiKXUCXSEjRSSM214-_ChJ35; ztjQ?d%Jx7dt!rv*ws2@}ejQeKG+EsUWsuYBnUW&H;AnOB@%x#`kL6l)*!iQZwZV}O zEqXdhl*m%DlGiI>;iZ2NN3thE!Raa`xJf6edR)wckwK&*?!6vI6m9hxipMD4AXm?i zq~+>j4;FJ99zn|mFBz0N_Y<9~>tF)}$r=RGmdeF}7RMUqVN659C^^bac&^k?GeCZB z;UV!6{uy#;Pe2Dg49<-MBT0=V0H`-WR8cIh{N*P0`ipoh`IU9XO=9DDk=KdOk7u^(waC%v+?ic_ zP6%h!an!76`K0paYd3+zaQ64}?%qNxLK6^)j!!6rD%8viS`g6D&^PG<`C zvm&t(=;RWfCo6m-2MU=>&Jxp*Pt&T`BZE=5&`D2Z*3CwJqmzv{cYG%mZgPn-=8Iis zP#>`9C>GF9MV#&#OWy=noj7Ud_%pkTmFq`7FV-2|q@`{*VEN!JKhaq-AzP0IOeknS z2CH%;4yqOIE|a~rL`v?;w~R}Ru7 z!JwR%B7)4sG(Y}CMLL56Og6y}=t93qt2F?dPHUy@u%Uq{0?VHm z%}e4_zf`Uf#>`($^lJ!6XDdgv*_D%2vOl%GB0di!jYD=E-c_Xy+hdyCsExqo*_I^30HeGB9;eSAWqiVPlV%C$_BUmhRuZm;xZnb-#b`K9V}~O<|KjBSiU8V?%hUH2QaH%>&4X zT-A0qDn*zKCYm~v|KA>E8Lcg<^)RQNB4;z0;^6Rb?(OyJXL^>+nWynK?bGx&<5{<4 zKE`V}WzmUh{_wmFNbd$RxDiRHbGC}sUUhNI^{Wm1#~Hl0T}zqY!la*`rJjmo4F@Bj zAUN=~wbY+ARLkcp|NYh8XiL5^Nhb8qpvwgw(xA;V+h7MXJ00PpBnU{X2mG(cIPw>l zf|Ih@dR3*WCk9F=r9d)?Ff+=lz+Tq!0QxDXc%KJywF;wTH{Xd zQ#uy;<=)m^&>Y1{ri`Dnf0rTg&n1i#D?Bp4$t(X`{Y8DzQc6LFY6S%(eMi~I=ZHav zVyI+`8d?-`{x(^A*Bzjeb#cbxPMZT8DyRsn=vThd%6C+R;KyH+iOyiqA(2LsTA*{B zVQTEst$i&E6rP?QNUibE7t=nb@s+J7v(*dja3MSQtGAwRTav@U$~_RsI}52i(hdR< zZ;OTGCQDQbRSg{$Au;ZGuo3cjU@RE+{`&ZUxX6ngFu}L@29db~qc>;-sVe{UXZ3rP zI##Y{Qz#$y{Qlfr$>ohl7W3p0?O$W&1pTmOKi^B8Y&grz&UyDMJYAnsj0_J)iin&o zBmGXw|MR{Gqvy64AfRaylRb^tBOI&<0%^oNO8NwVOfXZFWc!%l8L^MTil&TLJsv*f zg_(;5>Yf73(S#mOF(v7E0T|j8N)?CQ*%gkR^Mf1mE*w}o!ikbBY+6^+4z$8lPrPVl zsu4STPURBdr)Hm|D{T0I0?PjTM@-SEvr$Es`#L$ZZfw7&j9uUtLCYyt*X zi~3W!e$i*+#Y*M?o)9!9~Z{j z5Kf#J$75#NE8W@~ZOO`M*Gu(N$S(0W!p9C|s5;p#$D$Xe-ElD-7D8@#7ELp(A-Ua#%gJXRnA zI;`yk;*Iofq+aA^Fpj6(9sY}-!e&aq415anbdDg;Zbnq{lH^?`U_&7Cn}!fgFOLjC zYg$ki0iIxtMtD3ExnH)B}tLDzTjkiDzVd3#5gV22BuM9dKd{!0))OARRI&2l?)Djpl zqyl!&VmVi9o}m&F%#Nzojv2m25g*Gs~PaUb4I zO%!NBj%O=A5m(X&R_&t<2vJ_S$RMwBJ{MdIPDk>u)~v z5i;;-2eq$cWoH|$5jVxmVN!I-n7}<-c>U3o8!8bx2T$dci9YWh_YYVyu~Y{lOkJFS4i(1)B}Ldy(m1G^1+13 zMM_@3tH0`c{4RiIoNO6QaYiSrdkLSG+k#mB^E>);5Te?Fn0tBVi&PgR@9T};Y*Qa?JYbrC(Odhq&mpRE zeJx1pNd&DH=`esE^}3znJUBlMiofUQ6B%TnE_z)%S+Yedz%zf<=DUv09G=%WR-|%!QtN7QtP;$6D*Yo2(pf)&x@qbNDSo2v zjd5HCn@k>~OR5F~U{IXQK%8I|lZYU!e4)+E)HN$k+IEb(0z4a5@f?X}nJ)15^LLey zy<=OBHv8HBJaH|3cScDU9!wMuHpAXbr@osvF2a|1Q3VANnY@5kw1fTqSqg6O>=-YJ z@B4r>smCfvYcu;}+wvUMk}1FYMAZJiWQLfOAH;{H)IZOWF)W**p_c!l5c`Q3R-me zf=ZzcM<*xt88`EMO82E_O|$fawUg>Tt>s2;z`C4RH}BVAY5eo}DJPr(@m?HL|j z_f1J840TrfHsc}*X*GIw*aAnEnEthGmq}AMBs&vUCMXfK|2{HyM1)oy1ZpT_SitT~S(EaVj*PzW6%{XY1mYAy?Yr_-d+5HanKQ;R~(yH{jvBZ&c{&4CH zYRV_vf568aS+>3FhSKD{Hz;Nt;n(;#t45O$KCWuAy2^Rc& zhO;k}l(Emaq|%kUFBfcKzULQa*Huq`48tL2V$@jl1d5Lii=XS~jg6R0T+qvX`hp%k zE(9OJZ#6GXtdh?1+Kh0wDcVy&U|1i9ZTuHaPG~f}E*3(b?oXwI zUfx7yWoz^A0EF}67oDl(ugkA^9f6FOUDwf9L(U*fZCC2@3?Ir2lYkrP%syK>j3ZFW z6ro8ztYeT1cR=#)-nk+~OM^{fk#J{Qmw3^( zK+JQGkkToA1mEVFMA)v@I5vF1XG$%YG7{K^+D&?$hJzz2F*aoAbw;`6TwiYnDq(Y` zu7mjDT)Mj#f^hDaWu13Ugxri!v=72`dee<_m^RC1!oQ@3EU)!`F?+ z;ucPeO)!XY_mQ3eW&QjJTw{k}oa7Wnq~2g%Ce;8lMBOo&~1MfpC`Eu>lRvq)(7 zSjb0uQD=BUD!OMGja0!}LGHQ1qxp_Sr2wIV6Bs|ercAAZ%K2RkeN|xolT*e(@9?Xi z_ecRkt zRlL%HX{|s-7G7hkVPOymd5t8`nKJ0fa)1|-?l~tpl98fXsTM`c=^3sdQdjz+m-$6h z<;eqeN}>jw8+2v0n2rNz$-k#%A`c)jFh%o&WIwLIyZwIP)b46Ug08{DFw^wCUf2+e zlv6xDtV}61?B5>48nj#Dx7d&A%^?-|mOB zzA9jo3Fk^;_;*+6YXw{olDGzLXo( z$F#>gg~O_}siMCIZ{g7dS@e51-Q{z?`=fIH><00?y1F*Gtla~*JnN;)4dBh@M=^@$ z6%FlloBEjXlg(d%a!3%hjITKs!EhHMn2*I!<))$|fnsCc37NO@R2IaY+|k$s+~b(y z5~6Rq{kcKf!s*^~q`WXTEbHPpkDff~B|ucG$L zC2O81vmG~tJ}+6ur;ntNx=WP=4`Rh|aALV$&$Q{rmD5{6Gy5qr*~HX#<*4{>tERz) z;sq`bT{p?bykys#Jy7WE#(dyjyinFKx0>dM3+?4kh(2yib_13Nv1;#~XP1Qe_;h-* zdng^#t36NyP3>K&k9?%vcbK#8hmxQSKx@xV^*5&D3rh>6i${2CB9B7b>*ZARv}5gM zOxL)Bzid^EVkqF$&+RWfEx}@U9ami&{9fPL))(lF=kxfJU7BB|#VusYnDW^7JTU)~ zs?Cbo1VsO{cUx_z)A0>bUU(S$*@G8!Er5aPB%K3$yRT_hb647EXA3i8&tK9DtYQ`-{0gG261LuaEtPL3~T&<1x8)9uB- z`E!}PUOhbcj7?9MP2~uKUM}@gt5a6@cM67aKB`H6ER3!)J5Q9bk@^jj`3B0%9MBmF z0&KncJUwMmR5)Hr+zRBk*(OQYS|CSejY#JYD*n zV89!bwp;!>!Z%F32$+?}(inJbTHxgVj!u0J%xpPNSL&m>P@BT@IoO6fCju_;ypny>Jdnk3>OjHITEXO zanDD?MkcZWtDkL82+Fqz$NhRlhm$(QYh~qI5w;hk@P9uXlG#b9SE2Uw3h0o@&n-gd zyO#|NjHq@8BlAZCBL1xheId0d!Q-_6%BZxmvm*T~&`}H-pret~07U40{fS=sT*UR) z=kMN~Um82Q@4eGp1%zz=$hwCw?)AtKzKXM&#*_%ee-h6IMuYx70R1$;{oCV1tPP~h zV)6O=&aQ?&VxFey1*w6e3}PleJFqohHivtYIVXjU_)JIvvC~SioTU33F~#oq_`W?Y z!<_u`h1j`tcYx)c{IG*|y0p5~tC&6LQK`_1#JyWw;cqzAcZC`4JrOYMB~W&)5BMu$?S?`T4|RO`8)JN|snA=AweW9~Zm0t5}pUP^9=f z97D4=#p^_L#A4Siut-*iT8i$$=R~UD>WaeS{PxYD-i49XuoqgFL}c$@ZoJZ3{zf(< zm4A*?7ElNYdD~weN!OfRFlrR0c6xlcuq=jTNtd28EHh?#7CVf&eb ztVx0u&=1vAE0HAvP8WLcSpFut60rkFRYe6#64yED3bPvSsSkQgh8(%$l~lDoq{y$A z;$NeOy7)0mM2RAg)xAF7zmkz`HvCy;W*N3L8j1-E5I^7evls$J9g>d3#?>oQ*o{Hz z%9#s|+`P4y()82Whq3|`tur(S$c?CevlEh zHDBuC{c19bwwS*1YXJZtvI2`$I$5;~*WW`#;AedcMzYb}U z=)T%Gaym?F&6l&rar*z|D`5DePY4`^4l|Uwx+DT3TKiFYwYq9KFGodkhU;Vx%!C~S zXZ5;1V=sug3Z>JL8S-_nsMS6^6Aot#ZN-_4sa_ba-IqWDC)r4bHA&^;1`mQI6eV{A ziMOr`G1N)Nm(zIS_u|F=xSU~P_6XFeLt~LVWUe(8yEVkbr$y7LwXycJZVIgck873j zrsb|7y=xuuL2owTkaYN6=4(I0IR3d>3V1Sg74H^^s5a!TKWA8QrXoi;Ffh)CMUXzl zke_k@3^jQ^c#rvsmY)dh?@)m*HL7$qU^@=le_ywxk`2ESF7Bm(Jc?!zpWYh;ta`|` zJ-RczrF+5BOoWT}w(k~#wQ0NU^AEYWk@{}9N;LOt4=W@T3qoo()xZ<&lrAOq z%~1Ym_TrB>is`z%J)RyIGvse>p`&w)j<=CD8IpguYsj8%AnZWC2I=365(a~fv^~yK zBlWG_UY~!?7en_>?mvkV77rJjsbKpI?<4m(w~;CHK~UrOU&5uH98K|@O}8$t#mp1# zh$mBAE$MpuJUbfnu$i!MNLwk?tbsPaWMPx&%GaT`NYS2(RSydEuC&i>Cqs>+iS#eF zAf^9X7Z0Xd&L|n;+}8wappu1@=3O=~$*+7<+}S-GUw-bvyfziA%1c+@#Q7x&19UKq zgDQMK!cAh(1-h~b8`Q%i25N}N)#s0KGI(GWZL~*xRRda2#Da!k*t7?HZE;TtFkU*C z2vhOcAz2Dr2|aPW!~xu*P$S>QdM|rh%!kBIZ`qkLQZPs3i$=JuS10`Uf3CtVTsc-N zmC+~DtK&z{b{Ohp#D_)7+q*Zb#I#AUFOyFZW5Gm6+gq`~!vaE@;)w8*5D7Ag#-S?aK%EUF?QK^nM}icI+lWGlt`};1CQ}R(pLm@w-|LnkA_dkz^gbi;9Vq zXYGWXDBeCPCjg%Ficu^gL39E!NTc0GgXT2CWdJE z458h%H5&K1yY_@}T0B}Kw$r{`9wr2F= zxHzlW{t}_YI8Wg*#RrzIh3tpgMVW2<5Fz>#lioX9oVpwYQn-BDFtUN-e^dT(60DN7 zNn=R`8}r&+V-HZTF(1vpyzlnlPiMW~S(Y2E5SF3reX9G#-|zg+`>0j;vWOz+DGmyA zOZ46@#d+M9jIykN9k54qw}<(RXXpbe*r_=q)O^g5s#e!=#6wf5HJ!x3oUkq-jD6lr z33{j((os)R#~qU&mTL-;wjcYS{DHL2=eJ+jJL~Y8vy5M}s0JK;dXE3Wcm<-w!wub= zx`KR2U`potE&t7u7x_F#t|)k!AWK>4J85UeqE>agBZ-!|Vg`ysyq@ICBo`{pDTSE> zSGzJUOd#Any>=m+ktZIXYs9M6f+joO{D?vCzW^}W?K`WO zj7x-1s`-~gn{uWJz2X0PC#rZjb-Nd3_49Xe8G!3L5_DKN-0C4V=fQcb$E#o8tN)8v z)w1U`R^yXsM+=p6?1wIBw8(FN@{tTS1LWwCx1aDT<&2g%F)^tbe%vgQ_vga2Dx4|I zyou+h=2Qy8gtke?w(={KHWLW6&Dz6_!6ei@rr?XsoX%vZMCeVS zWts}THY`Nl)Yvu=9YXe)=B&gGkLJAWS2ZchiRek@uS9hatp_RG;=pt7BuapX;aWN?U~{$=;kpB|R?$=sLg*)TOwon`$%lqw>!>U}RA{q9@}?W>bIv z79LDJGarc|4!_DryqvlHiNGG$N!wj2PyykiQjtvxhtmTVC0cZ#c&NGtR702f4}>c< z2~88M_*fWvw7`v zuFCZ$g!Nj~FX)#O02{;sAzp78aVHxpUU@8!2;xR?{O(wqUlQ8O!Y>MxgD?R3DCTx_ z+M$E;wId&cq0q#Bk7CW4U+JiIWS=SyA)TcrJRYoH^w*&`+#)h+)auJwWg|(bZVj$~C%e5!EAiO6KK1}7QykZn%kppsl5Dvr{tLBtDF+&DwG!TY$O*$4 z-Q-<5uB6Js=7iQ9gIKc3v^ZY=5bb?Bq`%lVgZYf6#8*Wv zGULf0%&~n7^)yrdL~?+oGZvVTQ$i6)pwfBvG1Kep>tU;5ZzoqOb$dqv={cwVf$TA^ zzvI6+pSq=2@KvJ&;@;NOVUg?2rScmG)4PKG9qm;Klm&iYXehQ%$t6j5C11BBrhT`- z@d~S%O8*z(x4n`UAfywd%H4Jw+&Pel-6Q(vci3E2Q={2iR>dka@)^h-bA1k3>T~XY zws6JeHK-XydplrsK=}Xw^&`(@{uH>ld70?c=W*Ojzx^H2aXX)@u;#J zfy@1B*mN#N?kXA}4&l344)n|-e|hOB8^^{ZpsG)}=N49Cq< ze2ACAWr>%&(>19!rg<=uT4h*WW6q|{z(Q^x5KhQ z5JmjYct;=TV*N(cmI{~a>|inyQN|sz$;{E~YUGgQ>7cg#MM9RzQj>|ffgq~_Ngl+P z3{7j2#P!)aeF0}?B8q`PN;p5KLX*j;v6r#n=*qI^Sc^R}w*r?h$Wr;u#UJ`4Mq6kb?LTA?J1_HOlr1bNYGdqR+zb#2mR-t*H~bTGh)P09#W;C-E% zPB-koL>idqV^ilp9coyC$*uO~<8Gf<>eb4cXhSMnxfIqtOM88-&5ScmD&m#?N7h+3 zMDfR4obE1ZP(XA6K{}5|T+L69y9>6B%Or5hxqySuv^r0?**_t|{~JG(PG zzi*t+IpPqcMhsgK`=%I@FKqV9L4h=TFI<3>)}<^yuA|i*NEl4vU+_2m3lWiqTm0KM zW=z)}nxqAh)lZ@}AA3Cie6Z(K$T9ZT4SAgSqtj1R1dX-#^_~9G^l({v`8)9`h>`Q& z1jExAt4!rs3*v`DCOm$!IL|ry_cJ3^%}1ykgMkob+BE;MLpn^XPL)&EOf1?-qqQgi z&s=O42iSEdKi@56r2Bf&?f7U>MP&4gd=@ylN~X^}EzqP)!APUcI_5~zv1Ik=2}0<% zW#%<0AvE32xhYPcKjOPm3JJN3Jpr2gI+@|*EgEQsjP0B&>#s-R>f|Gb9FWRpgv-`a zTB7s2vF~tqa6z9o-Z`MA38kOG0?#t}E8lT3zYJzVe0ixuiYel2tBzf$ict90yeE&0 zx*I@mnrJ5%>Jx}ix^rQL)Ug!liSbhJyW@fXG>xazh>3ETB!@Vv;{syOWey+Z%C-5NY%RY>Vxg61gc3N-2Ns;aW z(sTqYniw3Z5k(Qm_ptKOn38I9U*+%WngT{ra?VWOt?gz%D@cdzg46q}&6&I;Ej;|Q ztN{gxrh(-5EjMGkTovhs*3ff|iQKr#oU95b6Kx@%WffyhD###efS>9I;t4$D_2G`dHJQs=?z~&&Eb$-s?k}pFC zNtBMJRDQZUPQ7S%Qc=DBmR@M4G>z+sq^sc!dd#O#u~%-DTa~48mi?FINHD7c>@anb zN|6GLpQV&7wBFe8Q?A#4VSU6Ri@d25FHw+nlrX+JIoKdfLFNb{PWD>v`G+Iwb=h`KZ! zC&Rnf8q@e_+m|) z98?NR$IxM7*(RuTnew0ch>vY``nEOEpUjGbwydDr5>><~z=ju`H7@)>v&t@2Mh>!3 zNaHW;Pdwn5lU@<5b?fwY*@fy~8^HsATA*Ze1J#1fVgqTq03;C$YeAuC9*{HBt2Vy> zFr(zw_gLXp3Fg`Y1)A~{6a^@XXt?II6DMQ@2I@MQ@lt0T+vuokY=+W9b+nUUe0_Gu z(?4mnOA&Ca$|{MPEy1mFz_BBuIy453bNR++)@8STNq^XagPFg_!OEQ@`x-Zt)hscR zh&mAVR~->s9Euk+AU#4Y&JO9z%XS-sZ9E9e{4&un5esv2KEI+y5&xq+pJ$m8Qu%$` zvO2pJfohqy74b)wAv^^+c9mp$-VpBNpO(ZCgVGn6`kDkFa1{LlhBFMLXiZ>_@<=n9`3dpY zH9$>e`#Mwp4bz!Scl(KQuM9dpn+LkLy3zGwMlOQ=q~ZG{bS z6$VTA2DQi+rkQ?We`R~ype1RvFokU_Y!BVK9=%*yOc6*rF5_iKZG@G+45KBMgeAXh z!&G!YK+2e{+mcGHF6;1zC(3le1l#8-pg&C6FLVl8c6E>7!RPsQKYKntGK5&?470+Q zL1M9EH$-j~P=$>o<=XuQlu4%OV6}wpv)u#gkOQr3+-QiDsz``lK7e>+hq21>?||mc zjcc>%*!`8;Xy0@%qXA~m%rGNeRh{yGMyx{nFL%G;j)zS~u`@HK`Q>8zl@n#LR znuN+REdJdhv{BKWEa3W-G*^qRP<8kE$ksch%81IqU!G{@^N#JKTfoxw3|Kt+{XpvH zJKh>=iLAILP1lA>zjM^k>XlMuWZT3ZYn29I{FpNLgzS9@S{vzVdT~+n1$ZsN+CPar z6=NciiY-D0@G|PvCv_ZF{AV20@y&!lBePvG*43Iw!vObk;M87EuvB)&21>)dX#R+V zm!U@YP4^2x@a(IvTaLCZdf{Xoi42)SCKyH*dPS3K2Q#!C%5%nr$EyAAlyCXg>o3Ag z&cRGVL{*V9KEmJkAQQhwzYNVHJr}pqrYZzBkw9@KC-=6>YErPTrzdZ*91@<`5fZJM zjcx8RQ<3w@L8kjL?Z$(Zy-}8Z*&r*7aABmBPlaR=liY1b>HPG^{%(ECx&Se)xUGgq zOS38FV&nabTNlHhk`*T$gksAtW#t8O*hAQMiOAdc!(;=0n`ExEc*i75pjOe(P%eaz z3ZdzIOU0w(xWcOW+VyDR>XQ{mCdWL5FkI2?8I=Pd-Fo$ByRJ@GJ%k6teR&PqSq{LBCG$Pi~6ohW&K`EQiJxPmj`Qry^_3sVW{K&>B zwcB^ZMB49%T~G=1LWJK_FJoY6hyQCLcD}tAs0p`yTdqfzLF@8HwKA6wDwGBpo6&W_ zOB*nP&?V$xRMjKby6$u@znnW^6(F%baKUlc^sX_+wOgLG^y?U6fs8g5W(*+x$S z(+?QVrJ=Rn9LZl4XL;F9s5Muhhn8Gry&16#3{z&}o1O~Yk}2!gfc&_T_WfeMUFcG| zQ-4{xYglA9qOahSXL;U|r~ATN=9(>2S*7?U++dbJ8qgTZ1077qNAN4eUqDC(b0r>XX~LV1*Ah?Cix8YUmPJ2z1K*E!Cgz&bI@e`&i6~8oi^B6 zNs#|iSs3tCNjr~7*X1W6o-eic?uo646f1o#QH?@K5z0f&>%;I z4JiV5ZmUg1J!=7{hm^h%%d5q>S|5htyA0QITAC^4gQKnmKS94eSX~UJ5ia-kxJz^0 zxYe@eXR6SFuv%uZWEDzyA~1U>8!2h-L4-Tpun+T8a6%M_pB#Pb1_ma6fNe72i$Uv) zpORgb)#5Hk3?kBJSHlqAQ}2bul_lKS^Jrtua!E;!7j+q{svo}xiNHJn_|cmxRs(T< zk=EN^?H76}ho@8GUtr`^7Q_c~@c9wRebs>1ABn&KV>w-%rxLF9t7QBr-iEIH&Fh=) zMV=F*Na_yWA z^a@u#knPPszo_7S-?owWYODy1Nc>7x$H>utecg&4ir*`S5+k2N|5=@6=OQUgxy?sx zigGLwA%QF4(tltYX0j+QJlHpxmPnubqB$9nT7mQsS5NJ1IDOS=Bb`lQ=c-e*?BHha z=Yw9MAfGtCG{%+~*q~m0*}6@*%F-nBLwZk3Fe6_Y3FvJBH|-v8S`pMNV z%-tu#e&iD8jygfE-W*$-r*&Y(Bisogu4GzDyWmC5FR?Q$qSTeL@VA}WxE^9)hsc(U zD}>%k-2JI-Clqls>+<8E4}6Y^kHE$CloCabn9u06)n92XXf8btuM}Q%=QV~W9(ONw z**ZLHpPpxaw1@BG9%nrWnAI5&O+Q-bW*Ccop!6rd(3ak$^CKyZ3&ky2j_IbsG%@q% zK}v^V)hAGaok6M^S)S(ejWTRQpL%LNCrc$&t|-?X<-eGYcE|>V@)mlP#I@k_I%E-F zgZ>?z=)?}}53RKPnNZDXkZ4R25|RQzcGV}}CL=eZ0?7g*3f<8KfiW0e3PXKX~z* z=138#qUB;FvR$dHieyv`_swVUV5lb3RWX7lXZlp}o<=W8l<;*?2g=|PayZ`MRy7x= zN+W*mE7IPzP6*AbdXzRdMpidWjNgdjCE6g85(oOXc!tBo&0Qn?56q(wNqF|K%;LxA z+B+~$^`}I@rD#Co7;?!aqlnDck`I-#SRZp<#<8tvIq=cDJ*r->HsOA!u)Yv3!H~UI zef%o}iKqzmjQXWkv9)<==Sl*);r*L8R*f}-x1z#O-=QyV=uVRBjEm!dxol#pafQ-G zJHs~Ov2mi-aJM95aTle}eSQ4>qFn(#zB|5FRms#-<5|4@2BwyaHaJ21x@Kh1z{{Rb zNXV!OR8N=fWt8VyI2rSS)-|11ZMWZ1Txk5$E-DL}@Rxr%+XNMddi8cN*vLY<&TSwM zZ%2>zH^#}dfQPnb!fRtiiH~C)4J$&6F^R3$^@X+It)k?JH_TaKb4&a6dN?O1Y)g8ZL?T8OA^bwt=7?H&jUcUfb}xnEG}Th{jKSdQeI^^tE#HQ86=c?bucT_Xnak^7J^TgEpaH# zrk(WGw&6SvcT5rJK`akSKAcx!qNbr>&=%5CNKE<#BFFv6jBJYiX0;rGoFO#!X&0!@ zibzg^j1|G@b)NX|FL(pIaBu%6zRv#*GI5~62w)&5gK2@`N|BYn*5?-aok8(M3ieML z>ikzoB8LPAe}ixl1Ho^T(92dM(pubr*se(&&yTu3i!VBd(o=Y>RDnT&GqAE? z_;NPWMzShRgpLq4#xjDz|y#{Aku^vK5c7yh4bRj?k~-L_;wIA`boF zHm=W?ORP)LWTG8~5%ky@$X6)6{Rpl>JfPPU02#ZQKX4&v6`d}<$q6k z_yO6yJX~P-(v%O+_?x5}DORvIynE!Yj8gqP9wm11S+32OZJ3zzY5<&xwny>y%MEg8 zzu9YPRQp<1Y(=f9*3fEWy>|fctd-P{6&xC`VDT3##RFl>UDlAhcQ#6DnaZ(nQboT- zq;z)-l{AjvDY(u@cHwK3NGhSYsnXA~YOyR~iN`HBL0;Ypt{0eKbTmvxo0sW7aPp+k ziH>`F*>9ksP`})7`!^~np8MBVQS{u@+oiM%9nDf; zmz-rwhm{ebJc^xU*_!toD=2MCSyt>b^GSE_Khp7Ny@pnv0dr~t6`bP(0%o4HsB2f6 z_W8`e#cOw5p#DGe&HhLFAJQ`ngcMQ-{*uT!Uyi))xpt*!7fCVP^+nZs`EUAst^7=^ zQ}pP|{y5Qsqq+rIBGtqB2t$8*x=6sGn#lQx`SM&AI|u9sK`~tZN;Iz#ZZ{o{{2}I8 zx-*2U;%{BXAYgK4jzy$v^v6z6ufhh#(0cmd0WZz4*DCODa&>ukwc9jd@abXJlds&4 zhuP1VJkA#i>TLSm0A(Dh@fmunTO{`NM?>%n>XADCnGaEpXM7D_TpkyIdqaJ4f9L_<=x!SNYl$69FBw7Cs^~$iXPL3 z2zNfl(1y7hb@?*9^X+t}xC7R#w0pxvnX{|t^4Q6##7yEp>2xQHNRo>ma)-#WBpe*~zakE=zokC$ zYDPjFCYAH#*(SF=+rWdO7sWxV8IS&|@!mURG*nC^8u>_*kGVtlNMPu%f6Z4zUQz2= zRcv4cfB#4V{(BT<+R z`FsvC9DJz!tk9SGCd(J1*%)5;WJL82W5kJRO38=sC{Xvz9;JIUJWQb8jv7eAEX^mYNYcY)d zM3RYG;iGa%tMFW>O_JCzIIzRtebRN?zLxo&H+$Prhb*5_rxm|NO-+cRn*$Ooq1n;! zN8tba^HUB?c)=KDIX;VI-R7E+RF<01sxroKV9EI%E@+){?4v-n0 z&e61bluUg6DM{7M__RP#8sMt2i8CQC=EZa8oCDIhyp6E;@2mT5fctM2hm3ZDSYTiP z4grE@-!^ffA1g;>Vz9aPq#SNhl-?6h=Cv9%=>z+y$!U7gKMwfESH{w>uN;Smrj=q+#0 z0q`B)qQZVhf4GVBbUv1Ns@vCWc$_Qz`7=#E)9Z?7b90;O57SJ*yx@g-?_2Vu<>Mub zgA(fGldl0mHkub!gf`Jw?l~dbk%zYy#3v1Ut2e-UZGqlENwclbWRW6V{uS2+bp?71 z+dY-c}ypOB%TAi>>3@Vdc&4W!{xEX7rWNaZ^9F75|#cdqmz10 zO$P6*!H%n2!wHFLx^P3NsLzMND9A$?X}=U5_ZEV2|^$?wxR@o%=2sRbX zzNH2fW$&_7%L$T1O@E%uH2g4VdH_0>rc%6PY4&{LxpQjL`=eJ{25K5#_j!q#-15og zy)9zb6|*jJCZ_14y%?uYL-lKY$YbmV2N|-?y=yDpZerKuy$4rx*MN_ zBw!7-*>@B+2uf{O7h!QGB2s^hDdoYw>fs2PP|7O6?c|YYo!KRDQFIAOnm&pa?215SQcOiQ~7W+qDlE1R_s0cFI10mI_h48lyRchdC2I!=yk>_o#S(-VM$6^F0A5DkN8SGa4m|x4+ z3FNk)*SR_cBTjWfshwWTQBizM#Me~(5i^M$`j-4tz>0+@pXE@SKw2uSAXwEwRR_`B z8`&1=L)%X8#nhj z5!X0b6L{fA;o!Ye)9Kwh63s^Uh6PyduUd&{fx+8N$hXZyHuQc$cZ?fWi<7}%DZ)=aW-)NEdgl-@?Tcgiyu0@b z1IbLYo%zt_joc;BOwXw7!}=pj%x0{{Qqdt9MOw& zl@}ughL5rUrIZWZIlMTxtGu}!Li7BQZAV@a`(fep`%r9Ib2f#sbZ_-ROT0bEj(Tur zbVDqY0(~HI@UICEV+9R%8eqecU^!hHtKo#Tg+TP>frsHmvcUR6@qLTRuzJQ=Lt}qW z37AZ{arI3=@lQutj2eb*8}ZnQ3)%R~b7DOz(?$*EtZYAI%jTEUFwUJ4)ByJA3qY}9 z5gu#P1N}wF&pvX581}|H^*gXQ4T28vTu{BcTf=LkmQ@+&&ws%>GzmbdNG%J?m+&i5y3XQ_L*QK>pD1dYwP8JIA1&8A75_Uh9V%MDWZ|E6 zK*MynXO*={HSxYRLE2~r)YIT?fX$MoNh|jAO7(A%;%rBtAI|cX5A0q zrlkwk6qslD{1g@zws1Qz5OjYNDvd)YalPP;K3Qn%OVI!Y;1r(+&yD?}Yg%#e_Fi=? z_f20px94B_hTYp<>WP8D!Q2^ot@R1({wW9PG%ICGh|cu~yS~}ezRHp(RX=!q_fL^(QO_-9 zSTsv(BpFpdc7t5Ve{nWg3e0WumcN~_srb#FmmS+=nkkZ;2_rO1VmC>oLDA8pwdLP% zB9m9Fc4^IYw+OCZX9`B*-+P<3PLjA?;YJlK3mgM9Aye z7f?`*@YbmIOP4`5D*+DTC|)95={-{VOXVqG2ST!x6^B=|hZN5Q)kX#vdYZC`WbN+( z9vvAti&Gq2%SUr!jhtirp^v*u>tXi_052iKM)|K2el&hqe49yJDm}9%FW_wx0fdd%2%96I~f=Cn@OLvgR##+K6gCM9S7#PF>mU z?%sjW&}{5W3-R6O?Ca}qG|@Yq|FFnUM==&f=|1u2e?cX7NRxO+KNp-8Ky_rg`e}jK z8kIRWYL#3`X3n}(K3Y9srsMAG0Z($EsGa^7L%--B$}0MOlRt4S*_L{C25yrkGk*Q; zcM|Wt(lvXgvhUHnyiBDEc;~Y7tu=KhuWX$-YI|AM4*=w-oBOA9c)3?7h3;0VsC#<4 z*5kg}9m^VcjyD`z>htnH(7>$7L4}9R36Iw{Q`__!*}u!wgV7$88)yx0=gW{kaD)TzzQLikP!ws7ww2-Cxw zmX_8*S`29HfOd9UDZ z1rBfEi!;i{+xVFCY2&C#5xPho(iZ_{n75@2H?&#+q(bH^V&ClmK8zMKms?MqanzHW z<}IAg`s-kH^SLrg#isO{RXVG(E9qKR;sc}5f?HTcEIK|~1g^U88?7%wtJGqGFgG;Px!>%IUZ!FZ5JI>s9SIp{w z`!gz!ts=9E>G-e8?KgaUNvhMK^u<^v|*i=Eu|uwfMf;2otLNeR~L zx=iauN=KMogyP5nd%$70(q4L$!H}d6@QC%%4aOoLb8Q^{Nx!@E`gT%3Xp#Oz@ zld-&BGZI+jo9mX7r25m0{ImM~^Yf=CS712Xq!7B^dRBeJLA$js!w>*V~>i^ z^6}D%TcWf3s69{A%~sycPn7r0;y1){JrMw776iJ%lcZ@)OpyQ;6&5`#S{6UeAUT)B zj|X6H=??G|m)$5=WcTHec}+4o>;I6sgZC}MI)5_Ic_xV?Sqppi4@IK(X6Wq<`#?Rp zN|xyFsA~T@7Q@yv?F>7HPYK}CQfE71z=H|y?&h{rLA-3TRE?ivibC$6o-=NOzA7d1 ze^q@jJVu%}M=9dx|NMXBpZ^zRzi8PqCkuRQ18Uvqr(antc8a*iYWdSzZVS1ti=5qT z-3RZ#z3s;fi++KAr}2l6ai63Bc)DsGdWPG5T7_+Im!SP!h@f8@%QL<;bc#OJ&F?6* zv|BX0E>AP0Gl!Db-~QB>rl-)3(t%K8lF*k$sr>ijnbFwk6(G9cW2`gobp|7a=DdRQ z?biWEBh^^>e-EG*IsV1P7agyj%e8w};NoN=7-FC0Qto%(4wqhNOkc-2_+hzSu%L+^ zgy(I~`c1>@lHma^TTJInb z2x)KUn%%3JnKFO;Nth{}TthNVc@>Xz^jfBXQzG8${1Lwv5sUleFWh#kSXekGx#Gy4 zpB&{W2Mw#@j+!n%3+6ox?YX4xT%{JAx?LVdb6Kp_t&&jYBv~X$eak34KG?KuLEEb% z6sfsY5zJQleGHiWN(a^ONdGWcu8OIwV6HwW)<5vPEKv1MWYd-I2*IzNzd6DaJ6qfO zzI^8TWX4usu&kes=4jSHpBxF8e3(jNKOh9_E;yz8AG_I^Yzu%EAGzGIv_7}5)*Or& zB%*0N6jM$V7Ko_KIb=a$&FM)@huP1I-@XGta%Xfv+8R3UanTxPSWmaKj||WGA^n1d zJ7~`zt8V^<@9=!4)i%xRZ&7CBzm+CxY<15rT?|4&*^cxlK~^5{IhWnL@>&WA%g~gu z+{Mkv(#TEi;2P zyxW(&ah|-G#yV`ews%A zGwcD}mU*rk&|^9b(kn8L4!Hg1VZTCgYz;1hTo2a-Py|*1N{~ld9?j{^KtA;)jvGoi z8C%Z4fMUaG7geOl*1C~82*~A4n$#jxDb%SnQ`7tIyTv9{X|jv;?7Uv5u3io(xfdbJ zxy~0ByWX!#lxpA6@Vkd@-ddMtC9+9aUi7@YH_bNRzU{H_yo|)(sf7Dvzh^-IlrC8P zwn>Vd=j8Nvl7Vlg!Bk?|2t5|&RDWeU1$Xe1+pwD6;B7UpM|&W#*fgEEvakgZL@;!R z(pGG=wlrmb!O(*_F&tpT8yx)cgmR2x2nFdEhT~fO2_SEw-avtJ)D`p_-I`snH3f@f z+*n-vX#0qBR>R>5Ca8Lq_D5Cr4@I*8JTm5Sq|;JkIKI@PkZ&M_L8*+^TK#gLNMv?^ zV1r~K9&j|W$?c%fN$_#sFx#oGYTt1RW#l)r1E;-KdU7wD97~DPXdtX4sk?GFfE7PljD31) zNiy)dGQ8+wQBm!;e-PhVRSPd|_9SY499y4zWVURdS(O484&hZa0Sf;%>6pFIvrjgR zaKMEYTaREM%Cih`ysoatFQHG4^%rLo(EdS-2Ay+2TVcEdu)`&vta%PATmE_0!UBD_ z9k$?NJ`;oJZ%Y~R1Sd})gO~LceAldk+&di9$e`M-LFi{MK^&}leH&AY{JJD){I>^n zNH^O5cY3oW9d)4j*1D$sJN65UdIyz?*Qyd8=KVy1TH3O}PItUa)niBy z*&ZYCqhv!(4)jAvVuF4tR%v?Doyr=|#`#j%XOoB-{2sEcG`1B8f86h&@G9Poq%Vz$ zG7^bC8MUz+oAQBHAe3m1;rr2(eQzKw!}l127jS8->i@@ii2IYQl@}dV@VyGs%MYbM zWC6e|w^@@iI&0=czdlW)_Mvsdadze1VguFpv3ikI${!~k9`-x^3|qL%f}YD>6E+P# zV&saX7=1gS+_^Y8$s%KGfAaBLguMX$cyYUX)cPA^U7G1X4HrCgZ#R{^V0LMO( zQRw??aj{EW>TnFQ>|$NO?7v^E02m#Z{ce#-e^p4OA()cB?lF5o*P+G@Y{@CfC&Fs` zkvKoOxzP^9v1v1Kgk|Jm7=5Vx27BLwf`IUJA@@;SgSY>+_!PFzVyF1j;xnpt2Y6OD zk-bA7wzz!A(khts|4GJ}%9qD9()2g|{+B4=++Z;Gk5B7S!sq^(A!GpLUMy7Gmho{3 zY2uivA1|${d7!kdA2H749#VE6oKf4<-sqZT66QhQNHq&|T$m6;0%7G;5%RH5-zJIQ z&>+I(xm30tU9e$VX_2wg>|3VN(Q4Lbm+$mD(Z|lNohiN^kPhJ8=B%ekpCBb*l1eQ~ zE|~fRS<{Zqrr9Jp)V+zFr_K8O&9&*M_)k5xrLfyau(>9qHk^n-LB5ovZ~O6E$3IF{ z&c5V8e`e3fM2TQ4zaU~SUke8HSik0KIo?~R;09SK<{c7(zt?EO^J#5->O{#!u)mZu zc1P}!;+U9WhGi-mbUHHU<_nr(!f8FQcf%L7-9B|;0Uw!2d=NFdlQwFJ2EOYfr)R%x zyI6gCl*AXY=Tl1IPHcHxLw@#>^SC*Pe^P()X=cjpK@pxaCNca6^F$I?KAzj!X8~a_ zjh2pfvYNW}Xp^O-u1a49&2Cz&U7r3ntLiA*AFo1P9I0{Slu0(qtvDYP|Maf#Ea)^` zj?eSuBLKkwv4U1j0T$W3FJ*YllcVWyF{~^PNaerUgySvbq7oT}9n^w>Q)?#&>9Ho9_zL7Snivn2(rXdL_!K+U(;4vZ5*qbE#Ugy zG1_;45oh^y%NxupHR;xoSuq~GqvM#B1y|PD8C~xwt80BzNR~HdMsL8mpDUtRucsyo zBL$+{-ge~i?x}&XJC&`H>Yy1u!A6iEDiI}9 z1i<4WjhMy430?3BVNtNX1<#2`a5^l9Yo@z;W2=Co#LBF*`(#e1^?~+*`n?uvhs3M8 z$iT)i0s7==GpJvLpktY=^yB-%rSD4mI^Xt3GQHJz?Cx)(Cc6yUiuv$K@QI?UmTp9(4p%T5ALbpvw6M8nY=a5rsDvSu3L(exVVJ!T-ef-B|ZdiJ^(zy`3l z7O;k{2iJV=&Y;J@l;Oc?3cH5^sq~MDTSAHX^DC9dBdy0w-e57?8}Yb+UjDP zpHle>8s;y$mP0cZzK4I9EK=|Kx}QEreg|Gxa_}))Afp}8R)Y`0#C?qxcY7H?L+aM{ zA4?^7Z(4|VnzN@zp2-Q(*NaM-5q16sRQ62GV^3HH26XPETH0SL&JJ#8y#{BH6g8$T zw_n*$wf;1kt}w*^!)R=Xi=3Ug zvYsEcuy$e|^B0X5jKH!L(9U)cG9#jF=K^ZYm-{-j0G{Ydy-~av`py64g=+0;Q}fBn zyVU+yIhmy}DBR|2R$~@Okhl-i`Be{Qo~ZeypGeV0JfWZ3FiE!O1^2D9G@a02Ye-y9 zp0z$Shxo#3EDelpbS|i%K<1@6;9pD0*;Q6Fveun09>*|~zB=q_}5#pT9d&t}P?>?+q3=G8F#CVWPHjRfWZ zgBkQtJ(NLuH>7SfknH!fHYcjFbLfV;_*aO3O9_TDvc{LFk*IwhLXn-!bo5cKIe|c* z62qvLU&zUZ5e=bB)C+-kBor|R(3A3gdP*@P>T6d9igk)tD z*{8i!Yu8Z||Ew`!PP%dG>f#r~4BI|!t}}jmqb0@^TKM>VGdpf~p)h4U?&V9{o!_qB z?so+usdYKCnprv9Hme?wsrED2Nr3{WAl%rdPnv5fSQ|yHEvhcSMkM8d;fU6+{54>m z>JfQ9K{>n?7EsT*1*!|yQ;S4&lH?e-_+o5klq6F5jjRX+xK{Os)_>I^y#9?ARlF0# z4nU2aHpj2pj3s!sKejEk=*?orOxPCXS!drqFQ{y8Kw%42-)}DurGWk6RF3Ju4xvUt z6w2fPQXY9;clJs|)?0`Rok@TZd+_%iyn)L?%mecG#Lxh?AZ zLCJY=wavPGZ&8EX6e3d8n%97PZ2w59T;zJ@=r$EN`Pzj-Vp{5AZN(+J>kD;R*9N?S z8@4THhnpesoc$4TW}Ql=-OMQoZkMZRGS5^!P@Z9WAO&qSV@ znl0*AZ;N`zD{rGX02^#^d$O3rNHJA_abfMZBwMSDDmP(s&)Vl`yl9fr1l_vjtl>}k z!u|xRzPFFiKxOqbnIn>=%Yms2sJsLY^ih#~nrtwEHC2pW_) zI98@W?o0Rh)Q)KB26I0WINnIT|6LO=wtX3>Ta+{VrKz<70f};d?^h3Zjdy}VAnit0 z9sDIt)EV-aBa~=ox>Z-A-=!!d=vjV#dBMgWvt3JLYH~zJ8Gj@41m76>)#j4Dkjwpy zZ3=mr6=tw5u?wY*4b{m<7X)`!TnLa3$PaflcoTY0_?%V0oej1r!PbgU0aPQ?R~m?g zZ%$^L$~|5_P!wFR2YH8oG-S-je4!?XAZyRclHEz>Rqw>66@NQ@{xw0~8tJVU^lz(H z@KdVM2LNWG=G91I@9XVdtp;M*=k=^vRf{X>Zs^>bXP`^3&By_~?6DrcI>$@-FidJ&&JMzG}`^JrRL){fmVE&>z!e z(P)_zXi3!wiHL@Lm}+tITk5%zH6XH4i1j+`tpF+wQw$vl<0<#KmBoRJA?-0w%CN77 zNmGS`!FQxiQpD!gDa$JiPxn;==ATLm>-S2+;0k2wJ{nn=WVE?}9cm>Ksj$&-U&n;r zWafC%bSVZ=rW)Z7Be2vw?+o%lNv0lGJP`e}g>nc;Qd!km3Eu&dWTCT(qvf*8_bN{+ z6JHxqgtK9O0^T%-|LA)x4-vR+3eh96)KJ#IW3@)Kz>lgZD=gdFTj;#`ld90|51~{) zjhl!Va2x~iVnBo!$~6KJ+jEdr@_H}p>8k9=`TF2sc%6I}(0na|&dQZh)5PUda3`at z&>Xw$aoQ0loBZjTMcl2_G+Ua*JK1j=b3l~D1I`dKOasMI)HX%>Yy?gN zeii(mtBn8Vp<8K2YmZ_(c7aPSD-S!Hys^<6`?IptlD7#>+5w;MBo7yE4Um1Ofso2X*y*cx_5gSJR7M zO&{;Qk-Pe*K4hrT@5d`Gra>@(v84|!3t1#IE-*5ecYO^XtnR&{fY*(8KdL- zW)5crQ8z$H-3Wpj0*F+@*+=k9I)!XB9yvodiWY?Bp2(9_h*##;GFzQdOSdCfCHrb| z4scM(KV@@%d-7zf+jiC&-~lAL5xaYMJU1QhbO3iLc^+%Q0|vlt9V0+e>^Frc1(`ve zSW%oU%eEHnv7P>qxAHyYf-WcNF7b0?Dd<&Q#_% z_!@z8J}O-isN+$#&yhIW)x1$M7+#!F5)HDuXzIF*KqxQb5H4mDjn9puhG`g~Ii_Gx z(qliAXXMIe?3IeENfo?2)}e%OT|$C2P7P2h2HCGu|2F?|IQ}?%ym!$X;sgf&(_54# z!UQ2vFRRjtA)!TyJ7{Emy38d-smy^1*3v4iRhP(dl0ZIlpKMnbah6JU4gH~=f=6+pVB{FH^x|?lm+Y^vJ zRuz^s&I@CBTZi}@aJ4Q!I5(Cize+|9`A8}gNiDzZd$()aPxW+-#A89!<(?h$Y!?OiuJ?-n468VZ@mY+Fvr=x$`}txgEwwB#{e6ez zyw&y5+^uqafDz5@tt%$R)=Il|>ehJnrzxke;tf>Lmc&vd*xwO5lIxmH(kfDVb7AHW z!GWnU+LFWSZ9G3XjxbM|qsPBv*WD^e%NZz0ZRgYXgc>m)CE3@s&{PM}!g)F(FMfqz6VB4t|7pQT+iJzYHhH43Vh zJ4^gOOYNrT$;)YId8{i)K1{`i;PW?Wi~qMn?oWjOoQ~g8=RpVoPQqjMe0Mbx@hVvOkcQ$6=kS_QNfbzw)c$|XFi5W zFVosAy29v9!amGGScTZ8^Zt(ZQ*ApKR-B3Xp^6OIKg>2xL+Le0z>(lMMblE=a>Ili zl`>{Z<(HM8ilmi18;1G!R;D9pNZ75fDTJS3*tg7`rZnqDfh-2YKv)%W?_?fE{X>1!Lm&q3T{G;yBz^Z|*sXZ=un#bH zpCRC)-d+mPHN<^oX|ByV(RXtq zE70icnd6fjcl!pZI@DESnB+p)|0gx4lmd*T%)~P8or@4FV}R9kapycRm!wxi3qfFf z3`0K|tt4!VT2j(g{RBtrGB^+1Km7G!T|0nSXGT^TS{iTUarVI=_nPM@uoR7R5_u0Y z9=q^qQ$F6e&KC9hL3(pp>F|~uf~u8MJ<34U_7FE?&L|DtQ(1K+K#&HbX%{Yv0*c}9 zwJd!X&8a{zY)O%pwoYnd*G;PGfU;!knyZkC>?MPNoBPv=9iaC zM}PvAXiq!$_?{~D#Ta^uex+iihb_&;$L~v(`(~9&Sa)}aZCXx-(rtn(b?qvrH_%iI z`TcLgf5g=<*R3D(u5*$!VeQ1jHYf_G8LI9T*G}$fu0HL&A;qWY^NGM9QDzNr()mA5 zQL6up$;o2xC(BM3RcUrGZo0YSJD^O#m@-lCAEM6kceq~OF?D_lGkgYF4_a$T?UQq5 zC?C6kHq)I@4;h6icGg`lHE&R1;mbh@xqX&#K*;nf`+$`%GQQgwe&~?9v3beg>Og3l zYobWCt63qqg#UQ@_l|L{p5m6ey@-aXg2T-mYG|W-r1_6ZAf_^JES40v`wB?o+zqNJ z1rP9)O`*I)D4Vs}Io*YdC<035??3 z11=UcyQGLUs36t*eUH(g6J=l_o~zP@B?Z}76`;y?G4v)!~3GzvBA06B8Xee<-T z&4??&ZHikOMQask(L6+qpENVPv`|p6fEW)IkGbRZCU@%*l5aJ~iefcq^&i%E0TbOD za}$Ioaw-p<|KaT|!=h~0wqd#yP*NI{5D^gR96BWgq)U-*=`IzemF_O-?otWq?v#$9 zrI~rp;l9^;*0a|7zF+V5vdyM5FxPdRd7MY?J58mt1@<*ua=+pp?-zf9WYSkLIRT_b zfSL{y2IB@5BHpiL%(!~S?ZZh zN}sG&tMD&9kVZm1^X#?sd6iL=ZG+xU=2kXqk29898~FyNk<>bi(tV6N<+X=$`Nik? z5yoY!zveJtPf!C~Zg`*CPe0(^{dE|m0qcYj$i|n*E@Yo3Vt7Z*6r9ogJtYNW zNMeS=S<3ld}5@{zr?!e4ZE@?U=XqJFM9SEKrh2klB_ zr+&lGOPk-jOydsy+rc!5atlv>S?F|2)cSREWM*yW0Rb7AROLoro`CcA&=dy(dD^4X zu7SjCa9dm0*|IlGl~(@6i|m5~`)}H#L>CwVwDD+s>@Pp?J}DA*9=XfYJ;0FClRnk= zqYBVx$`1~%IXrkjz6MGn>wcpStZ7~vwnt&KS7RO7$|8uN@7sKLRjP!ltZ9+7?oPje z?0sHMwFMRfpJ0V8>qhjOAJy;S>;cpuuXH%I?@`sp&->f+*&lc;#u+S!l~Mg+JF};` zB)B*3Y1(p%iaCCMNO9FsACAP{1%Ff0cs>I1SF?)(y!KM=xU-s}52pDj{;=@YL7^HP zT=sDXW^SYm!)mtgr}^%IVxXclIx*by@Xz?o%*q>*!Xi7S()KdQCr@@sbZH$dt7sdC|)Hn_g z=E%E2QB*u9H~K;4{jYh#X&_1f9XRJBZhuk{#_Zj9$JCyQlsj)6Op5MMPKd^U(%yQH&g{pL);9KcN`pp|`0%v&!vPo*e=Q;}K

WBq$z~{D4X!pk| zkS?F`kC+Len|jXetd#8UO=HA~DSmJSsG9+Segz_jf%& zL?^G+K-g+B!$2{~@c^lPV4lq4DTT%tE5gZRUct%3eOO@^R@{EAZfPtg=7;-tAK1|) zeC~5SVUQLdi)!v{_$jRSm@0Wg*2ixYe~@26chAq1iA{v4cYs%277K*V!p~CqzN>!v z5=2-KamtC(6WeC$;n_=o$2T|cj`e~2fK$5f11Fk5#A@m)&_c~04&7~;ul66XSUiLX z;72cP1*k0-P8-)5S_{YiR9G}!rsS){z{>0cTAHIPCz=bT96%1F@gKy}I1qayPpC|j z+Vx#&V7biGS1ZQTN~3?9fQTD$kxSA(qUU`$eQMkGG_(x+>fx_ ze!I6JD?=Ck)waBLjYf@b0PlSf8q!)po<{_?!J6B>Y*3@vUBiFbjfZ7v63T~P0uXRM z$(R8*Rh83lkwWa6g6Sx6RA;?)q#8n}{3ai1YP~q={Mei4NO})hwN%5#wgGm1$$tV+ z8k_XVo*jy>QM-Yn%DgBB;wPB&l$hwXxyPh9A>oY-o1?)+vM)|l4iDd!aC#bjnUYg;d3{3}0bZuTC}yV0Cf<_gpxUx+L<+N#`-u*&$QaRb3FhS_8U` z*PrdRpHXqA{Bw3EM;(sJ`F!^2kaJsNB5GO{7zh$jj z&`Ds~D@zoj_j$|9_YtC1a@I&;Dyd38{3$3c{+?TOjnm%r51uZvC+1)SP#)7suN1Ql zI~V0j@#?-JP!^^@Sm^3%#`)`n7NrROm@wg3VQfTAUpJ8KX@MB41fF7xU8tq1fc`iSd=?tK8)Qbz^`5qHNKyyua- z-}sx%RMI@b-`v854ZBCuKdZn0MCJWP9Yg*(M(jwZct>0FhC7t{y`>gkmtlxr+q)qo zEA^2;irKB27!_w7p0Png`hBEvyPB9gXWArsH1v-jap1PgokUh)F!S$Crd0}v;$0>3 z2;WklUcPUvQ^dbyE;I-yn`!n2@R68#)O#WUdz*ZIXLr_79nV2BLe3!n()5Q!5AO6l z&xqz1Htl!cUz`s^sjiMs;{+#09715D0p5QTz*AqGah_Zz?K{{F*tNnF_Ud+!6M22h z(FD;EqfEKvmjDpaC_LdKcOBolh(BEEO|jZ4VStPP*uRQvd55xnKv9&e9qfalSrxsY zzlY)>tN1*e*TX&l+NB2IBplr`CjlTPaM*m)eTxmRJf>}^?Y*}kO{4ch7Oh>|+)CXn zBNHnW$I7hdvyZdC*Mo20kWd=B+t_hW5~Xu^_8hzCTuIf_H0aAjr3pp%s0Ur!z0GX^ z9Chl#S8wU(%DND2Ck^yDO~XxI|4F&&gcF*q1}~*+m%Td}ObzsRG-$d#9y$;@5`hC_ z_Fmn)G?Vr}?Rqz$MA1F$C)de?A~sni^vGP&C(5Aqk&88xsd>(q;D%$%7SC&8tOOrH z*gUHga50RUdb63eJelMH6X9s$Jd6A=2o1Dh32hE&MtEO@1@M7o1ou93jxA2%JSI)# zdi}INq0z6R(lPWeCs&3LtsIWr00Q2VI_yWC^636m?T~P<&+;}NpD%HKu$U-U=1ao8 z4aPcB5Q-iciR(6yA_g8Fowg&Ro5T;Jg{UQfo4^%0Mui5iHQZo?u`yujh2#SK&dL#_Ks4)G>1xYAs^F>mdDFL3MUZ!4-ZbeR

aX(-Aj(S zmnJRsIi}1|ef-_4mm}4x!xmKc&XeaFl4OzZ@GJug;5yQ$W86c!nq@SgqKJ`^I=e() z@a4XNaQ9>_9XdL9*5QiGaJg|8^CQmDbJknS{fRu#7d>(Z`8@14x#t`YKm=oN(iwiV z_4L&hY+?;T?LcuRu`OW_8QMT05E1?3oHElOC_LfFb=G9hD>?JhUV4e|c%;O{?@GkS z#e_BoSB}Fk_|xK<&9aRYfaRG1GJp2R{L>-qr#ZFoc}F75w`gZ56`nmW3n{lel^*~) zAP~uN7Aqa-3KKEf47zhg{`rF}IZ;s{j^)E{_ocTOc3JQOT0TKpS&hLh*Q~gAi;Ld^ zPC04Ebe{;Ix9`&W>-8IgplfSUv!9V5u$2)!rO;W|mt(QT(J{_nM@H~Qzvi$!rX5N{ zO+#1@wCcET_aI|7eBK<}jImEXj5@9?OM+Im&0>9Q$n48d;TYJakqbRF?)nDPv>^pTrUZaF)MqTr&Yf_0#5$J(>mb_J+}3 z#os>8##x+f5KZe84zWIaZ^QUuN@*e|r<8i^{as#^Us!C9{MfNdkUSs{?eW(>09X@p zPZk+iePuKNLf>{DV@vG94luHP#w(_Jk#M}RS>1ghbu=1a13=guMd2c2McQhYXDfrl zn+|H5-wJq#lk4wT^t_7duFXIwM?i2iv@Lt;2Kk(fZzk2pA+Kty)H4y7elNT!T@vMc z;)^b3FG9U35L$R9h`EWZ>}sU08Gi-JRA>>sYWKE) z7C!lX6726SEoCNHuvtZ3mO#D3|1F=l#Yh-IVil=}Q5<@#eNPV=4eGF;zyC4_0rLuq zSSTJ5GXeb5$oHSDi)s0YWkbb#lbamPHpja!;;Lc@tOG$#J2EotB#qZFmx;zV9s_Sv zVNx+k{BNkgSj(~e*VnN(-Q9d*y2dVtGhYFjT=4XL&uN(B#=vN*_o360(Q{%F5^_&O z$J@P(RGm!<+2-t9J&l{=;+7V;PEQqX;92l*LRJkhx@tkxJ z&0Ju|+WUlaHzSjf*a4eqbh`8*amqxFVP))7DQ2xWj2Yp%#qVr3tT+7Vq^LJOGsj10) zhC6Djb-zUne-5s^y->_KUSt8MH9M(E;qva(>*7AaI_fzZWyY`w##XH9g5Mb7>N0e;HRsMNZIeB?d~ZKP;Cw zS$3XEt;FB`gNIhBsQU#OPHgN}(ld}0XCCiCrEr_B{7%#%>UXqWQ`)qqDU$EXbOXl4CGmAm%5 z6*RXUv2ib(eMSz-gB2~O6H+h&miE$Bk#>KLT{+69tJyP-UCibpN|#FdTRp?y{JH^P zPA69_tep!La@2#``xaS>qxBxB*;|lgs*OKf)?wCi=!57T_@%3MI-^!M*Vbsw(OkVOdiM7B)Vrq;ISJ+jLNX^XiR zUN~g6i*DA|Ptm!s>whj9{2BoKxEI@xZD=CC`EZ4pLgx2(N5FBvH;qC*^EANLd_3ta zY5AB{r|Q#lPR^}P3cIR{#nLC3QK|*D^9|~aF3^XIpDG;7YIM^Hz4;A&kM$RP_7b`Z zfO6ba91qB25qv;ff$(OjW!6LrPbliy^0hb5yxaU+kj*>_TQuA3+VUM9*9>EVKn!6Q zS84EcX3fwX)>)UM{gb`v7{f-RLwU=gwxArlUQ~Z2^&*dn)^lI>g}AD+gOOkjGS~S- zP%ko)E{4jU;1<7ij7%2ipaAGTSOHx~tz@SSq{Vqh!*af%+SHZj+1f^>B*?laxc$x? z&q|P^^2nn?vjd)QA6lp!S?rS5j+x)i`2hMD9`m8dfPjEd;q^-|QN$&#M@s9}GLJ0`4rtM7ni!tyG2&hfu)QB|jFf^sJ!bma|w8q0MCR=R7tV^Y~Y$DKBa7C6q7Q!r}I6n`ASy^I@)Dashxyzskdn4 z@rI#U`FmEB_;lNO0ivaSnR3sS^9|#!QS9J`b88!&>U5~!*-*XX##UcKB`AlM?w4RE z4_`yB*QL~}ChB_kqEp}VdUu+$b0I_vL6rd(+TX9njdK8>R8@Q@CtQ~eL9GJHVB#Dm zsqs$_8I&Ugno6_aIsUA-l`1nUq-;d7{I-BB^~eW`WC_h%{=Xuw+Pt>f>an}ogH=THYS^OD7u0vKOrp?cYXILVBrme>VU zyM7a}H!_r$6%u7{Isq)UjsD?Of=V2-t|Nl`-m(Zk8S>4g3MviF3ULkQtHRcScnM7W zoS~pJ9~os~IHULFnzCLyzmtlg4h@-NY0Dw9_vtu0m+7j}9uxV(!xvYf3nwEx`=h-x z1SI5=bnOj&eh9hwk5{t=l%jhF#0TA3!LQ;8>uv!0eJ~3@AxM%{E>Ak~e?z~KyyTo8 z0kjk}%}iaR$McgWkL`Q`rk@nG(yC2{$CP3N$&$Bk8b^r8#jcfrc85+P;N2GXgOQMdLfV=*9@9vW`0saTsM%!##)rs?pbmHA%L z*2z(b@-0JRs@L`F#KT$Flj}<5I;X#!3kVAqp)8O%;b3I~8!d`94>T}pXrPpNex!xQ z&KFdOg|DXmwvl>QV=zp%%SxOQuoV2lc0R1Ldb4}h&c@)UxBG{0;3UcWzPK2{sPsSr zK~|LL(*G96Zg{T5qxpa4;jal;Qz)r+8=6d?5!LU%Uh8eYakbzZ-tr{J8{QXBsj8Kh4bCOd%}` z_2FkZ7PD9`Jbx^^+m*!b=@IJ9!?!sCV)!ctlXK&E2eJtBj!(ogRR7DZc3%ib%$%t2 zJ2W+eG#x<0m=#T_U&AB$jUT;ztpHHQ*V14eA7-6gQ+n{fqh3oDHV(xhM&OeFbG7~5 zOC-R5o(0bBb!bFQake6;Wpep+yTDx2ZCUX>$`>VZ^7s3R=i#*$Vqc=GRXFH}nE$b0 z|8Xz8H$WTRo-AUpD^&>FaQ;*aRN8iZbFEqtgmHK=Rv>ez-L(nLXL$OWRsAmFod3s_ zf4@OR9J-e4<3s0i*;eT7^X9*&{a6I)ET|lX5=7=(W**${0XpZuU$rDkYk1+bU*6P7 z@D!oU34#E29)OTthK@5|Z2``S1(F_w`|sZ#wqz90^`inMR(#`9TC6=u z1Q|DQPA#Oy)dj9IT5s57IQ^HdGN!wuLbibi2d^?C1aq)rlkxVy zTmu@w_*yR{oU8s7?*fe8l=uuvB>!I;2HI)#5P@Cv5v?}k`yEomh*j|(f8uzk^$_&$ zb_4vcf1i;dcuR!IgNCQSA6JR6wokGAe|?hvIgEd9LyGH;0a;G+UHssFk+{(j%S1sulz zHet6Pl>oXp!d&?Gm%RY}kTyD?161}r?HKhB{H3m?We$YSzkd((&p;N`aj*V2%H#jo zsff$30ELP?L8BRj+lD}PH1|cig&NbyhwtLS%0lL$|7{SA@Ih1L0Lx0&M6r%a7&*5a zHnxTIXUwmmFaNVOV)u5%!kR|S*pnfp3Z-wtQlqregb|?7IQddq&myn|eA%^>+Qk&} zWonhKk0;{wqZ3`COX8n>^<@j0YeMOPcz?7UA6e-Ii9q!D5s8$~n(dcS_5~eJDN8vt zKqkcY*y&Ol@dHg`(XhfZl~PTkrtCA#v0}AG^SjZfuwcgxoRChxwJT$N`}HD@Otq0K zmNEF^*RLY2nb~LTJ8;8^E6vlZSJ5XIJ(oVc9ygx}nerWskXj91j+|M^9iG)ro)zYA z!b^+xCkeO>Mh;OQly0Bh`5!F@=qH@vq`okdw4U6{)IZf`jWVB0YjbZ@W4)1sTYXKS zaTT4#7Ol}HhFY1OELN?L<;hET&vYjaS$3{ix8QadSB=?lU+qOZIXE1Y4&Jt2{q#EK zR)qpLH=~C5TmzD`eK`AnubRC;^Jbg-qEbE)i>*-L8rzazWC@K7ezpe zRiII`Ext{$!jTpya8{-Wy0c9ZgZZr>GSq-Jy)l<@5 zjv@teP2-#}UA8IA9`ahfr(FcUPs<29-%)D8!q*;<^m05+uR8o~+|gC874BcrS+4G+ z*Q{x=V)^n)4E$SE<TX-j?eFwhpYL6+m<j^B=ic270qvvDPVMV?>~Qx^nU}Zr->n?! zM4pH>woKE}4M!~+_vv-uHs!|~t6O`+uQ5`$rUhzdjZ2>S2(Tvsa!W~2$cDVWYu(9Wa6-sr^ z8w*`!^W?R)s&(*4K9X#oXQ)1}ZU`WLVwV!QU-N}757h!yX zjNueY8FXTucF{^28YHFO-rnx4b-W6(Pc!a6lD0SbxU}%r%QNnMK|#S- zwj5zSFIIG15d9}ToV$0qPO+JjgxKT+xp|8+V1jv@biiN6WOCt@%=0%Uf+R+6ivXa-jbvoa|Ozno9s`^-;s? zAHl>>tP(|4Rf0u|d&vZINkH*cGc{$Lf7i>}Nqr2uq`~-K%G7L4|9`}ekdWnYwWf0B zq@hRhg4>#0;xm`Jx5EE^QX|g7lrN%rsA9gIyUBX7@h^=8UF;|ssAV%9H`q>5s_A7s z75l=qdb;^u?+&-`?@yB|W8yJZa(!6RQ{SkIJr$hl6bX%S5y4*1Dq8t?{MM?EO%%KzyPxVDZq!icAzGLbOu)pWQ+{pxAS*H^hMp>FFKWp zD=EqhQ}36^IENR`J<^L937@rqrj{E|F7yr%D#%yj%L{g)IR+Y=SnwiI>Q3QyM3gh+ zq)6nX&;&TD%-OcNBPSu(1m@6uCvcapV;mPQc^6^NDlcfeE#wbHqR6BNcjyu5LOWLd zYNxX+bB4ZwJb<}o_w&-t1A}HKimB4w(4nW{l;z0lKAP3b+c^33(dw%^N~$N@CpJ@l zUGKL8eFV}$JUlwhH__*Ojs4QHcQ^Aj}DCJ+gKfa=5)o%GH;A+_`FcDDC=eT}%(Q#+8bnt9`BwQCb0WP;D zwa56{(qc<>y1Im#I&!>uGHapP5YvG?B)Bw}8SJ^`w|T>B@{3rHaO`zdVclV6%t?3Y zb?i$WLEB@}((F$Y%Lv9>R=tYg8jDGH3Fw8;&OQUtToHiuHt^DjbHuTUWF5-9XY5A#G>%vb4Txp2TC#`FDg;L1mL^i<;XsudR@ z;ixn^T#EApM`Pb>a^@k|=37V3MJhzu z(|EC;ZZ^r=G(_$8F>uMF&3Ts^U`I)Yn_~smEj1gKT@7koHR{ThkBE*!?Ww{k`M;lG z`1-;vX*BC)_;}0kIl9z^$rJ=_u~e3X_+6f+D3KBkE#8SUbcu+p|8T69PNl07Ye&9; zIaAZYM426*QXV($_Xg5{w>kZ754Z8n*(dcvf?=s_FbQo z0`5#y%c2w(oN@}ipt?FfXlkS~kP6_`i2(G&GkTp_`4FZ(;cZwzHJSkQlSw)!!=Gn> z-CN!uHTC+S?Z;a~y@x5IEyv8jrB-vl*nDHJd5rIwA09)_$h8#96bFYgCl^3=k-fQe z%Hx??bv~>ZpOMJIHB)RO6R_Eq^!a4HcwZqE9HL2|Y2b?OUiqR-Y(4eIu^QWT>uV{w zGX5g!>~G3rz_Ucs^bC%KpdVie^1H5P`h1E3q!!6InHS=ATV)A2r6RV z@&3zLj+$T#O*XZNyjVZ^Xj&!72sT)Rt!=`;KU$Uk#+Hk8G1M;icm#(n-ieKI3m-3d zM2KJcnrt(4bl?N>jpxWOHU2Rnu6Utp$G1B*`cC8797My6$=j2K3WuMAfDVJ@ef-02 z6}t9nyPD>~rs3}k|F-xSLVcf2(h0l%NKP=53#IcKUh&!HOylNN9ZLa85M+|>*fk&= zBT!b+zT8 z`@=!3$sf;$v}Y(Qt5$+Nf6{Q0f(J|aMQEZ6lm+O+P0}mr7r6*_cg9O)vSjXN#`(?{@eetB8{7Y8uYb# z!xQs~kfChhg!Blv8l#E~v<~x}`}dMbV@+{~t-Y8Y-4L@`Y@jHyM&ZG;6{eK3NZNtq zfcp*XZ2or7yT6(j-0W#Vr5#%iP=H7C$GBiy*K8E$yHQT1ve4H%8m#9?#z5EX{K^$@ z!LM(hJJLn0go6hB*Fp+6DTLZg)3WWJ{s-%H$zcrfNkE7wDN$oe65`X37TWpblf|=G zh%Tn;{o*zkW#7&vyMvy0=iE8}1hqRcpz@LMqrx%A7teV08=cbIkbGB|M#5dG5cooR z?VshItcqRVcuglfa~V^y`AVR=&96Rl;qR#M46?9bFjnhYtH6j3<`-;P?AP{>;23rR*spkdDE9KTnN)#L#k=yvkg#bRV+Gx0W*K|l41K6cJ zKw^~LH)3fs^#h_ErRF`5KWRPGn)DjI!r!@>d*MWRDTMz1J}2`LzGYCqD=Y#_6I<}C z)g);Z9G8cD?ngur-tDnsRuWg}l2(R?N5k?J^@dvhH70M9LWo;IEs+bQvr z$DbWbUS#}4ZrA%a%|`qRNa-);04$7nKoVK2^ZmEbOq9C`NgZMu>leqFANE4kSL+^D z;^7lL!0TX!PW^aXoxF)N;4ff{W!X;W&~hLoeDxER=)sbVZ(rhI%vl{|N#rFZzDV5m zp%p9h4kcl7Q2r)WbW)tMw}g7x z1Zkc>2e>0Ui}>(B50`yOL|}nM6!bMUUEKI;K$y#=YOjgtYWT)43`rN62h|#L>RuTG z;wGS-J;L9G%Y=DrJyRZ!B~bVZPL_Nam(XTo}u zId~PCa6HYlwZAC4i_u=yt=1)JJy#XO`H0&6fX!oj@$5(vt>WI$FZRcL65Q1k*tU$@ z%l_VvnNN?3l&dYr$Ec}EDPYw69?47`0T%^54judA3N+EDf^KD6BBDyEJrki(9-Ybo z+RV_pWlFJ#VrqRs2Mwaj-R!)y^rj{+5i|R=$BAwaN+HI(rJA)$1sm~8$!*$X#LX!s z3C~jpG5tJI!X30X?y2ow=L5&3FG+I5$SwxZ21H)*BeVg<9*@%>%;=sOwkZNc_lJYK zI60LM>iSsc?wnYC@OrR{(#`q38nhLhX;!KWm954> zHLLrRpGei$87TRFwz4?hIYXJ`(?Rf4$LLgB8&u(MgiJ;3NdVv$O$QNJ_q@|S#5S{W zzu`-4vDVpYz$)M}s>@Htvf-o@! zQ7Lb>(j$5=rX))$@tq`?7RlQHh&qVTqsLuU|Fb8%3BWqzW*&q){gxzwT$NJ-IA=zG z>1Nv;3O5SWgnMAxHFH< zRp!2LZqTWx6%{=-xVpSNA{XUh1i=k6-7M|>TF5|p@~&R$dr_8~+#SZsF9m*#r<#lK zPMyi233wND@@4PAvzEiYAbynh)h(la*cm|W#D@A6D#)aU%FRY zMa)jU1K0DC$grSexmUi}>vV#GN&EFaK0ekDfXEus+)AP`RVhy7-U>ava-9~tZKT=zoigBKx121YLPtYW-$Cr( z3x4lQu0fVW9-AIWoXgzP{rj6aTtG$Gp2$IMm8NsNv$1i0xB_k|m71E`nHu6EA#1M& zSfA6F={P=bkB@q?aZg%zHQF|Yr_AG&)99o2F#!j+bbC9gH(#vF4+|)t65Jb)#x6pq z8o({sHK+-aMj~b0HpOO^=jik_m&ayC{R+{PdjB+1$G)K<6#fvA}`E_sOI;cKBfVM+lqjt?%Xi$W)aDA*KLp3c+9g zK!*Di6bitRE!F;4Ud8(nttK}Plece&!gv8#D+kRQx`0%J#(z4T{_<%t`X!yGvOV*8 zP8wP3zs^H%rw+l7PBPnAeaA0I!bQ%uu=9gJmUMTTbns3M>n{)q=Ma3O-8)OLyGULc zGTG6-C@!)3dw&gQsjR}+hb z2tSr)S05~IB=u?&_w$B`hjc9OK6|g7{~0kHcrZc99%FT?C#)kbCd02<=iph;`(nEv z7($FwcwCkXEynoOHlrg`#&}weH;s#RW-?yi#e%2F6sTrp>}mHZOMNqb2Fg{jvwivc zbtM0l+k-e+OQzZbQ}sg$|A@bacm`QO%&jQd4iy|SKMw2KnZniLGZZa7^u{4$}(`yMX9VZGk2dA0>^YPgkr*_=`u}US(9( z=B|kuKm#5PO7l{1n9&;COL0%T9rh=ii+9{>e}6qQ{R4?Pos&U2s)fLFfux*)RhwK= zh+6pEaXo_|YSP5D>FMcJT6oO%=BAq**AOO$<4l%p4M__U_o5k@F1C|E>JORlmo6@B z6p3a7$tFJ>CEjw4mug0|!snX2?{qymGOlG`N!d_GCu(-athOK?Xx3FzjTo}w)mLoxaLQ1kdMJPQT>xP6a#)9f6azKM z9s8L^$d_wwV*(`sF8|um%vnsQ-YpX+6~`TUPF?= zSWI+Inx?fW_GZ)s@j3fi2|<{B-|_>R;qd$90(n#-JzZ3|$x&a`s*UYG0)u!^+J~@T zwCh9IHacaHfU~9A`sb*buN_^ShF2+yi4N4wHl)6WKsoi=qZCY40*0T}#sv0&`A>SR z(hjq>`t=p4ezs#+Ywat~n^#etDw0X|(7B@C)@n^o^*WFN~=ohj1trbIzt<;XiQW zfO+nYK$jcznnH7n{oWEfPtheNHbod)gR(n_8l(y=PMR82`3k9+`N%H`9ln^OL61A|fen8Ec!q#eVh03M~)~xug0`N$Ms*QuQklDbgR6#rDum>WMmw&dDY`A8P zfHj#29s2lHZA89`!$^6V^E*F|F6OD6oc}9?WVC0HzvHBHnI?Zs9KGuMq~F$${X01< z?`!Ino59M3@VhC|?eQ#5V9ko}@Jd(W`un|gkgtS%7Z03YfYT$~OD4-W{sSTRN!pib z>x5iksyvq%Cp&VE>#Qc2Lk|6X*Lz)%b621~54%Ec+O@Z)T3sZF_94JeT`ao9!k(6* zlJ6CWiY2`ZOkp>#iMfv5y6xfON8?2=qksn0HJ*U=_4htW+))5BpUc?21reajQ&c){ zPneobelhOan#XU+gnM7(_69^tYnk8E=QKe{bHmC7bbg8k2C3@y4Su+4Z>N#pj<2n+ zTee1ZwJrkV;_Ol6P8QiL65s$1{=?-aN`n_rFA)FWn%~O*^-oXxae7}&mdViohQfT; z!ICO>g}YL=3!SYIj>sEmd~S~uYC3mw131mhFGKm&6|PD=opvN4R{Q?HFnsod(%`?7 zL|OWcy6Djf*p}Mb>2(@?I5F{w^V{lx&6JFdZAKUH4d&D0)ihx4`{+>gdGqCZ&`f>J zSBw*=w&hY|l_SoE3c{chY9}BVdEq&jtvX2K*AoUHLMsA^R&E8REGRoMqE3SOILjwm-WYwO?4N%V!cX#!;nR(Ka%~4q-h<%5Q|;%zW<=3 zvV~s00`u?!pcgq~92}m$^(2tf&6$3%q@w!7m(<(CWjXEkoSA3t)l~TkFQ9Kk_F=TT z080ebdG}ts4}Kq{xM9Z(sf=bXLSo-1dacb;`l4hynuEsDx>gH-Iv;L=F?Bg38oAgQ%qA8DQ+ z52gsp(9tmnCK`>wxIO8@XgEWKb|%eM?2m|zHxGSpqH^{4!%eTbBUsRTP{xrtxg~0q zOKqjdd}7_kO7zu<(?$Q#++8Wpa?X3TyWsZiWhF*+*t58w!NqOazuP_SM#JN1dh==1 zKVhQ=q+;!5yhCkQqHG<>*UiIAyVKm@YPv!hgBP!dl&lsXN*hA({As!8spBgK#wYU) zPLInU5=u(#FB$QMGlY{S2W{LL9IaFqYD@bQp?&PGszTB+Sn!)x?dbYK;mS!T6>{FF zQ1we4-XdK6xx3@3%I%)h?D1HCWPuZdCEQ3Sc#JYj$nY|i_1o@8lGk)j=iLr_+8_K( z+>Rp&(l**gY*m)(!+XN~Z#-ix?H&iu2FB8se``5)WxaABspYtL@E)f#|9;@q$J^5I z3@=0ftZU_tv?~}aY-;0~@w!)Rd2znFuiR;n__gxw^6`*OAC;u#JL$En+-k;e$p(^N zy28Mdtdb6`IZMo!if~I+sD`Lxl4E9tm@=Q>X@QBt22d6~Vi3qpmFWR{Nd&(uWD zRiE*m2-2wqQfDyu4{M=i?$;!NyEdD3o#GYt_ zl~E!+``By|Ch1Zl{tiRTh0prS7YqKE_YwM#Yi8!)bwz$Y>r7b&KDQNl_x7DlckKGw zua9kc9}lGw64U2^BuX&Q+}w?*H9P-$YeXmRHttro;KIC1OqT zZXN7`M!1d0TBC6F>-q>uYxP$P-jiXsc3>AxeNx)a0eZBQoX;KUzsJ7Io zH;=oS$|wOm`18Jkip`dky*ANZ7X5r5%AGGywlYIKPu!X=E}7>fI5R^rj_ujN+53Ba zhiayp=hOgg{|+-D8s{rN?A--I8OIIwm2`r;Eu-k@Ir8pHuE4qatCiPfZ0I5C=qzv) zo!{?6#f&ToBe`$==+uy)&9 zq<7Ea&1owSi+I}G&Z>+j4N9cX5mpt@VCs7^pDra!4k~$VL?$E4gj25c^#tuTrgVl; zYiv7wFBiq{W9Xeca_~c~?%l#lLi==WY`>Cp#}{G7gd@)A4!4rP3~9 zSJ&4LJ>RAXNTH*fv6zIoY)yr0Sh$ewM&v4@gf){g|FT7L%eDJ7CoX|;x@_id5&afl z{3~1AVuWWH$_ehcNXscdMXaUq(v^5C$5ce&gk%LSHdDc^YIcX=BCY5(FA_rJdF+t_ zFaYcDhz;S>IBB4i9p36>0aj|aAp^3HIBhzt-O(RcQ1D&bFGU$wCdnM9wFI)sw9R9~ zF`!o~g#5-f3MY61UgwV~g8%G{ue9NlXa2|!q?<1HMiX>?$SYMTq$&P}VEmhQRD<(Y z_f5DD+>u(rCOwEQRP%&YwNy>)vHDwam%9UL8G%;@B(l0$WX>UR#TgPosumYL&Q-P& zMAbNUh){7Alr{OV=3T$^_ChtGFArMsSJjbxlaOaCR41V~Tdjl3M$}JGhvG7{qdIr* z9UmXBiM%|=JB2Ez@08RBKm-GPBDwsLLl+}LAhI`CCrg%M-FZf0`|rQ}z%WnCDL9Nv zj`;ag5(gjOY(Tl`$K1yd^2WSWt@x9eHp{*kMeFD5eUx z9up(^t4;MW+9VVo0{^w2q2CYS-4yk!&H^~^lOkDj!{Tb)aIXF7{Ekdzr zx3)joJyjSO+Bw*AnGjB`kQer4*h?>*YH)Q@LjJVN(DdlS-+I78Q+ajLx73>i-{$#n zorB*YTTYtV>lrxaE4tPj?g$Nw4fPG6Ny2qzE&}0k0;DS5iMjeLY9-``mZf;NV%SAh zO^unB)=x-S_#y#5dXg}gMlp_OTxG_adc`1o{Dmmb8r^z-q0-RP$CcI&>P^CC(19%_ z6Jb_HHJzuaDK8YSp3C~JZNm?DQmt}OhYO$MbUWIVH~on4lsP##5cAY@mQbl{5q_Pt zsEaOg==rp8Xtk&JFrbIJ#8&t1wIZ_nQt zeh}jB9pbf~DwBjqrSX`t4{921`HCBr)y?~vv81kz-fVH=oe35SxI2;#DVn|;hpGBnQ4ra=&$mso@^U+?T zzM5c2O3trR=@kV^(7V96Yj?u%&Wzr9951Q&7C{`;#AB$oeQ zOM3Z_EG)$1M(O^a=IuQBxiyO3^e-JH``7FpiZ38?I#C>vUD|r{x#fJ@)4*Awu3Jt|0+7o~WVwb?+immX)}6U8GVr8e>TsZOiNSJ=(Dqtg!6*-PtPk(Jud zE_*YISzU@53<{bDgTOd&I#!$@;gLbKpKYI=ZD=a9j`lUr+qYMZ&R+ zu2q;*Ru(ycD5S=vIEeq}1TQtEzdQJqXOM{~*zw$NQX=dO%N1$%9ICQn9IYxW%>-uf zP-!b%>gMVX!gkm!ZCzK{P4yOn6zS%%aofzq*GP7mLr7K4WgoK|RD@>M+A`VMvFnuC zGgI-|e@YDcpep_wIZ@aZS@R7>5ZcRPo$7O80z&)|N*mu7eM*)~D-vPk7pfrgyxBKh zIdk=M=zB-6#nq|4lrf;zJ^_yWCdO}KEiJfJgG28ZT`z*UtKN<42zZ=4;KsX~?(t`P zI78ys$rVlIIo#twg@DzdA)u+bse5!ZYMouHPi&#n-+wIKAHTzTQO*%&Ad6dlvFBpr zdC|jt?FobVTqh7=Ny9EC^`OmB`7S9lT%M<1Fv0$$pqJ1Y>TALLNd1;K#H}(O9s=l? zn1}I~LZnsoe_C!Ft{p>2USE@!+4%|~a&0?9sl^-|u&+J5G!@A)kIWuJ1qEIAgjn^e z-nU+9ucomrTCkh#UCpTjKmz_Y0 z+5Xe6<>oW$2mHA+e7yIeI!{Ci2Dfnj=ZT{OZ2Y&2rGzNvH0>jCpF0GP|&b{=CIz^YSDPgdv&(o>p!Du=$YiQzaUYlS!(QV zpk7#_RsV6qBF!PD#_nohp37Xt7nTC|J|JVD=Ic)LJ;x8}D znQV@I&3sWaotgVE>vPK9xYAsZYj@!A1eW3rUnw1v^u$MF^}V`bpCPFXl#U=D5L@Vf zsk;@olKjuv@`DA6Q%F*m8a9G4=)>vneahi_& zz@L{$^FA^JIQQsqyl)iuU(7YKhZo}Px9+no_)b#sjuzMI4bFBH=+@#jU-ndT9Y>_) zyO!>)W+)2zUcwwNFAMPtv_~18R=YV6&MycoQ6j1|QMOeP{?X^+f`y#N`W~k4@Y%77 z>ho%=*^ks72euw((8UZ>H25r?HTil08|2!m13uC*r(ez{YU8&f#pP|bi6jfqd486o19~<+VlWap3Pu?#X6yvboH4JeYP4_u0F4FR^^JIGyf)v)O1TvWz}E75Byc zyPL^$^k07B+d(pk-TUhs8x&cjVmW4ht&mps1)8rlkz-P{q>E4+ z*9Dp8tFZJ&*u}jF6CJciSC)&_fCRQvIW7FqPwr=KTeQ#;(tA)k{n=ObhS^BH@gaC<>WY5{n$Vz9b2{K#P72v!03jkbkAH1 zJX_5Ch)Xf@6WiE)_!_cR$S#t;EP+`rx#J2ST<}Kfeia)6_jNHdHS=6NNgeVeR8c`D z{!pmp>jKx5YBoaMsn)*}Yqg*MX)QS5Q?MV`76GmQd;07+#fs*$=`GHyG(fG$6V-3K zz1NqJu#XvGHsCohV9S%hxu3itG;Wkv#`7WLO;rb%+aS^?f#ia z&EkCa%zWbT=l(;I2nA>7n7Vm3&RF?~5Xpz@rM;kD+v;$|7GG1=i6bv-igPaLPsOZE6F)V!@7#Zl1A1^JV}{>!!H z%$QL0ddeAYbNN9dI<8m2@bZmXjmtw;<=NR;vkIy|X1Z1O{_n-aSf9za)Go|jlDD86`5E(tW=Y4YM ztMCkPXD*zj>;36;OE+ppcR)B-`5 z-LFZuFv#e>dMi7k$E%M3g9iACT-m1BUaJ~a;t{K?91sAz_N+<5$7Q8-tupN@_^Ez{ z))N+%HNv#Z0A~HG9!g~o@mDcOTvg$vi zX<8R>AM`BcAj_h0gTtAeow<)%&RRy%o-LjZob?8k)Eg-AE%UkW=q{Q+CpYw34tYV- zZwTA2Jvw;wEA8g}N?b1!aGFygzzfM$vE}|C(%p*&Kx!!Zbuq{Nd4+gpiGL zS=hh=JG;m5^tz|dWh-1piGPj$*mKPL($P{`9ap1Nw^hvGcw1A)@OE8XvHZ5kbKf#-32*KMmMnQ~SH(R2K+x(w2&i48U@72HxqxS2=^o6#ibhnV;?5e6U z>p`M^4|VdQBw0^g4xJ~KOpf#tJIWZ(_rU4Nf}K>p2z0F*EGd~a<2=jLsFqYrXApWy!=y52f2s_%Oj zKeVWbf`TBWlyr9uA|)+|3@r^qcb9Jik&+x5DUp)yQgFzj8HSby32Euy=KcBI`}w}^ z>t6okb>^IP_Fil4XFcoL`z!~;tYzmp1jX&f2;T6o9~t=l_xGmDwjZCH#}}0KgsEl@ z&txG^%ajS!BVc2xH+Df~3o%+H@B_Anbs zHIdyU+qjyE|NQZ~39=NFDMx6j_b#di6y54vt;7`cjO&F|R(mOVX_(A+z0N!S?`T3a z91&7>H=mowP{)ppFSdKd-=*t*}kDzzCzriSg=PMi%cg1 zB0&`OpAi&GC(_%#+9R!8#wGZeI@jDh>@v^wo9W~K^%_v{l&Q6$dLF}0#g6yd~5BR(KLJAn1yb#|G!2-+I%=YJDHZ{ zf)28>S;VI6X4b9~;aeI;g=~0f-RRZI*D0r=spehw>ha!1lMBey_W$7`svXY`IR`EU z#|u{@4v*&e?(`sRIHBO?oR!_%{D7i!J!I)1EZ;Fl zy?4X19Li6wb)XO8eK$c0qEq8JtK~CRE4%qxwH0H#`P6PYU}5XvD`Su@c+WS)Ms-x9 zhr|^y;z#8xCIyox`#P3mCAj0t``2JhS2wwdw{8NWsn@88;Z6M`6M5BsW$JVJzsRC=2> z=JHCk=_lLNQ>2B%3B^5H)4vpqNT+$WYA4RmKVsYQ?bw{T>;eyQ{=5JAB@@}bAcn`; z7p;HWd(#`)0*W@ok^>{8g(-WKfK<*(i{tv5LdEwI)+PQ}-m8hS1X$7%@euJA918%D9Jw5FUF2A$D)k!SBoS&W$ zz1ye822zgpzNx@JEtAq1{_RjD^ukaHJRr%6`p*Wv>D8b`+YZ|3yj4&jkNRYZ*z`d* zjZd;uZK-}^MFI$%*?e43^QH46xZHF(F3!7eVk_QJV@k&mMMfG<9xDNE-^(em@~pS%Uz02nYC6r$ z;ysxKa}g3H1=qnBY$aN4>A&33{`bP-%ouT7m9%fngniP_vad{#OmpMo0VCBZS)7@* z$17n~u=h8imHn(@uTmPfVe^+{d*$a&>frL$UOvjf|2#3Zn&g{# zLM#VMUf6kf8py3a7e-#8)ZwOaeX4%W26u+rYH zDp6f$qL448HJs-8?P^(A)7I0goo!d6|9u~_28F)uS~&XwH47%p!XD!e5Nf6Mp-eJZeMM==WzNKA8JQ zG2ePq1bR09wSKTmAK{l+JMCC8PC4o>NipmLe@cPQK>UPES&+Pz^FalaN37(-d)o7O z*7M}KPZz@aqpi~ZO4>$rkVSEXf5;s&dNlpxl?xIIQOYVI*Vy#D$MSQZFbda&nSyp0 zMRZvL7MM?a8HN%98NOf13)LRUed5snAfWrl$1r zg)y5RqL}!Vbx$n7F$y~@37^`<`VCfvRmxNn+pBw+I}Y{CT6|LP4{!2&#q_dsCl0l{ zK)kUN67?P0Iu<2~b!00HO*_5K$GuE9L5^d!^Nbb{8lX~3y-R$xiuN`x5>#;uyc)KY zY|W$`5e$w_N^y}TX)P1iyDe}x{8_6ZlZr8C1!a?|RcIocZ10bz)61!P0+xX~&;D;h zuHGA&`GoRDy3RVUvpUkBRK(p~n1Bt8`)|3|8#%IB7!#TjV%vIW2EJ4sM#+o? zU}1P^)PIVO5||T)c2M}TII5H+?)6gXctBFviA>6;y}dfZkYDnzbvf_Q9dWd)m8^De z(Zhn@S_y<8l<7Lda`PtAxiSRJ7<1FV{*W}(*KmH!T?-O@a=L8U1+%_#2GnDrBy6^d zvmp4mry_^YwF%8sJyqT~hR4B-vDB+02&;lN^bRbaP}t*9ez^MB2FzNNCV^nj%0Pnv zq<5sLi6+AKH%*I#gV}O$f|5a{sj=%#=($aTm0jCQE+^r;#NC>rkAKvwb0R-Q!d7%P zZfcVFQ}}%f86YEh%Tg^Qr?a+(k)Fm4o)F>rt<>8i3DOu%jDktV#{IRvLeu5J zCzh`{c}gn|aa*N}9nzjJ9z+s}dpO{xhIQaeoVO{N-AcUax^9+OJnHfI?x#0Sb}RyiP7qw!rawsdm>FuBFAQ(t{|Lf_9NJ!OI5}DGvsoljHwP1Rv|GU!As19#p;p zai&(-J>I_6eeX|5yaM10a7tHMl1`C=5RuIoTYjNpOHmrZbAhzpf)I3AB_^Lx zx+i@4IZ`jt*Jz9mI<}f^EMny2;Q%pWDnmU!B_Ylrq3El&Y$fWV-rCE??%uU?@4(g2 z4E|hKZjQWDTbyV3!N3N>Dwa^ZN~d_}p!p(Ii+m%;o$D$mJtJ{nx9H>Ucy+io#hH+L z<=>q=$;g6$)RQNHRM&{w=}8Ry$`z~e#aVZ2ujllp-1N8mX)Pa?qN>55kpu3im>=## z6^&6f9hR{flX&a*ST5z2{?_5&ZbI@uhR^lYfCc3G^<)3W8y3^Maf~b>z2-hal_qY> zn0+-K%UH^hWP>V79oL~euN=5UAAwL4jziaHf-XKtOy1=35MeAJ6Xk?}G;@vs#O!Bx1?ddviWRNP%= z84JA5z{AFmFxF`LN9HbA!Ev^fxAhh)&QUj)TO+KFizc)=Q7?o$3tm(#jjW5!vzbN` zE`~B*cee{3zU8@|qb48@!aIq$0C}TeKFoz{m_m*7L=VF!#j`dsQR5_aoHWyvOF81{ zaYD{o4{|5k=S|pluGc*4g>`YU%X9`faZlc862;WA)tb={zE1-Uvk46p#0rymvY+~s zhbi=`*%)f#l_yFa4IW2W*?AHL@ZUaM@lSwp6NziTxZ99h-^(SG>&V9TxrH^l?>Sx? zn7qEmo1My&Z~ZJ5Oy3bZ+l51m>B*nT$p1(d`L#~-P6g4M7u(@TTqPFLnKA4bw zRdW-~Y|6XQX`gqJ+zA7Q9#9KW4!Lq6_Dpw~2asRO+qp(_9SgXQ-iz=hrmhppKOX=@4n0!yF84HP@ttcy%mY{47^9+z zQG0E~(poo(af*19!NpN3gwwBGXx)=Ke;si*I2IeC-ei>*j_y+pu7Gg}k*(r8fAk-W z{`mCC0vt)*ITD?yx#G7 z=+1rNHZ?A-lYuUq$+Ls2!hwvm9~$s^uy9%FTS2b?}kWW4Q4~!UwZN zI09awJP{0p^B{XwDq7o7-Lf>%9InRQ55-L_WL*`Y!lRxWkxo^5G~mOqNl@A(iRk_m zqOp0S^wKPe0vDMm&Vv}6Sp%a}loj8h3fJdo6*Jn5iKhQxw6znQUlM+Ot?rg+7`g|1 z!Se^H`}#k9%@Pry7Uq&Fq}&qxCYGeMLty#raLM{DmX+K7@brioWv~-xbpi%Mb9<2P4=pK}b0g z+&gTqMq+QbY~^Lv)^=xA(m#0`ZlcBHu|&7GT@>9#AMHtg6> zTV)EtYhGrSuTxEGl+XpahGNmm+63b9b!-k_Vfiy@c~Vz7qmJu#cqi;J{H-T18E**M zK2e2oq;c!}&c}X`neNuzs2!&7e0cb#asgMw1UrsKj< z8H*FA^)upk?_eu2!yo9WH%2%$`u^fa(~+-O`pOnZ1G^rdtdGns3rO{qTUW}6UCU`3 zD%Y?3_9}+hmtO*JNMprvB73+bR3Vc*_~TQ#p)LA^<^db^1bENV4LjfbAddn?yB?{$ zUM^V;h6a!*QhU%}hWRhJvR@BT+;_Eba?NKP@Y#1S$)`#uxktxV_SGLs5(6~G%FqKe z2$CB31YR#&wAkJ=_NDJ97OmQ+zPL)HfY`X1c6Z%E^VDJ4w?EXsHZ$RGssnC1_1}?Z zb>D}abo45zbHu*5*neQGbCNq{wRb7*b~`gM6<^5O?vbWo9!A~@L9c0}Nx9Cq#au%NG=ZFZ}Mc^V|Zga)nSf}VdJ_uLU(0~NOL8eDN3d6Y9 zjLNZRu>5oEDXV6lvLM^<8pY<4m(f>uK_E&WqTVWI7KX{<*r^|Oy`Y{NA*&Mg#23$h zX&Gi<^@8QpdtHKPSjzMSa5<@Rrft+2O6=n-ZP2uOd9N$guC)0T(~LwBEfjhG>O$&(fUcY987l;Sr!i#` zUHT16AD=WK+&Mj3txRo<=eJleSN<1z?Qt)Ld(}1>-!O51p;hX^+QBEW@$%1?J(M}6 z6{=b1AR+)^f)DtYLaBKJ%*(SoWz26jFT`ww%?m&tNvrO&Rsr9;6lajd6Li>y_ z3xkx#4r{u*x1@$dhZLj9-`$OfQto%w6RtY3u+BGmi>D<}LirsOg+vn#h6iuYcI`pn z(yc%03`^ys{?N6x6>RT7Pn)sA*M|p*#?ROv2KkM3^LQ0sU66ZOeK1>lVSowRgRB58 z$Dm@f-Iq6rwE{ai@RdyMqK{N|Gto4**-@T^X@1xGoCXDNP*iQjIg;M&sR-a&&f}A) zAn#=L6`1^~n^DQM?5pz!f-Ig`n?Aj$^-4SQJaQY_ps!R2Im;=<3E)~qJTZ9y<)LKp z(me4zp*8Z4@|Gy)D9O=^m!7950=|ip+DB4MM>D(D2n0QezVt38sFOD3WzXx)$t5m~ zF;~mqA&jN>Tq|)Q-RZmSi}8uj*f-fOwhyj#yRe6$t~wqqqCydj!EYR06Bo#`h`y0&8F2rKIn%wvP+2r z999wdty#2oTk;C5(XS3wMkq;o#gq~ena*g5)bw#>5t=tLhZ8v@9^W5PnP9VPmg0uCM9JmD7XT< z$5#Bl%;Sp+@bYI)HY3yonfrOwc{7>zb~{~}GUuaa5Oi#=Z6=*3MZE1e$sXt^j>nQ) zN)iyUijX%EfFkLD-^y+5+A_vu0>2lO5;Zt`9r?I0Pqw>dcHhruGpJdv#Q$irXfWs3 z1eVm&~V2lS-xmw2BwjleY zxPqmrppR@X&gD}a=)SeJi=EHJXj5O<@klh5kXOvX;9JuVo``9ju=aTi5FB}G8qPWw zQgU#|N) zj;DUZa;#HY?i}yACc|^MfqBG6wh8%le6_hf^Vy59{tIKXAFTr(HIN)(4U z5rl$24$xHUNph#Wt6zK*a?1^mDwr{U$^HTPp18xy+mVrcHFywBS@DnQ-CXVrb7oKofhwKc?z)?Wbr=7bo34F9=M9#D%COxYqnDUw3F^=~`H$M#ErrqH%M z0$)_Kh38Sqg#VEE?N5L2V?ng-zlU#&h$rd~&$2tj6%gdTvGQ=Vqm4GbXrCeTT~Hm0dc1qu4J!zxQ}17 zpNSB&?C`z6 z&wP5=R(h89)T1$65^`HjOZ~ebc=ek9L>{G-SHGwdTKeof;E{x|eR=aUrn@(<;$(4Tum7GCUkKV?Xf>)kPd7vG zfRLFwA4Lw$joTJXd~a{hcFEBIVLTL0u0-CqH8uGlIxQ`bSiUxf1Y#Ikr~mZ8tK`!= zaW8#FXh_+_?}T~;^C5O zVh&$U34rpdz1(4d+tD-VtaSTLp_JS3bZm>NS|QrDf<4?qw)mwa_f{#+bL=RzaWJzi z?9wnjzvG<)BkH{jLng{+Yr*TiU%5h^uTI(mFiIKjmRiR_su4bLP)xJOS&}e6H{PgL z2%h3|F&>LcN~}vtd>FM!vnC{kbC664S?fR7Wh_k#`b6_m%P9h?Q(m!@H!ejc)){iM zadHYGEUWt%A;tFQC?8%LUQ0XhJ#eD@CA2VDq}|?2z;Ga<4+fO+lV@@);js*?bE+ZE zhQc)w&nVr*p-$T<525aUFG;y*a%a(ih;_sZlM0wLs0V4@{7p*Yuj)UnTJ%Tio7O)y zGanjx5bdy;O?FKiO#wyc$fCc8;$o$z7(upq+=6d`7U`ig-bc+{;}qvoIV;qMDGVJB;p1T^tkFrDhksAv7x zL_mZ2>1T5nxXgf~uPbgRoqn0Q0qP5W_Rda`Jp?ZIV3*?!<|l^(R`)*lshx%N&ZnQ!t>Yo`A%+U>+Eydi|UK^_rt1=6|*831tF#b`1m zC7Dz`^BS;@fI3-zgnY4g*z0P2j2wre`>xPUi=)48eNrqAT+QUiiT)TyFj@on^E+8T z7rWv;K<9!29u(v;zD`I^&f@CG&YL7GftvyJ34Tt;6+%F$5xLg#9JtT+YnDH@27BYNRsmbglqo{IRGZtCRRKC@ zapeTTjl;+!jp8kbgkSAb*I|c4hxiTkXG0Sija2-30n!izmo0Ug9{F1&IUuWv-^qNE zJcg-m{u$yA1Gy;F=&R?7QmG^cW7ho@3vecKCYALCXs0AjQme_3u$1`t=cbNl3H#9qqNY}_XYCGJtIv%fSVV{{dqk6W1 zfz~$O?B$kME7)0&_MF5Qeln5ZeH?XmK=1k=fPy3;{Bf)h+V#AedLJKJ6qYzE!(g0F z((pQI9q=Avu}hQ@ZdXm-mEo_JGPB2(_Mdy1qht50ic4Jrit*|qVXVBwn|#?zwwV2z zZh&Bg>RVP$C)NH4#4_7UByp&(A3|IheEk?Zo=iYEu z$>)~W7X765xWy$=xMZDgX8pQ(X`;{)+r_G%eL60y)Au*Eh}8OpL&R}?Nka9`M!x`0 zeXzYcO>Fuv3pN828xukyh(QE@LCZ&+uf^_w6wU~_##A$nkMXfjhxyP#tv+-c;}5+m z?JKLHMZAE%-w6877ocob>8)SV6SygS(^E+_a5X(-@@<2qAaw#c`-7a3%`$~y>#g}W zR!vKFRSQyLo4aL1+2=yrwL4bY35TCV&fW>tM_Gj)dU(POPHhGNJ;|-ttRuZ!%+pgN zv&-gl*-@GhUeaiIg%`@jTzUoZOjS}e#0g`)5Ha-SiZhm$zPE^M2 zc(qR5l6!l#(IW6f?SrXG+uM8FBIh%bfeS>JZbRjj$;4l&vXaY=Q&{PFo5X^gF%DL< z-G20fAfal_ojZG&zAA9koxBxq{1p0p&TF?-OaC>QcC`T=rP!uN#1P z;}?HCD$iVA**He6M#@EUip>a`#g}lIZ-Qr1u|Ihw81G1+5M+i>w1g#-;y13 z-Bi!=E@-ql4FF9m`_Cix==?1|rRowRC*0ia<9(ExjHblzyP}2x&F|SPB^IN=Y8`A} z?($8$`j&@*0ko^NqN#KRg}5LX%b6?2&QTK2bhQrFPYmOJI1tu|5glTEKq$_1U*ZJz zA)(cm2Yr*4zZ*jN%-!^975KObC0_S=yu(i#qUx@-o8y@F6{U8Vlp zgs+>|Zh~cg7kT)50kA)8^)B99d7Y8_7JJ$&()#Qph{gp^UpI=i%= zT1vS8pyrv5%D8TSwSv`*1&*>rv=68X)b$e%ojDE5>>HU%(sFIBL+z?a=mo-V5PEUC(GIClr|}=ofwpK}vXO;nUyN?qDUl z)mETeIV*%xiht@z>VjdcyOGmTZbm^3?gWZOgXa1D*i`S=U-s|z?0yhOxLf5CGHLs{ z+l65h4R@ZoeI$el-S)j&PMU(~rns zHci_jY^TDQomj2hzK(FBM>f>w^!865m1n!@%)9h$R1)Gqk%RPyJ?nt}xB(rC+4ujI=&M~cXo&WcRw8e>3_Adn z0alvw#zr*0q;)dkJ=R0eA6$9Yd{UQbt|ZU;{+c zjiw6%=-ua)>r&RMb$Fe+1Q(_joD|_m5+l@tOGV_fh>RThsPHwVB*_bOC!D?2SCAS{Y|+Pd^exF&3J zlOhVmNFZ){q0!sONgdHW)NvygFZjpp#de*f#9yZB26|}2Tao_*OZC{(t|ypmJgXMO z4QBM{`*341=PP`SVva_fhhx{bud#Q@RT*fS;2aeWbT~e+o{^F@r!>Hq3`wVfc6iRz zX8Z#CI-tUb)hckRDe>Tg7A$cOv_DQ&yBmcX-3e~e2 z@(i8>F_zP`)tv&FZPgDQC<~Bk-=1k9@S$jRd@&pvj!kSqz&H-1xIH`Vw+KL4RW%Tc ztkpg3XM+iYjF6fut6t1G4AO$Z+xlKTaVZRjJ;qyAy&%~kf+58wdaDN$1XGt;@rPF- z1~|9tPt12aqFTHpzvbh!&<8BI4e|PwU@zPA)CDf`Q-aLK)}14ft8c0b7mG{9H9Q@s zEh63*`R?A?+oMtWGjIXlYTWc1d!K|7w<3~YJ)JSRSR`7ikvWa5ia*0j=%*~T2{kNz z>M>yrx|ohwFe#OpJ-@6qGTu9>dG^Aim`dfH18w$@Og8~Pq{IsL`{ebYxm( zHKw-3yy2|MGP{ZZLaFz&9aTA1R6{F_;1w;1#7ypQM1vZHN~I<#;oHH13bH{-y~zHX zLJU_jwO7(X%8W-9yfD$^LR{>icW*J~bW3n@QlvCd?RQ3OPl@+y>>&kZ&*Y3>vAte} zo#cIAFfWzM$e@%1qSDhw;z&E#PG~qto9GuBlJ>aoWlpANf8u?spK?FNTSn~H-Y`DA zzUTeu94`2+0JZ8ib5XjoSR1P@Bx7Rj7f!5e7yTSNJ1MR`L4dC9 z!BDr{B5}%bfC~Z&R(g1nDJ>*s5%zY2mNvRgNs}UeR4J`ygj!x$^gQ*3DleZ9ht})3 zWTfqIkphW78d)m=6grE!-9B4fG8?w=wm14Scz~{f772_t74hgRtf6zEz4lm zN_@_mqx^llRi8-&f9=mjaTD+jc-OH+@*b^ea*9I4H46+ zXQ=)))iQ#?04uB1XQt!8<)=2Mjh9KjChZsS#r(N#@Bn&j#I*1kNuV9e($k>Rg+7)^ z?F!z_QnCA|D;h%Be*PFbb0R+>hOZ%7v=w-D$lhhuTr5-%L3#97COK$mz)n`N#1PRa z#eI-23@sgST6+iGBGTO;)+-<4CnM=HH;N#8Fg#y{zO8Y_*`VN?J7UDdI#?=DXv$x0rd6t{kkNi!RPAL9 zjzXDQTHzL8cBr~rN+>0e)`xsnAzp3&fDBVZQa{af7vQfgxf6_p=vb;Cp%Zm1OIv>8}MJW6T&<{9sQ97`YPWpvJ` zjTSNrJgwO7RFgT$^O1zZ^+}rTZo8ZLOl4glq;A{$wB8i@Bgqr(fPW%?$^{ zz|bL$epz2`+|;))*79^2iWqC(G-Majj&o-g5ZP=lev6<3KlV6v%T!jK>-6iADQk~j zrOJ0YG+(UGpOTi3L}EgJMB%|z6-^!ZWJ34hFSM;A)X`hT1uVZ&$dd}2Z`u_?n;-jz z%3TGdNBdKf`^3g)t-DXx%SNj_p1+hi{dN+B&T$sxE`0Fr-^|6(Nz4#CZ~n*tfRj8@ zh@t=7e}$duqeY$>8T43+Xszy=Gc|5nrybBcrLUvyZ!alT9>41)_~FAG&)*FtFf}tIID^^)iMW$HwveS~v66&jzYATQa;w39vyQTPq^N2o&+1j) z;ZbD}Mc<>*PZjmLv9z)5LMg+k^Ygt2Zl`(6 zWRt?--;=B1q>-Xr6C-ve1BU6BmDNg44_ojvS9IxXe-~y)y%bh@B^x4iJ>PbsNxS(p zUW2yMaFaMc)ixCD9hr_`G1sOH@c&sy`SEB+GS&R~S|AC{gy5X*QNxJ5fRqDmahGdf za)B5et1l%iWK$s1^I+z}c-T$b&uQXZL>n*Hlh@rW3SHnEoAu?h`sxE$DA;hV ze7B&a@_j-koKV8yL=UwATWhCFv-@hg4KP)G;H;vw18%NUz^D()dmz*|u|5=&7P2wF^Xt0b6tim<822=a-g-Oi&9iYx5WP~-7B{dWLKf2uU8dvE)u@!uJkhcruUW7 zHp%gd+_IGmt0GX%2-_>qYj5oBXuL_aZ;HBAR}+u|>_xjTHIgsw)}agxT6+h4;4v7) zvL$z-%JmyJ`t*?wd)GQ2O>nSJzD`{~z7QTZ->?1P>q7bGIsTCC0Db&VM}Az$^s|D= zRsM|}lcGsjZq5WZty>G*n!a*80;!j4VmCUOK67-k|0bHql}VLo3v-Z@dakqjDYnoW zloLa_UQCbFnhcrnpcF#U2Z|>knw(1_+oIh`-k=1wA%;ZB;YrRQ1lGaDV|>-%PhntrzE0-u08q=FhKvvYe<3dYMDHZjYH9@UR&VZ$T*b+u@*(0!4Er zpWyP7eN+}y{|3IK=N*`-2KYlK2OQYpfLmhvk6=}Xfv}=)4z&goZk18FRt0a(wBTCC z*5wj7IWG}G0~YuYOxj>_)=mmHcq6kbRX+9Jg53e@polmi?E=(tReXc*lk6ed-L8#!SGb$F`Mkt_~WC)aQ5>xeh>2F6OGD3kma^#Axr(!A((L`c2D8d{lIb!}JwFok;evAQZ&Uqx&K=KbB=uNPSft?VU1tJVtt4V8M(Z-tblEpPlR_hr+(GvSp zc`Kp}wAb9fyHqxOI4s(i-z(*jHRwVbAO>IOW1E3^U>?f0bY zy*>5(mOfO+O!gqQNeTyqX!#GL;*?yDRe&NHyjJVf`dwh+w^#pJ0NEmDOEP`YRzHY= zBF1v5>iIf%xdKkkurmXDgi#>)r7KErz6I!e$UY9n-iK`sicQTJg9$JH0RTjKbxR)r zJ5$*!qEZ+f0U%+a$?cF~@>3)#Dn83qOSy65`r%Gsl$c`N2k>10#_^h_K~$1&0+t&>x8I` zp!xoCmAZ@>SQ%)!ael6PcB*}HcG47g?v{VS zt=%$Xys;2}E<_%rFkO9FbjU}3xy7Uama=`r2F;bwU9%&ev%_mx-@%+J^aecVGCxCT^i!bBH4({5N8_Mm$XT8e)G zj!2uaci7ziAkr+SyGc!B61d;c(iLuU_-yZQm|EIy+iz(e(h{sgwT8?J?w*jz`Gwj7 zD(Hk`Hdb+~VfbTy`D?pF7n94K?L{J!(<0&|Y+Kbxz|oXT_{fNmQjpV898QP%D0b!% z0GY+bUGecRJ3IeGi|N|7e#9^f)j;9yydm4-A$v|rd z=C#>Aua;dlgbLIBeU%>@b*_7~q&@SND0p`4aFMzRubnR$Uhwcg^ICQJ4u$PvDma~Z zz9qwM>FKAz$S0ZPRFw1&Vof<80V$rUm=Ke#ZobTpA6#FT;~rfp2+nDczsSON?%V~5 z;W)l9QxhmG#;!%fDNRo7Dx?!`{&+2R^gU5O>eI%?k1J4Gp-cVP?^01F_U8A|k+7f< z5xRkq0Q%z%OiuY%eO#PN@8})V{eFIU-e>7*6ad+bzrLLvdx>;Mwe0xBk`#xg2FBOA|abf>&!Rj8DkxM9XAp5DG?d{1tnRkRKGJkgZ zQ!+~~;DN{I4;J(21GEG8Bl>A||M+-mz|8opoS{_3ij*%_gbW$0Vo{u)y-WbFh;j|q zdwela$d02-UIo2U?M^liir6G21PerXX!*u)pL6?Dv$IRcO`m-s^Wj_*9k|de%G+XhYUu5LH!!nZ` zCH~n|!}dBP<5*d34Xv2Q%_dAYs^w4Ld1$EbhFXn`Y3L{6bE=cm*rjISmOqWyYFkKC zfQI$79_&x6x%@4r&F{5R-B%81TT~D@SUU+5@XKJ?r&6c%0=|)3! zW!$@`G|=LLW>o0(WmXwpUUG~N_MX!>h1mWqcoA!=YaVuNw&H@bK-MOgDxD{w?-_3{C2%xWM|uzU;N$Vuw08egubdm!44H~VVSE`eY7TaJBb)@dM?RbSaRyB z>S#Mrvbf0B_k!L%7I2{G0gid%e`oDJ6AWTFeTtg5N|zslQWYwWEAiLc$*Rd!Fm}Xa za>`srg|ZC?h;%GZu)dLjb!Z%U1tb()u<#7eu4bxYND|fWST|{5u6yFt-wx8jE2Rd*yI>krO67+waI-k*R_xnT?La@R!uwXe zKH+OS)1;kzv;n?7%D*RorQnf5TZpb74KQrCjrYq~&pe5}Lw$>2aZvzG)n7D{nMdd- z^!`g*SM!#-&+$^Jz-gRO;9;T6S=F&0VrJ6jLY4Y#bh{Xv;OY5Q8fESDH;eeY-B{82 zQ5IFfNx%jy*XrxV4n~Hrh5p=^0^Wz zE(yRV_WRR}aYb(gu(_H-twL#)Q9uV(P!)f3pkTxlX+?IioIlHlBSnJ7;)v&(6!vFr zl&X=Ws_Vdw81vJ8X1uL(xT!Nox3j2{>Wit;R!rOr4(=)Dea#y?lO&xz_0rxI8l81I zE$;d<0>5t%P912<-oR$~*)Rzh;RErEld zmKNGxozEmY6ksz7S~NBb3#8;7PEJL4Dl3Y(_)wEA0_VP)Yd-79mB^#Lk=ES?=|5$7 z{L)cRRm^Tt{->Tx1q=T3zMC*m7-Xj32)RN}RKxVUJ=MP)5jTh`np@N!*mvz-FBcC{ zwOc1qN)-h_YiRX%VpeCC9~KAsnc1GF_Afu;ck579fu%+MC;j?E#_hl~VqXNU`D$7hG-5?Et$KvwnL^I*!FCJ$;fD%?THr z-N4J!7Nv`|KGkpUPqTlwnbQp~|5l_=t$30%sA%=GE!Cg~#y-tlezi*lS2Y8uVc}z% z0CA#zqHkAY{8A>{H$B5q3(ALYs*-=K|CfDjeb`QZnMe2?2LMyM2ngBMcvHPBr}?QB z^Rf$ppfTz$3%Vy6?3SS1<5ztR%CIXL1VHM+zT4&C9MfcL82m z>zCq5?3Z}u@3X&sq~~{t^#16WKhzKvw2S4T-%mnTd(;{LaWva21MR2L1f6l|zrMMX zxWp1d*29Q0K-0tm;t2?_o;{|{7bgm?9D2~d+5?E5A-C*w#*j78^R&g>xu0;@{^?e6 zgx{id#_89yxsu66(7D_Nt)plO$3~wP(|khCgZtC@sMWIiVv|C_&SRiS>XB^rJ9@ig zF6}ZpIZU@LeZeLQH6x4}Oku81J`Zp?U6CCjq&8w+<_ zrR;YNo>vk+z@ymvI*zz8@dC*DsJPN%vm|Ce-Y8&x>vSo{4IOtcKh3_HlGB9UsqWAY zTj?7C_HOQWnrwdpEw-r*?fg`)YV26)3s5x=VW-%g&gOz5kFo~MXZF^jQc6cxlqiEZ zA30n+EZ9rvzJB6?OGO?PrL4_^gAbtv68<_dY$QrG2LiNNGSE+ZMLg#nEqQDQ#Dd1O z$;yPBHp+bvMQ%%~=?B0dO+m)1eZm9h$S2SaW-=^P>E@?dy#nGtwp@2iCNW_-@8cFUZCJS1TS;>r3&ijT5jnpeWE z-f-@33ZLBldfX6}-lhZiuoj<5r=NIP)pbwplKb3gd)dJ$i z!MK_~k{I^ZrV8HoIcsak&8~ve8CDovk=4hO^iINUoia0L2l-pr4u|aJeiCxGQW6_J_&I{kk>WJTqMlXYU!M2Lm8NV@-j8`k<*d44!g*YQ0 z0uQnp_>pG8j?X6HDnS(j(HOp;(|88oP74 z?{$=X9y=(JDa29fh~794{jyeG(xNsWM(=M6F9v!T^2(Ri{nyULaYPlfOEn1B+;A6j zdP+}%cC%;C)xLgZy}YSuXvhx8VE(p&E*n#wqn5K>4AS9T)vcelrt_H6$gY~TVm<7g znyLHOZDd5{KMn#Sg*ZvCu7n-xC%Jg757+9R_aj@&fVoupmLX4ek_4@I8(;zgEkN0H zrKULu%(agiD~T{zoH4lYhq2hy+vwVd2Wi?hTr2EtUde*dt`b!K!uX zGpyLMO{ACH@>v6Z`~NOnTCZt*GGUNhlzo_wOo@{6u4!C8aH4I|asxp4 zxxOwpD$V;VR+ly1GokCxNG?;E(@M44b8QT-ZP%oI9<#k4`3(YloZf%Z=e|gOm-mB2 z?S0WBZmiCg*WAs1-n)CZ6D^onl=h`OPrupax6@U4{wop0%pAQUKa-?RzIRg59{>)6 z95GHqe)ehrB6HAMSD^mTb5-q8L=2Xa!j}%YVba5 zOUv*EX3nO>X6**cvWp9-{qp)5jT$UOzgs_rL=FGP3y5V|IDB>EsT(iCNFL_E>4`~P z0~h2lUGguD9Z!O+CiZ{|;ioEqQAmNi@1L#QX12$%KySrJQ)OCkMGw<8{^nVL$9wur z{K~?q+iG&+KNX)eP*upcvdkM=sOq-@MZ>ADoA6e&gwtu7Vc-`3@h+>(Mc;!M`YPpvWvKb~ zKw;mvReW5o4L;Mbcq+YX3$OLA>)IOGtZ81CteYos5`ZIlij0`I12^SaOl?zIoWl;3 z7Wdt_dEuG${s*TbT?CXSESCpeJP|}s=PmSSmrRpiFd(M!KP%DmbfQV z#x4FG*l_et;wa4vw71^6J&x4<|214q9q#|9hO2cDa6ZT~d-bLV$1hDT5=Q!vO(v#8 zxAX!R4NQca#91YlHDnqGi#GXK3B|OHG;5UDKQxxV%9N{rEsYQiO8Z|+W0V_zSPZ?@ z3yQ9xw`4%tE=ck`x8(obn1p=*n`(xZ>C3AjYp~%wpM%S_tKde@W{u%u*?&1TMHtV( z>~uBguR=5tm_8Y0W4;wp#0{mP{|lv-WOdS(DIof3@Kcqq$gZVR^RtUT)AT*dE9oNU z)Msa>YAuPeXt7~@F;)o$499kWrtx7tCdpxQ={TGxV7g3Jy~;7u=<`l3Cs%3w6E!V@ z=sRHZEfw)kvK1Ht^k<^cH78H9@x^{U7NZW<|wUW<&?Id>?X+CCl zjPky2xD2-Yeh*y~FQak1rmYcB_BUyjN)vN9Pl{r`9f^eEWbP)4dfk5Y_FmnMrTsTc z%d>pDn06m3sx(oups5D+^i4z=cqi1nyvL0tBbCE#iKsKrFCW!$!MhU@63mY4(4RNM_@}dXikKdEzU>DTL@AM_kisNIWyYa8k;n6L!Y0pvAHUj zLn;HBw~d zm^b8O2`DzM3)w4GAZR5s-;L7uBi+nKwdhgY#dMNfik`U!CL4L3Z9Ip^=q-;@s2Cv? zKZKLf8yBBH(@3G-r@8*r641gi?bMgZEtj|G0^>M|66odV68*0AnOb(4m517 zWm{z!G%ufLcJm6m<>Lr9-4E^6Gt^~d)e%+#3gWu^@lk;NBVN|=v2>Aw8B&5%)Oh&Qbk7A{cStEDjlUl;j?X$|l z93DPDD{g)Y$T&O*a?O{lMoovs8oo07|JZs9wkX@SYj|i;F+f351nKTBk&q7Q6o#R@ zq{Bc2q+@7_p+SZmS_O%rQ-)N!FIv*~nCrgZ=lQ;Edw;;pd7ek?xz^e%a^&(cYiz

!AjJUx2~=evrSz!So=%6cFI?tI%9iS#I(DJSDY?aaI4ut^4PT zx6Phb*9q^&y9Ta{ivdK*ioC^D=If}_p|ta{yRJzxfv4T8`^ZGiB%aGnC8Xt9GwtkwP8CR0;h*O+uH64rlxMK?62Wk=!^PUwge=^_RC>fAXbCzJSu+ zc*u(@E8-vdAi%o%&=+O%k&sO&&FB|*f`?|c(acx%4D-0Lp-gu&{V95zS?J^E-BwFi zpO1!&v;Sb&4I;f_->Pr0?VK(9JWS)yi}YN?3ChuVmrwOibUK|DV2jadVJL2jQURW+ z*ee%!9RbY;aIM~-tc+i0c6_x9QRh;f(K2;W8D;0Hni3ReE%VQ?0bp9n40{3E_009( zWDd(m?;awM;aNMBA3AM%9>)h;yi^P~jsEd4mym#f_c3 zX?97}9hA8Ef}3@Ed96QvFpJsm4$3lHlKB_fdhtCc2|a&#zQ1TM&dFJpLdHQ|VB@7# zFZSiFb740J$-DMLJZzPy{$;G$LOe4 zJHQhcgv8ktNiSanxlg}#(_MRs8C^uRP1X{K=oU&0!#7)O^gMp#-89nDbvh4b=W?A{ zi+Y;!MXLu-S1eegWljfPY-%4$@m+c-aYOv^s}g2g~B zHawitwWSiCId#=-q8{hTPxS?eBoNB(&9}US)4YVC|B$DZqXlypNu6u5sYEiX-Y@Wnv(7drjGCSkXmm2RK{|$T9 zlz+_r2Z-z4WEbj5Pm`ozBZMGIBpVMv1H94n!KjhyO89vfvL$cO^uyTg0Y!lJpPxwk zll#S3y8guFY`iI8<-K}rPZf1eGDr+*ec}$?>{DPL+o6{8M1LTz1tC-!YGA1K#EIUC6o|OLe3_u;N!xPitVsJqC+1T3^vT>tc z9TKwMYq>T)6l%)u2mC6*Z0+*|4s-h$4Gp{!z`nuD+h8@47&*Td_N4d=Xr-PwoO8fm z@weCNXjEl$qz;-tv7H)BeOIUl%Ypr!uiY|2x$Hjgeo)ZKl;F@tpIcri=1LSd{nENfDCRp)Gx( zJLzrPhmI}GizOmRzF2woojr^IsYd@oISxd5WPK~~KkaBs#D&Qz%p5K=uXJ#C+%nzm5VJ$R-uyqD@|?w*Wgz@2@Qn0F12(WTsc%=>k0^rMF^ zsX@CU1xdMvVvPzGq??Fy{^Ra-5pnURj)-kN0FbM&-V>CGpcNf>DO{v}p}$MDk?f%v z&&gd@t!SG9y9c1?DK!qOy;wA!Zs}?d=nzsyzJ~(3$JxR_EZTN*fu|i)XDm$OZETTD z3z`WBi$BagymgjOxqW38xGdV6wdrQZIq>rDm++jX`OUH& zq6abumlzW7T9vkICE;~I^*tHyLkeiu0Eh&{B8j+MMiSzz`6HbX9h3!>@boM(J^g}{ z-SLC!&F-AD$7C%pjqCL1eIz)6(Z!Sl9S;q?5v1Mq`7W-l3N z!(O4(iEGh_Y|y1hLIc{Y_k)Avll48d%jQL4AxMcao;>p7sVPKRLh5u= z>`@wam4pUXZ+GX}_pVBkCLRNY3yvawqu4>EYyVW@T+B9q?ItL^@H%F|yo0xAEQBon zMn&xL%MD|VTsmetPv&ep^)z7K%TQ*R`w7=86LXHjG1G58`tGPqZ2`@}Dhp_MNj``> zepc&Bw_Z!1olLSUUw_&mRk@Vt^^Td#_m~l&J&0+hR{ybfzWOTi`O=b{rkO+EsD<>S z!4c4AF2A23jzhyHbH7Nycwb4)xfnr6lYL52yLVti$c z{Yn{AQ996_hio9$Ed9N$`2YKrDOypYcHy?RRu0UCu$PFG^epy8lv@|S?!5km=PstP zD_Y9^^a^pe=w$XNm$@xG&RQ}A|lNK!uTy^HEhCSlI@V{IzPwCQycwZ%8V6ln+ih4ey?&N*t)Hx|2O#FS| z;8e&A;7$5w9bBz;^`F#~r8Tc4%8GIaNjuBPnzO_Wc}Xh@vtXf2QD@Q7k-&9)*iaC$ z5L|AY&otK1NB24SO*dqEv;npgA-_SfLcyJmPlPw5vJVSvdvQI-#mSar6)UC z02<5>0g<}56)8wi2pjk#nFg+Za(Wj$eGX21?%UwpIFlr2qT}SqwckZqqkufb>|D1!UMfB?T1~2t04iN{R)q964-YYLa%Ac;x$up{DlWwOSVe7H%Tt~S^h-HS&%vr?8pm%tZXh&v6?1gZCyvSisfuLdzj{uMQEztZTC9Si3EV~ zIoS-hDA*W(oho_@`pQ1JlQg6o^F~({VUrk3_t(lu%al>%GJk}s_fC~~ojJE;B_^qE zhvufLszuzC(H)7PSMQP@xVLM!)u0!rw^|3BfBQ6dE$u(O2s7$s6z7Rj%ts2!Kg5Zn z1XRF+fnQg{?oM7B_2qf`DJ-kz;(McFC%`d&Iaz)0l$A=`7iI7g%|YtfV5RxlUOV?t zI3%sj8Kriy<+w$>T=~BhF=9=xy_EJkC+se3{DXK`)Q5&~)zrsrd70}kAE*1l(JKkx zzCEk?SBT+GBFwX%=sj^86jj|BVnWoct|d_ScIS8J62%k`pPa_d*Ym_3jvDSB_`r2t zi9wt9kc<81t)9$M2HnB>rljpb(+Q#H(~J<^F={mC>iZK;g9`O{ofAc3e zlwUT?VgNMK3%_wa@66@Tj+eL&hK{93HJxZgn#Va6Tr}oT&uVa4 z3GP_t)px|bZLH>8TUWP9?=muY>Cnd+6f%>@PeW`R5Wk}su6?#4uYTaP6qgiWhDh4U zWUs2DKrsN=SN1R7LlJsSKrKy_%D)0&(GL3~nu;}t(6SX#PIt=0%Eb@2-T9bVlA5BH zf%}7+zbJH~+)UtcdaWhQGU60b_agNvffvK}~m8yBwd`6}goM_u*m^V(<{-?QtbA7v+COgT6ButZZP>v8$ zW+_Gxs3<#-+%}4hyS19~GR>pz+VHt_-LARct1sU%Z%n7QZlN1?r=4-FjN{)}+PaLG z|K~;2-(*b!&fA##AR#y?31zu)qz+=TJV;uQW0*uVub`b|fZ>B@4+HCxX$zgk#5pgW~ps=}KEs&RGQEGD2NGi~j+!u?YlHH0D{K-5lTE$o}b# zYM_VX;aztk|CDqC9X5&~V~1V4Gw-FEqqlu>r_Sr~64^UR3HTDTqWB1w$0 zAWeXp$Ox^WnBYnxDAYqDZL0#oy_jS@m{X5!=m8OW3A;PCs#u{76>!nP^O!<><=(mv zp*L~c9dyNhH`U_P3;~G>P(i>3>K^tM{=Y1cejgHpDvhTEIYnkCSby2gnu?Cyvg?t) z%D+!Zq7B3AQSyhkun4kW+lh*WmV5VZuV8bhcKbk$>(R?_p_@;yY`lvu9d)ZveCn=R z@;*^Ny48qHD#G#Ued8YDL#890F0m&~7x^ah-|)D8*gO;6=Lm3_0xP4>_KWL?P%1$G zs?{^~PdJ}0sd|7f!-W?K*)rrHe$~U5Krw;3$2fJ+=t=go)IcV_Qw;CVS24I30fCO~ zm)E_*Y$p%;#8lbA7jq13a;a}$L|DclhQT86Fk8|7@eOP@2wYsJ7zUHue;7!M@TuZ_8Gu?{MBpSjazvFX zRvYS!Z{sdexwfT;gt*d*(%s#MAdNAvE$;(l9IAhm)L|^4vvSzTj%V=K8PJbH zjDuv^GR^m%7Z7w@kub>tyd~G*6SqXk23uuNDJwBuvk0KRcH7jXfx!VHDi7WbgRkY!k3Z4%YN&5f*Fio+@C~@OCDM z=|k*#zwgpdXHIX{Zi?xcykrMK<7ZQ@Pljt+J^fRXmAGOyawtG~%NHrpZXxd>Ns`15 z-R?$7VxLq1l$k)NWo+Ws1h~f_JgEcJTBYEIfEb~Vfv3;VA7=NRipEp?)Ywd*M6HJ8 z`Cw%!@*>Ytc&MxflM6pp6{n(@k`JIm=6;QysX{ktD6^`r0s`8BZTFaUa?wC5{#&T; zp9?jW?Ujf01ZScT$$;IEmC4&65ZR$1Sd(Z&%8{o|^yo^dA2g)IOtQw+R@xiVEns-C z`1e;_QW7;`gknNJ#eN*~gU+{R_b$EMpi?a?->I>Vxuf*+g%RvArpY2QUr%=4kp?=1 zJ$d4*j?;>3PKZFRL=pP3onw+7ECibX(xdOsJ>@BW02H%mWYN2JRji^5?hlUvvO#eY z(A9SasKMa~`HLCnpf*v2n#W8X?Yup-KQrE$CZIpnt{1-O=dO&ymTc|4v|KR9<>0v) zpaSEfGCf#v(zjj804&Edz#w`c7P_rKcn`9CXK>>TNVwn0g=e-xDMaT1gVo5vhV=5) z(BUL2FKR~LTiMeBWYQF>LGQY$-s##a+9n;;$!bKQ(~cspur8CahY+xsJya&PI~UAk z+uC;)zz?N@52~2=-&r96%EzHEt;&WhtNC3XXn)HJV+5aTiU7=V=GY;S{n}RIX|jif zokWLw4settt*m$>JquFRaB1o-q%l@~4qQ2U?0SVRjt?{*#K!i@{@zoWf_UhDeh@bR zw^1<#**4${9b8r5i}48rpFS^p4p8O=ZH6jQrjx875w5|37CC>H8l`(w58}jWjiC*H z7o}@}b+}qrXqb;%z=V_O`GF2jsnIAIRdUYmYYY{^ouSjc1x6r)@hQWM-Nu|dTMP~( zd_b;)OVXpaU(L7iIb3m)m6J6tu?(hKjphpZ*{rXa_r&ooZ>#wGXV@Yvn+HW-!h2G8 zK8hYHabLW+Ea5vohG4(|D%>+57!WG2)@e6epCE5#_UUPX05aZCEx6XX5bTunz}?Ha zc9VW<5+DD$7823q6aSB$U~+(mo~zwUTs~w7^4*C-6@clG%>_WwS^!qxAH8;RyH}u@ zurTkZ4dxEL#BHKH(i`2NjW^A}PhQmd1hPyo)vzT-cNWGm`$zG zTEV7s+LkbTeOt#6Eh_ep1(lh>S<_ab*%(1RGF_GA ze4WXA2K=IU^ES(u*f<^tFT)MK$JkF>KHc|Sy^H-3v&8#=awSNp>31>d5Kug7tjyK? zomAmX+Z;HHsbLKxlD2qQcAq`|&;Fyr4&y_0X~Rfg8iXW&zkYiJLcXLgS>hjN}6H zmAZc)Z2ed(zfUjV5`d7$hLDB^3~I!gnrkkAb3nHcdVB*CS0*~OMueNi%WATv2K=Xu zhWk4wn$4t%paJkjt)O1rx9ig0U&)z(;aB-79&@sBTNkVerLoi-vD8CsWs+U9T5@uN z74H?lTf7md!1(!`#wC$!e-oyTCbT9kq#}xYh-HRh7qAN@Ed!VmpP9!0uFbgdxs z^2`A~@QehGpY{q{8p8dR##zq6955VK8^~4I6}DYu<9P8s*nH@Y0chci8D@ki@7m`> zxiWv{Y&ENQcm~H9u&c1X+JgGOpR#0utj!4Yb-6-%yfe2B@xnA7fl}<&{mf@IV%?;F zuiW><9r4qQVqG>;tw7OosZMe60oe7Mw{FPd8S(7%Pg18XI)MtlsuL%-h)89%BE_4dF0?0IEYWZhPHJt2a!YiXdIm3-X z5hGdWDSL862z9A5C{+dflQ4462uGHiRrzv?BJXx-A{T2#0#JLA1X7VfuT*Y-H!?mC zM*{!S7i9)(BU}T|5?ydnp~RJ)U(C$8xZ(9IF#gNN2(c}z56T8$#G)0yADHkH$HCfz z^7O*v8`)l|5|{w`1(_KH+MvbB{(aVT)ezg&VXYD{Y5+_pyBOTTf9prQRD2IbRa&`$ zX%!%iCf4i2vCX#y5=eIk&rq?lECoDju&_kX0=N%axqmlj?PDMt`76WOKQTN&@)~X+ zZzRYvLTYEqgNHN_q!YOk`(+Av8C^>ry+J!O<@Y<_yZ&t^9Iw#ZeR<0e8l|=Id?0g0 znCT=UH3Ok{bsHQC!WVxc|BC-sW?oZqC%!mPeLDa;XF@j%rpRV43Q;_k`~>W(U`N5$ z^qY?3$7RjFdj~Gtmz%LuNfpkAchQ?|W&^W$DQ7;;rZWD%Hen-hP++Xka#1QFR zC_Fg?`AHu@4A>tX_g2PBJ3i>Sy+ed*^8>z5QpZe1zliLQJYVGVjWJ?qS-i6Hx1;C2 z1s)9stI7H*==EHnKLF@KwvMznR2)N;u{O2fL+r7J;4?**MZ@Ne2||cpglCA$5}7s~ zH8pi&81HnZhL)igJy>tGzm+l~0FEEl-(+i++Pj%)wo(UFr_v`%z}22ssHyB(^{OPW z(Su!SBE{lu=w5&BE??6ZF!0O+f@rv}KoFm4H?;om{pS%qT@%L5@+;5Hl_dm*G(4qz z!YLfc!HtqFKV!{&BF&5}8L;IS@7?qw94iuV-zAJQJ9^K2?kTPdxbi^h^96c6&PlcZ zJ5U>G5TSR*lPlrjNwB*6cqglef}xDejf%_c(dRxw$TF?escxIF@4h|jQ2Yqo&p*uB z-mikq))zg$R-xTN2@Vc=Hbw&xDiDp2G9&~mX4m77&jPnFw!s|%kt5Kw-9D&NZ_PWE z9jIcfS6qC`h!f5hI_4Hn4LP9L!$C#K+R}~9W3vIwGX%JdB>92Ht@dBkU zC;P(}HpE6*8oYqBXR7Or15I8x%qJJ%p?EG&jdf)vQtg-O}a6g52+}H*XQta=)`HCo7X3_^9x<-Q(r+qSA zG=_o1Jq!fpiY&X}7s;sUXeSM5bA(Wt!2ZH^AA=*l#{K9{CYnM`mc^&QWnr_ag@5Sc zns0cmR)_Jn=J7jgym;4m>!!_^77Luttz1ixdqzU3@MF1#(r~#3#tZm}J=I4a@e`@t zqJcvoPtnV8(&(djGUL4UD7o@iTz@HN0)xoo{Vc^b7wg$VLecQHwQfHtU`|F)A<}{H5{qR$%PU7d^7UeMTCez_+z7HAdvZ69%NyIl7+2#ps;1+J+A}6 zfG;vlFFJ=72xv6+p1W=zWJGHq#RVLn%ASbCIkTE=ahj*j9IbBOx=`06p{H;H@__U4 zykQzdSOci!`k@a7B;j83^r+*DAC7}mg0g5jbMy0H7K}u6PG-til~ei$LGA4^e(HRL zCJR$)sMFU0n?Y>20SJedh;-Is%Tsr8eHYX>%ouUAu?~kz=^` z!?3~Vn{L&&dv1cMKJVE~wpdqOs$NngD+gHq1n;amW2xoPC-v=0YmoE!OS;~l1l-X}|Brxl$Qn4S zAdDHKjswNmmnm@*a5hs;Jmi~{G=xl1jo^dS7has)e|P7tV<4!NvsQW1Pd^GP!)1#S z@frEH?uV*tU66E3S-#2T_r)Qv(vh{v0r*TFGz=%F-4HXlH zIYZn8Es~-&idfzK3hIl;XPpR_ktbnsFIiUY-;Gy!-^Sd5z?Dw!{O@0`55dKN@o=$! z7tMTqCwt4WS}|-JS%&5bb5nCb_de)(3aB01i&4CL9v_X%oOU+N`z9G0DyAi#a&uXj z{7|>o_}W6!(*p7Uzy@}R7b!_M9GgSwS2Zb$qL z@?3nX#n%{iOEqfmZ}-WQ^x?=l&C}gFpw4%6IsYp1$B%;d(pjJGN5#V1$sllf_%ldo z%<0=%`CNg!1XlRs0)-e|C+^qM)AAOq&<5LzgSrV*S#;VxI8JE(#>JJgpq=xRF>qu{ zRQkUgU-h2y&`;IfB`ierJM&BYx;?vu z_MRC-N0H@)PmOY}gbsLt$F)UGC+p?hHkGRnjyCZ5m8#yj zbKQnmE(JX~y|>;kZ>&hNVX(`cpp&Wu1Z_do*jz{QwxFPgsW6gY188r!wOMjHNIgRg zu$2fZyfqkOr1i7f0pA`IqaE~JF0B~{F28yQV#zR1?Qsj7sb!XCddAX^D*gV>AsI$^ z(=I#N(6e@o2Y0RwE(IF0cI*DS7e3eQ^deW{V22w}K_oMie^SEv>%Cx+1Z@01dCvBAl$Bms|JnQqk z32YLy90sU*D1fL_VUHPW7oGHpgdDwEtOmVq4+aOK))^r0@{3H9juN=lksH&Qa2?Rg z`K3IJ`KC5DZm9YZjpn@|?@jtKC2?L{Y{2m>sPPrNW-sd|nkx*vsyTFYjPGZ6T&)b5lq$JqR zb&siro~*RuI&AzcV&jzgSf|Cwn-a9B~%7WS6G-6Itz;$}Ci_WA>ibca%`|8mKQ zn<@K8;MNIN9K-r^C7=9vgTQ-6%P8gwkO4eDbE4&iTa{2aT=5?kDbQMF*3EsZ78Z>? z@}^%!uf(!)zvOnjoLIlZtoj=F3^7EJ!mlzVu1McMOQI~&dgn(SFQnsni_9`PxJAqz zQ6h|+9}}*`zEP@EGS$q}fy`N0dJUd6+yu#3yax$K+m0t`|n z$D^fHW|m>UG;Hl|Qnqb+K7L!OQ{8^B1H4$fcHa~p1kn-je3yP0ZkuO)g#V%e#9lv0 z|F(7z2rm~S=0lBAU%ys;(cqR8WfQ9Vu4mortqQ;dHk?QFQ}u|%%mvpV0xJYMe`Dt8 zWW}|OfHuR!c}5Q+gTlkxlvx`FnUT24?h8aWzYZ9Rpq z-%&t*h+f8?{FP1Q4CWa#pEKSl&x57+A&`#c*Regcz@zp2{F(N=`-T_7qy%jpychI& zd2U>p3@qB%EQNBW#oKvJ%5MY$9q{m3%FP=#l?)rVhkXgooGk^vk=Wn)EYg9i%(DuG zgqHk67cbGso~3ld1EyHgtgOfYB`u(KA3VDG+)76!SAen6l2DY4G7E0-`v5DyA$VR~ z8g@A;{Rj|R!z_#NI#Kc@%FUKZKDdz3-u?gl7t7JogRsH=;poA6Eo3cAT$#TTgU+|E zn&@0Fu0_f7(&$dMuta;nBQ|oS-Q{f$Sh6HPCzIq`L&*y=V4m#fo-kaT1~1G6yd_ls z8$oStz6W^6S1#P1_`Y(VH?)V$ntFUe1sY1)gnBY?ADF6*haa)Fk5}y94J|l)3u{n7 zt*7{4a&)~3gJ2}fr2zJ7TD#u}{J%>&WiG`5VB#bp>pp31d#Lt5ASKN8BoH|iR9Y;@ zFEHR${44aod-_~X4yVvjAa{J{MPM9lB5*DC-8PwED-zZyxN{40N(|4vw@2@ zKnUq_gvSYD)7Pefm%g|l_uqIJtvwC2k^gawd*^wjv=z52FW_A=#tI3j425jusdC`!KeUNGW=r@-wv{iH8M|5+}%Tmj8>CF5N? zO&Q%L;eEMDrCfol#!rd*n2Q%EaQJA!7$84ZmYv)0B6}f^O~anHvc*u3WL9elBjjIaBGh_Oxjdww~SsO(Z=sy*BgWoRN1VDG6O#$B!_g7;h z_BK6wj1H^4`Fx|D5Ryi-cOUfz1n7}EO&mM3Nowdv+)D*H^O+hiYLD_SDHkPMIJ3S2 zgnrng$EG+!R3FpN_(TeA=zw8peP)^nEJGNu4B$&*pZBh-Nes9F)O6tIRt72VdHvCt zav*039{B!S__Ol@JaP-(Gx*z#QU2KLO`zQrL-6nK6&4s9iMd4F6vShP^98Pc^DBl@ z`Y}>PB{Id~sP#bBe(AyeD#LLTTZI8}p7%XoFaO}tMt{pAS5jFF{zfYyL==CX!vha^ zHXXx`2n==^aQk~G;(tD(7~+==@WOQ?5BjSFL)|ikNs$u6kK;eS|90?G#5HN>ROVGo zK}4|3RonU18+k^LDW!G>TIzb^0NX)X-Hh_~V?awq*$ulAi1)7di)JmmDWmlQUR&s-g1sqw|%6fd(2^I_p*Yju^VE4JAnpmi1UAe&uoYq0xH^I-oULKj|1f=A#?Ucl(aq@f(1iYKzM&D zW=JKzSu1>`IPhu!Ut;X*7F*Jz>38-@PLytRgKy!s4R?y!+4;7t3vv1+s?HMnC6=C^ zt*1AGVRw%&f1h^ay*c4yF?a9%!*~8uS`o|(M(y>XWiCGNUsW~zB0Kog5MpzpZgX7a zl9(F2iMRSk-IvE#f2D$>D~|(Owp>NhucjouBPcC= z(OEjCdQS|3_YOTasd-XwU2oBPOlY=S{XirRq9^axqB%6nQu`7%Zb>fnjHf(=dkZSM z@2D*;J&BX4y%3KJhahX8y_{DS>V%=slDi!zyB((FIcx??y3s~^!Eb~ZJTNAeyjzH( z9FeVEuI7F|G*9cWQyH20A##85b8Gvr&Xq~?cq5i7-mS&OFGiZH+nuN7Mv@DXlT{PB z&@E4%w4H3{m{F8{1o2x8P9MrP6B?c}vm4Zp|14srxv;jAh@AHnfvUr&SQSU zRcL0z&Go{E^7h3_I-1;wQMn-<35_!fC}pfU@)UC=ll6aHRE@*~Qnvf%@zlTu-3Jzj zVk%lAcn@&8@AUXKNIw}m5{3sqw+NhTyA_odtiVm;WlXJ1J;)n+=yoN3m}lL~pS7}U zeb>w3%P;_Gt<-F)#SJ6E6b3e(EE@plN-K6P#XORW3sB-XV_-`{t; z`csB>P<~ywR8QcKzg{?ThOm19hCSr09EiBH%*!ap; zpj)vP4z%uG>}!LhzWd`iW&?yl-+5f(6ezN7R4|*TQ#nhPD;~Dr0NDps6_f#h5iiYs ztSW>)dX;d#(1%ARjKJL^*#trb*|?vo5<%SDS`3y68F>AksTQMpF5vFx)F%&`3V@`Y zUba=@h>>#c*nRzz?c~QU0Xn}4v?I}Jfh#1vI__!GyWemlpTF2p6T!_2J#6&b^L_ir z&{U;pe|Pp*y~ftawN8y_k+|aYiff$`;-qh!v}Wv8W4=k=*SNYmO$S5~EXRS^?5Yie z);+zt2xzC<<4Nbf>$S~$CC(#NsL!s7%8k=l>FQk&!8!&Jdc2MNDv?%2JV*!hNGcp< z90hC* z#eIshJeRUPA8NAol5J}OTCu{T*5@yRuj`VKSsKRgIY6LP%dyBz-r?SuyLuZ_RMQ!> z9i~BI<-n_pp4v3+MI7dzbj~VZ*W(8)wLQyslIM0RN;M*+-Zk;7n`|Y@>$6a}7wc)l$i{=DN`g@|8Vvm8CBTL=z(WDe zg|l>{V!6<~&KG5XsW+j}r2}9cpdpGZE;mj|o$8HD1{Atu8nH5;HewBPNyidX@c@*m zusSZSzw)4(eE{c3?Ii*0LQXXn>%Pyq(-;B#0!Y-J z2$O5}k04ka-MTn<_@#KJ3i}O&=iPIRc!Kw*Va|`o{;UhYOg7X_jhXcWY#ivlW`bg4 z7GzVz|BjevDCGlN#H=bPB%#~B2D}41i@9I#YnkClkxF}?62cc8tAd7%8)IM`s2Red zNNHZFeXw?f{7z)-Thb+PF~>w%mzyp$Pf9z0otxb3%;UdzN7-PQ1q`i1Iu>XO-}UYV$VNY;ZLA~^v!v7D zjP=@0=x(A~*{_^K^7FNoHW*DZe*$zcT`*%uIpn8n@ZS01HzR-`W^SLm%6ysJ#3W9h z`qxhiaJ1h^?7QSu(e`~V#14(}n|-HNokh=Vy$WmCuslVL-`3c1FNuQLnV+=|W!&x^ zw-!vZe|!iW7gN>sWYIud&HNQ%qRrVBdfw(l>c8&o$(Y2UC6nu2MLak#OU7{DA1{`M z$`*73LNJByny&}Y%bgtDlnYf+*J9k4|1=LwZRG)Fl~0H=-!(9tfw{($;7WW9@l&@) za^Q(6bABQ*O&s@__ZS(3{uG<3{71ZwT!6aiQ}+^#HuCw?2RC~Y6b=WZp(0nxGY=o} zQ9R6)eG`(6n~J(uyfP15=`?=kHuzom7#_u?oY50zJ^!&=-snfp=e&w677UID;8t77~v#Shs zBcWDSM7MOn;f@C;!-DZN_#k7_;6uxq$lqoQ3$_be=U`aY^yDp{)R3#hC5r2D&&air zTXyvZbN@u{@5P@Vn*L+47k5Y+vg$QbK6}a~F@@hBfv0`85VBi;vZy?sLeX1fUh~|? zm#DyYxg#McP0SN8cp59gXp#Dn)5`Jx43Z$*3&>uM5jmO39z^Gj6my!Xm2^Atk`ng{ zw5m^%^DDRpj(w!dG4`zz!Yw)*vRUid(DPg&I^9c_3mK>CQv1`NtlG83okU?AIC+DA zrM&Cm?-!S5_cpz<{|9Qxxpf7)nm`u?3#9(3R3;UC`8L(i#Em~I^`T!Y%zV`YRq*A@ zaC!2yaBLh=t=CR}VA7~%Au>H-Rq3!qE~6gXPja1!}Y z!MXDK$ATICeG%oi(Mrt;Mk$~M$)$O`oeYFauwYi8Fl%WIBntdVhw^P;w){OMfct3V z_+!0#G<5Otf>%Z6)vid7($p-|zY*9}N5R~!K54}oyrV~EwQA`>(YpIDlj(a!-H!A+Z*ordsSH~W(|O=(xEEr_)r8VJ)`C4HMt4s<*H5Q(oX-#K zI$kyiEtcYpdl8E1x&B`G=36iQ3h54jzaDcds^wCmq7o6cNX*7J-_Rkf|+4dUV{wt${E zTI$AH=$msKs+K|lQ-e6%K_3A#I?sEuaqFT`fR|w){|)n>M)xoB`lrI^C9{|Vtq48x zNqkPxI?HIew%#6>&{lq-T%Yr)G%P$i zouEWe{;=QI91H+Fc5)Q7t{7^y{Pbd=e!Syzis0CicRQi5P{3IIV#`?9f(UEa*H@0v z5USAeJ!{*y4u9FCf-POkrYGq%G1MyP>S>Jt^h4O((b3_m?G#|?neMC&@BKY738`He zg4;I;SERPrJ7K$k2VG?;y{VPPE<0a;6?49rm(w-cPQZA?>LuLT=%}J{qpNrp)<4Eh zm&ur=?kat$v;`|+J?XiyP;4KB19qo!lKJMR+??jRy4#^gtUe&C9vF`M7{t?~; zaWV_ukQsd1NEaAHAKV~(ro(f!cJX!gWp!xc7-Oo%Bn znT`NM9Z@0e7r`J-A_*IHi>O{i;Ln?en|Vely`hB@-N>qmq>(w{S+0P&`JU|$tXqt7Sg6$;R~;8K@lP9~JviGDGF9H&z+ zv9V^+H8$X4nn?V6nMlBw4ElKGgD2h@1NAB2CXjW$K}Q_AuutM&+nZ0*kiymBX%GBv zE(;iN*PJYB0n7{YwN`(Uwv-E?3O3j33|g4mq0tX^9IuKL| zQKlOk*CUEM3t*02G$DdkxG7*Z0J=#yJ=7)@plgK+EgtX8)>(8M>~l+4PCs?j!A)rn z3IcN;H6#r>X61&u*Pn7_OfCYz_b2s#1M?Ev?MGY>%f70c`AD5dvr(3TG)V0y+Kd z?E_UXF-|<<8$T~qJZQNo>^>{u0I;nlD>0kk>DTv;6wsy1{ap{SLIXxR77WJ^={z~_ zJZ|UdfU{a;_+d_Dvvh=J%E!L8#jB;x%)4i??dPbhNsAL9W5s6Av^EbnkyqC&~ zgNMu#iVa1WBAKG=mU9|-E*ER92fDCmTt%JIS5LE{v@=uR)xQwrYVL2S;)1(o|G|f( z;bLnj9K3$d@m!cKr{lM6N^sDCaL^;5-{JAyG6M9Ig~PG|%K7NsC9~sLiOs7T1$uI! z!hoXhZUGI)b|EEUKT1B0MA`YAnd~H%6k6-5{-lfgZ)h$cRi{=l_g(i*cEt_ey-n6Eo9wEN#_7xFKIZ=F>>u#mb)E{& z3O*Yy1gF%6rC)vCi}J=HihJyXC+>!l4H2Z{<$r6k%G#f!C|n8uo@y?RO=KPuB86_J)W;3d< zJ%bvgS^zxAsL+Fy&$9jano+X^%+1zv&egq_wE}WOfWIG}SJcmw3Q*IdT1HRjCHq~D zo?iDK`Qc_pL=X1g>SRF7efx%FcZ9Cm(QChnFKXNOK&_TYEaSyqYLlD2PAP%CIu)AA z-lY0D?mkzQEL2O;G`QlWAwn5YS=7C;@Bck*@bh^61)YE=w^?@U*~!(X5$c&Fsi86I zUtS^Z-i1alPgBfb6*!s|NAACqQ@5u+($D$VS=ge}G(qmT#{I+}TiIY5h|`F}&S;DkR%@t?3)H5R~Ju z<}l4CWgcL?xleUtqFh6w(as`iEcy*7Jy1&MaG3kWqadm2S*ZO_7ybVGQA5HDssi@~ z(O(f1%SXR6Pj>s43F^M@U&>|#1|8f4-R6IO z`DT=BTp7<5`Tli0<8L(-*6W>-ABpmE{nJIl{ATPrJH5nj&pu0)u=Pps z&R7Y>S*>r;6^;LAP1Q=VYF}I5VV1wmEAC+OO&5NDWymq9-&)j~QGolwrALjlq2gNg zaA~=Za52o^;YSfH*u|bY*;}3Q0Q6GFs9y>^H#vX9Z0#j_FHxD3+uSz{%n+Y8A$g5q zav!Rzkpm>x10yE><~|N4h3V6jVmS?dJcunr{ut$Z2D!1+V8rx8A%?Kr4eyde+SZYN zZj%fLJy<6q*pLr-1D@ZA;XFv66OxA2h>|UmDBYe&3vHI3KVfke# zp&K;-Bms00xMXJbYe7s`r&yFapDR>-icm+7Z<5$j#nr}+jMkhCm>c`a2iQ84On>if z8}C@g%ekl|HpUED%XCAJ-V00Q3m%JJIM)4sKOc<{DHLNGF4=4;Jh0&4j!VF;y4(X} z7PV~Bw!d4-+4y)o`FPO&pkKRe(5w&U6hXERKR;YU zvqcU?xk>-OQVkJM5(@^C#?NvEtDa8ZC7#}?2Eqp$pNg2w@1-_*#0IXDO3yk7Lpif= z-yAGZUS8)9s#D8=z45v8Za_hLfNX#SqPi{v5ViJu;N3qqgK<6quL zx-4}~8P^>t;SxEGD`{-a6q6_j=+xsW1U^2++~=ZTQbGXAk+2jN?x0w@i!Nx3v$!5< zGGcEz+LF|_?P0o}>&q}Q`KLd|}*B63G6(tRNO(UFqc;<%oc<@N0GLj`1Uo1uo8 z7B>$vJlB?|ByNm61-Ae`vNXjzx4!2@Ks@{HfhENvW9EE4!A5q^ij#PA4wm z!hPuwtHCu^g!%sa^?Da3r<#RFUs0a z+ZNLKcJOjG^l{U}Jbkw&q3wf-iR~6NsE3{^1L?9w0(S52LpFrU(*6%yZy6S4`$dm} zgrcG-3IY-@DIG&M0@8zYgUZm&&@iNmNOuk)B`q^_qtXmDz&NyYBMn2Hhu{C4bDa<8 z3m>^=o@efRuf6u#Yuy+9ze@=4RN{e!K7c@tx{kBB4;W)7l`emJ1(6Bj`k?wmW@_Tq zgDutN!zwdYdjE+J4ldUt*Krwo>yJ_D!Zu0{$eDlG#{-y~i(iPN26C&eh+<>^F{YQ% z1Fj7AxIla1b-;7K56`UG`w!u3k-D?Nv=h=DDw52|FP4@>+KX-~8b$&%9$nkoVm1-h zVfq=zRFNFZ1-@2@!G7Y2;EmCY@*^HRn^$W?Zti7A7R*P60_bJ%O1K*k>EKn=pChhly+RA zr(^M3^=>QZrrKrB7MLV_W9dIy#6q-VC$hnJ(bey_&Y(p+;+5Jt4hVN!+~wU1qb&7- z(koyG07#xp!KucY!fjS2z}cxShjtzrKva0-VMw!cDsRBH%*tgXZzATZ{j?X$>lZOD zw9P5?U2cRv=HRb2x1!EhPqX$rkZ`%iowlCAfH#z|@@SgfeIaE{vDi8-i!G- zB=+Wxmcs*JxVpF_9g8;>9tCvb3N0f46FMk>?r)5yQ-%EvR#?{;bxxT$=o9F`jyL7PK-?MBI5tPFQ_e$CR za}b&pG+L+~CmLJQ8a=%dNgtGBo3v*}f7#&EYJNWExhJv&ei9Mgr_5(BAO+M^1P}^* zyFjv&{oZI+l$j<&3F6=LUGSJlqx-wH$$B#H&Z&{fYP_$Ix!7$V*w`>eD7WJ{LcW%K zyT_DnrUwbl&8T?X;rlfmD)#wgW8C-O%wl?`jcvzUB)6yY@hyu;AtBm$)@1|uuZ|}G z<-^i1ENv)Rd(H9$gB3}_ibQN&s;p^kR_)!mAYCSSfdNoPwHQBNMh2?nV%t#%Ubb7~kW8jp#t;qau!q7CEf(+AAIo<{=V@ER2{#0uL`M`ts-+A zv&Na#*N?|s_@2gzyC9Untb)?GsK&Qmok6Yg(oL&8zLul^#SY{@o?*$k_}9FmNNL8HbI~1Zbux2~@LS18 zcyvV|AYCM@4e@z$=f|;aENiW2RtNDn*BM6bYx0=Ps&kA~P@)f)1kb8n)v#QUuJ~Pf zKu!zPC#0Ovz0%GRRE4x1pq`w|^D})#Ekc#0$Ksr>XT+?wsa8-r{!5J3_0`U(ii@+& zKg9$V!{KsxBTc-Zp-cV|KFfj{>m#o_&(SIf(N%Xc-0GO){{YN%uSe??Q&?7MQ^%?f zf7o^1Q_MwE39b*8llDg89-2qu7WW>RJ^6|^=HEBlPwq?9WR>rm%8Q@%zfDXXqj$-p-~3*2kG1(^ z4XP@B`;{Dsd-06k7P6k8`~SKkn?J0*Zv1~-ks%>mnh&wXr%MOeD#BQ z3i;7zh?5urUhs~T+HeZg;joOzNErS9;|=NiNg6;9?~XUdBS9P1HhT8NHWrqLKyG$3 zmoZ0k7Iwd?=?_=<(-$v=fu(qY;~o(+hisAB$2Rt2HMV>Zgv`!Ur^W=7*l0e$3IgC& zxrM>mkGt)>W$?rr&Q4kRU3d%s=I97!3}joKuLsRDaMHJ0m|r9$E<5C0^EO_@m=qve z^@c>(?m*QU7E;;haK$ZWD^&@fB2&}(O@e}|0B$1h-P>%xZMpLi6APwHk@D&{$V}@| z;$Lo|S;4=Ohg>a`U(&Uj&XOPXT_!-hXb>0}?R24tAcuj)PgFyAe$%*yaB&!)3xPoR z!AHE{2p^YT?!lTvvi~WVV%~9aM5-lr=6MLk4VN$7@f9b!~3e zG7G+6j;xr4hW%Rg)!8@!Q0}hJkHd2B_Rgfri8gI&g$bZSf~@>qhQe-r3@xUQzHC!( zBqCFFS0Pj;JHu2l-B!$eQXyc}Ld&J6OT5L5U(V&mT(MQ>qLq6Ow}^_rL!xBB-h5$u zy@|MSW}({!MdNzHK;cM}gOVK|()Sdc4hs6~BfM4`B*T@1TbN$1rGzu*Ty~fgzCU?s z)Z$@5Y+J|4zR3O36>;__EvZQgVEHxF1|3TF4!3&S`mCo;=Z?0x+z0NiV|?G*a92L7 zFB>^}5Dv0c1mv^)Weqcc)>ZcD9%C86!xyh zKy*uq*5J;Q#^U;Fy&R z@TyfXQ%4FI4za#1?ZgaeNT_!RrLK30?x2i~mjwzPtHdSFz2i|l;%(jKHjE>7({*;O z&r*|mZ!Yq}BFZRznR6h|)qj!QCXFAp*>Vu=lA7ASDFfl6 zOI?*}UcQXv5xQW_A9kDGb50sIKLq=(Mue;9j&G$D`MyplLswsmeK*NHu5}iUI2gUV+?8q?DBE2`5?UFc3l`tu z0`d@VxJGoZwQ?NI+uvmSteZDpU%ABBn+IlJ9^AD^?WQ$B4KFGfH>ChlPv}Op#>{`4 zTuveH-6$#g&ySNNQA7arOKtnzvIzrPvJL>!Yow2NQe_nXU4Pp|(aYsm4Vbat3dOCb ze7}z+Zd-&O0VLZP)eC;3TAT5Ls*feaLThl(uf8oib3N+8+7~wV?dp1Bd+T?qE~NHg zvFYj>Fy|{eRe};f^->_Z*K`}@%eNEq{v5Zev~nIIY{cKJE)8AL_Prp2Rvg7a%y zKDWscz-D>v4fWZ6UN;DGO}vfAbMK;=WBnCIaBxA>&bHUG_`2}~ZqSe9OuQ+AD}X-Y zi)I#&SW$?|x9hc?gf`7=Wx``?Zm#Byg;m6^#2>q!B;1ea?t#1`Ub7b!pfd<*xZfy8 z+FS7X1CKocUV@KiuN0tUjSFny@J<9a1>l`e4!vF7evME5>AG9mcWFPuUg1Ka-Q2Y^``G*RFVNm2q;E$ zkP=Yro_AHU|5Tl-XNeLx&4AS)JKe0%kykqJjo^uBqLo9j`=-%aAA4~Q6Q*@f;{fS$ z6B}@JHt2@5^PgVZt&mVv<^MP7u_3I0AK02oAX`Xl_56sxcYXHbCBw^BFz(5fjBkMlyx3|Qkfu6HTX<8~J(@uWBu34|2qA+C1I-pTlT z<1;A1q+Bm&ag7%%yNh&;ak8$jz^=tLZ_AU$f=q1LYo6JU=hhSwKmU&B6i?yJSxKUB zkNLNhcPcdXrez*wdcw0NW^^9-6Cu%_KAV}Geznu$ySD~yw8A%nKUrF#by)VKt%9n4 zg|Jk&qS#dhf748v73HLt(T(1Mz6tdH%a7A?~DHNbQj5tNQxrmUEioAT- zGfII~73Qh8NHu-^-I`*)vHMFpfO;}xq8Oi7fmdo{;hWn<|Jg?mto|rNd!Tiz6q{i5 zz}G~zN8E80E2N0LnmK1u4F~;-q`jb}$OF{gEC>1o&;y=0Pp<+XC$lmhV;*2EecDyk z_sPJN+ihR!@!K}&g}(1ig+Ukn7onwK>y_o`-iCA{JN!P)m5<5Fxl6so7FE+fj3nt| zf%Yr$YW`Y={|d3XYE5OL;M?swW_@L%W5$}JpFG9=!pV37^4>bWyp$t;TE=(QS+N0q zJ)WFMq1r;Y%obZ&Ym$$CuJlY*AEB92UWG6ryT9K2DZKIuajf4ysL{^#VZ2VTuRcZ6 zP7@#R8&=brUg@}yFaJs)XWj*83NX2+0ItS|65U$9qIFMu=B9OoY8Zf(Vc;m7A7%YB7q{G zmf5jpL;~$WB)utTKgZ=J{c^97ZTTB7kZJ=zC4$~$3yO&JZ30tss7~VLe7#Fb&b(XBU>3;Y`XDo> z&w*Fkl2<6;mDz)ju?jfT|B7p>_3!Y+zDyAsa+YI0D=1ZVqfhqnquR=4huIK!@V*hu6U9f!+9bL6G`s-WCpne5@UnSocM3vDTZ|BL zf!Cu0h_Y(%ql_euR5}V{s&*w*FIhe38`Yl-Y8@+H10=<8P9?Zc)9e_CTjRL5{hIah z+#wrib&V>gxg400ANaJmuM(y95e)ODAZ2b8#m;({md|vCGU zfB$?K=H2(Z1hhOjY{pSt?RJvYc20nA=j6nXKlFGmXrQKRYQLZCpU3!X{$}0}FSz%&w;Y6VgsSURp)gLc3{A6?fc$EWB~mT0Hr%65-epJ^QTyru4!%9z1Jot)sh1Kezo-iH^AEKyJ1k3`k>vT7Gk~D|5>PP zP_n0T46dy+n>{;g0fFB6t9aNz;_*2fRr`EwW{RU{^^s$H?1;g{48vp5B~Lm!Dd3MJ zyPhe({`|MkvNqpU9=aw_lX0-JeVQZV#|w_{0>06rtzDA6lS3l2OGoxkTdckT%Q3fx z07%RvfF}?yA6Z-<$mm@;$<-+=_TH-~%e!OUigl1(Jz=VQ^2@-}k*D=*=0_~&So+;$ zrdS!p4>dg7cr~@P{hdm5yl(p>2SJz{W#?;@1q(NmT1E!7#>r}V;{(WI5*5PhxW`(Y z=fBam;@+_?mjMGFNxkc{vdqG~wmIh=nx)$>cgnGWue$UxL%i&!wz|&r;6ozhjeE@O zSLNzb;B3t_=zax#(Ac;Fl1M4yTE>I7zdI)3iu9YG=Y>Xr89bsil_^s<;J}3#A9#1& z8=n!_Y<#uyH6oswK4fTga%|FGHJNzET&&oZzWMndC!;Q}^UecGh!ct@T`P{EVDE_v z9^TE7ih`W3g+!fUw^g)b#HU|HMJfRu+!7o#+bO*XX;~ix_(6yh$q_SzWoE#sLuxO< z%~?LXriqq0E3eE&gX46Ima&ORq0c3xab3+|Ai^d#Xv}6B8vzMf)o2v0`v<4b*_pk@283HuxjPsKbj4W z6JTdQ&!V@fl{rkiJe$5@ ziyUf^w(`Alb{m)f$5 z=D&==33zg}_VmbydPZGltvZT(V&vqay`*@fU;ocn>}Sz#^BUjqiE?o0SKpW#rWmd> z36Z+;{}m4S!qI=32M#gCa<2*$xh?iI!UzS0Kp?E z)kjjBgdlia8nX?M0t3DH3M3F5Y8t*u&GxJTY=AG*64iaD-ck1s_V*<=d?fV!mo3xh z66lv7aP>K-_ZvuBVu7Jpb@d$;S<2Dn$7j4DLvIU0erR|;*M5=n(~$egCVF!$W?wuu z=EuG`G~r5spAGD#E2L`11bi9gfyp|>`NmLLWtz-5Yp~#5JO#?x(=Bg2Mqpd~Rq94; zz03QWiYhG2?u*ncJ<$PY{HEfZWO^=t^OO{q#Ggloje(;+=}DlY>4QEfa%5YGiRICQ zZ5M|!y$|Re6N01;W3pg>DN&+uvk3sJ>^V2~MUDC{aeMb(hCLF&A4bN`Y4R9)#06X} zA|Z#}o+o3i(B=>73skZ`2frJbKONNmSJKodS2wPwqGek8%=n5=p{PeV=$Y1%Cm5v} z_wy*&vC1*-|J$ z6f&k#SV41*z?twRjKcU1Mm^MVvy`xee&&*LBa^iqBOk=a8~p?ef-sFxtxS~%Z3Nzd z=Y7j7G@8^+Rq1aZw@o$p!oM`4R#ea$Y)3}kHKbgjzNG&BWuO~%wTo2ZsH=B@-3 z$wy>Lov_Nc0H@wkd;2(z+UEj1(i%mqR@jO!f>Xn7LBGPa3zj^G9?pZBD8b6f<;*!G z?g=QWrWZNn_sqoKm}F(Xm&0Q)UYE|<7h|FUPC&6`6NKV`dCEdel{^DJBwc1@h^*hr=T{A zuiY9oCW@Q(r7Ub!vSR`QD{zc?LT#Bre~r=Mc4Mnr#8S8@+0YC>Kg8p6L+yms*vurO z&2xTpKW21W0#y}M8?pRp!v`L&u9BRhj}VhjPbt@U*uV}T-XAI|=_lNHvIUko^yh%B z$|X-MRT+8S5_(gcq(REP>-W_TMQ+e_<28X!3Tn-(FZ~d?QUgQoh+RQfFJI~~dRp4G zy57Of?ccrgG$+nhvv&G4SRS&qN_sGzGyCfF`dq~Q&nO%4IiWj^QV)F0R_`#h5Y3pY z9DTNV$3i_`E7-SLstqdt<*T@pe)dH@c52Dfoa{4zcO*D}9Zl2$#-ikCvWyzXikPZL z3?A`V0=&^MSm5%~clId3`Go<~59>SMt5PaFlLgrMbxt%mf0%?^k8*vQ)^B5c9(|11 z`vYk_0DU^intNW<(_hXXp>00RRXCyH#rb(`u<^liczcuD!GoTDqnvirHuu@br}sX4 zh3|`n^u`bNS^cLmfZ28Y9)C6Vpx_I?DPsz8?M>}9fyzJspY|=_`r|EFXTvi)XQxEk zWB_I&2xa6S;pJ6|@^rNk;eGMgK4b!v`^pZPF=&-@pr5U@POYh_?YFbE{=+SMQ&B4| zBV%|S%2oD<=ez{}wo^m-=(e8E$eoYPj9Cv!v-!LF{QmvB_ZBJtK#42^^ z5oaP?RY|SluIW{ZWa}|`#9`ygqWs~?_l;TlUI}04l-j6)my+l&Q%9GCeWYl&GDa=? zmT=(U-^;VolH&L1lutkD1Twg2mE+JogEb~kBC__yAEza8o!jNj?xh=KF_R;fAU1kT z!12eIQX!RHr^$(Pp1*^qz;SXs8j{bo9=92Zboo!$_I%27!b+fX>OcBSi9Tl{;?;d_ z&J_Tu^QUJ3zQ>7?kNWD@YBH0^c`u^X;xj%|U=8)>>9%VMx`6c(b4e^bUwvRw0C;3# zl02!9xCyF*8pIn#oz|C0Mvyz%UrZmnn7{9T9(2+%LR*DibL(@vfT+TB%BYlR^SD`t znCL`cA`CB|CH^JAdlCzSc`U38J*@bWwrZ0#^!7+aFJjxiJTc#$)&1SGusWavI`2eK zLV%7)eK01~C7VzG=}v-i@ouKmRlCMy>Udv@87acvze0CXC^Nw%L-9KnF4hO}j-i0% zOno zKchJ=ECainc_Z$u+Wq{mC9~Kh)0Wz1VQE_zmw}U+!w;yuUF(^YmzPaw55!v>{Xz^V zsh~Qx;NFqBwXY)bcNuDuMJD@-CkhkjGnpd~il-{RC~U#^#nJLEEkjJj#cFPE%BfP3 zEp=FD#aHP6?&5vCON-?0qWMvbhZq0mbU$jCidOVP^dtOwrG$-zPX(K+Z_dBFH?zY} z&Z`f%_20SPcK){vK!9^<0dxIbVQ<}Cu}Spg0kM&jjrXRgJhfw{7^@Z{5q9$Qg|oSL z)b9%_8LBUW=Bb$+r0+jy=%wolPYmQ4EiuOjx+|df#Vtnn#o1U@yO6gSVueDiY!s64@K~ty^9__N z4OyTyb9lEjJs#iDpB|;hG1~cwT#uSQ)#y#I6kV=Ioa+>bX4m*X90F)CvBq~9f^~ue zG%QFpQ}=B%1_ln%R}M0B z>w;zFQr^jI;Go{0t>2QS8x4_V6IZG8!c$3Fxo^kG>8%QNC^HogDZlg3w55m5BCA1m zhM&h5=@DjUVqUEwT_ zmpJ?N?OIYrp~1tClvT&mX;JieUnHAcFfhq)1bc!fxm3jW%xY252W~5mRF2M8Owf;z zK*eYb#Qk0L_FYCLkdBRvIo5ye)Ag-)Ogyd_VFfNJW|;|>VQgaJY)Ob_;w%-~`cXHq z&RH|I*gEz`74J>wMWjsJ)rrhcQ;DM!Qju%r&8=|jsD|3D$pMw(EQf3GzonE^gI+~S zi$*1XKAWqfZ?So?D`zN|n?L-+MmGyR0n4Lo8ky3S(t-b=FYTIqZTKLve?}7h^>rOn zag)|!PJ<8GV>D~m7@pd7MFJgSGErgzM188)`n=)8hvji!Bi2YLP=;r}y2@gW83Iu1 zeYGz5c#K3BC+on@yMJ%AM#76Bc~ZM+AhQ#w>wU<%va;frj`eq1FNUI+G=c;6D^c3m znzaxl;A33EOyeeuoc=BD+a$#>8u2N&CNxO-u31T(#A zhOTW}?t&8Le7&nLFDESqBG};EMj;B#&;RCD7OJEqyMS7kdBHO|*X|!L_KKbtX?pC2 z7)TTsZ|i>~(5ai;Z0>SRp(d+)W$^$nJ`Cn}^!F9VN$y&%cAK!IXy*_K3D7$LKv6#z z2|$r}HxfHmpT?59pUyk*7{!zK=lY2iVnE;Mp5V`8MUyp4wFRw@olP&08xtiz``rQD zzcAX6QIE5~cfBF9k7{=$ygW?4>4&A1l(4VXjji|%aF{iDd?Lx%yc%!6xyq4J#n8F` zdz}dP8?P?TSlCFZFkz9FZeubOH=TpIM9jEv?YJ-Yt@ZA-x9W_c$CghluGFt_sq=ln z-t_$bDF^`M+m2OL0+vNKMprAGY&^HnM0he~;EF~%>D!T^n3w+NS#ilB^Eijkj}4JX zaKD51W8UC@w`c1Tr94y(oUNa<7f0*zz}Xu4p#Zcci&7BCCjz!VVnXa{JhU?N&O}o% zR-4d4O?sy3%~JJ$?hHrLF3IJorK`m3{r8mJ-Z)l;sG)YpgNv=bS&3&BJ$rg*7Mc5$ zmpg`K30rt>`4Il5;L)UnEJxKg`wdK9jUAc-+PE{BDWN+4h!v_!kWT$&;-L2U_!x1p zq$l9H3DIdfiJ6~gt-o0XlNU^IjWl0hnxJ49=BVXN-l`Y={uHXt8@V3uKhX74Cveynf>x1 z@)tgE^27o@m{0eXu?60Nu6m|;SJKBT$V9Q%z#K3*-C40CD5@!s zNp5`qixpJ$?VGmO4u?p6^3Yc0WjQfhZTZgQwo@mN1^s}pX`xXbwZe>E+eLK}v6E2Q z;jhQ3d;HEeL0PcX68C9tkyGEs?Zx5Dg;h!(TzS;a)0u}wERT+VBXsBg5o+?aNSAQL z1HFd(JL~F~SwfS*W5Eq~uORZxd$wNUo*IUORT2r=WF{} zzQ0PgF0h!bQFN2o&d?HJyZI2*bJer;=%{I9ex%1^u4>n#Ui}|*bMMg2{NkONMdohG z25zP)5FEPZUC+}L;2ldd)Vmr523|C`lxW(3?DqRE60c3!f%!DQ@4&nE448v7=K54p zS!@CY)@y5lyXuc~{}Bt3WD&E|8+uDuaV%WV%d2=8ojqHU{&gMR_J$im$e>_LwqK3} zC;RWU&O2lM#ZPSX^lBYv>rhFB69+Y)J`u4Vy3fsES*LZTh430(|7IuO&w8j%JB`lU zqLM5sCRP*rl9qvJeppEiI_4KDgZ}W4x_}xrxQ4)DuT|K}K#ttp^Q>0UweG8F>DDtI z3Pr1R`sZsnmZy7%4}oSG`5QHjN_suGZgs<(Z6iIc z_+Tw#C3M5GZI;FMkDlg00PZJ^cB5yw(c`OT+-Wm<+Q0bFyzy8Qv7J}EL&0BPi^8%V z?QJ>K{*CUkHr{CK@SSU#p=rNrW?r#Q_Z;0S1Wa;P*+~(Vb(5a`B;k=g^kT`hzkDrX zIsu~}XE7?`B%KGm;2%(RQ^btu63C158;X*RE6x(imdUUdIUUaPKyBct)uc(qxIAbH z`N2xvxFZ`ah1$I=Q1h|@tNMGfv9)+>g6;rgLWIQ=Z4a)#{8;gy+4j6tTTx{tl&w2a z;Z%}UY}6x{Gem2>Mr)?bcj>*d`lcl9M%}FEY=&h9l2SaU)`qY>H8-pEL4vWZUbBAZ z=$so?nX}PhiSEVmr!~~S$34e$OX_BiT6226UCxTmO=50A4f(@~y2>RlVqTH4qZ(qI z$zP3j8ix#;l}+}$YF|^gXOw|q$2ZHCp{397TEMhV7s`pmb|(1hFjE!xlz^x@&1b}9 z*Y0;B1f;|Q9>+O!6gDr6*eY}Pr;;eWWJu1e$8yi2J93B>g!rgmx}rNqNa{^poFzi| zY8}k{S<=#N=v*pk{VYh0D*`SR$!ACkm{lyD%#>tbJ%y-qqyXB+z5Oh&N=KR9eEeot zv{^37*9Cqmo<>X-Mi3NpT-EMU2@fs|3|zHvuOsm~snJ-s(F_Z1GW8BoCcQ^|m#i6` zW99d4`06^c4ZCxwg#*I8VHQHlCDUJsTk5$l6iVxM1P9g+C);I~YAn@r4K+pI4jnqz z1*ST5=xGA07~e6SRehT_7RgyuiOkS`9}q2x2Yuy*y8`_k_`04Km&9k+CBV4n%IzS` zNNKv_3&nhfSDHGqZG3=c>$70*#z^^d6xpni1(R<{AOO5ARZohfnvvZQZ`QNfMQF3S z7aNQ5X+c#4@yC$Sf=)$Rw1DVYF*XsLZU}F0hLq3Gc-=|pJoL*S*howFBN-YTZ{LV2 zrkbg&KbEHUfGxM5dd?W|4mF8yeRFDx;-OKe|3&hh_=dLFsb<}dG{U@{+23ErmoRUq z7QUrEIe%(H%R>HiY)4;#nzrgNNMf@8GD1Z=iT^COF8hxM_OE3@TZx{&V`a6;lb9?- zt=~7k;9jyymd8Q_$hw*qrUmjxg71n$R7k(rzpLRS4Y0#gCwLDw8tLbj81(c$X0i zziD7-;$5ZmP35o($RP4jmW}4lB&NykhniZt*J=IB!W`#y-A8rJR$&(Tl>_UNtwH~` ziiW3+!1Jfjy(_C?25&Rp!gDU~!q~i=RC4FmIl{|O4e8wxDFHVBi*nH%Dbg74)X~zd zB7C_k6R8b5D%jBQ%)bZZ!Iw+%IXl7+4ED-$@UOVkC2@eKB#4d42xNNfE5`PC9p+VT z=#(8s+=dc>7G(~%5_1WymjpF8%ewKwq?iOU6A`sqK-`62GI{1J{Q92k*A1?raKDkG zo{N{9Dsyv>MVSO_-%0Qas|Zi%_f8km>`dkrr+;@)p(U>(V@zvFsS6f9 zy8%^kaL8O{z0k0J)$?iUT=Et_MMP2(eo<|7dq_pLYyPKhDnKdF>LBDGJqu{z8By|? zDe3#-!$zVFQ8~+oRRM<|-HOz&?$W$w+9D290x-q_kZ|ED`6xxYZ6s-De7m=@vtcxM z>usI&5?y*~XO<&~8#J9bzIZ1>O*0;MpbCNuIfash+TpQ_=1wLPI}5PJ2;t{-js+(Z zBLp+S16f|&v1K8w+)UJ_Zw!#Tf842^mykf4@tG zMfq94u8!NP*=KLwY&lVpHf$Y21^D5ojhr^u(l$A^^&Y(JLBkzp77U`j4Dp zu{pvznaUY(5%9(@m1bZE^*v zZAa3+*2*6B$7(!nk4zl+3D?&dDZS6OqM0}xJ9{|j_fe*z4_~VK><>{qFTw zQ~yOnJA1oCZ%iHi55=97%Xjl!6Sx9p1#H?2PB;5`Prr8z*PW=M#M}-1w0B z9))_CNoQ<+tVNx3V&Bk~ie|e1tQ+D`uuOx%g_`T(b*5R*fiCss1~u8{M&r$O2S_5B z%o8yiI*@VuPScZ{%sV>;P|OnxS{5w+VH?nN*mWPRktfav*W`ifMW1IhQku5ur@Hkg z5Yv=;q8Azyou-e^B|3k~S2ou4V3aXNIhk!KH1ozEq%)fyEyapB$SegpVm!eQnJJ5hWFcxl} ziXC1qJhL*@_lR{!iSG>&V902!xboqVCsrV=D9xRCzFN34Fro7ZxD{1AT84sLE=Q88 zcJ_SWlyq6Vk*g3DD>GzEdkljObFcDIL=VcyUY7YjCW?VH!}cARz)L*ky=GR_Yc@3R z*_h6Wk%eF)@0pvRPKAsdrqi__zBxZSC{{RZ6qei>VvM?k3SeJKNqM7+#uIWLp)$sg z_cEluV~eS|#uySSd-~cN`%E1c*4qx-nv^>yaOeI^nECx6JE73(#qTgxMW&CmG>o!VA7WnB{U-q^g7wR3Z z!MM$kUMclv__;{h8ofG34U^x@ki%0}Wv99I9fwqZHHuLWE5&7qc1|ofg4sICQy0d% z|9){CS_kHFtz&@u0}Nl~unWt5PsC)CV`Ubhp*?EI8*UYwIshP{7a+zLKjFlc!(3VH zp4_Md+|aT17@xSMiN9s%ja2+0-hQS6RigYHNQuM`Qcw51 zr*-hY>B$9rg+2HSF5|RK{=~Q?b#-#Yw5_l3lomM?g%SHt~hOxnmAD!{Mb=eQLp%;;0GG*Qj#Z6bl-C8rGf>0Vp=$-g@sM`7F)|8>yv=cif-dF@>KYs8X zHae(HDsU=D=fDS>uVF4fH0NmrjM|*_WTpx7cws;Uw&-j#_>DXjiO>!V>!0CTAvI?qH7{ebGsX%of5 zY1Fn@Cf8DgBlxlK3@U03fxcD3cM(wk4X7g7jyKRfa9~3S&*uj7foGX;SA-{VhjhYy zH)NJRU}C?%-M^nuCE~Dm3hs$$D;UZSb4|@&sKr%^k30xgUIw(1)~aW8e3-E$>fR0N z1rnj5vyfYm?~F|(X0MHM$c>FsLY1RCqIqacc?{HG;#Mwq`>Eu$fIFX(jdO^7b`$bt z^H0<-jhjm1t0N(Fu-Q}te^Eu*U*r19s=~xstR9e0NB(jg(MdpBFaflb{IbV^V8DL0 z9%o4HL8ngqjrc+HgAwucY@nn^#?`H(f-X zdbrEF3KtU(dd_+p&2|gEkovP@RkI;&ayt9P9O(LZ&)rlK7D%o<0*=&&g(n9?SDsI^ zOi;4TXZd}9nJUrrM&uqEyL9b zyTz)i%y!7@E9lkTr^UdKWYo81h-gV?`Ez1VrZj4Erxua#ZaZ-D-UFbTXse#fE@wRH z23*?$?1T%6!;b_qLJ7>x#5z?_JX<^$x&#no#__&8<8~dI#be})p>CGq!*7Q9FEQh8jU zA3UOmjIMoHk?2__H+(U4u}Qbre&{XuXD!Lh6Idapjzd3GU<)qGAz6dDiCP+ZQDeq3 zs;FYcC+#o@B#sKI$|ym3MFVcMMA7XI3&?l*x(JPwRi&CA)m?L6nQq~>4*3TDEY*qc zRTFPC4;+yWt#0Ekf0>EyA^8RGd3>{|8Mh03d3TPnb9L&zZ@owUt-{o;F;T;s;pZ<( zwq4#eN>sd0>@Z=ufnM?-=<9*XZgJlMT-5DU72pAH3HiI{IPF#?uVUpud)co{lFcAc z9~*xG0p1Tg2Cgp3SxX8fYHsc-mbv4HOIt;>JV+ftKk$XnxasDaRITupS{aBew zYz0r*(tf3c*&Y(jQCp>8OAk|xXPw+i zC}%z?!xPVM0cHzr7yv>SwiO!jycE#{bKA;XP{;p8Y1_06DKwsq@Vj?>d{$y-%fIB7 zf)Sop`%fFfw~R+7L{UIFRsS;)#Ph*`dT=E8i;f@YY|PBdEXekJXrX5`H;S0{BJpq0 zfUR&A@kGEVL!?F%^=h4WT?@+{yox1 zl5XFxb!RCM+s8P?>)`C1QmqJAV`3E8AhFI9xEA=F5=aTw?2A_qYH=**PL(idcM8qD z7i64$1`rdG65ZU~8vOb}h357&(?K>&?(1;`fLQjA&KE(m3#+Y)!1T;Oqw!{^l`=$K z(I7D7`SQVkTbLl-EKBX1;8UkaAOquqp zazwI=h;yOyaAve1VJ+kOR}69z-V`zo%N(1%^?B4R9P4r}Bf| zvvSe>hV6Vp*uA0MsMF?(NVU~xEGpWB5O17@uni(di;YqO?=bRP4|2}hOhPdWtd)cjgbn^DmQ z$hf@}=LA3(QP5aBVa|99yfWSu6HgxFjV4|CsBGK(5b)U^3dT4+qO)g(#Cww109s48 zQ_#W#2Apjd(Fs|62?}@WwgN_<0%QETwnMglkzzWIk~UF)l8+C#K^0eZ!^`T=H1N=; zNBLiA6JGr5P2<}uey0h{wW&;I!6yV{EH%s@%pDV?i16+`Z*nPeWbgwp`9nRe1P=Bj|eE6vMRl?UN;1}+|8ow7pi1jKKmu+{RF*nU0rFL(Is7K-}<=J z+d$)vrl2x*2O4m|B=kkxD9D9=&rZfW)#;Q;SE!qKS==y+VAd4{(x^V^GmqI=w-}nkCDLiN9+qp z717n=D}EK~LD8~o#Ejjz;=6OyCYe;4uU>D=<<9uI)K3@~x%fo&@kxq0lrQ(NrpLgL z6P-OHqi&+d3|L=9Bnw;ID+%h-m0t%=+GB4md7tc5tibWRl``$Hd% za?&=Qg}^i;V7csXo)S2d_*C?Ke~|Mo0F2PoUVH`nEcImlqkQ&h;rKLdyq+{rzq#J1k!E=xA`~J`QaOT5v zU0%;Hd*AiTwbqSLog>Hf-$P#$TZ0}JRx3=7b`W%Lgz!YldYGuF1eWG|%i~s}1(Jz< zp<5xVwWgTM9sRNJ@Z;Dozi!0y73K9yl{`#Dk9}vrC}oyKiPBnIOW4pD^=&!qSdTp! z-%?LRZJ-P{`2?wHyCrt01=QKC?1$*^(_L)xO)9?#lFGMo?ysLLfZ!sYPxD452Z_}! zrEC$IW5qDhTAP|QVOagq>@O>;WpxA7auZs^2I(PXjZ56hihOLs+r{@MXm;Gco zFMfM+YU%b84RAbM?9E7jJZcc=eCS8)4ldFR7G=9> zJLxP(Qd0O~w>GIfGbxSb%=$)(%n6L&PhoTX~GR!V(*2nQxfu+=fXiS8G`O2msz&>&id|<8Rk4wB%Hc$lgk#=W( zxjRoBjJf(2?q=Rp5oYt1%c5#?5Bw;-P&2Bh@U%vHY8_9z#5YT}B26Z^SG_0RfW1z0 zOq*dSZ~Mt}S>t!cHb-+&-N`n}N`c08n6#|1xsYiw zO$I1Gs46OousE*f-F&}Az}@t221Fy>b?s;0fhSR$oa^(r3E;M&DQ?Qwh=*kAhy$sL z2cCI8F8+2pt!XglP$6{o zPpKSc9y?bMyp4;$%W2e85K0wwX&C>y^^w{&1n@0I+GfR#2KBOrTZLx| zRg^4K{o&2Eh=LMlI}8#%Y|qv@IWodbK|!Hu{N8y5&&0O2w4%UtmSb{o7WpyPT4*Z=;|1q#NUsW*FFf%9Y}7DhiUk5meFW%e($>R)XLZnIQtlf!CfP%W(3 zz%^?R`Pl)SOf&78y$0SkSV`$aO!?#~y~*?PrY5}SoNbG!;9r*PVQRt%Zpk`Tf{Y?k z@0~=lw=`~=7uxLaG|D|2_$sPPhtqO(rCueEh)sVzTylsXt!vxBGD<`Yyo-;JD|D5+ z49XJG09(Ibd6Ng!WstFleYS5><{pPhfy1x`w01Ye$0xOrVROr|TN8u=rLjr(9jgN# zY$X2_qhI!G5bk>Sj_x?_hvVOf$CErItqJj$KVt*`=n9UdR=^Bj##FfZv9;gk)QYcA zz4a}sTi&1nK2LJzh|8Z_1i-8|Q%ZQ+s6nX}`)D83Gx}&YSyHLe!IjK1jVAT3iUd5Q zW`>1I1lGPUW0Gn{k*gRZ=~%0q*e#YphWP6OR?jbPut#VJHDI?rbSgg7_)jQ5)llgd z)_Ep1rD;*9&RAvp*VWCbQS!A703e=w?4GjhvyS#b=5p(<69?~Lz%vPhLEf)&7!w1c zk|M+Yu5mPBDEGidGG7kvHoaMGo;&v4eRy>&4K>OZ_BIS#dxqizu4L={Jltj-M&kvu zNN-~&kmVrz+A+EMq6V3l(czm!o&ueHsCTk;`I1tJe!wa75#iZNZK&Q{^cqxx+HD-;BtZEsx)w;q_fROm#As^X# z6#Us(9N%JxS`~k_bdjW3RD^+^IN$vgtYM#ix?$mswYO2L$yOI%;DANdioB2JTSWqdc`^&5( z{khmvIzqy54?l5!iE94<3;RkMv;FM~wSC$|y@*M6p9Edy9K4m0$&^MbH zJ0H>Iiornjc`X4cp#!b_#EasQ`4^7x95QC0c|Y)J&eV(>hl{b*?@JqT=x!U{8U{|R zi;P)Wo>6@tUkN5Dm{mYR+Q8vlj7p~%U6Ik(!K_6dQ1=PW7h8PT0F|1KX>H-pdnIBO z;zmdCF;^?_Azd7R0r?SmK9Bl@8QK8hC&vS>Eq?ARj8(57=T)R#8$nvf zjXQTVj_l=EsdZ*tLgT5QZ%Lj%iyRV{9=jCFnSL=_JDOj9 z7u0^Ha6a6PIUC&9PM)AEe74+Kma=;nY8}M96EaKpk6AKmv7iLCo0s1Z znmYFZKnfgoYWftS4|p1S5h}t7BRw_m+K3(qHE0b?Yeb%;APeYQ0EEn`tWx|khJZEZ z(qSlA4*TlSIm0J`mqW7HVr)gdx#u!>qAQKC8rO^LoOr(y`r9FDl5`v{*UekkRQF@z zD=i%!rx*nGX&)I3D0J%S8KU(FQgP|?Cz229Ayp)>TPkW#!nv?=I%&_IrCsBk?AlIl z{pV7sH5||NGbZ-SaV}Q5b5$(~04snchJndjIE239>O$zcAtyZKkJyFF-Ajg==z(@Ybp`)i;Rla&-Ot9vA%C?85y~$Pi z{4I65hDtTdz9=zU8+v`u)saT;1O0^Jr)FR|KOG8G4sAG>6i>gXg`PaAWTKMX4$|Nz zNZq=u*oYmE6)F(?{*lDfBkhoQGkZDVh*^O`OxF-)qUOQ6ra%15zT;cO!7pYE1CQ;+ zBc-Db<%;tO+QyNJdNJXKx#e5Vs(zlZpL3e0zjVeH?FOq03x)`V?U~kcyV;ct_*tb4 zfD7f+3E}FDZW3YdJoPt3$o#VDAX517^R??)*Vc%!-=(1_FxtKa6QkZB z3W%D_utU94+RzZI3bVF7ny*X~Y|tXe;1=`DKk~+M-m&z1`uEC57|U-<2UxKr(INQT z<1w)8xs9=0yyVh!w@pGaeTUr2#kReCzFC~Nj;N|ckB*5-OiCM4$O|M0*-T9gJCs(J z^w)1&I>>+Zt^)m{`eCX@{(F92?ACH@AUeDASHE^bTZ91GYWlryu~gX(-(trt$lD99 zk2b|Q@g(MQR>apqq88e9ce0{LRyc{`Vm@%ZT>QxUP1MZfgo5X4;{x-L+>Hv+AqEhf zix`&Bk000D85lN?I^oHqh$RqX(W-sDBjz9BMlIAr-s^;XAfIi;NH8Z;-z zKUKidP>Oa}vn?GH0JNy-gN51(wMsfM5q%jp ztofa%euScU5rnAG#qR2WKkG{LG7koOd!|-c3v3F3#}a}`40s4NSekew(@Z^X$pnxV z)nudKwDfiR3Xn!H6HaR;$XbQPCd6-vl!?o#Lw--Leh*~zYs4K>t{K$zrEfAIF8c(c zoyc$v0c$pbR>dLL#wz#YsSSQyPw6n2P$}wY0#4#&gz*r@;koefnCn)26&C#XI80d$&J~d)7&%F5E9x@DQ@&_*F(uS zTZ47^TQV}AScb%a#Hm8UoO_;ZjIBVU!yoc!ST??Ud@@@_R; zy$>n?=j1%^Onv4Jeu!)q71PU?nxV`-zps&*FRed%v76)=2bg|w$!qb+fG5#EE~S5D z?r!OoG@{Ztz~UNEyOd9qYk(2OGf(g~aY~MP|3U+g)VliEJDoNRK)Zg#XKvi?e@?)A zH>x*-5fmQ53a*9k2zbnqk>3K|kW?cgJj5B2kBoXzoBgtZo#gf=yr=4qcbDRHLvOz0 zO^S+_Dv_cxXqEwqTsS`U(|VF_GG@)E1YwlejUr3BMUN|~X}BU-JkeEiZ%g8ZSUlc|3y2Berxebm3q_{s*hN?6oF#K;f$ zY^)DEHt%W@6$H38eEf!I{tLnShCc!tynUQVeF?m9_SDo=uXnmw)D0*i2{d1Sn~&cz z00Jsq<@Cv>lssLo=RBA5N$wtK`mao#UWFcq?x6Sy$oPft^*P~D_S>bVigj#q!5aIU zj`+Q2z!SApL9qNG#<5hSmnqZNXKW`J6s3M^X#c8mG_bypLg8NRs8 z4V2FTtj9J#;{nR_;%41$=G6)Kn>puzGlfa#zf8T$xmx{+fRmDXyuW{`Zf${6?d(5X zl{>zUyO9rbdYW5)5j0q7NOB*1&(TQna9{gVx>-1Gc7Eysn}Ns~0OeMiwv!Ez7ojgR z75m$)ik;r+1giB#emW z@ciE0O}B7TZ|N%=Y{~2?MZ?6?&O?S5Evo3*t;7Zh-Df$Ce_F(K(5 z&9z$v`Bs9hze5<#r!(x#=BzUj&vAs4CG?#ZmT2jV2;1?^0TY*~++5~VTj;C3@#7TB zUyIx9&=1v4>RswGf%wX~vmSPEH*AjW^9$|dFOS?I^W)d`8ib+O!Lcsfk_o=inGZ(G zdn!DVkg8cTszw1$+*m@T4h@-U*E)ab>O}d|{Wo*xkM|D_mi`QwumTW?hhINv-Ik#W z3+Mn)|V3OVhVx z{Mn`1{~{Q^owQ>sY^|miiG#sA;qgu%GGC#)Geh;HmLZG~M1@w7QRB%=0?UU(wIJ)& zs<;KoW0ihu6*v$x7OqP@J9*vuY%z>PK0WDE9=!PQcVUJz`)*MB5CU2I5y_aC}lC&_jzDC;Pwm27dkdZHx2Nq%=q6 zNqm`)Hh>j*wWqclFo>1FbydI8nnc&K2$nKhX4q2!d#k7PSK*%nv%j&o&3vl|R4goV z&PkgvGTGn)mGGqO(X2d}W+=aPdUfwksmZcu(H5T*8}f%9b>@8_Lj-*0XUz2)K0ZE} zv8#J@Ts8D~2#@Bq+cOw0mL7U?f~dbr7)lVN{)$iyD46!@6G4xo2ey-hH#1>RkDdxV zaK89K;r8tXNzYmM?VflINzAGhuOJh@IH!uR!-OT8lY>K?=(4zkSC)h z7Gj(_w+VUw7?zyBPx^G!AX-iyMhJ*G!}}$y??saK#2R!Ifz7+Ou@r1ezDUSexF)4> zf@pQQH~2OtmPU~`IUSxF`8D|Bs^A&(sLiNmlb>_s+k%59!%8-3;Z;#)T%laWfPP^51=YoV(a!d>ew@JOk zH~vE&Q{7kMU-ao2`|KZYhY^iAo;(UP*6N9nq^8-A#q|s$4Fm!>B)x+#t%$Dy3BOCw z{cvK@>M|iAcFfi;^r{8agMdSe+!Nyl^h8oOd{R!f+o~vFmB8kVeRAShA59>S4>spr zJ=HVYIJjmP8lQLnmZb|!82KHI;KqrwX(r9!Gfr=h?1>dAvw+GDyX%n8^{?*_kw?=s zXJj(oN_)ghx&F#v&H;TAgSg9k9kef)+rNE#e_i!5|E29)5OqNPz+RmM>mnI+-vq`e zmD_Qj_>&i|odl#^0Cx~Uk^oAoaj3^n8KEDxFy*Mbsp69$O!=9ACOA`z$Mjl;?Xh8n z2;*7q3eJ-HujDSLBCbGk@e9AS*~3(7@}XA^H*aG5^cw{(XXlf@v}@FRCy?D>3Ak8Z zfKiex`wWsH97H7VV34t(g>jEZJm!G~)i5q4_r=6jvS1jTHSlEIhY;o|JivKV_5%!} z6^PsxvjH9-krD4U5r`K?9=?xOjzev^LqAkbUexmt$kT#(d;Rt;&0Qn`FV}Y%J`{_< zT>iETa}Z~|z6I0(0Ovjq7}&|E*zU!s*aDxu;juATEhOXJ6RDPfxda1&EM1l+!=@?h_mHMITe;vDL3;$76*mgUft`udu4+_=8argX88vs zX+`5pBf!qGxDN=}xFQ&(3#czs8eHk8oT!qYKlXFrsg`RaTsmFo#%_R8g zdUvzDGcI#MFhYGXe(P*-(X~Gwc^d3BgBl4r&Aj=wbl)8vXpu>R=lL;yW_uJpS+a8`8V->jk1>UHh*~x<0$2tG7hh}M? zWZuyjLNcU7h`60plywKQ0cGlD65XlS(o}GoIk>LVxY2)im2kap9`3at^Tp-YclW^TeM*HP?2knt z^Lb7G@(O3)AW0&|G(b5j0tyLKUsmOYelNy>O+q z9{rr^*S#L)rs20fco3ly%gMS0&SL9N3?gdB5BUtFeb;Pd3~c3z6P1IQPP0*NC#=cL`+vknpVOC)8I5{kO#-(kKhvki%soYA3cPi zpxgi>%I;I|i~r(1yb)v*1L|NGG_S!Ln?Jg?MR@<~KG-TiO$GA=Y~M*xemrmq!-t3$ zVv5V%9Cnz&84c|R+FgB8#H1vD-pPDRjZ0tw?Gj*wVii?%1~k~f>odIt?{k5(KHyl5 z3l%PU>;UFufIS@q5dcee1J@}Bo7Yd{guQcFy(S+y*vUgC_j=)#U~+OC=tqSygFFMR zEd-e_fmixsX8WYXU$YKA(y^H)#43vqY7ypTcVnJE&{LfT+XC5!LA>43Lb`k@Ba@4q zo{*y=cWvigxlG9}XyGTX90i_4O+hFg^s^QylHd&5LT_tW)VOFRqwGtB6By7Z5wu}T zbXmIRd+=3){4>fK6!ZhsEwkSx)k^SI>Mu+)1)}+pA9CKzfwn9^F%R^LG&o)67l@bo z9836_q-ULIOa(51Y+56R3JTQ>aESBw>WBqXdYHK*?#_V!iU~hGOsw3g?CyJ^F+xea zSDA#-8d1H;4*>6G1|K3N!oA%X(Av>;hzEt2#Ww)YY5SY(`oEuh8Y*oXAh<~l{L|Jg zXf1h%(>?RU*%d}(V2QMc9eBAdQmIlWW+6r{OOoqAi?iH@$gcYtfy~;y39?tU{CMK}5Op=oI-;M3fz4483A4>*0oD_N`vN48;xKqkdP4 z-#VDg7oSwRhqFdS%P3rxA$w0uYe9nb`?{NJ1uYa&72dJUNn#yUoe#RaI z258Q6@zWFEhJk&r+1>Zj3DH;&8U)2*wF{wi=8kFnZF*n#=(DW9I77u-8Ah-SQG$DR zxmhsCpE-*j4|(Pu0%ZVJ%Uu)cVn%MpcsP~-{R-?y_cVh?T2k=>ZNTsLxtnF35i-V6 zt`Tw>5(|JHE{GpM&#ueq^^*{H>85?V?kg3rqbbf& z3@EMxOeg5PzK~FdNG(!gcN6GID5bh-?Uxt3(_zK^ZBgR|c>RC0JN)sH&s;Pw1V!&T zzr&fpbt#z>BAHwOUzre$S@;L+j_UpNkk(kXA+l)v{U)HDTbGUobuzGMt@b6M7<@p= zYFhtT%GderUEg6>*c1clcUzRngPys7GA8P&Oso3Sr4TFDLGLd_tM6OaGR=IHJJeEN z(p#^tl)#c%%9?FU{fy8>7ZRnFz0GgvEb)_lhp@C;Bja)eDS6l$mE-sLd!5A0wKl5x zXDw$7oGZR_U#|*}ueAWBC%`qt0>|;H0fdU8AIN3A4HyJX^Sz)&kBy468>}fH&p{5l zs_rn0B6`U|4kS3_Xm$d^*878G?o4bkHdi{+rL3a*ZQwyz2xZpSjzNJ^GI&Wu#pbF2hPu7W`VqbAM7PPT&;XtK63e zitP&?b=#sYHjK{g;=9RQ^3@*a@>IXbuh5FQXTWF1`J3uiYv#JzNf_+$->)LJyQ84& z$}2syzT=h#;8p>ciQVz?doo1e+mpl3lNS4Z)lwRW=9Gd0n$(ovqPCedD?V!nL&Mb+ z9!D#pkAjRVL`h1Uv>iX>^3$_Ha$K1`7V4~bs5+HoWIo$C*$cI)Qy3o$ndT=Iq$g0Z zaXUJCUWOQN(3u}~;&8fgjS06&?k77f)|YGwUzOv>PnTi9DIw$470dkXH;=kS`<)Z} z{3U(>QyV+grc3uIM_>P+X_1S8h;pCd&j>I_v=NO9By;NmsTH-IqpD-}f$(s$lnhaX ztO7{WrJJ8$>WCKVNpo$#t(uhIA9%Evuf}dl;TzXC8MsHE*{j?olxNq(_wa?FIuzy) zn(Vz3>Cl(203B{%8$F&JJ6~xeekb!LCy)uTwRNNtSu7%u`JS4Z!lS2dY!m8?PwC^1 z9dk6U^}RY%AN2}Xevy@F4@33t+(a; zj~+}iA>M>ml^{+s@him`cF~SfyHc*<(v?uLlX3pfErB~P4txo%;Tslo@gkGP0f_C$ z6~6M+3`Jh)oM-$5doZ!kke2|z46q={if;ecjbZUX9yWbUbBjz+bvjI@;Hc&BY-&1;{74g@+BLt7*tP(=#5 zdwQDBfx>*5}qL>u7|oP=24aW(T>Fo zlf4x0?WU5pL10TqxG*|DC(<@%u>tmDn*(J)c5`;a;<1V~VQ&|KA?*}5Uz!XAJ?8+a z3=U?t6##v3_W3Pr>)@DV`+K|PP25XKezf}vMTJ*^On_aA-{?zse`@V6EBQ=5oHJ`Slr-O7hc63)n2uxHOEoR`|P&Kv_z{0RUb2ilag&g zTvFmtS-B#UiRS?wmircY{fH4Ba&UBm)Yu!wGE9%NG z#FNo{7m_0_sd8P;eGM{iew56kVMo2%7lkW~v|ytUfB#KWwmf#M!V@EC=6*L}lQUkx zPqn#Af4a`6Xy*RPaSa8i|L$!K@V5zmdJlYqll|cHkm$A`H44U43j$b#>ayiaPrYto z{TBM#RIA{S%o(!&6-$SH$-G}Lt>zB-095bmUCPBQYDi}Ntwlg>XPTn!jZC{*d{P|% zKdUIHd5n|w0U6!V`W6j@{DfMd_`cfNAFp*89nRUUzC-dQ(W$7uZ=$_+h2*R~iXW-b~UU#$T zqBQd7)-+%_nlfiwiU67HW?DN9&{J_d%#U?qN@-Vma~T?>qVV46;)QD-Fn4X%8sWW) zE0zi7QshYhvZ4ZgzcwJs$V52n$J*k$L|d$Gdt6p=Zpnv(8R)Yuq}@^Wm{%e}JGNad^P3)bgu^=*uK`G0 z^UTDZ=>LM^ZopnMiB%i?75r3z+0ZK~;7ELjmh3zs=H);9CM1bWlC!!Z_xb;X+{t-o zA51bvJDA=R>Wc)uupyB5bt(PEEFmKvg9rQn|KRAMC#+u?Kz?!wm&*QLz{`$I62#7J zIM~K$U0WiA$P>WrjLm#csHhyKgJ3Po&d2D6!^{Q(rTD zY^cFMILH64{1G1Ho3^P!b%Mf`^tmDVI48e)3Ned3f{Dnr%e)cO*Dd;kO=I}vfs*r< zE@Q=->?#er=!&_1JqZ1Y09N1DbM+56YDrt_=KAZxHD-oE)qQ~A2rhxFc@S7=Ea+sW zHFXzcgN|yoqBF-p##n}pHzG|Sb5SyYiZmrY$+=<{sTecA*EO=l6Rv8ftWe{D+y|TBWK~HcXOUb#2HV!^ z11aS_W6&uCGwy`&4DYqps}wOw+q?=<6Q$UrX{^QMTK`1w{rN>g%-+A42!ORKa;kJ! zQFE*iGAJb_fkjWv@In49RTOiF7Rm8DrziE?>%w{1TgVF#UPfHkh$xceeAx617YGPa zzB@$fJ@+rfWqwrGG3~2vSU3bxBiLv4Cq)nu5w*=ZYZ`dx`H7+{MlDYPm<+@hP>2`E zT7I`Ek#v8FxDO^sX00X%8{?z`5woIenhQ$u^4e9`JnZd@>YVKC;zC1-*&p_b96;pJ z!kgKvYU8znT`ToCSS7p1m?Ptj8{b$`8LcJql7e0gjiKl88_LEVC%EXN6&g*Q{hF)N z^>hAvPl6!22~VaL^zJMj)sh`bOFkJv?uj&tG3B~{qgtxI9qIU+h1K)AItoSK)nJ||tf@{@LKk68B z1|v}MKcYppTNS^Pf9nAR$CXNyO>{}yJzhxW^B|B_K4|Z1tnvpaGHx<$7MX-_xStiM zyRvJg(qT=}K%5scXSRV>i{h_THHSRngGkZXS59{bMT0)b%Ck`tE8nrRDoU!Ze%Sg9 z6Jj=5{&r>Sf-u?)$l~$=V|5LD2eb;N46RK19vYZ6sic%(WvT}G>@P0@dBA&W(^Cyh zpUDp2MW~y5b5B-}T6#Nu*8Gh^$QzOg3HZ6)v$$OAl``O=7xNEdC#u3W;P>sTj%+7@H&YoRrOl`{Xe zPG&RUWW+My{8t;O@^9-h?*E>l7X{h&-9&-s(|k8335nkU0aDq+)ufA>;r@A;_}6&X zE4-8-)C6fd;9fA2nYR3nl_j}M4X&LDip{skDl6r%`lBw#EE($v+H*A4bgiu*gOrb= z#|&@vpL7d@8vD}lJt4tx0cns*;_*HMe@BX@@tzW$es0#+CU&S87;W#O)oD3wKg!{_ z;1*CoKn)6LK|_^I&B{_G9Eo=7v`+{X_u5m)`&BzmNQePEly_fOdn=|^S>!vw*KFNl zbi?&EiPm59bBhA?YFxiP=)rUBFpv#pIT8ZhUi;enDJ;I{bd#yB^bC`!GNd3;ilFz~ zjHeJ(u84qppB5Rce zzru481YNGvK2`u_qGO=H21*TT`vBhtN{%vb=0ooL{_KxfxAnLIgnHEOJWlmYOPhzK zNROSS(^*_;tTAl)I&*gm{|jjHGP;YNv(h!dai_vpxJnQU5BhO?^B9LAq6yS;rkW=V z1!4+}?xRMCPq+P#7-Rzrm ziwL2l1%jCHQ2kJ8b5i$xGs^d3WOO#+}ixJEdbKUSmbIvFI;N9m5A z0kB=QzAJa-<%2uN>8HuRrS_`5xtM^Fvoh|3!}JAnT+cD7t@lFx7D4DcnDa^}t4e*K z7XxMMci?Ycp};9i&06j5PWQabdx&PXN||426nx3tY6G^pxs0IE2c4;JRErzme~lCq zv8@%bI9I>A6B>&Y)n&@4cK8WzBwd=Zi{iu z(!y`=ks&ETQJ>UVj2u((&JjGZp$;uZL;RTPDva6QMF4AjX1tAe1Ns0+Rmgk!i+&tz zKPPQG=)HuhNu&U?hbD7KqCej=N|jNIAjP!Fsb#y-RN3qa_tS<3A{jw2FLGCA-g(43 zR-DS07~2lPjoL?dSPCW}LEDU|}E{q`^j7h#KPJ z$=)o)Q!VpYznHReV)HGgEArSjS5<>>z^X8ZK3y}#PDwqWsKz>92V^o2y(p92YfB7L zX)YdhU1Hv$51hFYKtO5&4)yoiQeQnkAMCsBioDWcr>BCr{u7PoG0gRG;mjpQWAK)g z!}XUbHwL;-laBXm#X1sUZ)!H;#;&UO5sqS4#MWw($MYn;eX11(`O)W7*4yNWhtZ;x zG{&YiMaK$1$o-)w`I~q`zz!`9Uxf8ceXMrQ29|BDz#^UMkUVfIaHLp`!UaZhUG=Z# z$;Kf~(9hv&GoZ&2<^WV6x^WHnwE_gc96g<|Oh~GLmK*TfXz*fp!2zSZ)~lg*Mv^~; z6<9c8%o%=jkBSP{RwK)*D3ApQJ-4{LKf-J0@HyqwA)zRR6O3@GXL#eS`)U7B5#bk{ z%@7j;H>&{c6|Mmd4zH9w$!pE-X?>tNw>_E4F1oOd?!Jrs2|(5m#3%=zmz4%3>y|$N zy+Z!Y>|`Rb4z|Z{qB=9SE>~GQpDqB<=4a1Y@qeZR!ch>4OJ=Q1x^Z#VD1&{~D&q|n zZ-0JaDYXvPH5Q!?wp4uZ zT^R_H2?OUKiw86V(5i*QnszDM1wjKq`w~C%iQ*gnK_u**2xGy8zS3xf+L_0=+n1)u z#Vd^bV9f^^Xn$>y28?ZGOAGh9dn3#D3g~3j@Ka^n!4E;}&7Mnt|*u8nYS3q$LBK}I|A7E$#>z?JG zJ)Ip2C{4_LAnh zF4av(%t~4=8Z(yH-|M`7qGUJqci#x5A3a`w{9dKC#aZ=e$5xkeYZ*L6AzJIq0Myh{Qy7 zZh^gy`yffP@l^Y2R1eyfoE+jJA~l3SRnAc?nvo5u2slgs`4afA%*49TV8ME(de;^3 zFLH)$xb0jK+hGs*hdl8)Klq`+LA@5$BQZUJ@jG`?L8}jZ>-IJrY`Tvh%7=jXKZN`- zoN4jm-=Bn<1)f^@5sF#7e5vX_V%+&T7hN-!L4f;CHsay7AJIwsp_z-38pXd~{sB9+ z>M!RzwF1AHgKh{g&|@83@8zWvIjfm%ONn{cZD(s^!|MqCFSYN~_^=e}xCsDAY{Q58 zQ;$2jrqGBgaB*Zoz8Nu?90yuj+PsRwsl%o<6dpi9XUqpAzcnyCtT9c)79yhhY_w*VVF`H3XPvW5dxf(>iN2V_ZOa=0T#i^CJXN|Sf zFc0qALXt;4+CLp{;uI0kAwB>=lM)K9^Mf0erKYCl6%=%-0&xUo&6n98Z*RBEwR94I zm&gjN+FiDE)z#H`+qo!2(gPAjg(RdpCq|(%X}sA$3$CTWz%9z&wSi*MKj&xoHz%@o zyC~Zl8E{wm;b%#-^vZ{SqsvYUFwpU+UPt*zZlCjQqkJT`5rW&O_3B~l)X9eMU_n(5 z+R?WJb*rh$j-<5xPdOmdR2%+vuV*{{iVs0@5@*!^OE@s6uls( z8K@@EKu~K8jZI7MVb`I4at0E1(&J9kq>CUHOUF(r!NqLU^GnpqLRO3}zdw6`397s} z%B}4OEnt~P7Jn5bT#wp8S564=MN;aV5cuiJm-3MP((aA z_3B1Y9i%T>_b-ao zisPquulp03iQlI17OTZhrTzA_?ycXJ0NVr-6QKJPrT%^t52OA*iqG7{KEHSUlZX4@ zmKEL9z@?oWQIavSsl&{f+wdf?vs*KQ&kR>;5Sl5oWA=TtE>0von=Yq@|F-(Ex{F!Q zbj_Jn|I;(8HcY+hPmj*?`pfQxrPev3w;cs0)4J z|1Gfjnka%}Q~s>FZ~cwv?d@>UHZ=-6F~|Ojen+dFoFMgd7cs*&x{4kAw8G7*N`L3m zl&fHnrBzy^cQES}sP(CPTI#E69!*zvoJGgM{vi2xmORxN3faKCwEX88-j5I;GuHmh zUnCuWO=~vzSvBj4pV8lL&|y3-Bxr;v?5E>tqBG9cEemnp{6$b$-Pi0iGZO?}xYfze zy?Lsvw~Di4ln)j^D_qYtH`G#5mVSX6EfJ_q|J`sKj^4&?FY13=<8cV4#jS43zTxjp zsvFbfSKK$MskYqL9N|MU`NB33=9+|hKGn|=6^B+fycV-Y)97R{n*V+LiV6x0Htx{o zmNu6&4X#H_76f;$x=)GWr~7&)ca2q*riW9lRjnwyy=?TBAOzLR|9!}#S5{yJ9}CN! zs!=7QSuh3Sd=FQ2qDgp;WV^uU1bLTF0-}6DpbqoD5AsDGpHie6F`JFpVGY%iHeHaq zbtrhRa2ULU_|F)@jye%I1ONR1175Ba`P{B}_^lCfCm$W_AWb6@kh_&PPJGnv{O?-; zk|{{4Yhb{#ynIvB$jH8SN7rm_aItY`jXJiz(e$v{HT*0NRh;uOCH~i?Lf2o9G2%VC13{TEKD^7ANj0i?g;m6E+<=?eOf)d@V08`#(}NP zqNI)m>kjw-##3oXDfBnYYZ{a}Jb3;`hbXKvoZr zBTxG|sb4P15{H91$0JTnk{PfU7ke6kiK`ib2I``}3F{V5YP(R)-sKJxpOgaj56rsz z<23!0K6=d=-Pe#hN|PLwrY&+`NSaxHU~;FI-2{ulMYI3;AcwMOl1|PKWZCC*?yaW# zh0aWs*40gZs}1nLYAo5CHQ_|*lUkZKcl?-HgbdUrm*pC&O`N0k^z_(@bP*hrlLl@( zlleWt1MQ=uUNRvLE{~;C23lgM-6rd+NvyTNc2E(;x1eyBc-RF6*T24ZTp$-(#=9guc|; zDfqX9?a|IZOYx&C%_h5L2d2K0r>QDZ2@QXJofRncRq*~E%w6q5wd_+Iyf>hUNV%btTFbJ$R&+H&|8KmB*k2KSD!yIoAtQtbKZHHudZKex=t)4fvC@ z+x>-LC7ctD{en)nQQhjw&lJFG89*H0P3A)sO6G%^yUoDBcGjQDotI}-;XZi@+~X;* zY%pGI!1na11+ye~pJ|0adSGAmT;i)&grcik7|Wv#q5ZP6zZL_ICkfT+(k;v5{9Zd! ztiMh>Qg^>c2f7(`PJBoa@*UMH6ADtHIJQ&Wy)$O9Gi`7`GExnF=wxetEPZFXQf=h5 zxxME;3m_vrw*xLD>XvWU_5{CH=>DDApt>@U$tE)EQo_u_GNrPEwg|F|InI6BnT-7L z=X|9r59M#_28VC4$ayBBdIA{&9$)Nonk6t@k(RqM5h(q;rKtIVkdRP?cNYn3=*jeD z9)nH4Fk{d4*DHKdezOLw=5>9(h|?k$)u1%^nC;3QPt&gh*o?ZgM{KgxdDT;XkM7*4 z;y$lAgjt7vkD1foCV0P;iBw>l=>AgtK=N5Z!jfg(Pxxx`*(O|kGQ` zxZ{FZgw1HBFWoWt+jh`|@PWSA?nt~w%$;ULWG)&FVxdSK;?9R5wh@?D8R?2Pq{ORK1wizK+SC*O!^^-J6}>;W5d?0my%2=l-@ozhtZb=wJ9lMjWobEcpq05ATA6#6D|b#(1e%(;a_6Kn zM=o*;3S^dB$cc(bLsK}0~{N8ji3x$p1u{QEoqyIx$tbzbLj9_KONZ=>VTR;D_0 z!%at9`%QJv(n#5xjl$u_A9LEGRwn9fHzBZtM-EM$yFY$YEKSX!cKK9Z)nDB|x-YK3 zQSw)>KVNULkc{sVKO){Pzlz1>e; zS=p!FpLv*Bn6*O#lLD+&%+1gDh%27WHWWN+G2%{)_!g(~HzsCntZZ!? z@@Q!-q*z=sI4?WW;?7c2s@i0MP9VPESh=scU~WNn{*?ygatLbPLdC`Q zSy5>FYBOpsWN`4D$_AMgyOI+Pf#J|&#)r#%pBY>>P4G2X2D2`RJcgSbeEQob*yVhg z$@-`^mVpMf^{$;m!OB3#FnOZ^7UyB@9@#EkzBbL&NLS=z*a4^ZFsKbzi%>@-Jw%1QC64!6Hn^<)g*MF#Lej`1q9W zVk^uSxZv&AJ7+a}b7|^FKZ0C1lfK>HD6%#|KKk|a8ZopNLvQO(2Fl1Cqam@@XGao) zkw|lssK3f<2LIRoPHxWAD(i2s;g^rh=U2fsnUU4Kq3%p**<7HF_V0>P2NQlHpyJWm zZHtxFN8F3o6xn-@6orPcKYV(aJdg*l%~5wdt|#0$!oWDV=Mtb14{lSuJ(A8NDbvNf8t{JHL9M!(ippv-ywZ zFg;3TBuenG+hY!E!nbpF;VIfw*M8Jx+tJ(G9BaADO?U3sz=kv0MM0~guEogv*<6{( zn-inWA|95?AD;i(PUokzKj&s-OfUWNwh4HsapA(fG*8D*@`k`ZHd<&avLs&Qjj#08 zrj@6atcfVx@7}n6Go4P1L={FapNQe7w9GGu##zu1bjX3t(f!S~DmIO|D=WV{B{e&+ z4Osru!bc2!28AFz1`|%}uTQV9>S}PlY`^1Vcg{jSqEaqw)QZ6~*__-KuJicgAC0HK ztd-Co14G?S)u(Ak)QlLcm(K|QG>wVczphH^Z$9EM9MH!T|8Az;uhA3 zcZC@%7u|EY9#<{B4w#BMG8g&vPZffwCM>q*$jy$YActf%vDV*a}`MESwtA5%gw z%Z0&&fjt&P`~xBKGS1HSTINmFLHJcY(EHiMfWux_u3Sm$xN^>nFgoge?f@zH6OPli zx*DePS$|p^)PO`zd6xyeeRS#~+!TnrH?k1?t4Wa4J$vDZC^xF!H?7<9bemsz#+WEl z@_)u-%eP*jg(GvlZ!T<)?*Bft#qG|W`X7jnDYLzQHRQDHCvo$^{?94 zgk%nWd~yr5_GZXR_g^tNF|@Jj<@4)#*f#yn8=yS7tn*?;6tdIT#+x}AN1h$ zmkTkz#R0*=B1o{yFJJuo-$&0}xNt(90#(nA>TJF@dw7+@|F!z)D>b?xsei1v+drhh zg}5{I)iQM<$KKyxSyb2k-yte^*n7t-T_$ryrhLT;?iFdU^Wp#c-4N@~4JO>ZkpT#2 zQ6Bl9Vg9sBMaO(H7cEwFRsUa~CHbx3>nYye$o*td#PC1kd(HWivh`YZ>Fvr&8N(30=I+ja=jYTGO?>>U zFaWy(_8!b{S|9!KBFNltRwR{A+Gx3c<912jHrZz7t|!asxq&#U*-|EBHjtF@!USa{ zd9#IZ!ZIf2h3L^e=GI26Gj<*5BGiaEG%eplFo9A%!~ELJHe7*k3vGPkCpCO>OsZcs z%2=Nc6z1fm6)EG-8QRiN>=UP(bC<>$ZF64;4zcy*{*mh z1!JdxTG+~2ZKVko{??@Y{#3|rBhU4V87F!^AK&-S5^MOs4g1v5heE);T7`m~b1vV= zY^l&CX9>@M*IFCV`0LPTg~Rn%X#C#J3?LOYk3XWI%A@Id94-#eoaT%u`A~y_y=~FT zcK(xR`iony(>6z_j30rN(#p2_O1tZG9VSGL{>l}9Ck+jkeoVVls6&6f(78qLZoevS zd3IWfPWzN!HQrCL=M}MyPs1*<37b!+IV9yfcF3y=D11Jfbi~`O+snC-w}@ee z9vjmMXX)Vkb1`v2qSH7oMIO9$_HS&igVmDZcpNxw4FL5{%;Wu38b^X1gG0nkx==P}(}#bsWR|}nh%m~#$l=p|1>FEbax+=~fV>W9> zsI^Ce>A8bR^Q96@pP_q2T6$oft1^%zJd{^@*;yjqJ-lvuGv9L6_`rwdCu-h9EUD}M zy!UNmHMx2;h}rn~aSzTnw|X7) zEg2HRO}%{qa^YV8@O(Ji3z}X4Wwu+E>Cp3B=8XK@XZItR47E90#x6~~bMA1PdQM=m z4A+y)hW_?KFs|qJiQHyOmjX+3-}q@pgJRF19x34ITfUx)di#9%q#n`FhHbONNSLQN z;FETVEk~e#Y~?WcRn<%8PTX<@cVSKqW07^F-vPpF4*Ez?NhAI~5YsqajQ^$zHMxG+ zjsH0AJ$X|H`|li`Dl-ru-y{@@}mMD)doc3!p9C zdlVsy##%MG2@0*vNs{jK{mqU@l!hhPpbIs_a<81H)4Z|(UOx$Y?MQC9mWY8|$oOmX$aZyE|Uy(WA zk9R-GQ}<8~Eb5u;lXHqBj@4U|!4729u)_Is9vZNqHyUJE&189ZuMcLkW%|(rldk>p zZ(;nk1km1v$_}g{eWU5*$*+WS{8374_AbrYEau!T`IikFmWbaOT0Z8v?DxxK(0-y} z+Uo)+upy3!f`;kH?51fATy8H>jDG^m3|K!q$s-nnwvsC#(yxRpciQp5h0?w;%_C>w;}W>n2ByM*L0qm9o>wL1eINBwi0 z?YwE7;|r}VBAA}8)-p)ATWu3wdhHD8<1r*;aDO@?;={zQ2~Jo42e6C}vFwT89bZQ% z?jZqRysj3;`Kn6z(5Td=aXX{%q@|Y4hs*si-@#n7B;#z^G(-2pZjmX|+^@U+hV2UubzsSMu*b(>pZnYSToNG)Ht0(MAEU&x`lzDLE9O|l#_&Enj)Hph_p2N>o$tNqAGrx0YVU61t+A8 z);$p1V^x5c8gEB#o~WUYa8-2HZyg@jqnttTKB~?QfkJckq|EDS1o7-EG8o{0qMQFH9oG+3avSUzpv7d!zgIf32yRXiYuvoywvWjhgOB!hA>H z!TyhOJ3_h~K7&{3DKTlcQgB7s$+%pV(Zier3Kk_}y!wuZUqV{arj@+A8id(?14mO& z*wIanvBBCNk}!h)ca_si8M1B8?vOx~wytg;QdMwVYN8?j+H3-_$H$}Xx^bAQB`s@q zZqan4wC=s_&S=Xxc06Sch~Z^QQ?ymgy$Q|K@Ik%M*A#f0^RL<2l~VJr5B#*uUph8@ zBZ_wuO@>rcs%RNim}rzy!=U@;oQrHv{k!&}eSkXV(qH96v<3E{)Tnty)fwVl8% z+2GZATuw=v$sJ$kn(T3q=nGomk=3lDQmAvK<6c2vsyc!Wh802<<1+0C=Q0lkfz_`y zU$ZNzO)%~vFb4W%s}r}a<^oQ)K&ZPp6!9@JM~nZS%#Xj%c?YeNrx1XwF9s#dL{(Uh z8YV8PoZzN0HRFNkCY=RBPhVC*EpHVCm2f@x{75J1scq&o-qdAkN6n_zJcwkIX`vC6 zwoQ>qJQV(mitm4SdV$vF|9x$FlCcWc$mvYIXh!?3aMn-s4qt_Gt->MLJ>iogaeqIO zn!87+V_u8iv;@)qASZ{S=6yLVxbT>)Zb$~)1B`M767i+26+Q0vx7}=a4dDxdoVcc7 zXf+wkXJ!BycJ&qCi|Lm7)@TNp0s#H;)#rb0m@B)vXKsy8jVZd3WtJ;<+zLlL+wDka ze>o7En|8!a8L#LCXvtEV;}USW$*Q%vW~#*}%1LX@bKs@JhyaZHvRIm-mAc6n)ielu zD~0bkw0blJDtr~Q*=Y>S4Vt8f>jN>*|EgB{?;E`IAiQ4nStt;-4JR8=l078-e-Pc@ zKfC$r-^$njvFk>rTZcv*?auAbJ%(23@(ijDIOuU-<1##bc=(iEim_F4Q+a}w$Q(6V zgIUbIHkHiUHQPN|Q&L_x9m}`nLin<>W^w$Og5}E6Av~W)#QVK7i3KH#y1f2*l%3x{ z|Mb+-W-p*qe+qam%|VA?Bn@}C!+${m)(qyv{+H3e{-NUw>cZV8)`R0`PoK`-Y&Wva zx7RWN(kA?KdV70y=L6f+|EF-|KY#GK;-c{B^*LDwsF^RW*r#O;*G5;*@epup!GCW1+;eTMoB?&qdhB65*G~trw(y1-D!p>bxfuTqM}D zVndIqJC6c_pr02#31a3_1jX~Q6N1M>o$KPslFb0mwZ(Nkulu!tu?C;2=5^`ClWzb2 zCzSkNg+ltgZ*lKm!NI|ITx`|OojVtOea)%Cw`Q7~wdah0a%YfQ=17sv++0A z_y04omltok%%_yQXZsa9pOqCqNJ6hWacaEU-t zuBcuclo-uoN!+=8`}ob9gTAp#_4DG3=^e!&xlCMPBQ0)L7T+%l0x$@q z85J7<=Mw^}(US{@P-Pk4P17c>i`M74I5luddGrAZF5+%1zM>r{@|c&G10v+Du5eD? zA+BHf$vzTqUqPc=m{!mnE+XWHj@{)wS_ABpxYDF?iFDv+sg5)rqo4_2glH}0amkpb^ zp42Y7Cw#cqua|L1ZD36VsuMnzi#a7O-}wDT+VfhwZ;34PcrRlqCCI=N-tBi) zl;nD$D=YgpKjFbw913(p(?jE!1OVC>wM1iGT^q)|4uK-&qsuAH<9NRVVA;jMqt=8V z518uSRET>mV!;6Mv(4mn{<2J4ROFH$d#N0jIcsy#&KfWq$1F};12&-5NxYfCKkxf^ zN=iy};2fojr0rY`qHWjbWHrn;;b(SEM#&`)T}*7$Xo`wrG{8tI-3rjkI0{nM0ByS# z`(f*q^fd+G7z^ag)cznMdr>#IVm6PkltTr6_YSP@8x5(+Mh zr9T_mzX`6z`CsIYr?;l;RRtGap|*J7(dB5^<~m{I65C2FMnVZe2e<~{&!tNdN(!l! z_WdBr@=79l-=f@BZU##IzeMqr74#QDbHk%ZS2Vt>2m8Tu)5R&7Gl z2VI);?^MIvx%miErj4zb-L0jqWQBJEGKd6_GV=AVoC-68BLyIDZB-#f~qYlujwTPAHmQ}@BT zM>O1nY*;rjZ;hQfVQGHz{#)F{mSk=LpI>_j7KPI7`t&dyc?2~VQwK4kbGFY6PoI?? z4?Q}XmrO(z?^HBJ@t6E8TQJ22uiRRi(8dLegi9Ws52t*2T%#8a?`GC_oKRP{#u}6N z>QhI}_8(F7Ye`k-hw&CmYZ!9Dme?H0`ch+CBdG(d8_IF7L^e6sXNB4J*abec(L;Qo@rZ()Wr)F0f*qZ8`}&I!M)cgxP;)1{9ju&cuSkSHHn>wX6-zmMMW2?V)nL z{F?M(H)wl(ee5j)Vg}l}-ci!T_pkrF+O4QWE(Di(`}$7QlvK5$$(BNEng2+gu`8JJ zbJ{$94~B0*nPMlWq|CQ?=-IIZ&7pLAL~K#kR15EyU>%4C zWgd7w97ukzXnu||G_halV{d0eI<2x=zPa0847^DQ6{f_^t2s>C@=H3tV)#^r-d=1* zzj~Xc0vFfGsG*?MpnL*~@heG~nd=ezZR%az<(#ou6EB8NP<+kn7QdDwuTE#i7NM@wDekXQ`~t8tjWgr&S76_u5lf@ zItp3wAer+eZhA^xJIO$$OW7$ePo5pMP_wz{waOD?e28j$|9;q6#Z3?h7U+dcJOG%d zw-VKvc@SO^(8o0_{SnIjz#Nn_FLZ)Y9R{U8BM=Dtwr-=^kU*Rfv%P(FfgsNu)xx2V zg|-XI?z(t*%8bgHgjC0zO(2Z?3;sRn z2g_tvYb1)Y+%dzkMNd6!z%&tL3iXzdwu8dz863>Hbj(xaCJGD2xqwjcU(ov4rauYA z?vBNy%hb@ZN}E9^hJ`}do9bp`LnO787{cU`yo0?u2+nbF?UM=OP~AP<$$y~CoDOSn zzE2&_tidrO>hFKM*1!)Sx2W+2L%}-g>f>>>qC%OIYHGIQHEyAR7S(wX!@1S{EAL}M zkRrVj(VHPP=R`5QKRG-v&s?S~8#Dumx(c9`UCc>&ubQ+5FsqU3-~FkDx4xzq1#Yw% z89_$tyrvSU>u;X3^m2OuoI)2q88ftt+S~)g@r5bblH&jSVF}5Ad-60kuW|oPGwPa-wg8t@im#< z)wnn4vKV`4`6So+PwZz1o)5IQiHiz>Gz zNKq+;UQ1-V5I{8qO+jKQdWdS{*5xJUkegz~`}!~Khj%5e)^G5o=Ar_HS=mLwU~}2Q zz^N!yZ0t>zp?3`=zJ~g?7LBc*y)3S9?0~BEc{V{-r0wQiBbB5GaJ`NdtLzM~LA!T= zU)J)0{LSS&Mh9txYp~dUh7yA20p`;yOt{@aM{j5j2ru# zVb<9IR2PvY-v~YL_-Eccl3*p`DO-&@!)kJiLi)rN)K?O@;8R#ZLzfMd{ zT!<1;trsl&qmH5C4;a6gi^Gy@ zD0Fu)fJcy`E%6tF3DhNe>KvUaRZadt`58pU`VG<9{d+XfK{-I~U&^IE<7no+NvAva zAzG-7J9OTU4jBD@K87^2nMfyl~l{5KK~yG;Xee-?QQU zT~4nd1UzZ-SVW$q&?Wgd)*6cefbRD8xEKNF$N*(F4!#VzI;+i}6s|QA=`|f8&yakd zQdQ@c`^w#1h^%4lcdo)7$YVN+P73e)nB?6*P7PH z_|eh6U8)L!)Kk$tWrGFtUk{{e6$Mh~AVQvA&tE(oeXRqC{t!3b#bUxpXS-n!t64um zqWT?0zcTVbo=^0a26mpZ|2X#A2u8~2A(XQ^NXj%*E%L1Cv_Ei{2%K?kI54{9=NLZD z&ibO@Xr5tc>e6eQeC-bI_wFd?gsCZm0}uF{WUO9C_j2W#hU4d4A3bKt0pIv&wEi$c z{4~Tn$-Z_G9oKG%)h^2X@O88&pe48-%#+mr_1m;M1)S*=J@kHdu1(KXl{W}e73J~j zIUN8f20V!E3d?0VyFKjCFPae>6BV%kx<5O2JTM{dDJ$0V#{#xUjm3%@2ZfigW|w!0 z;74_+f%xidCKf>A4!EE6*!W^5Vh^P?E0MKa{G%#i;PsdTKOj@wUqc%5fFBzbtnC$q zc-kjsb@S-jDBvl@XZ*-D=(Ar_iTKRF);@psN(1CY?2Skq|^#)+c$@+78*F4do=QK)wK3<>w=(QAZW zFt#C4#Sj*SR3Oh@leV2-?Jizki%o4Qp4EV?24(`>?3{d}cFtt5NggMdHPpfR@O}*_ z%LT!M3ttx&o^`6G@-P5scb%Sh^y)MKF&A;~yR6&BYe7xX=9Sggsd1prXGfwuyk##&wCKD%xhso{*z z9tVyUipm!;f*5EE)E2r%Stk;a(L~&08v98QDfaPlSpnpf1WTfR21zFgA+R}TlRHR) zc$aDyu<-kbzn(i&EHaH1C32S8u{Q9$;>}U{bEYM{$0mFZe4#0pSp%%5Z;}TEoq>GM zMI`ilOaysAm)>#RUYtuHp?kSc>SpeKa0~%>04}|Mf;|}s9UVcJQphLd_OhDs-h9XJ zm9l9j>y4b5SOV952v@R$xYlOHZi)SE(76mdbU1Zs&5il435Tawrx|l6HXm)WF^Y{4 znWo->yph4nv*_kJ5RIS987j{UU^}<)crid)ZYcjv+}e=pye$PmAv^LoUe$_WNX4Ck zka5Mg9gVLnfuyDbs;PP=#SmtJ$x9r!w!asf1LLpcF6>8n!bm&rEJPubbo1(}q!uL!ht`v{~~;nOgfvoXyVaI(h(25tQhNK0cf&!NVZhGEfH*ryKG23Me zWao)3Bt2dPaXY~}9yEWK!mco0 z_cTd(#$TZbW_czXiA&I|tepH{mxPCjbq16U9)`wUvHpB@sZN}4y!kB{bAfu@#8sV5 z5-N^hhVUwnU^3HCleO>9ZeUJrfMPu;tkK}hHY#!CBK99kHXoh3i4ql50H zfiLqV#@tMTF&y6dRDx?uNXaC+h>olt*vsU73dE>y01HNN%QWUY@vW>!->}2`nM7U! zNqD8xKg>#*D(S5?g|WU zT^ri1bM3VKbkWvtZZ6fA!an}6KX&V+iJ|h_5L4=FPAp;I$J|Pci3M6 zrdeY>&r*4llbo0Qq_|}(;(=}u{B}H=867GSdykZ+#n9e*^g#mk!c;VN`TT=~6Dg@t zI63`>euLSgPT5hdL-du+ONi8Zf)lafPU-G?e2*-)Z>BvaJWwGz3ef81D$A4FxGHAd zibpJVmm;Bc5;3xzUys95-xX?!7kl?*-8LL`90SaX17=hr#%eYD9kU85V6MnWD~#Xx zS*J$8QAF+2eayh*HG>(`XuFm!<48MWXQH7&+{VM|`SgkXBQdz3hLX)Fy}x(C<{fE> z$~|+~Y}*AHAOA;10ZDQOj~x5!!^}ZgCwa}fI-DC(?Nb0x+49YgI;7uJB+ei7y`b4c zK}qrFw1T1U(}Oy-=b+N8B@Oh3d8K{L30%1inc)mOcKP)@XQ`6v(E9MQL|?26J5tna z8OVF5z8@i&Ux8G46&W*7!Q0kcvyX2C$tlg*`Nbe!uL8s+xC8zMw{;QRROMvqgo$rV zTI=qfPT7uupbVP*62q>Pk95h#I>nr@UD(@Y zb~4c@(6zD2!hG0!KdC2q=iT@F#q?5=Uo>4Bde(AnZ0Zgw*3AhS`6Bi24*9>g9S&O! znQClm48}V}OTT#7clReeS?We?rwPuBZfu+G1jp=ox_ zDu2UC$qg6qE?b2)3%IoVU=LiC5YYv>tSk*U{IK4TOMz#0u|e(KThM;ruIaGE{S(N^ z0|~OCqFEZTt-q?sz;eWQaDJk0mitTyqz?_A3Nn}~KBR+4NusPR9q`#`@mP#W++!Tu zg_`7uCMp+99F8j4owOn~~&!|G8p`4!y`^=R$)Hu9XVLx43h8{ee9y%R9^yHld8><<)=&1ytPk;dFpJvgO0=wp(i5 z8b%+%GV+DX<2A|$RFiej%qx|~z0lOeRmi>D|Dq3wm76TRj(5-r_J~_eoLM{n6RFwr zNDdBODmBl?JVaA&E{lnm+Q5K1^q+cyuGzA=-i-d1PW0BmPQ~5Z$YP2 z2dz5PrL!N_aDR8QQ_RVaN;Ewj)h4}CBBH;(gh$4w?Kz@8Su8EtvAr;%HS9uc*3eGv zK4H$e{Jzy$3?)U?cFrh1JZ_ZTxh5{`_Bx{O9t}bpf{1RjMy7e5#of<#tY=<3)Q4!- z6$=Ua(NtU8bdgNK!@aZz?0Xi6OcopMHFW$dSogK$XS*QqrJa(swSQF-S~~H@mo3^g zQX)kL{`iA!cEergaxP!$WKvsZUf)*2WFLRVyWY7YDk^fT`KLUYqiKW1I%Z6H^W%a5 z?Wxxa(~VzNKi3`gkMl*xrIp=mL^c~!?3&_Ip2d?Ps_M3H?#Cd0OAFCkQW!luaB zD^KGlcKK$jQwskDQ*2&#J*qRFl^oB%Qxat451KDAxRt9eAC&eoC%D1aI^Dq|SnWs( zcx~JTE{lJWcxUhwZ{NXIKkd(e$?`g7U527Bu)}zT$a6#aGZ<rie49VV(VU@}h#R!ECLBg$tL8DMKYm?TkAI29tU+6``Zo zK{1B)NC;6vB72AVOy|q8Icl(a-7Q-N$|9j z*ABYVwfjvR=3gpB9zJz{?p|S)X-Xt?LX<4N5!qM&G-BG$O?(CQ({xc{G77cr)KY0(tadP^gxTV^iz%W73KSNtB`N2V)LH^8sp?^gH!QH z`molz{lG#@#lO7+O(leME+DO3+ zxd%*Fyz`NkbGuL^eDBQOW`nh`SuVbqhAq}tWz$GwUcYIE!jT9&Kk?S65%&eN+Rh(F ziLUIk?u{=A_1NXjhj#4tP*Y@7jIO6 z1`03qPLMpV*MG3u_Uy{{9Zi*>*zlsn-QCFDzSfBYcEl+oslx0udv@x5!?dqC6Rqp- zHorB2*53S_O6`h?50~TZQTIr7gw+M{Cb1S-!cYu9en4~iQw8RiYnXk))$UWFQ;;_u z$HIvXw>q}&t4+A=&vUzAT=go9-(F$NAj{(vIk;e-S-S4)r$fIbi3AyZPVCw}wo-?(Y3kGME-yV}9iQ??*PS z6G!+L2?8dE{OqJv#)mr%zB*3lq4D;TYFTPk0K+otypMWeCpu-``~*Cq$ZlW1=s&fl zOgK#Uyei|lVQ_|Km8m>5u(Go=TgatkQQ;Q$HO?nw$Kl@<4{{&JkM6so4Rt=c}yVs7i&ki(%0ar`40ELawA8t0uoP*OnPMI&`}{ z+2n6qtbUj+{&Xfe|G109X>bZ|Lkv)te(rY>@&w*f_Muoy_q3Nsm0UQ=tHv{ z4VRqX?OuhH#kg>088dEncUkXe{S@|R(34r2-t>3uBMeZa;pALj_Q*w{?IP&i-phh3 z8o)Wg^g}b;)z6`u)QN|BhJW4T``(y56p*EVLdp$NX6JlCX7Ki1hTd@T#jyQFvGZfr zfVp`GXNtDh?WOPDyLZ1*EKRlY%=v3U|FL@lDUOeDXDfwj^^arV?iaA>hFqe2+FyMq zGwmjS;qDvI??LZly0m11PPwc;6PDJPUde{Ok-cyP9wsXQf%5oXW9|L@K5MwL&nL_f^J2ePXGB2 z#4{fGg<}OFBqVc!^MriwjB+GIGcW3x#l~4+(cga*>gnd?;y3Yoe#`O*V-go_u-%*6 z8Iu-zPTB8{uFhAc`iQUsvM9UDg3LZ^wc1M%HD-zveozsi3rY>v zX)`}3BfLkt2N*az{a>ftr(36#z{{i3!)3v$OW*6N7R1&*v2(og!&0we;r4h#zbMJ} z@mF>+X$6oAcEI0vgGK=W>c-yU!n9PM0z0?wmBqd+gV0t(lk+8qL$-M}%4|*G>{-Bf zE0v3Nq~9({hlXD)F>!SpwOmWQFlT z^1vZ`viJXoI z#t=6k_E9!AwOY4-Iy!`PZPF|gyod&jm>-VD#x)|n#+~w`xl}!|Os!tty1;n}x_}6O zL82$c)oA0iMvu>K+h%kj*d&gmk|MjDHKZ!ou$>jJ5PK9}1B`+ogUXHeVgw>wJR3@} zr(J5RSCmoV*b?Bhshs|TPgNw6mug?#2ZJh+x+4{mUkQWW9*AWxDQ{0n+N_c{Tx#6& zm_(gw$~|G0)MKH@8tbk;R^kQNv9|4tnM9zjXK~z({(Uo)pRXhb1=JS)(_*g$xzWcv zP0DlL@4VSfCX0_mtEsoVxyv-gClC~AL=2nL} zZp&VM3tSZ`xx2(`Az8ov-mGsPAP{YTN|ea`I0De`D^{vfPhHt{BjL$MjZ<9b=Ah$V z-KjZYvt5fq@L=ZKN8SeX=GDSihx&R8CvB;h1&X3GuKZh)tllk9^o+Lp-;bkS%2^C< zIa4mxsj&EB8QJ-3`O!HUGg8`y$`$daXY9@_$r!-E2Dd;R7~zadK5mB;#}y*v+YqXV zZL!qK==jgSXg#3I<|T*cuSm{rnkz}5Le4Ailku@k(0U^fH z89Jj)y^yUFXy4JO`sPGd9Nnr9+N1cUS?)`a-ktN=^@cOR`d#qF<2VvV5fbsOdh@5j ztM-JrFuZQ~+`FNN=7=AXXTY__2V6@J>B-8QDMP&~Gc+(Vhi5YR{1)%NxvUUHs7kh zJ&W716 zx%8@yDK^rqpd-RL->)({^mAb+r)TN2jz7MZXrNqt$Oa2`_?`EFeII%CVbGtQU)|c@ zwm>%CMWwp5giH~%@wEwyJxbGrE8H+GcF#|*`mkAFw>Igbq**iPl5@HoU11Ew*c@$d zUTf;xS9lw8l!>~Lf8PAO^RALQV?}Pt%ygRTf?12CR}|zi6Io8FKT<-eK32i(RW*$= z7zi^-e%(Uat+<_R?I{P0!c}$mtI^hW{b`rAcwy1-}}u9M`P zY~ufx#>n6w&H=WWU69!alO791DTNYFFZdZ$fu6R7e|DCV^c^GY&QJ|iSenv_t4vXMLs|`;DBiAr+@~@tL&HO% z2vUFR-RAInA6scH-}boC(AU_>)ZO0j8NT-8m-l9V|4RDSlq<8)l!lFbc*@lvYS}Z+ zS|#N(kjBWreg0c|bg+x;p|5jKSsGzag7EK>M3q`?$QkR|T$yDnd3}lbzTENT?==Kj z2EV5+qi@4~=*d!Gm(82ABYp$J@1~!>?My^aFWnu5(*3Rc|kjOUCkw+zrk-dB4%!KVnLsK{?3g;^D#)l<(gY z7GhPGp0vmQEHa8g22C;=1}>-<`@T@GXOUah9iJa_5tctWQr>>Ht5n*yF+GeK)xehXQXl z22I`uvAm$iaZtmc52?GqWobTmK9V_0>Vu{;^J7Bdr4QZxd{El9d~noAGq@`VU~|4m zJ~rzo@&(KFR#?heWKqyV2=0x(0}lUUPp)PB-X-OdFx1yk`Xa(Oc=^V;J)gSvV(I(4 zX6+w(b&mNh$L?1jer2@mh`o9aN*dX1w7xy|wo<6z-U_Z~z$htQYH{A!4;x42n}iK( zyD_)kGJZ6Cp?6=O)k=&1h_63K=i7u|C}xDP0U;{|b*99vc&*^>cg2Vf0!`G%00ptE z2+OqI%AgpTO_vyr`sce~7nWVkSV*l=wA{x`zDLXa?I$(@2n#A7cS;Cuon< zMK0|g^h2evzapb)zPf)Dkdyj7ROUxp-v@r3r6x6>f}2Dp48(6Oj&(BB&?{S`=3=p8 zQZn){gPSKv@8zzDS1dAoVZY3GguGv)8eX#SxyUnFce%T9MyS7_Dsoz?G}oLhU-ld1 zj8VS(Mr_wpUYF_KRunumA_G8#b$&G}cXPvhnlUUJ*lhJs{CK-0|90`&@3XVin3rBO zkuBqH*da)!tJDG) z{PN@xpDWuf^55S9zU+-#topw+8E5gR@ylDPjRq#?2ermiZV0c$ayA>DaE*_aCb1vh z5H~=l$?03iAMIAOMY_}(u!$WkiLPXYa{TApUR{#}6s>O`G&Ix;Cf2vF+9Ne`Kzq5x z5svs-IoL*J}B?$@Pfp z1cVy9jyCsdzG^-N4_e$gW@b*uB~7L~sl+&!>#^Up`0R8n zJwQ>Pbu3^HkY&hH2C-Xw^I~Qyv^;-LJWsTZ&rd84T%RRcjZyBP*1`yh4?D3K{0J@ z6X9myXt0XgpPc&Mq|}Vj_g>w!@IxucTxVKh#OwZJ2x@W z)cg!>|2swH2zr9zgB_YeUHoiE{?<3xL%8jQt&WtSZwxc8C~V>pP`ZEj;T||e`3KVh z&b5LikWJ^bJVGt-dU&}_k*>PTzVfE6+qTr{UTa#;PKjXI`i~)>$r(mpK}J$5Mz$PQvmd>vVYqyM z02ar1aq`+5OHi+fl=D}ih0p#&(Py!4%|WM$I~@0N2k~vv5|}2&wGsQS?GYJ~4@k~x z6vsk@Rc5?qz^D{sxc^+#&3NmgDN3wi56LlYtEnIXsy9{fxBJM_R&0@>D)0(@V#e)* z??VYEAJ?GBFiv&e2eSr;M!62)8Ta=u?H`6+HZ2)A7z6!v|2bzftS)%69u>z}I&!DV zKI-FL#8d04@3p~dHP5vJXY6-K30$8B+BX0j-Hq#r0eRO z5pO!;W0TTob`{=xdZV|CrBSsI@%f;Zy?kb2N7f5RMRAJr+A=?V=#%?fAB8^S?qDLQ z{i7bl05xSjk|Z*`7>7=K)HYhD>3VU4Bti<#vofpdU$mFwt8-;2`r7w?-7Rs~whZ-- z*2Uf|T35^XZ8Sbpk$E`hiMcW7Qz*1IQ?;eI-#+H-W*ksp&~2Vq(lh_UOVHgkG1hc= zWbg4bIm6g1hVPHV#`o5$G?20Q(`f^dBH2DaYs9@%{;CtDhmVYsD8K4jYAQ)uBCe`E_}d@D&&Z@JIqz7gfDQnde9B3!T3USnr2zcOUpuUm zJ22TWRWLaztRrnc@q#es;u_DG)+{^P!y|SqRoYgSdGe>>=uLa;VuR9>jPJX4#GEoB zV&NXGlh3j5v#ajDzHd%waz{-$lU&h3FT&hx=wmS()nVrt>(kv$B|thmnQ{8XS;tS7 z_1?YJQG35L3GcDAjiNBy+WRjUQ>QDOn9&CJyGOWfRmfDeA;gTC;A}%Vz%iS>^Q0qn zwkJw_?K_(tcXTZL|Co|V0rHGG=C=x%{`jsMY?=p@s6@eszBW&hv3#=0`5;O|)c0KU zZ9Tp6M)Jlg0?e~s8fvH-TIdhrd6TQLVBqc}r-N2z^|lrLel5I)a{L0pbyv!D=!!J* zZ0i%Rf*ng22-=>}Dmym2NI$CgqT@LAJD%TGM{qGFiG7@-{~vpA85CFBt?MR%APIy3 zA-G$x;O+^*B|vZw!Ce|@EI`meEL79Avs8? z6A*p!a^RqH-+h1Xae~PKCpylw$V|N-5Squ#Q_l9sltkG23RW4&T3xp=9$^A$WsxKD z88hr4b(YT{h1)|b?@)pm(`uuB=W?5&=y;@1e}y?B(hNu}2Z2y1kUi1tmuP;&KiN^- z=T%(6Kb7yX4h)3oOJJp*C{i2o)pOcl<=W;gXfFKM@~me@(#k3EI)<&es%Yh5)PJnd zCft3yPbJgretcF!rv7r&tWf6);r1JG@LFu~0*o28*_S)VFvi6!{g7+g?WBA=fg2xd zmRdsr`_24R5fA+Y|4yvC2$&Gw#$=iY)=zV0@0DCS?-ja*`Qi8V*hCasoSlOt=dBqH zBvuEQ6^J{?Gjb6|1Fy4^(kkCjQbk5)#c-pZx2*)s{FP?4!Y5mS>7yB5cX1fRJY4N_ z_v*tZ=vlL1f;i-`Z5iVi(cfGFF7kRtQXF1sqDqR8X~EXH>N(OCUwbxi5aoee5GGH zc+j&*xQOo~$Ta&=+c_cuPh*jn@n#zTijC*k;KK!HO9t;AThUa#Ki98j(w#30>EsK! z9Vt%aS#6LszHe4K-#G;(rNpW5xSY+Rh z6h}`#x~z&60km#6JF~Umssoag;`6*BuDb*wbQ@7u7$p?$J-D5|uug4PmZWTx=caw( z3|bJp8H{?jcC%Ek%<`5*YfVYl=kQLGe&WbGnH~n;7OaB@4sp(QmEMt$McyB8pc&LU zUu}njJxP|YiFHf-c12wjaZm$fZZj#G69Sx5R9_=`a}E>wmoF-22vE}l(VP*SN9(jM zf9+2Ou5h3d3Mp4-08@NCGGZRyWjICai1aSbum^nFtnYVzrS75W+NO_vJ*lC`QM}>~ zc1EFt`8-W`3a;AKHKyUBpphoD>Z`TeH=@8o?fbnpX-f)!)Md4x?0)pukhz| z-zYhSRkm@HQ7f{m>~>%+PJz;U{`!;d4qGVl*u7CKilq0Cr8Y#h(_HJCjJ2I{_23Qp z=|lmdyn7yq!_ERR-7#OThJ4ERubhn*PFU}|8aBo}MKQ02Fq~g&wW#|@sq@x7K}uuJ z5B|;ye7IWR!x;{qX2Bpbqck$KUsDSFJs&pbK*)r1sfz)pAj;KYW%$VSR9=D3AI*uTB9@oVCU{8Pd zh`&#QuKt|-b>;bwumUmqAglko_xud#DDux^)iu3`TYwdqcqr()A03mY*o(Niu!#`B z=e5=CO{DaH!KyDmnk{4F!9}t$O&2P%PEECFbVq%Rxi0+o3F*4%KdyxIatmbCiP8I| zp5QabR+`AlmFn`-df#3`SqA5uJv1OB{ER>;b4+(QktCW+WhT}C!YhiI70c^+oU8+r zDm)_YQbn95&-2aLqH)CsA3Z*9#B_X=?!WPi+l}QPUlumDFybTa@D(h>r?+(8<80$+ zEx0#FF2P1;uEV*8pqEh14O3t4pZ7sRsZ|r*d3`8BYJ0MjGMs2UifE#!r&l%a_diKa zO%GcQ!zgp8O{X6j+gPaPInxNHV^N>Nu)eYF)SNW{{#PXk@J7>xJrtSd&2L4w-phy? zqlf2C`=wxuvgk2@h`C}a@%&7t50xEv&TVGZqaq`Bj@PEBopny)%le=ht`Z)L{4Mk% zu4l<-*b66Rt%@=i>2_8fn+SdK{`wRAQwJf`j0k5#VhA;na@4ZmG9qjAy@>N=K7v!P z+3wT+sJ}BcVmfeRcjhL=<|}s-E5u*Ry(7Zd1k++~?hMmw@u9!S6k;m`XjUnGfQ2gQ zX7B;I?Wl37&hXy-xMhDZV|e)eOu55X=dJTxW<6-%xj7$fO1)%3j7~BA+Ymj~qPW&) zj-;#T9>M+6uMl1z<%1vG^IxV06Zw@+$n+yF+KkgVL>qgVY;^VeBS-})4_fY{=IV|j z_M$e$uh=a5Fwjd+RAT$XeD3NQz9ujy#Fq&6E_mJ8L^NCg+r#ZU_8pEhVxEiq(%sU# zEd}u0#A9LpT(<}8XHk++9lii>L69u8#5SW9(y|yvUPT@DZ(j6C*=_^Oo zeYI0%i;-;^o(vjg!V51QZxufuAZ9ieB^pb#TlHCHj!v`*g^#Ufsj=r9KyvGY1~dt; z?`=Ffg|iEkW7H+@=1P5xU*^Tz2+Yokq)#`knIXJg4;E^KsZ^?^DHV2hlW=J)Mroi@ z#tHN`efja!kT!H!2DcUOrVH*uhgu_if=5VXhA%G^kA+5ur*wEFSpZ}?t4;-umS|Cz zsM+88$}uv}O$}Wl`eKD$DkCAWx=14UGf@<;Xgm&q`fMg0`{bk0umuW#5XLr>#b|as zPS@AIr&}4dHV8Z58BW-puGcYDAZNAGK;&B`zUF4+r6ajC%TS;ponx2B=W{8fa_Lo?^;4xxvc?<)`A~A2{Y+S)zZ>2&*Yy##Og-IQ(1O}(Q(|sU#j_jJ zTdbfDC2_ib^E{b&KGS5BwAz=XN30yh^s%lDr#{MbZKzdo`+|gP=`CV_rzE8hW5r{k z*>&g~W21P~Uy{ZanF8T9bcYa$l4X?d2V;QL%2{PnKvghv0~;jD$ZZ zI+3#T#vr9@MYy~VeepUwf?oi9T34)DuTBRcru_PHFcJ_$C z9iN#NIhTWlqFEu|p@k-slrU0m`5n!Ct8fzG*KfS&q#)KDr&SN5`HrffQr}VAO8OJZ zdi?5Dx#wNOu7@zP^fyZN{fLh?Jp&f&ouq8Ef~_biadfi^n_v42NW>2So0c>ujr&s` zVK+qa%t_7bVB+h#3Q^;A-J6Sx)xmRMg~U?oaN;?{S7y;42UsGKqEG~dje2& z{tx%&n<=mBW(dI^WGrt84t2}bol!Zy^RNSRXQ|2`RV!>2lFT&NG?D?G$A6)q^leY< zfKmuk*?cC8Zp9$k@3O_9yT{(Qo$>%R2zo5wUiq?Iy{>Ms=}l+rgRh41C; zG23gJkzT-r?fe2GHfzy@vL9#4kvCv z%w3%%12>*SCY8^D#^+ARabwV?-t8zFaw_4E4#U`D&}+!%xf@R8__iF;?U4tuv5wGu z+u=HvYcskV*Ins2pWrE(RrPaIbbi4+lHWoVUHzTgwd5n3jj>G4iU%_?GcS*g4qVS96|YaXPT8e^ zy?azDf2B;}2ZpmVb9-_@?{;Whu;=m*-?zu#qwZs96pKy71D=?iNyax;ehzNe(!+ln zCh#MUX)0UH*HfFf$9fzTO{>6|rN_@L^3?n^kY@F7&u+vJ_Xx>ysy}8l}712b}&=ZEX|T;F`W`;b@`_ zT9KQ=w>pog2~zhiHc9&PegZBBP}5>y?bF3fQe~}GW$p!Zc^&jGphIr*xiZNcFICe! zp@Znu6vlnpgNK9l8~ST=Fxp^c~kF$it>pxan!nDOB%fR;3^JQgRR%IrM z#%2TM=J`H;)rsD6Yf#3>MiwWl{` zFaa39dl>2RK*^*URY85vQe)P>sZXOYM|>)mMPO6JndGs&gwnHE?vWCY27eE$K~pOv zT~4;QN&MOf4IS8v!}H{aQ{fHsQync+7hXGQBHf^+5rkaPDc@j&-;DA=(sO&vA2koA zD0IKtE4-NrY~TiViKO0l?m;hD)irTMPQv!067h|F6?L1yXZx%f7+dsPqatP=`IW zRR0}?9nd}o{<%GzPu?f_?h59wp8ke)S)_S!GLvCx{RvT~dG$kEiEj@h0!i*fU3O{s z!Mk6C&^$7?B)|$jw?}!|3MrCy+Yd%tt-CB0oO0y}PuX4V$DU>cguY;8GnT}RaXb38 zgIUg`Q3g+6OH~8ER~|^=O;|{M(_o*<2BvZ}B=uE3{ejq6SD2+ldK0+VF;azSkt_bRr&+RIn8DiK+ zGD60A6t+WMT2p1lI*e^tXPXuCq33J|hk*CJK~M^P-AFh@DZO3bG{4Gd^`$L}k>sui0=c&j~o1bu2Gu2{&6=0ud1CFMbqXVQZpy%va-kZlKa(>9- zWTdJ>W7s}ndG`i2dn&yu)B@ciNVV?)vJ`WYPWp6nqf2x>gLkv15=QkIf5?EHe@ zw&;^Dc`KlpL6~NIRc&EK!aIiy;x6PAh-`gECh$Ft!C|0y4v4Zlmyodls>5){hZ{MK zo?lnIJ9?=3q=W)4$asxHy~a<2nir!0`)O9Nr@;!=;FsCFlCKsEa2#Cr%fD#%49l&1 zNw&szY?64qpv_3H1iWYzQ>CTomv8vahoQ1c&bjY8rMnwImfIrcQ_!5SE2C(#r?DxE z5hU~zMe3Cio89EOZTU2=-)MZDcjp&;&RVO~~Nd zulz&tJUrt`vu*Yo6jVxeEq)Gt9&(&0g~9_@0uJt?qg+nhmf5Mm$DI=MV^2y0sHGyN zu4(&(!{nu4sIeh+riQtg<4N}S$1#-Ty{iSBHB|&|9zP#AvjO}hZQ4VY6bFSjc^Kug zSS_Nat8965cec|T0##l0P8&6fyyZUREMxX89A?s-X8IIVRQG{9NT#(+IQ?r4Q@)BH zCVwu360l#0A4Gr}w0)jAKFS^1n*J7!GBRA(3$UgO!92@$LXZ^9u28&56on7Fb5}(U zl&zWJB)DJ~174!9CjC>fw!#b1rjpbc)b}4BG4dwv7ma`IB7d6x%fn0PP_;m_A~lv- zfBbxtdKzNEvprQ}Vi!qi=yp4OAmG=gy4f2c`*VxaEXRKN5e~ug%;uDE)H6xHywn`j z_gc(a4TTsaLLZoPqC8MO4aKYFp*a-Obny~Z>j~7xRAjZrVeWWy5akce=5=-*HQO)y zsUII+Tw|uJg*iY3-xy!jkfr4qEM8Qrn94>8)i>Q~<0tVOHx=vhEcWzh?2TnECqm8d zDxH1yNQEaiufmMU@dgLUnG#*_$1a-3t4lrC`NKs}ge!mFh5}S*qT0THP>k>6^XZvG5q@tP2rcT3G(S50Z~*ev9pA<4T6n!uU)U2a|ZjmMMNkdU@z zy1wE^@#^ms^6u{NTE3R^)-HW0`eWev`nBIW*7m#oOtOgd6G)j83HF!I`=7m=Kb`dj z9G@k;{j^;@bIxFXbO-zm>Yb;C7$bDudUzXtJ%*koqFE)WHk-AqORDPpvE##XIPnDc z`PxdAP2zX$)?;MbZKLb{z%#2^qzpr{s%K^A!xZ)W4Nu$H!WiFqJmGz&oYBcuXZpPV z$$9un%hzo*ejmTj#FBji#F+lj&-GZT;e{@bZ7{;f+$-eO2)S0DTFmCUe=%Nva?By1 z#%CO7_wY*8DqgrPCM)S(@{~BzwDq%S5iT1|)F}AFjQ*s#3hUVp9TWal~7g z!OyF!Ej2vG*6F^}YdCMGtG~|`NuaA){TUOx*fTk?>5>IlIk^`6SsFdvm_A znGxNdb?|u_2ayS@zW>d~9J#n*j;ExUC8PeW%B9;JD&Jh4U;bbXdKO)6(P4%}L-jom zA8t#?+49`TG-i4Ul!>ca#%xe8nJ0)C&Y$)XST)`o**q9t*}hR0HOF${dOb26#!$C8 zWKbv3;B0AT$M=n$$7@};1nssG6fU14BxyRN_1vhL%WA9KLN3JzA}Ea6P?5 zmx&Te+S8g$&4GP_WD=a89J~8LigQn3>Gyet8|GyB&amH4_ZQC586WvGy4;IlfG3&QPz^ZTwz;+=EE(_Hh2Nk8kJuR(BJrNaf<0 zr=lKC*Ot1ewmPDM8Ua*AuIR7!O>^Q`xJbnrm1Fwnrk|$ z6(0jS@=7Bsd}(7VnL#m=x`(5Um$;R?I*^Uk*MeeHNRQ zk-P)%*N^;~n*PF&(7|;TG1^xm@mGqh<|2rB?Q)la8cl&z}KMQ|U9yxa>Cp z9MPOoF2E9zTEigBAT@CO)TYENYzT1bd~M|TVo`S{ZK7rI`YnmEi{TRs(E5E6nttVeD^FO#413GG{3dE+?DEk^RVg7F$#@>oQUR8yOjh z7ows9%YH**GgSp_tzi7jo`pT0YUK8UYZr_NRBiDl0! z))g@z7BDyOM%M5ZkiR*ZwL{G|Z1V*BBVoQe^<1nyI9g~{4v<9xqt{wrg*JbGi1tIR zKvy5!d@qW*ZA3I1xx-5{Jo%~UqhQw+9uGM6`jTkKsGUF_Wz-R!Um zSKXU2ydtr(I3S1FQQ+as{90q^b7ulmo$b%)AvbL1KTWq;C=OYdi!}jC7^WP3gN0VM z8!oNCOGLAHyxdwWOPD0I$3-1u_+ARMKGKy*rU_|6s4JnDYN?%&NYZMBpE`XhFvb4y z))2!Uso~w%1Q3ges};mJ89Z>jw0ljgKZJ(WlR36jyXZ+5Lk}6P8E4miu~Yudm@;!= zGFOc=OR-`x>)M~Ue5gFPfj|0rIQBU92+|^M>2}6K`>PUM=t#CHVrwADNpi-0>^SkG zULi2=V=MVOzczVC#3B(XZGHT7)W1*CNivUU?4;VpdE*YWyge1WG?X(ei|5`A`c(_B4xOB=m}(qjC=^ zn9o^q3A#@ka)muEdJ9y|RwG0ex9{5u6}C!A#Am*6Jb9nTq*a*+S#W0FITFEV)tjU! z>Mhjsx;(@#gU?Bvu7=pokCDy=z2gr$e)j(E+y3Vp(R|#jyRB(TR1n7a2?bA|dC}?8 z0()tMf`J9iiK)`$*&wzqw;2W{u=e8$SpEX9Zs7!vEQ2yR6}CTA8pCY0sy`+1^cjCd zrZUVX2a~?T(_iW3%GV?}xfz@Xvv&o!jOCVe8yC>T9eK&;J1+$ifZvmgVtb!Z3fSYC z{K)(k@pzl!n?svY8e<$vTO^t1dQ=w7Svz<0M@15c4RmZ_%lyNNDPFF~n;axe!D1Od zFaOM6!>lbeyS}zOg%!C^7_F$KJWXbdiFhB4{D8eOJTt77TW8h$j%g|c0X4CGd`U^GQ|`8*ZE_)6bH-jU}dAhTta7*Gx@50UvAzbpRn$Z z6$tNWnm8#EZ^AI)6VLSsiJtRy;!sbQnZtg0 zO2-N0xV#Y8hT1KbxTA?n%M+(FX*}~HJr>Gc?j8_MguaA58yihtYpCMMX>>#uS1rcg zo}O%%Rt8Eq5b9+!6z`tk2eT=Zsx>wk`rhi-{Eh;+Kok(nZ#DcRJeeTrj;kMpW`Ifr zQgz1Q*m0_3<*`4+?>-^_`2u^)q*@KUFIvaC=q0Kybw(llYABi}q%K$3uWD1wzkytT zXi#55;tq4FC8u9qGI556$DMSuGoWx0C`EiTdfCRs!cJ)%h~c;zZ1&Vpu-)oV+m(&< z!-mFepA;fcdgckY$qi&)(m1c#%WUdNX=yl&W6i2hW6_iKH-L0ed_Fm8GaLT(%0({) zyP4z2xYX>+(BAO3I1$vXHYXs*jlaD*hU>Gyhk<4b`sWK9`k>?kx$+Lod&>!O0Wk=Q^%=y)xXm^(x_HMRQ}fKDcx z!t-;FH@m!yxOH5+<FOZlo@I;d*nwe+mrimg}}UbespDU9Bi~Ju#`N4B0SVH0~?P zW#x4tHl+JL?SG7{%9^}}+?STjT{sQJi4xr3RwH0XjE%-=^Zo#PB(_iL-ZVMpI5wp7 zl!mxr+KS+FZ&#$Z|6B*m3fUVCkIkF=I`e|_QK>X!5N>uC$&o+z{Q&5Z^2PRWDbUS1 zNZ`REKLW4SXMI7FCCRew5<}Ad-7IG{KDX{F4KB9i-;mVh-;jQj$-2JgzZ4qR*`6#Y zP@UFx0HkyE{W<<{@F)9Aq77(+Af)07(JY)hQeaT;N9;t<8`NOc)d$)=_{z-{rJqfF zChFAs%VYWG;ov;Lf^YH%I29S(E9JbsQHN_qk_9z*lIoDouGUHB)h`PBD#Lrq+`?zl ze_TPDz6yoe^o;e)LN?F_g^Mi$VfG5FstwsMUVmVdz2Yew5fS@5n+3t@<{vGQlj3*Z z4x1!TZW>j$Lrz&sQ4@3-`DJpA7#Q)Djxk=4Ph|V%BDr_N4)1B>u(`JO5)x=qh)~md zGE-?fq8#t`vr}fQ+9m>mXWmcsx!&?87$IK`Y6R`&yQ5`&T_<$MZQIi2uiC*97#U1z ze2>(WUd@okV9-(x)Yy0My|g(^%q*GcG}1Fi{&ulDL!ToXS1$ZU;{LaAryUpa>b?=Q zm3bx?YmooeP{0Gw5MF-Mukg92WMN(Ot}TP)b_y#84{~?l6`dxYkzmA%dzHT1QG`1n z@2I7)HKOb%8A*855MkC7(*uG*fXho$sADSdE9|NVZ7jTX(tda=`2e+*9dqCh_;lse zIS5bDcw;LQnjIlo^^gb&aHhFlyXDYol&0EB)fv(NX7wLSdOKetrt0ECYSaDf3V%^H zL*Gu$GAJrf;yy5smK^(v`nT0>xIlfJcCT{R(bKz3Eh*RBP_vum5#kv#^-mjo#%DKG z_`L2@{fVyw$iHawu>A#{vHGzX3%2&u{_3=D)ov zRcnVB{a-%4Fm`)8S)V^DmbK4S?ajqOe@76Ojn5woU)kF5Z`Ps*iIQ?^t-nkPSUB5M zYQ;IVnoXO9BLkM^qBG*wr?a#q;Cj(9^oZ>3kRQ6S{`o1S{r$n(YN6bKKJo-cybu6?Bmc zQBm6!h0J2Vp99RH-+KS`IWe>A{+I2QMxS}&W$yJMz|3>L0VcR*Uj!jhTkBN2CD}T` zjv5UONCZ5`q3>2Rd~ExE(e~$<>?l^cE_ws`%J15!`Nj2(3A<_CyUP>S`E^F&OOZ=` zNW@Cs#?C=sIPv{v#g)aDtd{}FkWq(JZ^>-!nQ)t$_B<);?vyc1u_u$#U{lF_Q*ZXA z)&A(pwi|zg{qpx}%Q4#aqu{}#KVRK3>K|^U-dAk=OUM|F+BAHE5+=j3A;HZgh<=Nl};fzpgPEn3f?b7V!Rs z^`9+RI;He)89`!GuGHPzCr1r`JFL*6DYD0tOJy;6pYHs+aOf!@dr|gilV^J;rMs8z zC3o@!ylOX3=DmqK^vV87QB)KY~o{?bY!8{x|D#u5_5!`XZaboO#^x55cnmfLN$aO zS!g8utUlEEEPM~(3|onmsjUaZN350v02f68EL=u4X8I6ZQKnhf-DqF{Re$l;ipgFf z`P%wVol0lm?kg2l|8o18ENl>g55;5BmNp$owZd{^)q}q2zGahXm3sgFQsfMI)E~fc zwQ5Z(Ix#U~CyJ(Kp$#JXbg8UzVW;;Xj$2PIcaNq&tkCV_KgbOk&>MgbphDw6f9Cs* zyvxMC`leeGzCH`=Ut?dZsYKH#GBZTe$1EkQne0p&IM3FfY@F3=Rep-*bND5Fck8}7 zm^SNp^oy2sORMhvL-+l9E*t`aR{+*B{(#=k1}N=|i~ngbX-K4>K&N1dna>Y_H+dYS z4*dPt^qW=b@4z6(7PJO z_#}bFez+CzF7^82SV|7Qe*P5Khqror^|j$AV@ZKZP9)j9;8w*CDByh&l{FfY*K0A= zHDDmDKa*8G0MaK$)ozULBlEJY-#*}{oA$RRscgH3`U8kA~bE*(;hC`*=|BIVz zOYuGy5bH@X(SAF7*xqQ;{4qlA9Q8h;p4-}CFC~7Ux5?i6>`u!#o=&5?KR*{MR4aL9 zqs=?E(e}IJqs3Tm6ks(H9rghR3d*nNOP!|$m!8P)6ab7R`U^U)EO7g6B7_{Tj`5PX zOmY>em)t+>cjJBoz4%0B_+FKL27#f#-y zQ&yd5O#z~>Ct##TCA|@--i&xm@iEa|U*Tk4$g@)=i_B*`lcQqE=;CG3IYoUx+TP~8 zt4g3*<{a8wxhw|A6WJ9>5UuT8@I#*BtzhNQw53=Rf9C0{*7k5TKLuk0|hm#elX z(Bl<$5@aVB@l4=h`~solBO}HzS_%p=05&xAkf3>Yyn3zAX%?0c*T3Ema1k|1SC;$4 zurrD%7qJKB7GvGr7qc|1@db1pt;8j5-94)10x_ZnWQ4;5XWZ0Xs`LS&eCp&ktRVYL$rw zfxa5ek@oAl#+4di=vQwFeI78DO6%TbwfBzl@AdZB?9X!Rj%M}tV|Y(}643)ret z7f>lES(c{o@9rppN``<+-kn#Sv~uxs001FLux!zeCKHCzRb7Ra{1H3{^qJ`kc)C1R zwGN2Dj;lSnz5^UNa@+a6DZF;uJU@~n{wQJFJu0}5?4_~DI(lG${MiSj;M|+0`@~Kx z(zi?XpD7l4lvi@zog|ptK)FZnR~8x+8T@MYDLyB#=)6Rb&4e!kN@Hvcz0wvBa0}Ul z59b?QX+6%10fAinfx}%p?P!jwpvQxmnCkQ05gG592Fa--5^mF5WATq>#phUwJE68S z)o;>eBE?L9>I0QR*KTPdPUKR6`(Sg35m>XdlQ#o@Rs$p~%~WGJF_HYo!1-6rfI{G7$vm(-PB9cz=9Jt8|Ks z9%z+faznT2Q~ezZa@%u~W}o|(TzdT`xAQFnBw%5Eprb8+iBYVY#A?@>$(-BDo%bW) zN1gAr7nuk~mGCc;T!XIUY|R54i#Atu42($8@M>*wG26Am8UY-6i$0x@WAiUhpvA{_ST1Ly(`PRE_f0*-8eSWtQYgL0IQBos_9<~j^@i+7*hrw>PxpJkgZwjc?Br{-K2fYRHr-_|I?!*Fj1 zKt^_6DHW}#wd$9kQA+@{(QB`prXp&^w%L_;zn?nbxnupaS#?CB<`Q%|zXR>jm}In}h*T!*Lqr7B-*3ZPZtFY|6LUW@*Z%;oo)X#1Zu<3E_-D^e7JkblD4JqLe&GJoDS zK=TIuKb!IV|8M0V-_gJFz<=G9G``yXIgiVwHY5a6YX`7Jx&XQ zyfx(;aUA7TXcWwEnAW?_Z*UR#Y(T#MujKk)S@Zw6@+i@C*8wOwalF6tLbNj2&eh=n zbteG4uc-I$T={(iSAoj(-9>N}O!q%m5Zr;Tj#p#x)0LQhmrwjvzt#1h9$dtZpWiRJ zWk2^EaGWF15O0NDNjS>N8Hh|WF8gz|01gMX)?eshQ?l#EAk20<`WOxD{eg6o55}W> z%KqPf2*?Uin!1n{Fe&P(GgS}2Pum*?o!n}m$&czUSS73< z(r>G z-CpGrm-~jP^vQEl4~a`_gX|3%(AqZl)|hK#>}!p;`g^wxx^?y=(174{I(3te))ft= zhOeF(7uTADX|0(N zEBu$9*+{eYBqPD07>no!7U*RJY5#A%)F15w7hgY95`txi|U*zdEN_q`J={ z5z}IKIL1K7JS!%lrMfs{gr&6Bx%>hKOE)NbwBPRj4hciuAYn(+<>?CC^9 zCJP~p#fr%th+Gn2eOEtlxsj0qjG1?|m}!XF1^UOH=XB zEM&v<^k6Z@p%;nVX5wFnzpPg{g8=Xt@5ZO2n`Ja-Hl@;eh7owii?{Xn&xatSjnv}` zq+>gK6`tCe&Au+MId@Tj=xV*Pnp`}Zby!?RjWD`55|vyCByS?y;2yNQ4L3fA6Ccd< zW0;kJ2A)O@3By(_;_S)*1;k(UN~KiaqlsnpGVQ_QP1R6qh>K2*ce8fo%0>+bcy$UY zMb!Y>i62O7m42;vH+vrJA+4H4R}ywxuXo?gtjIF!JejhT4*%~F{oMZ(i2gmv&UDnl z&(1&sEaznLK}!E?*<`MQoZkt@o9hi5o%$Gexobh4OUVulpa;?OjTa5Vbn0`YWm;7mJ9pyL_~G+_F=eS; z;nPBX<F21Ip3$)jK6q%ZS}d^4RWmt#}XSR?0RFhvNz2i z2d2?gvcM+I=gn7O-saqU#0B0w@L=vSc%B0j6h7_d8-aykAg|R;2kdQ5e#cKS-!d>G zJ3}&RgmHw?Z1q|^-@P12E8J=^)?G9s0HL{_;mideAeO}tfZRJCA5ixahpG)oHFumPaJDLi zi3R}%|G%Q`0}cPC?Y}rs(`Z#@>mM}cjr2|I>|XJ6z`TOU$M-6LT9qSSXsylsTnj00 z1f|vFK&9o?BVp4$ICPi;>CEn=W?CIO@D*-rKk$_AV$h(DLhj|y(GxWBMuUspF&p(O z9+~J)pm3j@9I_VZ{Q+os^k4AyKw$!qVbs_h$=6rrtRgNJPAw(#5`S6z27fC-vo6AS zJCn@ub-uop;4|>NDGL2S1~-$>_>y>=-xa74FtztAXMyOycAh4v0w`VRY@@j5p0B-e zM`Gw3KtuO9y8iYo?cBhA?v{AF2T1oe;~QD#1h$K+Mf&5&DuP8#5h0>|!8+wH9FG-_~Xb z`sj}VQYT#q&{=$SC_`$0uAT)*Xhx&_&DoX{DTRM)cHQKPinv5~=1s2K)7|I6++3c# zHgLM1`WDPg8YOXz6FWQ7zF~x%Jy%YX5A}*pJHv@Jw0V5A?A(?;D9Ry2?Ftl9Xf3T5 z;-dVPTrCPlMp&zN2vnTaY~}ERc%VhUR`ZtcP_cT=cM^U_q4pjO&%pt$lTW)?F}u9H z4(YoyRZ5JpOe{w$U1MIlrMq7%tuDxFVZVDM0sR60LeyIY7kHi4!-#04DDZiGagb>v zJ>8vlb{yCGUJr?8yzb*=3w~uv%4aYAI}HJ}%VLvve{=UM<|tH-KMVEoK8`;u)vc#{ z{A6{^%D{95p2TdS!VkI*TLZyW6J8@&fTqE5FBqbCK(&@}q0xdGihDw9ww4wCs1bi< z5+RitW+|V=5 zO@MwIS${Xp%m8FAXNc@yg&_M4_tx7lM_bQaf88rf3^0yov3i-6=Ad-f@=GYu^39K%1Ope@ zJ?#l@yI*x`McOixrSti}Nnf3Y4-PAH^LBP-;68^BY<;+~OhEleF&^?&Au8`E;##)q zTsx2-(ueW%X^cs~#?I!4FiCj*j`Ce!98(aAa~aXv{6cf9MPu)3sh&-If^rfi+I#3T zgk#-4(!dY@^Y7?3=4RB_NA+1S#c}f6#arSuETC+39?GB>N1YUQZawvS@9c7g&+ISd zbjx!l9SIf70`>5Nq|V}}iBgvuOjwa;jy93A4dBV{zlACP0I(4;t-q}Cy4rQ?bJic+ zNSv`rSra}rAo+)OWrX(g`LkZayB=PPwF_Iux~OFHt<|y-E5%HSq+O}#52qgJKK)bv z5^IyMgNq&I)8KUj)dh6p6$117_1-j9vN@lnkq6v%U7DG=_+|RdH~sW)uVoslhi1sm zL=yv_WLXW*KFP9y+TPH%muqvG>(sbuQIBXtX<|<_If*x!cKtI;x@~h@zTqg?FZ3PUydG`b_kv%K$ zcUA5g%5+?jhRu-UAfs^ptM#8La(0T8dVGom!r1)fkRPwWOLtBu$`KDwpT8A5NxQhV zq-8qhGKb*MaS@dstyoYme!0)0^g5q=jPCLLj?b@*a;i+ua867Ci_yefj5>20*kn}* z==a9Z#sH0}w|P=Ue~Zn3;Ph*)OLVs3ewwjJq^sb1|ri{C~#m)taA7fdS0k zda7%t3V#!gO}DnBbnHJv^&K^n{~J&}=^v*qXv%h&*kCYM6Vwgt&}L6H zCqP0#@ubMMY znj$uEA{ZvGxL){n*t69#{~(CDnXK#C8sOoW6L&Z?yhmoM7iLXGh?Uyb+vt zxUfPeUlEafSAHSLVL9ODfvV-Yr>XJ0+Lfdx)DeRkO95!zJo*f!KYk!eqy}}Xqx3cuYHa}_$Uw-fheUW z5DG}Y%^wG9x77jsiNg2cLwMti+j~12w>~ZKgSf6g9zsoJ++mWLwNAUq{|ZlUDt6oK z-C@daoVo%T*7PosGTWNE5H5-3Z%6aD7~AL>YTb>ky`LHb=zjITBHNoa?2RGx6@G5O z9u&StV~kJqEBK~7!e!S2^bGhSj1jZOq~0Hh-d6z z{z^z5uLT0fJP7{8_7~P=UG2hffmUM(1mz7yKdE!6Y${*HLbW6*hhD?R?pd5dO0CS- zb=Do{TGia2(Z(>J1Ww7ct?46NZ6!uPW^Fps)@U{|XjOL7Iv#Vxy!2i9cW(ZzUi*K? z&6|DL5!fF^QU{T0z+R+Hv#GfOhD*2?p}EJYL+N1FCeSUKBSI@k!^1psj$}T-kU%o- zyKn$;P+9BbySz4Te@*prJCX~%4^ll>xX5#CDw8wj1l5lRyq2s#)G*~68=v-kH7V=^ zENAIio}a>ntkkSossWtpS1%*)t4w=oZoCBzJyx-c_bj}z!sa-o%Ju8)mGc5w3|hjx zd2C;s0TUehpW07B&R)VVHhsg-@xA@|aR?V%KZSe*mwv2|Xq43F>T&^>V?9|ND%u<9 zPq>@(z7fft<24Hy5#m`Cr0?-n(KQAE3H&_af1zNUM-4=eR zDRpsVP_Hhx=?98ZNO?zzpHrG!Oq8DI{sc-hOE<@bOETrXUMpAvzD+{BN5IoHUhl7| z9NTG|(*8G^>)c4xGBDci2M^?zWhBHu3^%%ZsNpQ>r&0=-aP{doNt)>~slDlEcIK*< z#R8_zhI%>BpF##7U9Js_NAuWRT7Q<1ICXC0{tlQ>m9_}FtTZ)+Kp$RhL1HOLRwqpv zQd%O|Y)lH4jn(kF;aV=>}d+@n0pAtcaLzU`gQe>f-|=;0MxK+f`R zDWSyb6MU7O!(-47ZRgDGX}HK~WzVu(SFajS1)@s&Kc+>r~v51MVgzt>9LK{;zPe=Xwi_8u_Z z+>1GK%i2p-DbdRL7wG>C9B=Y}2#&Yv&&4|qJ94iwWi7Ws4>~rS2a3E3K5E&x`T<=5 zW_fu3ulC+Ds>-$P-xWbXkuqrz5Co)CV1k5nNOyO4r+^?*64Ifxq;!WOp~R#o4bna7 zj(tsa`NUf9^XzB;-*=Ba#(viq8Gc|4?{(jE-q(2^zvG7ssYwULCD#r=KJR&7j~wGu zeev$GbMgYp7MF2HvlKo~GE1jD8xC%6e-{R$z z8PbX|iP_i;{PLd?XP+N$R3XcM)a7gV^aAycdn0`O&=o$FE0~4U5TH@%*{a=l1?4bL zk%6&c>M{*=pNZbQW1sMrsl}aiH16yH(}|DP0V_eh8h8U5j;<9s$^o^Gr)iIMN<>88 ztMA8)JVV2T7O0gj^IpU;=l}&WwMAlAg=S&31U9W?Jl41RC%$I>wn8m-m{(MohETHu zSX-G7AP4?#+B1v&p=SIYJ86sN*cFB%MqButoK3T>Ar@@q(H-M9`!N93*mq5@Dl>rU zsQmnjfiB#x#JzXKn=ES5lgxS`eZ&->oD8K}_*xQI7sUhziJvb$#rBkSRe+V~E5S;*vsL46G>DdD z^Q{&x*2>0{j}W~uABybJC|cFdEl!^@pIR46;Wr7l6KcYWNGR%VD_ zrF^Ajg3-|Gex<0sOj{`9@}sA$&>Fu3%&T*83=nsc9?9fgF5}esaYwU()owkPG$TPi za6FDc@I4Tm*Q8|*LY5T@1<=lPm4tu)S<6218tXXCJiroh*th9;`jPm@Ue!jC##| z3B4$hH4q24Z(sq$=Er)NO#%goc>sZQ5z0oWD7C}gn?U76J6d8;^;o@Big1CM`6@0` zKXyZS`i0!J!iLsde)?cL^pUJ|u++-|?yzKOVn8=Jq2pY7N9pst6Slig`6rmZ$QNeU&0N zgM_*0xEf2}$|iL2dNJtK&6yN{+=d6&q76@cxnw55j^LRRb3t{wIidMEF{E1CAW?D9 zZsHTccQJmE3%v%J`g`yfWC?Xxs#Agxyo}N3q8w}4x!6k`xQ*UfcV$<(<&1vZtJ9fAqc8=l>`?egy>*UguXl5< z3`&eX!B}~RLA?3c4Uzf!BYnFBW{1>Nm!nT5h4NW`41M3l8(YDinXLeSCAfSgH9AxL zcIWH27JHuU9u&Eoc#rlgi9-c%s(LKk zMl80~>}5Q|;U!xg%b6L*&?Wvv8uIK;5D}U1vDIlj^)4ui4BdOjD;Y&On|OfUla7qJ z>g@{Q@xaABE{>s*H-!-IJC}ufZO1_q;~_iMU=e z>rpCKo9W;^_MMEqfdz-_V=PX*2NSi0b6TH^gu_~ z-;3mVM5lgdJU0!rs z37kN-4&v2QM5jvgJRUTNab`2IAJR46ZzP?Wu!2>-OjY2jI@!NetrlGeC_OIoTJw6ALa8EC&b*?wn|ji$ynz<(3H=YVY~TCI zeXDZYT^znrB}z;h>X4}s7jC~Zh+oLh=9X1B#m3ahneV&~R9kze2^q+dRPFT%OnQPF zp<{;z<&pkIV|$|~u8yurB>AOxN{zbHGahdz21jR`jgt`5^>PSaaTrS6KS?mGT}Jsrd-O)25kPLoC)mU@%$@k?%$>@v}WR~ERdcTW#V`*(IWTuxU_B_?ja zT-IdOERl#%gMNC7Ke(h`zL`l3j!_lY%Pde}1=$p1`9r3;MiB6{QBNQXptaB_m;@I4 z^DjGCVZSH7uQ5AO>i~cMr0|M2g|Gi~JnG_)O*!V9vnTr0NPp1oz5kMS7kPDq$HT`b zAXO#JXS;B3Wxq1h8P82(&&E}K2RD*m{}0RCG2;S%XfhF>e)(X&MkilwTt}SiImONo z@!Jm?{=B`%?T*Kn{|Is?Av`%LzoV$Sgbpd3a&1UD@FPFr-1d{5=jrkhZv0d)`tygD zvtK{__#0WTcdXgG^w;iYi+Pz6#f>Dl#CP1)-U|L#{0KD_a*B3wpZFz70o`Y^pYZuF z=%A0{-#h;P1El@eZ^ix1nk)z7+&g$q!t1Jg+SxSOn2i<$U!m3?jF#bcBufP88Ct<_U1<#WEdh7l)>K61Vfqgk2SwW84~3ap=A zGkD^1;l~#avpIDOVzW8Uvt9#BY0VmU=_;hupd|ys)G`yeO(lKA48*uwjckMG;Ee@L z&@$rn`bdd}L`$%Upt-c{hm=tPkwpkpm2{-je%anC92`{V4MW=r(unQzu3EFaR<2fRyb5v zJ{^8KwD%<9hv@jISWg^@Ms$OZs@2n3S1dw43G2zmLiqKf{?$!ay(SW%(niHR7W5Gm zf{#_Ig5|YJduQKEjQd$iNesB*qK@JBe_rB9{y*XYm?-H~Qpr?mEG994BmG*zvZv@=e0pw_gJ?r8GF`o@=&rdLqy$88gMjOg3C(8v128-zp+GP55hqiC~ zbR^ecEF={Nb}V9cQmXWXX9z5X4Ag zxsdEEBLajz7TKh^7_~z!_Dw!l<3<6`)nujRF)hV8-9jfLYG?C>7o~t7nOD7Oq~O8Q zoJsdL(k!r22In2`NfH7A+7~a75KFjIhmVsf9*3KqgJxx!KvY#~GAEKft?eq~*e((`Tt5J24KHihUUkvSzdKmpB__pZI5|qMab0Rk6 zKI4iQ^z+Lb2v=5QbMsS#r3#e`*Ampz6qQ?El%fu7)dKd+;%T?t;Nqmmq2W~hGlZ|| zWHcOXg0j*G@vj!6=Q(Zk3xE+Q@Lbe@o8c=E*2O8(fR5I~P$>9CsoCtb)`Zh5vss-d zlO>ls^F1`!oBX}+tbp!vKB<^55)lLYcIT^AvFrSB;kZl_nrkA-`ant>Gp$lyz=hZP z2wc9%(#%T-g)(2Uh-?X}GiU|)>|finh-;NbJ;{Bplh;l=y461o87-S2@5NukYwuD> zU@>M27xj>qJp)PM} zFOsUX@;L84TmT?TZ8xq+a*5-+8L*GMg*X57%T?x{cl@b;^ zhF>W~4+;{EQ4&fnG46KRkm{{iJ>5QD8W0b>-@kTg7p{BbyMF79mFdm!`#mkk7_nlY zOEJ`u@*^0}{`tD?;0y_%s?|<^a zG+LhO9>T=gqA+Bf%1Bqn+R#UNugRDAdK_q?B+yne$)?@5t)(u^_`tQ!1AEXsO<$i13IF7a8gAfdw~7N$F0GyG?tJm;Vlc{o)mWR z#crL)LD-~2?UJ#Ns2;w)|29s?jLxQUQnEis_WpyTYP$iB1ZIn(`okVVg6fdGB3bG||&i*={Ig6X6@q zS5OEif)ojGI!wn~2+X2Euc2&3qvES+wKC-IK*{{hE_{$flynP|7F z&e5D4iOH(tSw%SzVx4osj4Mf;7UUMn=a1&vZpHz*m$~i@9Nj$mn)*HWOP|^{^6V1K z8gHSi$e)ql$4fZwjRf~s>rJ9(>}>tm7V4TSNWFL8JiB)NdQA}p762NGDUfx{hP5j# z&!3HzujNsomGCWrSlT`(8G7K%GBEwJLqOoLO!krhkFyA6q+kEDiEhd_Pd5rwBj)qM zC)XHI+As&$y;y1r*-nL{_O+5=c&C^FX0?N{1vL#>^c813`@ZZEtZ(xpd(Js8)lq{~a35r%{yR1rZ5M={RcwfXxj>E%V6~S4guR2_qatDAYv@tM5e>L8zL7XmQgbuk#;mmBJ3QO%4z~# zDS0%@WPb~1o`}hG+2E7WM+v&CT>umub|izG9uW8T)h#ye4g*hwVHcRxOe0(PEOtd| ziMpv17oY5#Kf`-4R_WxhGQOlmY+|U+Um8h>_kOfQh;Xz9WY3BfC4Zdi zU>LDLUN)Bcpwx7mNuoFb4ys#U{8^v?N3)x@2{9waOZqxh@ z>XbA$76#=@5_5N6qXacok%&M$$hza1nbNQHXAK=z_{qHhc+nfu`}9MwgSE>Kpz%aP zG)CWWF2BtsfyF5sfk1*d-Y`56j*iz|Z35+^L43n*JOcUg9sRHR{pHWlK4?~?PWWs+ zHHQ`Hjjs|M2$&d<&agT)$jzNPZ%kno0}Wq)qt892C}dKYWtWXtGbD6a^- zxs{>G{Ia+vHqUIWa-(!(X`}zV!e#xGXw5{Qtw2fLuHJ59ySDVMIbS8bUg_5%4;(DR zyd%I`C`&y0q_%r22Eg`Aw+*_`&;s zIGFpVQ_LUK{Qna3;L`j)+x<;xW~c+3C#GoS8J(ra@2+E;!~ zAuFHO`VnuR^vkRN#Yy#IOHfB>f+e^saA-23b94A5^o7*7N9J#$tv3>n9;c;T{->mY%61^S2Aa)TgbSDPU_VAQ9F4LDC8EbXa z&-tVhS%knO=FS4k+@F&Do97p&X|+CGClcUH0m-AQ%lC1QCUJ2RkPWAqG8j(2hHH(J z*xo;g(;LoO>N)K@5IgGD zDZ2=t4nM`>cfEOveagJUaW=EhRcz-yXG6p~nA6SDGHOA*D>&}}-F8)97za|+jv3j; z7?8rZ!Fb|L-F$elzH5^{sa&X29E%9xhmssuY(%~S2jqvKl_*Lw?y?dxOVU4>D^5q@ zV-0I!4pHdjNU7ME`_Qf7Jq&j_+|&ZclV>4!`pZE_xc~^3=zFj^yY**>nm?JvOSU~z zD|7a@=KK!PtjO20YMF};bI1e31jN_^QuIL~r_$>=)>m_6DLs)@Zd{4Gb1&tU4;K zhostMlk+(1XJC-i`MOAhg_J7oXgh;I$x=h{eY@tc<`@1!62M7rxUh4qE>1;0EtnGw z!q?ySJ{TB{_Se|&rui7QeygY~6rK+Upy2*%pwt%&TYXz$y|uVDX?Pa!VdrpK#qqRu zKWSmTW*6bX{t47W;3xtALN;$*3{Mrb1-%k2u*OxlE9^H)tJ z4OVN52OGu>cut;!lXhKz2z+mZIwrYjQBr7`aKB=5CjP$dW=fN-K~xFk6L{yY-Ijcudi^ z$inf;wQZfhxg*v%Sh@5r5S#Hz3=D+#;-~z&m#^MyDZFy~YUmycL0ZW4Ps7`86UtA6 zHF%-FTx38zLu|dlZBGck3!(Z@BHp*#!Tyg73W*cBgk$663Pxz`Rer{H*G>@NLs`w1 zNh@ri#SPy4n`53UH|wEXdcdtacPN!;Ro?6_wdBMKz?Jp_>E-HQaXd%V&&y{^;bu*h zM}8N#aLmL*g7WsR^XG zjKySE`X5$o2SpDA1o9KW!72_E31DJQOD9!|m#GkRep9l@lGs1tmM1f4yJ>%s?DP~y z3;9E4L8yI1f?hCJW_!B>*AEW&>Xi*A2(wX89YL<~xqN}*)|-2AyhJQtuc{}0)Wr(a z5KRNWFn98aiF%VWe(MR>L}j`oEJT=BK1*VR#BQTH4asG9=%baRiTA*NDJ@5xol_N)T@@pQ;H|6&bEh8g9*zJp;~wb z{;Ll5e0QZ+a%k1|3yF3cojI^CT_Rf4YW7TXE2gdg@CEg0U zJHj*fdFyQ!yYMT7$hZsL?4?T5mbx`E_n*hqQRVM;&=v{^Y%jD-!Od~#y-pl~9OA*1 zII>4C=0UC)+N4=i+PMqODMO3!^UoIt;>~>zO7zK&H8?jv|!$v9f;0`YI$rLAP3DWZ zRk^@z+W2x!$7dV=iIDg2(VFi4A4cSjdy)g?SgRQ=KC>HuqwmK52`FFs+T=?t9){!W z>`=ao&#|Exzc^5SjAvY+4LsL##B|rtEAJk*Y7)j%4neibzsG1n$^D<{=3jBjq+e|a zINkHs@Xz*5qBHeP??bJ|eTm9TV1INuQW8DC43c_e>o2lzudttQx2FNFk)YuNve;$m z-F)_L^a8i5oDExQxnl3HvKkLEfkQ^))Rj8>{k#pe9nHcTYGpNbY zhH({zu_t`2`Bs^IN%U2D4t^8yR1+URFXxj-iU_8EiU{2MxfqY%kejO`_?vE?hi@PuV>tggkPpx0Ou}G@|r>`!I)zttfxE!9(`mWm6(VImPkR z@1-PfQT;8s^{0Pjp-15HKP>d_Xsb%UEcD*#|H49FloKC`oN@U4uryKqCTBr=coOAg zt@B`?r;|DCWAVnTB%yeQfo+2Dlm3(aq>9aeaNONR#@Oit(n0&H`!()P{uLJn*PIyH z9@W1vgR2xzzH>tR3k&^Ry!CXW&sVWJxB9Mx;8)9EZ{2p1rK`RN=DgZ#agPp}Scr*9pHs~y zzDVGBZu0rOQ#R0(GCHScut$GpgB`i|6R5|Ha~!U)Y-7Kk!qN=HTNm+>Ey?z$b$V%Q zUH6uHQmUZ7fh?FXa)&^+9x)N&`KE$d{F2tSr_{7-#x~DF<4@lmwsUJ0@}oULYB2*y zNQM9#o3;Hy*L%)%=_A63Ib$K{%KSRhbEW z=qcVxm z?zrz{$UB^LsnKXw`=X$tn8JoT*3j^cTZD)M;3=#8Nf2ftIH$ znOR$zA<0H@uSg_58_zZxixZnp@zGr0BT3#Iz&I0hdHz~KG&~7{wqj1Qid@hsk~I~m zmprA5xlJWIKxkr|b+Xw|$8r$_FW-56zQk1uidiVu_2L1EsSdQ?2(?(0N!X1mxX)7l zjMZaNAmvD>QSe`uDokDI$c|^Eev&>z0<(HTZtzCi*Y_0Nu*Sbf3EX|dNyE89*^-CJ z4UMH{yBubHXGSTT&fm(_?AMRr_HDVW#5~@DYk#4qce-w?sndHV(9l6VIM??Z5hnge zThKV)HTtRPZKs}LgjSn-?uS-eg->q~&0;v$+=DGS-{7^3Wjt-YT}EwNqodZ6y%WhZ zw7*i*tF;R=-OP~aOZ^-sG)T>iS%m+k)DJ-qr*jMTq>;@8Mwa%7w7jF&-9$FY$kP%a zM9vV^eypH`Sb~pLnvr~uukou7mAQ-XYd^h!CO(W_Ki%-%h!p);nR5(bvWF6Va{vDM zSqed==P}F4Xmw38je-b0W3v{|u!iY$1{%kh&JpIKn4#xo)Wg>+HHo8Qomv!(iTXT{ z5wvSNOGD0!3z9x-kn1s!hm!Y(%JnY|ySDs5Tu@3U$l$fXxJ`4;&VtIc_@Om11(Au0 zm4wT}D>ZK=&^y3WbB9iSq;dhcg#I%-eFOPl+UY%%{%_dnLzH+aDqVqVb&#%8rKoR3 zhM$f0APwtS)r0MX2PLSHbl?9#S9I-9$xO){=Yzo81O@{pJwvaX88u)X zVjnzw~`E^WQduq zhuKK>{G`GW#Xn~j|1Nd%M0_{~1cpP_9#)spE-UtW{;MUlbn!8S$^oVIV=@0wg=il| z7xB7JeNVD+uE;(uH!Z$GMS`vWjRvpIIJ(<<(`o{9_uwIiUp!!7R|U)ejhkz_PT?Ec<^X(O^P|GS^Zg5*wV2=H=n7vLDGGPS zFudn{9{i8C`r`~Ir{E5Uo>e7Z_qLBVq7tW-^!o&O?MF+?`Ng89TIm)`SlUXZ%;sxl zvV5^GceBlcs(^J+1YMWQf6e=E@V#b^&RU;1;gxeVZ>o6I+xygm0!(Aer|`zX{j1DY z^LzN;Efn<&pBCW1a({C?Ck}VXq}Unz{!ga*e?;#=HdZc`H~=_u6!|B9ESd^cHlK3HkQVVj3L!Rmg2Wq+&%&gD`o$1G%pMCSoWFMk)#;rk5cY(~K*Ga~E9Y@> z`xM%=cqur9Jyz80TSE1&c42`&w^A<00t^I%8(;1(_Igyhl~K93U>J=yoF48IJQYs0Q!4)K z#H?}fxW7q{c)Rr0Ic3sa+_#76K<(#L=dH*XQKX>iP-~9AW7eHn;%Jc5M5Shr0InEg; zS4M}|2JR?US(c+Loq0oRRuNx_y5{}le2r5bt~r?xE--4j@9`$baV^<(@qVpZ>CYZY zYT4xL4DgI+)FDwT+Y$93yTfn16gcvu`|B>T3iHdyeB*shktFTTkB1FJG#+)`3utX@ zz0(q}4J$W+^F0A-t+VZR@pFFF9~|F3MrrG zmwZIb#0?QMK|9ow`x!II<(WyfN;r%jp^o#_Z}|>#_17*T-)&SsEj*zr~us5yD=bqfX~P!Q_-f zy-9GQ`VQ+B!F|sz>Ck4Xet#&h{a(CG=N)1$4v^Aw9^)YnGoL8Y~LKAu85Czl$1eFc1S=R5isG#NCSP7FT1cC)uvtJcyeAhjxd%WYWz zau6hbAi_LT59|-Y9P!&+!`q)u8U_>^)bL=b? z;Ypi&8OUROFvHsxhKizAlFQgbGhs@jaq#T;>k)|Yf z)#3JKyD2a4rYprH{vflh!*!V1APxLR*6l(;)q~%C^A}Ku2CFqpF4DdlO6NnCYq+mK3hvrGgJc?Xkel~e$U#4uzyy!Gj zz%WC`!imHUGh>No zicr9*{pp9Q4b>QSvBQe|?=RSPMXIT7Qw^l$O)_HiYqc=ZiPE(K0I~o0UlRM9JtD^e z|DDLb;}?%-*!ztm&7XAepgwF0!cuX4$}2UOGmV~y=c*~}m@5Kqv6SLp*f(&KTfOK9 z&$ry24?r)aj`DWs$SkPzxu54v+E9!kK8H3?{v{w3p9M4#rPBLupcj9#nEd4UJVnQf zj&z@p+=y;4W`oC>Ff8TZKv%hNW_8T& z2_bw8vzhn^xz(6@lVDyU6t%jD&|p0Tj0@LXp1NyPS!XZV0X_8z(fVzNM2dn0|B8FI zjZW)lwRS{)538)Kh{<;_9le_eLyVui@YDp&prCozzFn)~21T}ydae8#s;UjP!bqY; zno5zP3~WHe3#Ir|_fonDWLTkkR5RUG&g{}0+v^g6PiUW1Z>C%OmB&+fe_Twfks&Ku zARepe-#_`dNbsJ@@O}67@0|ej05zgWXgG+6M2%XV*j-N z6;^{q6~_L(K^@!r?%&#aP(N8^Yk);@{M@BbwI=-Bt0a)BKg7}C21v?q4|m#bR)S(y zC{41)`H2rL@mN)VkKZ2Gp#R#)>Il^@qJQu-QfHf>4Dw=^*zLX>-uRoG$SPteZnB3l zgb=m|B&CRrMMjLxE`b#qN;PElNH>{cveq#M9N10I--Bl73NO7_8|94=&2Zc2gHS-w)XzrDQ00Z}%hG3-oyCaN~eew$i)pc2BZ{Ej~4%3>b- z+CFRF@WyaO#^QrehD4KjX_Op?g{~t0WnmtZO+m~p_x^0hY|rCao*(N|+!t^by!EY<%7OD?p+bW)rrT(`mewlNI7NKIO_TqVEnd8a#g8f6hr z5U0w#h6x)**g+pZNOv}^+# z==VXM@{L31uvLGxTnoCKo(UWt(Yw343(zKn^k5K+LN@pUQ&tju+Kc`M=`XX+f+C|^ zL_=fUoho+P^HRPd#~RBITxjgH|f?q?e1KsIqYoKGDv!t#0^^&b3! z&~aN)e<>w-acYfc3nHil+~DvCO7+lqQFB;AA!S`-#@byx7p+-Zqj?9$krLPsd!= z9{?Ha2+3VU1Tp53QtQQBH8D~v*e6K>gKd^g(4eanK3`aaJ0_U~`iFSi4kHy>gS%<8TA04K@#_F9*-9ytTn5dm)1V zvfrwx-yiM|UpV6Oc5l2WLiDVYB&Ed`4IZ{`6LEOPOw@X5OyAbb8Un6qZ;11Hz)gak zmlpwnQx#SviwuyW@VE@HBaq1F&>|;_SSI>Sp*8^Dr5$HG9dHtD^zhvok;C zfd=t6PaN)l?VvAFG?OY+L^~caYJ|X;?ytTBQ0K=h9f5!TGqL5$mwEUaJxx> z!k@=>S7%2^t_SIA0d3Z|@HE&e^p`oS)@pP|N#sQ3Tb$0#Sg@%T1AU<WZRtgv}S>guzcg&?syXmI>^GuAz<_%mDA!)X6=caE zTqbW)ohF@(t=n*U?{5h(}Ys z1@+V4l*UaPwdxMUR^%T(1WUdsayJ%4gIA^X`Ln7Npt?#+`YY8{>Pw8fZ@`(E;>C*> z^0kiQn6~62_c*OJ%|_3RFtfiqA)rj(#JSw=Isik}yM<(q(uM7p5l_}SN%C{DplIVN zu8n2+XUe?oKge|eH$&9@etyOe^4YyjaQw9UoYuV37K#%bjRUQcar<=!mkU2#L+=E} zLF}O8SN-za7@DYY?d=XAzEAPS-eQA{be865|4AddnDUQu?WWxE zg8oEWr5h`K4bdbRmYvB@GPY|m4kD8({PH_{p{UEu7);>_IV?t9xv628$OnGAtw+skGNn z(dUEZUZ)J=pwb1H#$X2>6mg6?k>U!*tBSed15@N%?uS!a36|prCrR+m(Xu7SB#KZj ztvc)I7&;a80j$f3`VVH7!jQ|+=tb6 zAlmH#A2a-vfG=M=MR&B^`-5Vkyj*s7d`5;CF)_qh6KJ<6fiPbp-~wK6vEhkyfUdz!SHf z80#`{2?vm;fw{I6F-@JvMZsBO)Fjv9t|&u$0};1?lBCQ7!HOd>6x1*C-=lPHGr#n$ zDO!$|rkhVdxo$YTeyx(eC;|pre~p%kbl68$@rXFxN_~Feo@e;KGJDp#iZh_|ZFQOZ zsVy^5Bp_A~C!8Wk95%zk!v!aDZDIHffUF;CzC+fmm}T#_vVU>u81_ucfYAOt5Ct^= zO_2HRGFZQ6*|pT-iY$CD+e$dHY#z*x7u=sX#<&GuC`5@4RtI!MQ5*XU8W0}3A4mX} zzE@AHWbB&FQ=FTh`ao@tg*$i`GfBH(XR_A3{xPdH0NTv`_IO9+<~RKl4Tl?==%IwU z(@UUEbDW|_??kCU{PjLV@X<>lDZ)(ByX+Jk($!M}aoi7D9cBO%w(3I9#(}zRE&LDcqmqqYb>~yeQ-MGYLe+2{C6+E6yq;F)-i=BlU+qgN9;Hgkswezl*k2gu9@2;vKz7iFj<)B< zQ@?9|yF@Va28c;d>VSdV7rl8(vW_PR z--BPL?ptM)_#jNu!j-4)2OB)^GF-a7mI@VedOG4ssYaX7hA+AjDC)v@%DJ^cD*ZK+ zU^!ru`m3OI+JrpUcb~0T zh}f&?c!K>T8_`wuBvzB|Xc=M+3mgoEX?@|TA8GjZ3PJ={x3@kljzH>+zQJN5PB5AK zd)521B=g}G*D|h-S6DsZXHd^8-hf>ytn@a%4S&?y(WVjxXE9opqS1Ju3S6^=)0oq^ zOo?{C^3dnwa*g#h3$0PDnPwqa@-^lVFsOJjSftfbImEv1-_yp|Y_jT}(RR2oR@0E_ z!o5x)J4L9XNLJ+O6dLLiqApm#AwD!K^Jqiv-9R+`y>HeM^dx(qyWiJ+?Hr@@bku0iu%0<_;smXR zx{CgZ6V#v+Cn!GsehRpfdwysi_(kP#Tl@Bj6XmgI_a2@E{(ahA-Nfs}3A&Gme}21o z_3mTf;(6~o54;WB?7e*-dfJ^(^R%;b^@6y0gYW+iEFr(qP`PdB2VO#r`Cc$i_T4|= zK<(tM>=cc&ZF$xr1A`2GY70m3Z;F#YO3YN0qd(i($UUZhq4ol5eyQ_<#OS4)R$X#q zj}sXvu24m4{BfB-bk;;2qH68e%>-O}Xz zA5Nv0dH(s@=_7j~SJMCO;yns&m4CiAN~w|~|M{9XI}Kv^=c}*wJmjDI^1OB9>;2~z zDk>9qGo${wM`TmH65~JjU=^xDB#6x!P+-7HKmzaIDp)s1H70cWn5d|* zm#X4E)3QKdn_pfvTSTy$Z-xU>DzPDEz#iN< zyUz~1yC6*DJ+y# z3v+}lybMptHVksZJhV$d`7X1tnaV^H@u=B#k4^@LTl*;Jn9puZl`rY8whgjgub61% zhr87A!dc8FUV@3i!%#giNyYI71A|(89%gAFPREN^7wJfbh#3e%g?QesyvRkpxCC)J zQzVc-BQBIqy>k!I!sJ&#O0=m+x~WACc8_St}-{3CX1V63T%N(f8gq4wZ9Q?5%X_^Hbo_auDP zo!g*2^cRnIQ5*f_OrpegxcjhRyB?|o8%bRU#Cm%q)?E&)A)-E@IxfZ>&hgOEnSmk5 zA!k$c+sn#N#*0Z1(`tn*2jH4*_-h9qu*l#U^Sn3_uKM%<>T ze?ZVUu&$}!en%HE!N|jtXN1^%tt55^rJ!}Fru3Lr88|~4xSml3?-(Ggs{-rdB?dwQ z_S4TX+^PcNxSaZ2O_@Lx0r+^(PYuGbxEr;mC9oRQ2$B=92@lb3ZDXgAI&S?Q5E7cl z>W6juU*oav|J%4PTHt1&R_yJFL9>>q=h^FK^CUSPPj z4QLoe4=NT$58n|%8#ITgaPIF>2Yykh@epjidxvR4stjaxv3 z@DDhcMq~T`SlBQ<#lXP0OsY83<0*oG8wVr=CY8itc%N6Lc~@c4V`y9Fhoy5BeP&lI z<=5!fp4SE^==TJ`1(-V!(h6Yc(_#E6<~eN*h5*hf!^+I&(qskLs9+YBM!4!$M->}>I^ z01wQ-ns11rCY|3PpDBV~?DgF6BYqJKmN%bHBpwd76jGDHlZIaJPw|f#8H&K^iEj{d zJ@GvWORx4+kxk$Kbg5XZ6mD3_fyQ~sN_4DI=BB>j;Zc1z-6`(>^@C++qX@JAFmlMw zdyMVk{dCeKKf!kW{T$h<+NL?)F(i$5oh+l7C;$B{;d@B?p3OK~&3WO&P{p!02&L9J z{XRL`lV_Y$NV>9QWS?GCpedv>jA7zk`StF*3Qdm*Rm+Uns2@vG>9IH=*lzZ|WI^U>mJlbIvwcEFg^@$iJ zY+dN{>(*S^Fomv4m^78^UAG`?ByiLYk6qg)m5Hjfg4}a(=+;xon;o++EcTi8HN6r{ zXrKG=%%pCJ&ue_;@e#E?Y&y)Y{Xbx*%8qrn>9o_VD$TgK=~JU9^vpaF zs?c|%B+g(~rP5R)h#e+SItK%4$Cu^#9Xf!7SG>m{Ho;~s*{>`oNs^inC!`um(yF`sjpKS7Fu+hJLPP^RyNyl-Pr^> zWi&I|V*{NFV-<#*4f3*Z3Hp96wBl|t!QmOy+-e>8%CUXKOW8OML`^S46AHZuW@2?7_HX{WmGHXXj*>b)A0&X>Z5=@{bk&+bq&TRoP8oY6RSZ(3`davn`;Z5>_t{AZ)W~SK^-T@VXgvVPffo1W-iWbfvlOsA$zW`o=g` zJ8;QOHZ089SK6Z7(x`)NtJTUjLA?hjyRXfqc-<-9H{&XhU8^O(!`74@<*%{JL$~HLSqnDi5(Jpc=LeuQu)e=<#bZR^Usk?u(k(=5Oz!I61fx%S#kuVFXYTe7bY=USkd(w&;WxcSpj$PVP3roewrS{QQRqFMmx{rRU6~wp#Alu z(^s9b$7F7@tvG1;Y~DVzibeFxHjR>9Dv286=dzIq>G$0OYt=)U3+E^%o3^~FQRWu} zUJh$ajc*SJV9#N3OKw*HB*_X#Jg{L!cZf6zhXfp4Twm|x8V(eeeWM{iwzq4U*hk4J zz8aWUX za?r|ZuxBZ)uMNMyDNmW&WV%M&{$MTZL6hpYS=$G=%|WIL&JBeZ@3l`ztS8vLhok#G&1{s!I#e z3G^lF(x_{srDqeJ6Y}L+-QlTiCxZ_@T{6Z&x-}??ruVzq#TsCpn$qt#|t#Vopj@0(99STc-E`!G5xI}vgUr~mw z^xfxt3T_q28L{7HccpKh-=to!i9fL;suFf%gq>1U3bU)MdO02YR zB+C!!-h=%eH~)vwZ0DVK;r8`@GP=V;0pm2x1lI^{fdpdlOqk+9_8y*0n>vvGV1sMT zm%Lq3B4cFV&D(RZS~sNQWbx|JR$zWm)yRan*k}`7fUuJYm;1buLG49$&XN0^(ZB=} z%D>t;I6hn=pO1;I;f9LwSSP1+ZHku5gU-S`Y>arf2(c2KQN>162B`v;N&a`19@51G zIg0;D<`=60CtNRnD2SI;zH5^XW)B9Qgi~VsKz9r_pek7q<0VhF$m&e>jcD937~1(*wK1 zL&#aJaM@Rns15=TFG%2t+49Vt1`|x`j$uB3`Ug~NZR2^@K9q5*>h-qSM`nh+bW9;W zj9l7cECpw5pTOXYA3}4>0SxI<4cF93$y$9Y>rpk*2a~V`-vT^6)N|-*d6~d$TOuYw zkmIC!zSMTJ?p8!p*vaIun!*6Dl5R%(G}*{K8%(e^ELdKU-h*Z_Op@nAuon)25T3rnMz)t|*pzb)GNA z7u|>}5eastuLob5&<aQw!<(YTRrPToep_g^4Pw2$WjPHOG5ssLIny|h`ts;2*taU;qC@c;qvO0rNOWm)zvp#%olK%%=T604Uh z5E?r9XfPzeI>C0#OFv?GKYNehJRFr@A2tMZu>l?v(kI@vvjYkW)~*M)aKAfq6~_p9 zR!=nlp87sOP%<+JMk{;4vAyZT#!gp@cuTA5JokAi6PnZ$pS{09s!#4a{EOeGURr6#s273)mHuj0I^pKCffDS_JUd_X!{MaJCi^%MubzA zZlgF36<|glOIGz9=B!`37ZDlB>rkO1k!=*w^n5U#&d7nq^AA~--Gv7;oc0hZz)W$_ z^(?m%#;zgH*7PYV28Jog8KNDCZrF8EU6C@p_IbB$Z5lYkw_@fIz+?FD6k*s)_KPdj zu3pk}C}o`7DW3BgD-xByH&0bKELz6xfJaAf)EAfmGk$-yoBGazwjLwFR;O3~~Cx7x0b+z&XLHZzwZ-ifEtOXFe_^{4qXbfT3r8Gc z08ArrOjI3GS-F^v44|_D@GoUet~qLbV!pD zsv;(#wsloWEpLv<>-nmulSG@kDtODwn)3jez3|ujyjPFdYj5nw)y+P!-X&nFXD%Do z4Dv#5g(}3kEWe!Hbp6TV0$jQ0cWkdfN&^ja_GV7>9ToPA0D*b$kPW_P7if&ApIsc% zk@2*EJ;^P-qq33q3X6^movmI=(Z>zW24(i#bTgC;3@!i|um)(|m?KshQPVF3on6fZ zw$cg#IN2MA^!NO&WQjOJ1+U1VV9hTE!K&<@HD!esWeJigNW(_D4VJ9^al{*O_k21Y z>+nL9cG04n3GrcsgY1G4yyJ(2n31CmKsrCIf@{1v(zOt3?-N#&L`)~hWGcX@Fk4h?dNjAXGfgG;1B^Ej5~m)Bhc@Qb1WBYK}} zlFIM?D|_8(mWI+Fa@XuEGR24+BVhf|&z5kG(?>M+oF37xRmlJ~ajNqEgRtJ>pbgO} zY}bQBBmKkPxsGDEz>=CWSGc>R0S^*tx4qLr9>h?3lAaM8+ zb5{ghEO~fT(zgLRZ9L+E)xsx?cmYRTdB`d_aH7&zIHI2>A(ot;H0fypQ2$~dAUHHP z<-ZIQJ^``4>O32~cHJ^!K1CPhi?Q5k5?8m4AUf156b)yHx;NMdUVK44EAKQYjoP$t4DZb3Qa^M%F)UjLpYJm<9Av)b zBQ!w9D^>!x7EjpExXJiyttu-@f+Ls%N0q!ho@AO8l^{~DS7 zY3Fl_XJxhgrA4WSF$s=oBQn6Xtj&;L>mM7wJzN~HZz|UHTWB7CI*AsO&isKvEi8F@ zWJprO#*6S+Nex}q?JN%fQP8g9ucb=Y`%3i1G*Q7EG@zDSYw6{9h|vNkOyUw`k=-fap4pr(Z*OZ~3FAD(*N(&5 zAdLOcWE9#*Ci{o2bIxO~i&qXV>5FxdvzhDCChgNWWvG&+k^u*$-OwXn0!rR7gYO9;>n98CEy&;PS%XHq}AtRU7hB8irJV0#31NvXGzP$S- zG|xUUJ=ER@ikkc6UQ2tDU_1Hkq;j3kndHV1-2&~C754Au&JK&bl+T?c=<`zuj~t%h4>SGn;cipK;#Ma430Ib&kfHf@9z0 z(6JV^3k~Ez>EPR;RpAJ+Cns-EB7D9H$c}Cev_rQ3GgOi-0!}3d+>=dKs;n+i^7LAF z@ojI+r<`nW-Ig_g?*neF6Qi@BC@Me|INZI1w>-Cj#5iSv?J zcVk}c<_4G8Tdd`cbz4lTW2l{Aevb)XJs82k=v4I|xrZ=whOwN7)YSN#qQrDA%Je*+ ze8q94ccJ7BQ7kpx%C)Vt_0y&v{N!1=MP@3Bv;>MIN$y4+4w3a#X%R*ah)hdVla%uK z>5%2q!-R@J{7LxPO?|?fKR-<=!$aItyHdza`<46Y<~<9+^7}1`GH8;XYg<- zotN3&0+vdhOarh9BaJtZc49&_$YC>!hci>`aMK_Ph8pKL^YZua< z%;eX7YuLGBJa!$7mqDvlH#3POeAmIZOj%6MPbUUGvv&EfIbaV@eh7qI)KV4`jWTB{ z&y6Lp-F=hLdI9k_Ci*TSY~0@0@Cq#(UjzKGGP36!UoA<)l%~5Zl1h};Ka`95KwlXS z8Q-16Ui-l5y|Pq3q2`xq(xAgXhJIoBQs6!`s6W8&d818)$}Q?-lB{imzZ_TrU86XX zCnx)r^#&Kwm(<@q~Voz#=c_j?m+)CgUswqeZ{^tIoR+AzV3a^ z1YUqPujI~VBinR=M47~nBxHsFYfAQ`6fW!;gc=B(* z%8Y)LeS833=1Q*%VV>?(vJWlhG!1CC6(){M^^N8Q9}nkoimR?u#_S znL6^MVe{XfT)RajbL(VstZ>4|ubz~Fh^N%aw1M_ioQhJ)n;?>+S_d`?=I;_}?;hBL zc>OVefWk4ArC+$3k-==voISuXFNKfCJDGf=&?XbfAC$cQ9B}q7(Mqlq$=S+TsNVkS z(lMOg4wYU@@|V*|xPV1J2soMCw~Tm-CXOiDR|s}>#(nH(a`Z{(iUUHF49Uu$tGRH| z@->@XyywceJkoHwI}NGtxs847`AgYV>g4-Q_R@cZ+J|ia7~)Hxp_f86@tl+q;;V4% zzS8qhFpd+_@R1dR>xIrTBVIAmS<; zYCnK6(>MzX`w(q#V4b;_^(hPxy~4rh@(;iHjx9TFSm+zW8ugCZ-pd~CO8I#qxPi(= zWx}5=wx)=nz)WGe0vbWtRrzp{5w7{Jcyr?)2G#g$Tfc+WEzl=N=+A;IX^7vMstU#G zgy~9+Gl9B!fyQfN&h}*TH9VR3WO72i7v;=y5Psoa2}&(({LP2-oSLvx$$d+Rv^0I6 zT&0Ryp*Vl84eAv2^&q<%^au&ZDuOXWvAUEgg?AQC^2E> z+ZE70oicpBWq9Nbtdd&9k4F;k(x~|xMR17Go-w2AIEQHZH;Pgk!*5O{(9>V1#9fl< zUE(V9Druae%1W?;2b(Iy;fgb zno-(zgKjItD3@*Np<{**l%CNk?_{#;;v(A&!Od91*td3R)JLy7^+t`e3LS7TU51KS zQu`IAU#Z`o0ika=%ZWs)NqA-s+;0|KS;YB=i zi5*jS1~(&dOF^MT;3|LjgH3YZlkmjn3451wN6?t5RV9Ov;R?t?m4agJq@J!kY0%*C zM}+dvzbOxm;GN=7Gt4u8ctu+f5F={xq~p)g8)aMt6>rdh%v^o02=p2{ui18>mruAI z){r}QKhC0^+tY5ual#VHBcMV!0j~O49NYSu=vb4Cp!y4*UPCjH<(K{+9`k)wCX3yf zwTs`_(y3$*&U75pzjEWx6`vBVJ==_F8RaLZ!tMsve|0`BXq?QYFp_8IkUJeLDQ!!4 zCkUgt))L{Fd+=fhthTbh8JsP*G|qfx?k% zH$K|$2B}px!)nw&bYA;lHB#`~ysy9h3{_*IyUiF`?W~MsUiT~iHNz|mo;*qW4-36* z_1pPNYGK*Y9_Z3;ZZ?-i1LKf|HSzkfex~wql<;4s;&KZ@`hbI)>RN?~ZKyId(bCIg z$%Tg2ZE@YZ=N;un&_Tg{6?}$q@T?_C6qJQB^wa}_ph?|75-U0-bkflIBrQSGu z&($x}z{EoG5N(Z8Vy=?V2V74}BOGwME@Zu~^u^!>Qp4LXmS#Rl0RgPBPs*3b*}n;N z$)yHuEtPiYwmK$v_$vDz$VmoCT5I!ulyNG(NpbjA|;hULPqr zI6|c50O4{@CNF&bB(yfRH@5aC-e4okcS|E|#52+8a|2MKJ!7WPnh2DD8%kDfJlHMf z(T@(x+>cH;Q2UoUyZlC3=k%^U_p*ho1v)wEFr@+VIS9oGrR&_iR3{!!ijp^eV}umt zmPW%ImyX^j((ukK94S2wQq!Zr3~FYwr13cmV0VkUani;W&W-Sv4N*o)j4e>_LVgGR zcH(mU;i~uU{_E`tR+;`)J4F_(vQ&UlFP(k|4Oj#g+zTJpN&~(p*V!aH7LBf?7Z|R%{-HQ8fOV(;q_}f#f zeB-x6CdXWm{IDZIhR#8FK3@yvx38c|jtc!ZJ>45O8%~Q($Zl3{hkWjX!nA)X%iXK; z!hk}%%l0&gkuo%od}I~FKMrMRd5Ej7(d(nt|5ldN>rZ5)SCc&p~#$D6~(UQ0F@|#Z7i5-0j)TexB{A^oz4|i!nw> z35jEwe}H-g?-xBoG9{aV46X`U|Y8KW`ugJltt`R9Qe_HCCgk(p5HwobKOGcA*a zgNH8EeXo@m#Y`wLt^e)MR;>gjv0L6I8Choz zp8nHebDO0S-1b4n$VWb#dYQGeB%Z&ualzGK5`TZq1W{O>x4yPSW0vP${=!Ry(fQoi z*tJsVek@?1y7Lfge$C9JOTUBm=?_C7=lr3iBI9?;Bp9s}(yP1V#+`cd>vQHK{n>9E zM^Zm;?<4n;t{d(nzIT_ul$Ql)`T{%h@QtCT)8GP~t@%Qh>D*^4@8)n{ddAdoMyS@@ zgI{l!1!6SYkt{txfqR##;1EA;B!g3;QO}G@5)8GszTCT^c(nQ5BS#o@iyI}M@WM`N z&wlS{5MBR~y_YuYQF82TmhVcHC2z6oZ~Y4PLuUt#^ApKj$tk?0Izjt%Nv?}+9d&9g zVeL%U9^6#WW197IPI@n~Q@cWyOG$zG_DOUcJR2I(hW-&j%xKd}5I3eETrQdn?Iu-p zMuv9N7I!?-;x|4T|Kl`LIDT2XXu=Tj2ZeAJ5l<^0L9e~YAHn^|a*3$E3H zWJ<5N$2^iy4N2$65hzK(ES=O4FiUlzVfY7n;~nx63-2tF{AHEi0InP zYu`+MM^yVAbe0JxujJtJ>iR$>Fc~(bxCA)qm|EB-+&290x!2nH>};FX7Q2$30 zJNdCgv&(b_OlObXw8sTu+R&Kvo$Bg|lXzq5bEl$pqmx}g^UMu91K=CPHKli07d3O; z*IfdeFxM(NXjo*uGfnE`R#UOOUJs4ZFC^5cJO7YNk4&ISPV6`j;XegH?c;LrIvbcUugc8tO zYcL5K-RH`=RkI>~31zKhofOyi{v5LP?LpA(AD?6x6(Dw76GK#a{5#1V8FsP|r zdTViB{_mh%x)v|qbBf~AEqdxdJ}bFlLPPCa4z?&;&@o9@xuBy0CylS?PIk&9In^*L zXBNU>cZcFBI>u|XW`k~Od>$ppft)iyQfRBsn*Tj0nXmy!ZTG@WJklBdtOVuV|E9Dd z(G9M0oHogz)1ciPZfDcW?jV_UM>-l%n3rWYrm}WOptOG93!=&lF}l0Fc(TI%JB5iy zo#JE9*=3pyI@&kf|3d~oMGKMm>-N?^RKqkLx7;_@-kv)dNPIniTodCYLhX&sfJo!l z+wA?q?kJA--{}1!#=Gj*rQ+{!Kw%;k60TJ>@*GNs`MxP*GxJnB3&+yj*e)1W@Ynrh zN_%upl8=gO;ju@#^B13;7Iw%OwS!aD4P&i3eS|R&j_+6LLol-8QFqN88@N{QRlPMM zWuia-#=k3T%;Z|2LK0-Fz3P!)MM=9U)9%a4G$H+Wp3mgiX_ST9Uc?nn%xK(qu;New z9{>0+l~PHt1ZimXC;B3D%oyKq4J#YTYo}%5ci|*2!Q*`Y?wFZ$0%w|&)ii(V$$RC$H>C%D>+?*E zreH`}x#muij~sfCqp-mVu0nlO6FF{F+zP0u|LfX|L`iKcX~&i8$SZH~cFbD)a0fcM65L917R7s4g85`W&XgRVzt9li}M`EdGtGo zVd~9)cU09Q1HVzK1jYFDO3hPiZSps|MDKG5!8&@6{q(=xbM2s<$X_CN-_jLMqY{xl zWT!J6KgOs0|BEhE(3QKvHy_$T=Y){9mo3v|Z4hGXiy#GTm&<1u2CuVvs7X|^#0rS|`&ut-UG{XT`0w{|%l;1k_e~8`i zi_B}i@Cd7Y3x zAHEYhZ=&yQn8z{hG8-91edvfw!fssn>ml+SmX|aR5sq@-FwTbJE@=}l3v;yfeqd?= z`}EWX)^ViDd-wW&eK+z2u75hO4m$|ZxgxM^Dy&wF7|VV6J6Nu6_)!hg^#YEsCG604 z;Vsp};a@-5?fcgq8sxp+{3mOu+Xnkp*2DdSyF29n-aje6d7w(#M6w%LYeN_={j8#t z8O8D!7`?5Cq~*(>NkSECO&vh{80y{j!+z8S7k4~LU;J1(23uIYd<4cbTYgAG?^P-9 z_#agdWskbWXO3-rOPb(^0n)M!aU1GKy14&X{E}s5mZM0|d}PjNB)D$UroF#Mx`n7z zT2O5m)DWaRc>W05*9ESC-=U&_5B@4hQlWW3CL0)8bkR#}u$9E=U*de;J(Jk83PAZ3 zG8*TK{fXpTCWn;S{)9Fh$eADd*y?JNoL6s^B+}**gVkCn7e*$xmX-Lr{a7d|BQJcF z_{to#Rx=!Ea>s$2vJh(T+XG!#T&&@W+ODsz#`qD8kYDP(M#@;&eKQwc8u;7+LgNBt zH5LlTcALRyRnP?K&>puMJb`5OiSMuZz^Did9PX}10N?f4sZ5|f4x?w1F)k8N3{cI0 zg!A?@wGhZ(duDN-<;W;>-L#Tyh*Th#ehE_;I*SV2x-vKKk@Wq*(ssK@$?bVllY+?} z-f0^)#=3nF5xq9m0PP_6Pv6YUWBs*TaUcg8}zP9?pgY7fwtYBp;)i% z)|NT4%4H+E`(O!TkJ`5Ei(j(6XbSY5IZgPYhD%OJ7e;zRnnb$A2=meddOuwlChv*O zP4R(sto~gI_s>Isfoj5h9vMPz`qDUNJ(v-9M@=n1^{SKrz+cQnREMfoRaR;??FN@t z)%qs3m7lxT>pdEbQcuS*2Zo7PUX0zE=eii!P7W3lwJMy=ScehspLX z%`d$^%V(Thj5JGjt7)HLLcHu;G&PXCz-nJp?W^fFfzOx(IY zGGRm?gM1$amj$_DnFw`)tkjHr?d}!w4-I4$*H(j*)G=G)pt`R+(w!usnlJdhh`#L_ z0_rA4kgwkjMDjllw7BmMjqQgmNE2k0+%*gOFJ z*9mttqglaDk%hm_MOSzxZ7gZdl5M}yfm+7O37OLwQZ|aL?6ja1Guhl~lq^JQxdAmI z+-U|w(4*pNs;Y10fN2Hd7SSb)(0!M|VO;38O+u=?6K6=^X8TJ*;1Jw+$fP+t=3ljp z9l_rucC$rDQWG{Dgk-^Nbz`a?h~n_6H?>th9nsHN|6NtdrxDt0l_abQpurcPkg7R} zVq&A+NC095c#vQb|C6sn?aWa+Yq5D13A;y2G%BQKEh6v*R{$nJ?T`uBKL zI#PnWV#CGa7SInJt|a9d@B5UN;D1zpsb@??dtr7ma(;ZY1H9Zv zBh40*?s5oqnl2Q`-hIBr>K<+uunr-=(`a)-q*VB>2iIs?hjBXq%n6fsyBE~A$rqEf zz5nz*zQdIH295OD6DPvH1K1@my3Z@?fxm#{%?9n;`(Gug#HIyLoM?SkBeFqJ)0 zvH<74&%-CFlIcuFde9m4row~|AyP!D`I^r-@%Z)L$v_v|GJq_4x3 zqqfd;9p{$3IrEg#84&wdr8)<>j=@N3_jD~Ub1o2&yq}ow=F}p3%1Daesgmz@U`!e9 z7vWTCyH{#=k}cwr9zBvnKVpg~E*s_h4Jh}vooB;6Mnn(cu8O9^1k_*7Imyv$5xIk- z+aGf*_DOnh)Kk?#SV=d9a_4%B^K7`KZAoTk&Kk|eqnh<#)O)7N(XvT~EpbAc;cw_s zNCQGPG~`s1j8uGdFo9dkIL+M@KT7R85%m_ng-Yq~L^6e?Lkt6!^K=VRt^(6TrwTy@ ztVp@Ve)E|a;zh7d`O$#W=UGb$O?`(j8qz!^dpkKvR_58 zV=vF86cLlVGTQ^1cgFKMP2J!daTXpOgP23Sa6BWbpl6F6v;x;j^`X8zz;`1SM9Y;9 z(bB6?GuVeJAEscF-Ir|L_P1^cN#N84B_2xc+}wQ4gbN&}gFPZiZyjY0 zb8$VLIUQ32SYg|?YI#Ba#>_G*5a#H8bhD~Q;B%Kw1zT?4LFRA?4K(!VE|+V*Ju(VU zIZ%lPYW5y@eiV+126`c8XR#EAhb<@_MU`old>_oNe>@(h0gyRASv&(4hz#W2_AHL; z$rE@)>~x2jn8KT~<#qv^V4l9vyq58`=WG2Rd}hzKMr_OGl$4H@v7owyMjggi(ksrw zG_HzpnmaF63pgAPf}nX?v4H+EsCK;?ve?cvA7y1-Uw_mkc)l-0S>!=G3fT`{1|Rl{ z8jq~{&%!LfAH^ejyyAUys@EB7Og`wiwcF66Jt)AuG4~;zp03-G59U`YeXWj1O$cEH; zS9Vv4#nG3P1GCZI!H_+Rg@oymY0is`NkYL;=sQj8Hfe{!6l>liJlQ9TYZ~JxeD+6P zx%GFr2Ls1xu^Dd;Tkz}h*cWh(o~A3hdy~@ZiJZw0kCy+oIoVE5}ZAG>?mz zI~Gc=tkmznnhPHD$sQFH8+AEyRb6v3 zwnPBLFhTfYBJ@$nWTJ)WxuZ1+ZIua0u-v!AJd4)=BlvR?1WXkW>W0&moiQeFvmHM0 zntXGe=&SG=+Yk_Vnk;rcG*5r@0pH5ZzDtvymcnW_I|BJ|Ua|k zSxNk9ss~oFRPRuSQ(PpF0|8<8j^?t*%-z~)SWPibI%5lQ-1c;h>B}F`M%UuEQ1lfZH zpG0(qwJHhuwTp~{Tyi@Gpj9K zUYnXS0U(|GpMCI3-dgQrf!drADH1dLHaOzz*4uwgS3BIjUm9l|{1=m$XY4hLEnWv7 z(zPZlzxCWh=hcGR^_f=izl8O^5oQa5A^e{x)ZGY8Ba13f)n-g6E=`%f6R z8-urB?sCuA9=PBLMcIkWxak8Yt1co!uQdXVlSSBM$hP;@o?FBzuopGDfXO9$X)q1j zZpr&8cGPS-*VqrE_R=%HJ8Igy6#xqgj0zU2a0`9!R$-Q-_g1a3lbAgDYc3@fn&GkI zFSBtnrT|}g`iMe*dmDFNoaLXn7Z~80@>SG4&0u|8o?{S0&XMUg^zME`zwVnT!mdj+ zVepA%XnwcxsLY?}ERqI{%mYFBJzBv3%`xJw${cV=y}Z|JOsMRu5^`X@zVy0%UbJB; zMXhF(FYJivnEX=jJ0gQHal*y{L@m<$$6@Y`4LAHQIeP@n_2%CgVG|mCK)2S-!~dSz zfw=PSowU1gy{IIvBxUxkrOaf6(!fK~r>WWJ5j%$itPc`b_FZy-&P^1tZ5UJ!%#1pI zY*2U2!{!o})l%n-6yeibJglml!0ijszEZ9DqoMac+D^r+fr^l`7*n70^p41yJ9KnTQFh@P255$;8-=1EU-lVZdw z27z(~XM-=rFwISqqj^(^KN*t`4}5O93#rvDSamOZFfwQrI%Yd{7roqzSE zaY}UZyF*T1-mvg@$zU1~$0i)!o&g-=SgP7{Ok9Jz4dcWQ9{OllC4QN?MdQ%dKX7sH z^+n9PhU0NbY-v29?d?2tArrkQb69hKj!GX*%>72Ic+JYv%Qe5v0rdkTA^wHtC^1iE zcXFQDk5^_}dfoaftoV8#1?^}#I-gB-cNF=Unrcpgq0;XQHc*f+$3421WK};E@XBI} z-hOu97L4m#EQV=#H~QE-6+>*o zlhS~JX04SgT}-*Rdm9b!$H7x4Y0pPbP-;hDjC&GA_!lj8xn3Uf3)+j272@fpyq&U9 ziZ;7X_4X)8IQ5l721h-$3~`g#QPt8%YqLB{N{zP1i_u;LXt`qna{vN}?X6@c|Fb(V zL{En1S>kITwt+Casn9v$h<&LX4+qNoFMDzK4ss?@)6KSrkY_!9c0v4>;;R&)(#`V+ z0v13St*ciZuL_hn*nZC{t$)!B(XQfElhxmtFybizaJpVOJ4GhOD=wU8j+$+2I67Y| za7}yiA@WK<)3r0^QsaIzRTkd>j_|~ZI>*K3o5YB2U;iE%0i6rDC4XsV|1R_qyB3y} z-QdX9?^1oQSK%w$WzGtW4LsJhbu(X7tBavIyR8q==M@R>x1JVc^Qo_hv_nYV zSQoSv}XkJ;EAv|71P(rUWoID>Hib^#cL}!@QiD#HW-O7ME+_Ymy7Bkn1vo zeR~7cU2vxR5qP$1JIi=+)D4n9x|DHca+OriUU|@CJQ)W|7cu%a9M3P6ATJwDDp zi+7%mt{sP$l?fwNrdMCdC9VDt(>Gw;{+OAeKBqLm4S>eO0c(40ts}}pKcKj;OoNk8 z(iyY9@bv5CTX|U@w#rzCvEu>aF|#6^DH%4cNuUa@>rzBbxY!`8OOI&B$87Q;eKk{7 zca~bx=syu6B$J?)4JHn7s^eL0&vAl2kJy`j&;gtd{q(A4=JvNYj{W^uCr*NSvZC9> zoy;VPyJl=NVKz7nb7KBx$(sSvMVPkd=>JF6dq*|ZMcv*=)kgspl@4M71tmytp@@JA z0R@yEK0r&scD)4MI)}{ zPBK2PIP?~gi#^&n-*Alze3OA7n`4X{Q;f{Zxyz(y5(m@Q>h@fS?lLRf{`8a{^f z#&~m*A3VUcZ}6PA%?krVuH>p)?uw&k%NWNCPcN>;NFee$?>S7fAOAA&{?pmgRPn+% z^PRYNiI~!gM8ceN>}y_4$#L&LGp@wrB}8Ip-phw}q%DJX8_EG6lFYr|;YE>g{-0fs zU;`>5HI3}0QeyvuO;!HB&AL~)X80{{`jx)(jJ@k-PSuF2kFEb&oxtPTzG24@@l@dB zth=KcJwM}&@fn88${e`v{I@Bu|FbsRx2USsQ3ax`*26dOjK zU|>~}z$Uxz%uqAgm-c6~qbljYo@#v)Y3qOA1RJ~awntiK6o;O*K0FcZ!yWyb>R9hy zxw>)9M@yQm7b3^hszMpBX5I(mos@;$t*_1v*Syc#J{ueN@v4^J`T^hxk$h*)Yx1jw zNfYb*-E7g@d)z{h!do#Re0Q%?W5r9|vU*T%t1Z*NUsA8nGgR=mqm22Y5|%h0ei(A_ z8y^lgp3CK{-o(eRcawG2w-4U~u7eco{lh%!V8?|=Dl07{WxeS*Y{K!>)`%v9nsK&w z?_P$q3e1GfQlZq#RTv)1{Q82BtVNx(&3F~Uqw{a`suN9a8O)6FQR&u2Q7gY6w+of( z1kzPe{E>!RA+i2unvX4JYXXL2)Y5_++Z0Jc;ORTL<6D$Rc)7}!^8@r!RYr=x7owEp zy6;BzK{)3?Ei3c$=wBM~^p?)S7bBDFC%uR+JQ3hT!IInZ=PB#!O*DCm=cY@;%>@oY zY}r$nCKC?@g1sEMyJsS+=iNh`yOs*N+fMEme5!XtzaYcVn{RsJSC+o6;B~2$4^0Iy zup=exkYWdalFo>*jS1;xJ#Ra?MGJ;fTh-UKiO^+kdQ~QIA*=m}9BQDbg6Hrpm}E2O|qyC;Rm;T@>87y`lp__?HoZH+`XhXvz9WPV<|ruo45GHz|1#> z(<05cWv`50O#1LS_Zz$*3n=?{x=Hnq9h0tIvf&}h2+TIK>;i(Ir`kOYPT3hExO~nT zKu(s_Cquxj}{FXEVveH4< z2~Ns^5v`jB@>6oO4P=yV-fsxuN!Kxh$&aVV|b^Cj?0Lj6u@6W*zFLol)r;RAO!qx;N ztIo3Of^h<;c*FWN8_N_a5+`)$ooT7Y`EX}rR74c*c(s!lKQ-{(JT|5vtHt<*oI5!d z@t)a+f)1H$W@>F+=rjggu0g%iL)%ZgwsT5h;I-JhJS42Y=;;o(8u;0H*sLp&s8n%V zT>(*2U@@QYYkt|Pw;^YL=4(~XeiBpcYH@)17wS&NEJVdeb0s!8sF2&I%!go=Bqr#0 z9BX+!Jem$ThWkq$MZ1wFyuF<_gzO|jiMD6N6L>YWk|7cry$fU4!)9GoUJ32Wr5+093bF%|WPQd+*K|a>C0AsM_JDcBsSB7A4^ET9! zeCe4w)EhiDT8}(?0cuCZcH4b&DM4`M;BIp;FS^NIZLL3B z$Hicf&uE+L%gVvEI9XC$NQe(ScL5@6pOP5>jtn2JA#?Ert`bJg_8bfQ_pUzMD+`k6 z!8Y&1G1cwVb7nNY>hd+J4PdXjTil^+g)a0Su9^sbZUqk_xY4FI4egpnQ-B>8dZt+Ozjyz)fLPdBL0un|Dp#nSR${gGDc zFAR||<#1EN6*|tnZWYt(8ts-C_`GxS%(G$9*ca&5U6i`_sYk3jcu z4xx*|i< zbEuTVCDwjCp6!fyIL=HY$XZqP0LriSvJaHlKEIWkM{HfN_Z|~Qt*g;(hS!#br4DsI zj}OXKVg8%IqlFRH3q<(suSbELk0ZJR{x%#{^>v_?fvl058w_WgR2)dsyn`3FC|&6M*ahQx=}wCyE@6rvz_2KGGVfI7;y=c-g+6Lm^=e)m@y;^t?u1x%mX|qxanErp9bT zrg)qd85Q=XSSI6jYVya2B)zTyg>I|D(e!@uCSJT@!ALxam_nC>nMy}OdotFIwER4? z#Jz5*XD{hOsheu4VclQm*JMPYAwo=9HM%G!Lc=m@*=k>0A5#_i+Gb)~xajcU^$)jY zfMz)o7*EQzciGfs(A4A%ug5I$b${ou{XA<4585GvH$&uAym?GMJ~Xn%W(u)n`D#5a zG`Sk!WnbR-w+qsWhFs2-!4L9LZ--+mhLcn=9Wf`jx(l4eVlhryQhLcw%cZ)1Pwg|2 z@Y2JjF`3<4cbPT0?~)rf)nS1$6MUAT!A$I*db8emCvk5vIZYCmX{W*pJ)>77o10(s z2rp4|iELg>sp*8C6H#>k=U~&1#oIGYNcVzUf<1RsD(qb{^q6*cl5|m62P5u<$V?xa z7-#i`Jx%_-l%-8dA0rG}D6nzrQVk)e;^NYfM4}3#;C6@?X4EA3At`oEqQ>>wHrG9r z1+IMfaCw!Ff_k%;skTXS-{yZz_}HJYuzFMMymxN?=IDw@)729}{CPq)9zVav$gd$cagftOO zW+i|U7SmGWxXb)k$7&@MV8mP|Zqy|GQUtF+uSwRk!?$h}4985*^UCrDIlBzK_66U% zk&7oo^DFPkFv^xCa+VZ?W{pRl%)5UgkEdeW`A6&-k+!~^{7U_(ro4NMPu6;{=*_-s z|6%a&$J4=J+q9oTEn12aTqL@t%EQYSO|)Lr4!zj^evfh5eM*#M5#KWv-qxBTWC-b* zUgkcEtPxmoP9`;`{m2zlc-?Ol1>6D-j{+rFg>%MD{a2XAH5YjCE8${*ppdw;wV z+0m*Cxml%R_*vf@SzunDN+uvCujWO8mdgwZ?GyuL;yQ_g>LNy-f89;J8SuY*X|9W%6ywAWJh-1a?KWH z8Z3iAXKMeE6C1MFFq**rBpXfaC7HQsMJ<$801>DvlvuxQ+!Ir=5DrPbtP9!u$dU`i z4>tVRI*kMMBfn*4nLa`?m2`b0N_2j*F{{U8^D~2U68NT-dcM7MBH+66&xOSJwVmNZ z>A4A(e1(31zjqC}l;!!kIluEopIk%6PI^Z}Ba(?{G7mmtx3pBQK?7=FrMzs`7DUnd zt`LNnhSypU^oXhh74S}Q%IsrE6mL-zKcEFkRfm!AuLMH#ohVKy@*3@ANJvBH*A(Jx zm}&Pa1>Qbehd9oxvzRMK!e6{!3t1Hwl2q{v@LP+K5pH(13{P2WW#>TM*k)6_j>=%K z-lCLwZ?4M~vp&ciVzOl$!w(62u3ZnX{iXSn*`wjJ)bZDF@~0uEr5o~Bfj*lTy}duj z?a5qw%3_mV4aCblSV^JdvFM|8ykVlhJ6&5_+$RcjE#ITqsj-z(=fG@!?ODp6B2SR# zo9D1kOPS3T(+@}2E+#9=!}%4UkH0IfzJtZ0E!tXvS28;4H2nt}A5{I90oP$SoX2}c z@kz|RtB25CpuO=~{~Ho)6J8G(u#tlD-m54tC2<`-<6thTX?SVoyUo;iuYBXK`6tB^ z$TLvo#)K`tep{s9n=0pZl`a`~wp`-oY7jf)7|V2Bsg7I4urN1|mUfrrM3_A3MfSqu zKV0JAFNtvUamwJt^-=@1Lxl+0{dUi}kW;>x-;c)A08~mOa&W&F;g)%#?>se-#aws? zlN1t6pHd%r`{{nVV`jCw)C*h#sLa$LvWg`~MP_z(F)US5Jt9SvN!#8wm%DX%ljp>?Rc@l|*`F%vBYo4c@ceMr z1tYU+q=K{#D6>*Wu8blk`0&75#qX%qe1is7g;1=;{p=L-cUD{A z68aftv5z(Iw!n#wzRM5*nnr?W=9$xiyZ}$n;ESECzVHfHCDQ`VY}8Vqw+WO6tFPag zT1VcDO1WL%`xAmg_Gjx@`E#lmWXdE?Ca2kDk^a_{o{&NbUf+G$&!-EQi9abfzmA zDJh(67uBYxU%VJ5@NvaQioJ|H;<-Q#3*1r(wHV6Y0PRwpg|o{jongT4I{>;G5Ys1a zi$yt$wdU%(ctHd#Z%b@m>g|~1N1P^im2cMZUzRgL4xK3~8qi#HXZ~U4vqq*1$dYY# zm)9I?=yJ@z)5^_6|9{}a2Nea`Gs_;yj-cA0&iG zS&VB8a=nC)x5VDbRH_&nUg1#fA~DOg54 zqSz5KTqiYYk-NOC3_R7&u{!$NJxhk$K~~G29qtX9C};aO>yF)W_${||P18p0hmFLP zDxl5Q`L#Po6OOtom#b1vfu+k9DN69@qj^bPZ873}bV#-Jjr6n|X3)x3;V{O0f~BExg=w7p7X4*E zVaA+`;H4gC*MzMMGH~cEM^5`>sOB5|sa|{|Q@otMD*LVg2VLSqgt}3f#ov3IFQLSd zBE)$ceUrp5-v!Z*F0r_#K4`fCe~y&)^16x3We#C(zZ$G0oZT8F2^haSj9hH>5h)^% z-Mw&U1zv^3Gap9l)@c4GU*j-7e1&n_-Zr{7u8KvaS_;{~ec|=XqiMf~c!Rhi=L zTkW@*Ij4roD9z&Sd?+u$BVLqx|~G?;wmr4TjtQK!!o(W z$3vqk9-SQk;8V$xns0X|x`p~ykx3KWlvExe}snqM)jlibSA<2`PHZUy&9DS8tdo(?+<#U?K z$43qXW^P-ibd`#gpQ0(2B`mV(PR(U&$GNWo7De$FHs0CPl|d9sKN?1i?`0HI9M^x1 z*llA){68W>G*5|Nw0ZL(cSs*NHJ0iI6mNx0{mwYE)s1mB6R7f}Oo5l~cVcA`Hrrs7 z9lX^dFBpnFTb|pjAE7ff>^Ri`KQqjeR;Dwk=QJE30X&y+UU1pkVfj#nBpR@!{?Kth zd=z?dP$qHvXFb!C#Y!RPs-)hZU)stG3JruM3H=rA-&)^l5XJh_B%Zh01#j{9#QrdV zp}iHjeV&4P`3*Do-Tm)H{4%;`7Ev^NP*WHFbWfk=#sJ5Lr8=nHdJE^>E4!;rynoxv zrLalsVhs|h7%EZKo;M}_9??N_?NInqDqaV|yI&JId7+iV6H)DzcHe#b*(QD@J#`VRDwBk_- zuWj~LfEmhT$WWod-u#n-c@)e+5sTcuOgL;oRc@{y%Z_R>VFgplJ6j4i(G5IKo{ zz=eAj;2q}8gjwnPyG7BA(I5sA28e8OBWKGw%&ota`o|i0NsjyS6liEs;5h&l81Aef zIvZFF7ZL{+@TDyjZcImYsYq?q*#GgRi$q$~rI3P63!I`~%huumk19|X$YVcVlQo8N zE^k*1Z06dIntHSriXCtHH(aZ;z5Kp+r)TO3@lFswMW$SaA#6AWuQ&XRL*9~iASMnr z4>3oPV!*&KwfX8ovdlXU`zB{@7o^ci?ma`7+F_naS%y4vo&zWuv)Il5EbeBnxv+Q$ zOQ`(U{+3CiU?uwN*+pl{2Im<2l5q{5Fy$}ll+N8q%O&MhY+3`k7O}eCNtA}?l}zwa z>`;|2vI=)CpV=nw{*VS4EV5ih#?;s?VE^Cj5=@!vv6HbbFTAmKj6sp4c&!p17RW^u zLSnA>hGM%prYatX#xbTyZ6{~QMgkFah^vY_ zrPSCjR$t^Q`xouJ(LT(sdPnm0k>~0ig11!hki#>-!(x{|>L@_5KE| zDq^DL8!U;^0I1h?>g1P=L_V7i8Jq|I%py;j8*9Gz?^oTs}fK%EgbuO9e@_f z{r;;|@Mlc66J5E;hn?{sz+eAklBE~4F@9Vi)m~bgNVC2cPoEDDH0x{aA0bM;S2xXypQ>LBi|eb#73DJFKn7kfQdB12TJaXs~!0aaQ3>ZjQn| z$BxnAVdL^=^Be#WG}3V!HCg1e1G%$*sZ-6<;ya_5%gFb827g2XLJhUGkK)6`2B#Ae zeg3IYtzfK)K(wm|pW!P&sMxzi*9%7(2LA>w5u(_DlC%-1I;mZZRk^C#vPFwoMPh`2P`8Ne1w5{^!jU>(0frAY(sE|9J1>x_#mQrRFXFxPf45T zlOQ6Xve|bQS=_*E$`Js|Q~nEA(IqY-%K6WYjTK`)kmANDD38e zo)4}Vwo3lTqVIerTq+!qRV%*LljIqF;Fw{_w0b@F1W`Yqxf9pDF#il@syXi2G3bK{ z{FpTZ8kpGByx|kuOl!!h!#?DM=aq()AwWnU_cXPXTGCyd&jf!YyNqTI^;zcL-mhWO zXaY=#ulHVH-LJLE>(0nGD%^>vhN_7^PW}0Mq%bR%jOK+OE^i9-EF38V!l{zCWV;I6 zKQD3l_h--ePkY)?B*|WMn{7P}>>m@K^>z;@2Qmixo^dx9KNwEfEGHg3*d_No-UW&c zg#p~0^aeHF{O>}m*4Zg@h1e<+xP0l;sqTHlBYSQ+iLD8^(TxUS*6uP+Lectk6%l1A z9ShH**&f_S!$Ttohm%W(yl~#A#M{s`PJ;#CAk#5z@s)OCZLkc#BvZqxDsJH z&KHCR=X5JJAFG3@>T09^lzdX=FKN6A3sqbs`AEq5GfzE39`uzXw@SzN$bkXX(7m@I z6kw@4z*TS;k%YZD@;p;xK|^;j=M+_0HZ+>)sYx6_=jMuXjbYjv`L|sM!}nyLy(Q!2 zAA71SFO4extejd)6d-XXy0h)JF0QUH9<7b}pjP|ma#c>RAnc>Xd~EN2UMwdc0}uU5 zgIgqf*xW+@T|*~Qylj3QQ&3U638e}z^DJ%_t|Pm{H!Xpi-#XJ9 zlT-TLrx@s}Z6V@5#n3;dzFq(_OT&8#?clM4Dm{c zccY_roR#06r`Vnu)tcKiI<)-^7@X?jsWWnNq)5;CvasGRz(W5o-Z4(@ zalIUV@G^puowHWxExOrOmltYXiQu(-mW?)xOMmdYWExoEuFleCmoe$eai!M{WlmM} z|I-=~z4lir=;7(kV7g?VAXUi3iyWEX>7Otb3O3wY5Do<>`{Kv?&N1 zSY}f*dnjGOQJ%Z-?rp$G?Lv_5OeD-GGN0h@LG|JV4p9wn{_*dg<&)8Kzza_aO4SxF6w?JfqDEln@c_a;eQVkDZ>wY4?1=4bQ$5{4POtb$3 z<>=RNTpHM2_HI!3` zv~}0_v2H@$k55v2G6T}D3NQ&xWlhi5n;tv*9NF1Y9oHt9z!RsTwLb z@>>1z;^uObTK1_vxBWG4bQRfYG5`>S*H`wuDY`DDUstG!G944!m|xxAP>)`3iyf@{ zHeDU%cJcJNq?xt@Lv6k6D6tx9M&mHB1aq>7^qjQfkp7=)Esg-a>>61n65ftU33 z30?cV{`|*sGdINs3+dA_eoKh{OmtA5mUOWSX7Q|nPq`QyE==pOZk1`A330?TpCkmi z12Pp(TztyYE(9X6gu>C^9|hhToTt!j0oxp27&~^QD zkAmsiEuj(-W$Qm&sojak=E6rGX;Q!#r$CsP2D!TzaLwI-%~VYVmLd228omL#EwlYI zh64YpxGqeYA_l(IYxL13pW#~(m@4&$?Cr}u)wKs^U>Z78>uLx8dCScpzsJg<53b^A z*$x*=!+qjkSF>>Z=e2E;3I;0ddk9$PsezSFb{K6xC&`p}5XISmae2{SdVj@p@}#D> zXq+@O2%?v8&NfPCuW+5+r>#t@InE3*>AT)n`pnR^m@+ch(<)biV@DTdJ|M3hSFSSv zXrsc{p1Z>RY@3=bzbg&3UjD6Gg#hG4K%Obt{7)u*I-8!SJ>=% z=!g34gX7l?D8A!;l~?uW^A&l`to@duD*&{a#bHqVpBnphAOg$I$%qxKJ}!AZKcK2< z+&8&d1>QZ%mhN_)WBdDm8386c;U&G?qL@(6BvTQ@?((KB#Fe;6cVBz!;K?x#DZOxC z9%J*7-KnSoB0;zVVrKvO#{qN>{4#>;0e{e2TU$~eY;c#lYSpt!Gb<(l_nN{55WB(% ze~U3Ti`xH4*U{S?91#~}kH51tB&IA3WrM5$s;w&nVB z&;aZEf<1&BF>t7qKYOzIzVG^xAIl2|KSAOM+~??%_u7*Mw^QPNUrZgcYyo*PG!<2D z5$lzC9L3)kp{cn?ie6pVb&)!a1`CP+AxAGsAmb|i8;*SqLHy(7Q z^-oP%0OCs&if?qxc(ug(o|UOEcHENz=eGx-2pA^wQ{*+Dn$HR)^ejMVNeMkA!YLTK z8e~V^ld41ABW{DTGZ#*-qnIxID?N*bmsE+d>FwxtdzK8pqT*ceP%p#qGb+q_CZbX# zY{%rKbY?=4fAe8DvT+o!r@K)a5dTN%oHEEGCn?#a^2C+1nP~Hc$W7v|VlM^tvjio7 zWoRxgt3c|pm2rCoVU%OzremhA%1F~hD54NK8{HE4%yw~xx9aKK+Q+J?0 z-A4+QX~0ObI)o=VmyvWzVzeoUsH2f#%F!a@O32|==dc;cZ~P2)Pb!6b%?0-BA9;m& zq%f(C#H6%Zhq_be-BUp7#z#Pt!Z|Nr;O>I&upcu0@qB39Y@Q7{U%;c=SiL4S&6l@E{XdQ_#nq!JTIPB) zUvFYyVPmpOH5&2zlGGCoz#P>%`8Cr~y`jU*C`aGfo4lT`3ha}U6gI$e?*H-W$(|Yi z7M^5f>quT=bV**BQDCx4$c?jd4ke;2NVb$U;5&eFx~{ z7joMImpz9m)b-Q^WE9HwWvE&OWwX}g+InVS#Lwo($!k=xe;UoBN2A4)-S9d0svI9% zM45_~Q{2@H1et-8;tc)$1J}W*F=aM5vw8UwGr0c3Kj6>moU@qw0cDCJB_-V+*6RDk z$oVbOw~rGItSBx`rw`mo=>Xq~eGe2}dzaYaCiwp7399oNq1%4#?8UOa^^8zSJ8wak zHSXUa-_RaqdO=-Nzm10bQ02{q#j}gEwql8giYYXG-g;3i56+4SCUWv#JKf+ zFuaqgp4onMxWI-K7psb5mBmCOv?30$Q1so<6v8?U1%n#gW6D-pU)H1biQ4mSg(C)v z;1dKs(~Rd|z^mGZ7_~>Fcq?|Y=94?if0}H{4aHt|PYr%cPUF8%3Blk5K-6~L83s)3 z-R?>$Z$U~xQhEJTALr@cjUrLWQS~$#!YjucT^&JM-d2nt5Lysq#hntr3ZBc4TEC5A z&r;dObj;MdrBWHRQuC*!%@Sy1G}tPzi*>mttX~&4dHMdLs*pZwF6oiq-q;;u@-&G{ zYCi;SskikkucCPn8RaXN-8Qg)0j0M-M~=I4(OGe zS?MEI)QsGnDufgF>3K&HyXz3a7UUXG)ryZCDd$W-Y!3CRkk6{p7rUrg%3y36)dDhN<1 z)n_k!4=6XW`aLx6<9IL$nm9Fu2#SmH#+j< zzx}|F>cl5W>srd%-=dNwG~$N1baf?-IJB9i$$D6a>?sE+@tJ`@EI6 zPRC6pte&aa+M9uSkUDbB2DcUIQiT&b1Y7nts+=~X`mR_&;HFi z>!?oVD5oU-qUMpIwsRxbfEE$(+o;^A;!Lf?gCE)LW3eLUDh^Q|*c357<@&<*-)Mq&) z|NqZ&NmOE+arIbQaBJ*1LuvYsVUV?rO;Wl7LhFb;RI>pv{J1nv6Rk_>lEOxfdi?T7 z5rcz+V;cLM)YwPv9fpT-ANXD!HGdLmFJ|}N3Qygnivml!>K>8ZU$`d=pRO4e4$CSA>dv^ghH%Yb zTJyKVr^XGt%j^iT*r~wm>76a&Q%2s5=II!jPz~nRgSJR7MsmeREhR+Jhq?Lyv3_(qTnOLb+jd>5HZ#lr#wVVhx}@C zE7Xe^mXGhce{=j9ys7uN@!aX&u(V#NFh7UKPLt6FG zC07wniSXt4BG(>uG$nRf9J!Am{TQ{a{2-oduIDbbCLcqi}2KX5i!&Hx(yO&_f zz}zJvRVXZtcw}ujy&~>Dn07jSN9vudW}!b%eK9%jsBG?4%D#@vvj*Ts=3?FwqXBGb zPP^+)nL%_j+WIRHyy`yQ9?{TMfiWTAH$KJDjKWGyQc>=)B-atzug&z`ATViIdpfq^Cu%Q>GgT)%p}2*HqL+Cl6&##MD^ z*ODPMcpEQ|sD4!6Fkq8>1AK`-g)HWnmG0dy9}w{$;+jV{zZD88I44mli2^-I!gE2L zK(kpdzVo5I^k+=w;(;;FUkYF;rm3>-Oc1}@K7E%ivn(w(++N@if~^-pv`D9Mw>gV( zp8J4%9B6*(= z2Mca@TeGl{7#s|r!1=zsIQ(#|LVW?=;6@5Dsq=v@e(WZEnA;e718;PvyJO))dLC5| zso#N3>LarxF#WfXY*vhjE#?+>>!-(O-LpW_f4)i5ot(TXEpOF}`-*#aOZm2V!JSPxSyvU=+7{KW=MZ5 z_vLUiNJ8{@(0>}1``af3T=2YKGF#Un7AW}&xe0!J1XBNbYDY)%^fIzc(1{g*}`&#oC#ayNs+N+I8ZCx?d%6?;lX@2q=!={2FPOr#g)E%^va0RO)`mS-8vFqsB z@Y#m>-x(V7AA?usK$(LTsg;c=oQm)PP4IP@okE$`GwO zmW@SO+#XnO4!I-8+g@v{$9v6dJGiFIRV6V20sW(0vtx%AuGHQGySJ6qdF`*6KvrV~ zX;FE%e~o+glfZ9TfiqNIxtRa71}ERhwpgAt4D6U#TRD9+`9hcRgP2s&^TP)PPIz-S zV8Ys12zIzTM%T_>H*N`Z6H9&2D<(~10;Z>^0Rl@TTFW4p-yNQ$qB5U*;FFD(4a#ds z%7brt_!KNX9BWgDc&(_qk+x@_E?A%D@Xz7C!(LCW`*rwu=P_kL4EYgGxw!{Co#e{{ zWtgEB!S${mIbbWH*iYCuAfobEE`SE7P<$+B)yX8@46oEX^8BLfwmpVyxOPa12;JS? z?H?ZIr<8?_u(i|9SwH|K8qsvPkL^2m{~o(Rqe*O`eRGOC_Gdhl6Fc2k2)z3@1DpGH zg~E&0wLoy4*d_#%$TAYzmH|9H=w2|dGiv(2wa7qq{MYe}w!TLV^Mt?z20;?=ScAI$ zV5Wjr>FiTTHi{1VrgLy~{mYK}q&m`U$ZvR3Y+&^F6M?UThm)fVPx9g5qa8W!D*<-_ zG|<2p?;wwvnAhXE0knvfnm$shukZK70ZaPvEXaD1bD*xG#ZK$o8ci63)vVvlWfVi-Rq|nM!%ODvq zMurY$xj7`}_PNP~qha9r+mlojZaQ#K3>3OHo-QJT?svI&@M&6~W@%-?FD8$oKM+*C zzRoOHMb{y}a0%dDzi6sY{?54EeoAy)wmuT~+!H?wPden)Eg~ooCHs#`EIxu-4goEe z+pk5WgGFcx0fopDWMof94ZbI(&T^?Mdu7<=L0U{a$oPH50DidDEO;rx?31yM`@Q94 z!YMUACk!;t#;Wo}9+S{Xs<74`cK;uNzMe;)c8&KnTHy`!mn8;0tHAXY=)&r;SEB+R zomu2Vk!+ZkFX68qX=qh-8ic|<_{dD8q79t+ml;TTQ38X5=Iugw_b*&eAgKj7RgWEf z=o@tZC~wB$z^EB0K3Qy+kBau|*4DLpEq9uDd2E*@?TehyLsc9ceL^gUA1f5W7DQQY zD;I5-kL#P|_Ula)?N=R1MBVks&t=V2d!-5%6}-cTFe4%Nn?>jHDbBxlqq zfR61+qsMog7*`uGt&av|{;b@Y>N_RAO&& zzk^24X?WK(NUY4tp@#j{T?VQUlrA94T0A8rSvrF$Gaf zxYSkm{h{+u>JF-ZKg~4>{A!b*fMu;A=&r_wm1BZ))h3gSo$0=CPVQ##StA4VGun-8 z673wo-AIpfD~=r=mGI>a=<4nu^92-wh#)R-FUyu1#z6X3y5<%Hz&cT{J{K?#ybc_& zs8dt{c%KHLJ)UF^bMjep>JR?`$4{TX*dHmMx{p)uPMl$#%qkaxbORgzT-yQn##ZLh zIwZ;`c(`y@&I%XL~Y;Y_N7?# ze#7#sU8DSN$`w!ptH+U2uw-;(Ams}yZa=W3PX$>~SCwx8Q?sc}TAlQtuH|@x>CP>~deKEN(hzJ8aEvPinFL@@$_0dO z-Z8rtnE&J!jrIu4H$9RDNo+EYQEhPQ%QA~GrFBDu_oqeJ?_O#lfYq&U#L+Wd%0%}W zx=QtBscAp}Y{gb6yPN}(V|B{3Xd~kzGaTGz8F?)XxFq^V2@WnGH33kT6q(`yqj*O6 z1P9m=VWhHL)|#b^klZKvNqI--q%q=?777?KSMimt{y`bBZLjsM;lcKyDn@W!MOz)n z&MP#nF(e+$Yb=p8qPJ}SQG?I#*br{~i5q46XdyD!f5CLDCm=9)e{HgYPaI@*_Dt6uk))8GBOhZf!a#4xiBb`}gTm zV~Kd*`6~AQzE~d53>L7o?$M_*`MCZDwTp_dg1@d;^699v=SUA&`~tmIjKC{5AN+CA zR#0ryUo>DJ5X>XjMaF=U&sd9))SXyh)5G`(xROMEjFdDbRy@9x(R~Laj=cZ#FV#Us zbq&NtQ{MX3OSa4MFKK0^$A)GS3LI8oFG^ILLD6tj$QKQ62Md)p8uT-X-W)qyON0HK z3NlodUzCOsTUy&hmqwHBrteNUq6@iF_?%h5HDAXM)PNJZx$#~e?-ZBYW4EDizILnj zHA#V*AL|;fe&>>-Mq&oPfWunuBiZ<(I>|4~&mHgrviyKrFGgD9EZHeN^4hA=m%- z_E-4raUJSwZ;HJMG)3?Qn6%J$a9yEG?GoS5V`HqjjQM2Sd{ZVtzsD6^Sj#PHxBmG= z`=LP5I?WjW;;(W5W#0GGcWaIYi3@*25B~NgxPufQ*9LHJ+2$4LpSJi(72V^r;vIT0 zh=h;rGkSw3x;8$bVqOC7tL}oh^Wgm3jArdv|9;$eMq>YOYKrI7-8!U@pD>xS)yAF_ zzc`sCWg>GOEDAm^KHY_HW3HI{6t)^dm;3trng_Ke)tk4i)L5X5_xyfFiAp;4=N!gv z{@x_x=!@NV2LSJFbT2*T=dbaZFasg6l>Il-7#8PWvwWh(_Fr&4rAJ`&OrNo?N=k)~ z@KbJ312g$U=!Ybbo@yP)VY}=KM_qG>K`&1Sr>KZM2qNzO4Bw!P03!S>8`+)7VT$rL zcd;@7yE;DmdmzDxk+OxMl?HM)wMy7M$iN2?%qne$9lgvTC_Jj6B-_undA1yU8fVQ* zm2|y-|1d(Fp&)s}L3;f|1R>SPC)Qi9OK{wApmkuBo+{8SCv;NOBhV4LmDLRwGEn`{ z|DV(Oe)dui-(o1ZLhRoqY-eX5@9g|i8gTkd`Ci~G!jtyv)G#Iq zg3HL2678&;PEJ9)^vHb_nI}e3Uc!)rGfgvPnhzAUSHYcDwp3)NzSx-XERYfP01iWA zX#b=nqs+W6>Kso zJgNCB-5>vsi>WSyp#Ufa_2RdbbVJjT45_lK*#y;Jk2I`$f6|rX-C)WZ2BzT`98V73 zo-pJ1ckf%u%t_vVx4!Ax+vLBy?vu>aadXjMRQfm3o&MtqxD zdB@X}87o_GD^*53tw=E&(3kH@ns?z*tm%yC0TH(qZNoh0^`kaEq)MH~;nRv^ZSQ#} zJ4gF%6Z$)Fq0jbrsbLlC#>Wkz=`i=~T~ge-6%keOv7w<|_}tAK(pQ@grv*N~f8PZr zhTx_OfhXX6^){|pYMp5kkrfKa2LUgoNmPn>{I|2^R54s3|B0j4r($hZcUhVBO{+Bc z*eNpz&hX)P=`q^ctBIWq{#-8#v&?0{5x3hUtsV8$EZ*LMn<~)#Z%oeL6(u`Yh`aiU zwOV5Jcl}8o`=FkIAAN4i)m^3a4@bA`v)6*?=q!-I#k$Pu{D#wbXuLo?^jYbhf-~9f(UrV2=wXO*`Axxp@&A*{X z*3+3Fv$foE>0t`U{losMaKZk0R9`=E^%kX3LNkeT3r`lt%YcHyMEvmQpud+00lndQ}W4#2ugq+S+avo%sA3`^yS2hVV61l){<`95|2=a2&*MLQ%YFBooe_+x||6OINx z^^R@hNb>oZGoT{B{Nx@uQ0^>%Eup9EezfvgPL8{Y6NO?qb0FWr3fw%hQG4iJ@8^FU zy^-`1Q$D|JD5h=Ai6Nc1tnz;s&jQ}v$9DM}X)z={@(#Xml#h2wq)59Nf)ZT0?m2(P zyOpOJsp@~c`Gn-HD3ZP+Aa~ct_UXKEyeE8kTcF!!{Nab3{wfTIY2N*($?Ysw-`EL0 zIC3VOpRSmMeDe27jMaL(jnR-s<SPb zk?Cwa-9EnFBf63)i&FSwluokC5T1Q!)&RH5R9WF~{!?FQSo4h*tp$y82KSRH4J_rL z?X%HR71uxyXX~;av-yqnfNiU|;~v zWza$D3i10TszA+uClN*2-c$ae$TA8k$M4HTfOt+rTLE$qf#aQsHN$r_*288GZyci zTA$g}jy@2D)aV&8oKn=N(T=|}GhRJt;jTg2etBXkf_+14#NiaXv%X@@FT&pPh5ZWm z|Bt)(3~MTD+dx$m#u0*w4W*2rAR|qR^x~i(eH3ZZYy^-JT7WDAyp=A1MbjoaBo#&8p?vobR#OZh%eo zhjc*|Mq*=0>us;FL#R>S&RqSiwJrqIqDp_HY-2@!$Q@=l=gBSBwP$5~=j68Bnl57d zS>M~up$5-BQmVr~eWh+a=$q^%=)!=XdNclF>m)!R8Yow@xNXsOv4v@>P#gfQEXF1p z^c1m4d|(2(0v?Q;0G|h#SsDAoJi3nt3^?`noH`3m?#a4(gqwb8mGu&te_xuAz5xv$Dz3N!(^;qSch=%6wQm?|M zwwnVoVuxA7ZOo5a%6)F;mD;*XRA8Bl=)<6a6)R~iwX7{o%I23yu^mbQ=Nn}-y24{3 zR@r>@SXuP3mf14hXq{C{;RmOMbzi{!l3y$JK|~tNs7v>B+ycfCG* z5PKdR7BDg2-p38=^|x7-aWLPpOCPd$Z6RPBbN=RSelu0BZb_pawWqiCC)~b#f2QH4 zZ`w_oVN&GS)^CYwrs zhR%$Cbj#1Stjt^6Xh{s~Y_+fv+ zqQHiqk=hGz9`pO!p*8SatA*i^f~*U`Ut077cwtLfD&+z2@1OEkFAsQ8l03&qSo9t_ zSzh2Pz2dui2At4u>6}EfddFYa8go_{yCtSnn1U{B<9iLjT=-m_Ol7+_=SVCd``*}c zP2U0>LzV~46o6_9RAacQ?}Rx2NwYSHBsdBECDb;l!8bpMCGbWI zlid+(Yp5S8)6JGQ2!m0-z;8Y*RQiy4v&mXPLukv;%&_rNl&$vN-`+X(b5*$Rd|1j& zZyznYT`>qbOC-imKMu^~onkG+8IBf}bNg@_tgY*Em)Bf)AC_~ru-5V$78a>O1*-D4 z)iGq-^K}99#hTh$q?PykF>~lFLQ~(TF%|@G1j+|Z10{#74K_p zwLo3oyACRx37CXtfK7j%+JBJQ2QIbIC6QhZn-bSsF(;I+Rrk;+#j><5&NI^u@S*e~ zkt(GPW>^bA{vaUKYUK9{;IFXFFI{U#*?d&*Vj#oD zsb@RwhIbgO%~mPi`&saa0L}Qf(!)-_v*-&y@{Hx+l&t4>l+TW+?>jVx*;rveVXrt8 znvPAvs)ie+amY;adX<%zo2ss_c_1e9=>UFhoSBFCt9E(5DeET|emq{aQAtCK=lj)b*t=l#$wODO zKAUEZP_EWF(cry;Yzbh)_dF>c`(TMljcvw!IrJcP8gub3 zoZ&&C9I)2<&ah^uq;i*tyx#)$^yKAgmey^8s&YH>N>Im&ueG$Ocp%j0O?Cjg!5ecB zID(T0cr{>Vm(0b@%bJ~rtg`B>9*&rX#>N)|kn3cLrF%`K-+UVmwIx`?tO2`OBzN7` zclD*FEbCWzQ@kD^U!w3@ZBY+sWr2L%Mh$RwsA?U7P(y+XbXIkgg2h$_QPB8Cbt7VOvRptULsa%wi;Bse$Ld>Yx7W8Kgq&`9 zg!4$_Ipx~BD=#;woj6rs7L?UPY$sZO@A3Xf?4?w)^d2~b-cS76efB{qpv6q4kltez zv}jKXCzmVlG1e2QwjdgUiW_F}Xk`h4#LD2IB_^P9lbZG6;@b6fR>b(1KEc&dy%W62 zR_>`&Ii7HD-KEwOjG>9+y&K^LLGPZ&x8^7Jj-h*?gU=@m(oj=#_*`<{*bS}EzVs?o zKF-YaV#*8^Qu)g!a7qCH5O>cyD$jdgO9s(>y4I2x`aU4eN{d4houu@8kc(v`IWhl| z^H?C0Ye2PUMaZwzf!$^rTXX`b1mmD@qw&T`l|omw({UgPK}>c*{;0R%7T9IAVQ0*SySn zwPtRA?c@V;(gE6ljNQOu@pnB@6`6dZ%B1foAb|Uv)qsz?G-+Ei!g5*unDdq@qG8)g zd0EY93i}0Xn_r6GN;z2=7X@k{NZx$kI}YL>}QXx_M;``@Hjzt?iAMPQ4NjU(_+^f0~J%GdbZ`(44Ovjop7S=ldVK74V6mPv%e82BXlbYLCl#Kjo z`!e&Fo-ih5MaA4Ze#W}TGh#+Yso1?*KPz0HjZ=#$e`9W_XTrkRO@7q(I zx=UbzS%1*YFYj}K5tykO44_N^#p*T5!zKPcuWPVUhB--+M!a5tFm;ze>=gUqhMF3^ zU$H7Py-p&pkAM6Q7~uegYV?c}zH;X4JP2-_srakjryOf%2xT$-sp;j$48S*NSO15R zpGuctw|TE`ZRMCggrO(%!16VWey=p_a{Db^dWH2|eU$CByW0Ic39H31h~g<*`rMg| zoQ4*nm9lMRzsS^r!ZML1)xaq*)3>(fwrYY(-+t*fVnKa9;1^C~B)Z3*aRFM|{=)i~ z%|iX((&5ZN+iQLhhVp_HRu$ZUwrtAxE8Xf-c;(+MO2nKo@`Jey#GdEe!EK*8uq^8s zm;LeG5}0l>M21C3qWxA*t|Jo%_1A@ZGFO0)i+W*eM0D5X@-Da)!&8)yct=PP-XfPG@Cg1Gsbt>clRr|nQ+KZmB z##h*SkSl6+aG|*FamT2wgpL%=UuEDGiw~If&@8B9ZYgKPx5L7X6z;;OHNYG8X+elv;U}UXg%Sd5HMF6J9Q{K!? zTZn({l1~u=z#9{lu>JZ?Jr2@u9LaaphXuZl@wWWh&+5-zp z1N~%p6SL)@VKIg!eA3rx2cYLLqpDxYcyJ7X?4k~OczzZ=fsNMPryq6&oIgMvlnG)3 zemuZt?Yi5rBEU$yXoe(xQyj3qea_!|k~+ZU@d%OCXAK}Ku_40kE!kD~!V8(uwBp=+ zvb~p-ajR9_btXZ@%svp7@Nsh3uyb*qJV6;|-0%S*0g5&%KT03~RyadC>7qvNy<_2J zAd#5T(^sJJRf>B4>+gXxfGBHOE&dq5Yp-!voZ7ciQlIz$94fIo!&^lEa1QvZ-vuxr zt^l@38^AI$dwZERqZ*gez2glqILIVtqCk2cFoQ{WGf-@MBp?2D ze{lLFO{|^C2Gcrz1*`_COYOHnhj%343w&l-gOZ~PGx<-f1&)E-G)M`+-c)XA7AdeA zs?`jLlZa(-kRZTXGlN#p9v%~4sn+xvlzn(`DI@eJEefFQW2M0CE^0-_gUE$>a`@lu zdH)u2w|dtVKeDK}GLQRRKagMs_4cGaTzl^950-16uj~>Ab&xyZct9zGXC65oRAlzD z=>iHT-w#C_i+LGL_PgR{MHJDzfw5lD;>-f%%fzYu7d7D3d9=ER4>JX?$0@^G!ZuT5 zw83V%=B4}S;GS1L6C5%zpwk|~S8mK}VhOYCuucHY)B}!S;V%EEh6|AbXYyCY0R&>^hcd+*#O*a|Syyi9cL=4jK=*sqx;1Y1du^X)u*|6&@}7GPF}9{K#puCXkRo15R|J!bMAGE?4vjhRD9R_PqdKsra~BLW*Is3XCkPXNh$Q)k7`9jkbYNm>yhde&swnr{G<8RdsVs z0#JXL^mV}NQ|bo_R-b#8d9V0BL#{K>Gm8x=ZBcX6Js+K`(H?AX*H4$U%rQRoRfCXn zz-4WCar!ic?BvRZ) z>^8JHsZt5vIGlkuO~fQzG==>l9+VyPV|N0iHc-;sC6Q+GX@gz7%W~}iDt+E>`r5k% zBo)q;rs4IQwaxI;oM@m?|uabRp7~>K%!dVlCJL2nUZ;3 z-#<;Hi(dLIm#W8@gVkJY?HzLi7DuCZdqZMpNI9kM1QAYJnsrw!$$y^K=DW_fT>BI! zOsuW4N!-{9D4%CD%2bgmWy@hLKmAZ~WtQ`&Vff$0?D^^IciMF_&A?TDrIb6fA=7Wj zdgxb90JPCmg@+@oB#;VLHvC#roxWAhTQ>ZTmAyf@%UOCWr(H~gdXl#WkkXd?^mz{>K(p(y1I0)y$8|GQ8q_X}JWyEy;hXelN^eT>ACG&@_O-rDEKdX|jCo^g zQ3KX(k@r6m&8qJvn!A7qPuED-;ysU%@c;RIJ&&cY(eOKKFSGpsTC9}a!aiy5OjXoQ z8bM#Z|KV0ENiy$trphT{RR!~}TV8Jwn;XKIOCE;4DnVTG+v~UhSoaFwcEF^5ylR$e zxu1e?TsOULd4nJPo)Vk8zNEG@7ZA@7ukG!UDpc>X$|NXJTIqR&LWL;>)ooAA=5*+@ zk9}G2bwy8qy?k(h>Aw)s0}TqOL$bm4ykwvy)!t21@K|_!P`Y&V;M%qn^&;200-iKB z?2SiB!rR;>YGm}=PFTsTfF?%>51n86H2Wc0NtIXrGN(@Y9*8>qmMrhvl3|g)~XA7??Xp7HYvhfw8W{Bq!vgQ=_+AEXiASq|M z5D+^T18?3;>;GfH{wl+jZ_26j+3X+I>fm2?n%T_olRuze;y=%C$5DGg%vY#zqyEc1 z=zo46&k`_Z$gBUTUjU@_J=}kuByj3-D3Doxug4kvyQi;@e>8Hv9?l9n-{f~QqDdRCc zh)lJg3;xrWiw`DyMF%Quvo_y*_@8Y_7Xj%jPfJsjl^^Fo1YmvokGDGCKF_%eHN(mw zo#+CZs%^6tO)R`6r{+8Fhppg@PCC}6jm?#|)V5sjtDdVNgHm}$b|o{RF>2{&}B zr#fRdk$`$I$5uiGsW0#BoW_;1kQ{HGCO{&|)>Obx-ngRJTRlWiC6B;6dUvmv&aKO? zG%m2NK2kI)w(>JEk+w}Pbq5RF2M|ln%S8dV;H9~1RXggKPf{ZP$VhH}e*R6EzkzQ@ z(+vrsN_gK5HQGuLCx4`lqgwbasx^8&vJh5UH)UdMd@awrP}lzZd$ks1 zBO@E5G&z^y7iQG!;2T((XCpWeD%h)ZGo{M6w%x{N>~N9wk1^Lb9Gsm)&6p#0cbne2 z6&D&4NglZg?l#@aKv`Q`fA%f!&dRJyP3?FXaa-WW5Gt^qrM~McIo09ok@+ykF2_SX zN9K&Zc~=B&aChrj2P)js{IAKX{$Qp4@p`pJ@PXzPcd(#H6iO5fogdkpbGq8g71Y^3 z;&>F?KeHF@-@Y1jFR!4Wj6aaS<7^^qw8lYgpBlhw{%vGrWL5C{8IX>M^xs$=i1-lU z35RPN8AWaVvKhRMTBh&czQ)qp;f0Y;c$c3abH5>+dCe@{Ia6m*&UZA2SoqBlkgBv6 zK{i95$1|1Y^*15?Fd^WYK5!W>HX2QqHH4z%`QC^|?plHtvjs;r9V-hn2D#?HV76{hk+8pgl1&1;uz(v z)+bF0#0!W2c%(kXqtCjRHLz*l)mZgM>c6Fmo_(r*RG@dj)M3n`)M8{yS?QtUT-7&h zNeZN=r^ndaxX;R1#r+m@dcQ; zeE5`OoZD4-(lQoZWNSWzFRW4s$ihxdG7fc_6Ri^X0%(<e zM2(Ln)Gqe=ImvK5?o1ts&a8?4PA`=kj!)@1kG4taHHIpc@-C6*urv=8Ii8!e8Csyn z-cz3nA?h6XlY`FoxZ zv}{f@#nt}ufCAZ1Sg6ZbEv2a?94YG|!DO zzLthP1lr_*LmSOU(=M{DBQuo1#3U!DY0#)$DNO-Jd<8YDy?oUbno4pnzzya6$h^=G z-#@i3Jw5}gRBA=gpKQvNJtPCFIHHU#dEg}U^57*NH|CDW^0e1f<-d+F``$D$Olq|E zrwlj#sVFloL&c(5Z?QV_5;v?VQfXz9sV{LcqJRUF0TaOJzpZYc+b+gPtM2y5K;V|Crbdgh8 z7;{okfV*dBbQr;iyPzxCPP{k*9`4D*+iW#YZ4_6YE8jL&lJo8M*T4cW*e^+FH*)$0 zzi*AiON6R&mXH!);vo&}u7QuyY~9XJSUJY#?_v+rv&oe*?WwB-FN(pX{krrby7RKz3@|w zsO1d9@Hz#Wia)$tyR1};lQ%(!1H4_#;5pueCuva{Q3n2}^-fy(>MMFrOd}kMPjwvV zIr&F$Tl_z6Pm7h`@8`s~q-vurqihs) zp3{&S@h-dx{Ysh$Q?yoR+e_tSo`e>t>ehS{!mCBZ&Oirb2E0c3WCn`P>zc}_Dv>ak zgM`@Am1TI1R7{lQBnNpCY!UL*PuZ1E-0S;nh~|&ctNk_dkmq10Fh}mb(tWL4`#jJ} zS>UOwf)sDTTyh0F z*C?U5rIDp8lkPH7aZ8f$t66Mh&6p>9n$Qwni{SPFcKWOMNEa{AXGVw%HovVU(vI66 zWL-jLNRPkMB$f6ofCUri<>Cou z^(JwuDk}@Jk9>|SM81Gws#&luA(_fRBLg)625C$2yq1y{8o)j4Q0?M5`!&^E?mbXG zia=tWC$)UFtghMc`v3YrE~>AFr1l45sMD&*4?B-T3tA+Oh=zRWH2Y94d8)Lil{J)0rTbw-fSGovLVn3Y#Ou|?fAE+XI*AmX!DCJaOSjd^t6?+m`=pNhNg=sd z`oF5;wY{Su`t}z&k&YpDK?SvoZJU4GjLisCwIPKYK=eBk(N~?U;;CQ@XeENxFKne7 zB$O=b3B4iyE^Bb!tm}uwB-?>4RA7W1@*u`~?OG-0=|Gr$@s#Lyj)o?*6)LYO{ zI7rAqPjSUfk}X;VsH~2e_RpvrK-=qg#>3Wt^5gxx@^hXZuS(pGRh_ju@+?3CN1hpm zbdTYzcv?5h0h?+Q|K6X=%bQ)yakD=@I22&Z3h$0{53TYb)9;`K{G~#mg{UhzV{T@ zpL%p&62^2Hoe7#53gg8(9yBCil06N3 zemYy+Izd7*F+s&vTJdl1=e+=?9;`7bd<0}lBV1XmPa`;9Ox{|j#6wUQObdljCn?P9wOdF`V}CzCpCD1!vhnzb59arGAFSEO_G=iozr=F^ z0f96QUYo8g*zLDESFb)Ox%-HCv9Mw@H#pcyVWE${ZBR0Cq^fGgV~rIB$Z0 zK=JvGR1pCIi_^QmWOM-CaQNpH3N`PSjTv{>iuU83YGgM?YL;0E$9yu8UC+-OwG$od zW`|7KbRAm|)F*jlsWU04b#v>-FVCCm^tT<2*|d1(xX6(cX;z%pl-jg3uJBUU=R_!4 zl;B{jUteX{ceP7;LbClz3;Kp8cpe%u^v==Q~OdR!p7h(4MO0qZ6%UD9DN1|J!TdRkX zJX-l~qc?vJ*NqDf_S6JcR|Bl@jLX_VGv7ZQ;u?!P5w(0Z$LD*_^5L&5B%g;eB9o$L@X)Tp$t`! zRF(ikrW*vizw_AeL`Ee)GJ0EeE53x*WlXA{NZXeGa6-&_aKlj$JBE_rKV+*#reW;D zqjD3E6dY1DPh$FNb;w6g!sNL|ZB0kJqr6R~C{ESu>q_p*3YfKq)wK&s?N?r4oq%Jw zJhI{12`quU+HxaT}Rt~Rzr+nAj+q&o|TD+_;%yFQsota+bhSqq{9 z#InSY0$V>}>Bajy_0J2t#LCC|(EQCv&#@;F8FF^5O#vQa*2RfQZTf^?c0FLM^Dl|$ zjk39Y5IgIc!it&LOML@p1*CdY`R0KQF+F*MV5HS$@}~8$^tA-CK${kUVB6m#=t$2+%HD@Z?zNhS0j97YfRI{5?gtze_R zJglrr#^(w>Mhva4$e*au&5oSJ$s#|?gu*?lFhKQUE_auA0%`;-{ zGS~zCc6jVv`L(MLzIjfzJNXf7c2XOb9-$9OR4VrI+VZj{kLJ_nw=v$Qcv9wi{bSg2 zB=4|Q7<9wn(bRlP^v6pu0z%DZaspp~r(PU6yrL_+z)sExKVS2jR`nsTZO&!gqAq}` zpjov3F1y~{HkNpn@3U}$`AdFRm4Y)8&uV0(b7Cvd$=G`Ba@{tm zp+#meD3SlU7WsU-HfE8h(Sudd+3j9u2wvCE!cLOZT=}#KPN;T$xNt19e!aDPv}ye6 zZMhr%nmubKlWfy)gt#(4#%N_%*g!PwIq)N^6$Nb$gOKj&yiRqMkC%G3E~!78obAsS zr=Gqw2T-=XpfSY;+&uiYeN?-R#UGB0Xz zn>mRaP;Zm$y7HST-$^e$gsm}b6BEN>ifJ#4QQ5fxIg7d0Xy4%V3v|v^o`yx{_WHZ= zgh+HCt_uqpXx6C&OTU1quf|ARnLcFPClYdUJCBZ)n#~z=MlZb0MbwJUSdjyX=j8*l~p5im}TF4)u&a80= z15aDtl>s@`M?|qsw$INfu(h;*KHG#%H>wPO7$hz&!zk0WMEkVgu(G;Yk-orP!~+!T zWq8g~VtmGxm8zB`+hv*L-gK_M2M+h09|d2hGnZLTD4ERjZm4Y$X&P1)o3VW=>GP#& zggP>ArRgTNe~rwp{VrGIvGDdHa&$E0VX{=a*FMT#=&v_SBQ?8C3938prufOw;OhZE z-*_#xY5V_C+gVbZxXwNiB`mt(yD@ed;+lVxKHB`viu^==n?$sJxQX%jGvCIi{OxvV zeDWq#(zWGOeziDOiIFKp-{_rJU~DI-?wl16Souesp;)s#{%)Ujo|(YQlbBPoI#uIN zQ`aKU3f8aRAh{p-At%3Mds4DOPTItjqam8s>j^vwmTY#wA%V9Q_$UaXrajK-@mM+C zUlx(@)NhjtAD@oiIA8M!a#J&ZVn0i)>6fO4#Tw<}JQr>u{M0CNsP+t+pWFeQ$yZv$ zVt@IAK{MrJs6>}43TE@Qev;4GjHqZdEcWREFlmU$GFvuD2Of#_bQRLIQ%H-b`&Edx zy#zO!ZQrzC!CZ6(OI$`&j&5`DJQx0#eGXSowJhhQk+`RAU9v`BB{%WZFNILud#%vR zAw-Qj#nq`Ln)mR$-iae55N&9yaKYuJ@3^jw_dDiD^X;f)F=nb zVu%OWk@sHx3cnkZskq;)HgNCdWT;(lj|hviaQh8pgB9mWk49FChnuw~9VAiwA`Tyk zbOEsu68D;bx)YG?VNaawo|{RIT7T;MjM8nKWLR5YbYsjjhww;oZ-WRmUtT0vrna1h z`eWqy&_r!@NY(m*cayF+_dU_mW*L2wSb(Rir>VY0O^(Dk3kY{E!)4BoySkJa24VZZGnlin>y-RqeO{*@| zjPB0;{bnI_+fhlhY;Bb#AVh zeh0}h$%hNo^-V@-uiyOt#SO@+H{-?#zXy-D8B_g`4rE~^s&1t<63}d zrC|%fpZp1leg3}kGJRi5akke!85Kc{2qD%^5A~KS5WQM9$7*{z80@n@wVrBlCF*L4 zdabP)2~GK)7#hBHG6sI%T%xDv8V`Z}7+H?>>J3g07liePPE^TWvdMk>Tw*R(dT#Kb zGralF!Gpsrbl{mYuA6j1o8U&5~_RBEn!7q_le$V z@~B(XL*{^aL-lZ-kXABOo&2!b&5A1;hS|pH#C*Rp;SU zA25mBe-FI`4@v0vm_t~eE#)Tr!N0xF@rdPMg`O@Bqxb~X@alf!cm^bd40ty1TH_ho z(|Yzk;@puV1HRk^Rl$^-kFP)=F=On(o zC?If?4L`~6(OKy)?amrX*?;5+H+v1+A}JEvRxLy5=7+rNGFz~`dbNzh(>}-f=FbEV zkmk>iR4fQr%CvtbqhAF7^=UK%4*$Ocoxd&@5V#M7^DyyeAdvaj<-x&Ww*Tn{NB!gY zYUkg2E~>*DT1sk!l))g5#}Ug5epwk$AS#zBv<a&H4CHG5+Zflu3wk}1Uh2db<`X7m6{o&Wb`>AbeOR9p1=0WOen6gh zpouL)Ms@nO=+rK%63H}Xz)?}AN4~wKZ&YV!Ybbn+w)!!M7rni`)}mgBqE`HybAr2ckiXy!Z~ELxp&sFyCZ; zYpXwRzy!BL=M=sZ1WF^-#>~-nqo_#@mbl~)AfUx_u_?97G)KAV9X=~KrBxxKkJl#V z$5e5{klTy|&xNPjmCl>hR;zkh7?g|RdcRR;IBrBm>Gv#46nyagT@BUM+``N0Q3eVZ zDJxmH%${5|!jMUxS-cBwa-oEb?P1Wb*TXAS7k^Wo3|U0Nn9E+u7tH^pI!og2L*$zy z&n!Jpq_!BeXh#)Zuio4?ytX|ip6vVeX$cK0TT1NJ4%*!nVZwFWGl`yUh^Wp0N{v>6 z>|FA2tnJLC_n3d*5}ngw=3-%%%?`BObL(aK^eSap7_;DDL`~lI2pY?{SWqLLZ^m%& zooqEnXo9xmGN}owskOggt>omi=Srzu27PSjw|tu&<0|U51F32brXA`#*tK_ve`{kI z3E813nUy&q#=<)K=>Ui+vw8vXn@x((u;&u5!$=iep#VFEiK^GyY`q*FU_Y2fDjT92 z@cS#Pjkphub#8GgC)NAXYbzB{hTD_zNsy=YZajpdry5Ck`2%hQ54AWnL73-LsP~@j zt?%^_>l5{3P8TONs)l`stQ0t&bfz*s1})Jly~mdBpoFd%C0rZik_+CrJL8l!$6U0H zYkz=kM=tf9xyF+4Q=(Hwb&=+Zmpb;c@y1|~WJXCBsn0qSOy@q9}L-z}}u+q-95vxNx?|Jz8rfr}> z1r|6}f8~HHUd7v9S!&Rri*Cx}>C#4%tnT${xFR9U+D+%J)-I)y77NBgP zH9AKFR3&ZD&X>}n?|YBJ3zuO#i-|lz{&Y1Ng1W5|j#{;`t!gLGKq=c$W$^W%bo)KT zPl$&n_vsU88&V9%ro7gkrT}>wc+ZBLzw^MjGDow#t9AN-gPmR@u{VPoH^Ap$INbbR zJlWm2;cwDxUeR73I-6mXwKT7n4isVQLy(BAd=Ddp?sO6A`lAY~EnH6gP=Jw(`=$4A zDzCjOaqXD!Y(J}&RUa;|TC2R&Gk>g}@dYPex7`=8b(XMssNqz&6c6-IVtbOjgAQgo zL^^tGQ+Fe7+OazAfsH@qWr-K13WYrt z!r2!uO{`r8DtQK{w&iK;wK^XBd7#OyW%dEOSSvF5Y1!I$jZD^AO4e8pJM(f*=~U-Id%}3d6P;YVrBsT%X7GD5yRS;i}a6 zJkIGikG6X^as5kV=o62{iSr67KIpSA9|bU4S6x6Bx$ij8=aGxgfax%Hl-yNhrLwt} z?k9MW{cenBxI&)gU<%R#yRez_L$@~i1lnGA`*1e)?3bb-BX+Z|%WGVO#3$(wF%S=o*J(om3AL4$u#yp+v*qnyw`3yr1yruC{p$@<+fqZi z4zFzsNdM{P6l) z$OEhG!2P(*;pHU+N-AFy8wn@%s+^1vvmNJ+3JO%pe*a4c+-Wk8wfW-a^F6g;=DeNT z=m>Hy8G-23&9sbP*c|frAFE|=I0Y#SP+oBYdcOV*Z-TsG<<}|Q%*+g3G~LRBscwNy z5GRz>Ov31y(|FUV3>z>{pQTDfFX6{pE=>0~WbFtBX(+Qzwog@|^=pOn113l{%Z{Q~ zERND!%CDqsHb^s&DC~YQti{2UCF_8#{P_o827D))>|9Qy{C*@Tn4ehyh|GAz@VYRL zfvChV$d+3B{OZctuFGuj+a+N24yv`6Gu&5?E9|>(&cdayCZB5?lGJLYLc(zw* zK|j|dz}#;>#&paqI)u`h-elU%XZn|&GyFcH!}CD?5|Lg4r*GlUR{FQ#hz4=dy!VE7 z+_RSFJ*3wM%jF6EC!`Os&9y&ZozdvxYrX5nu8SW93L2p_7XG=T>GG-@dqZ)AkDlLJ zQB6dAqApq-k3GuJN5;D~cVgwggZNsRX*;JvvsOoxAe|3~R2Sms7HAu_OJnlf@!1D; zeJ4D-F9{PV!OQ3Tl@v}0LXN0`3O>>>nmacVYFqVYgD)<&E09t?g7WsdI`_A!*5R<- zo$9g^wQ}^y<;1atQFLEG$I{WAuXzf(5mg)&@IEBC6d8f#Q+g_jh>L-z0!BbxZ zKiu}`ME6yTgb=2y%Jk$?RrSi}YnvSE=UcET+j%n;P~iMpgqqO%Cyfl$3LB|I88(y( z$ErC@kS~qcnPg|FJ?;s_b}G_lqq-bnH6u}3xB?X%=$5#~bkcS|4@A>| z;fVr!xC|QUjV|02C7PCixm^A-Soko4qWM2x%PgV(SGQdMXL*0uo%}KQS1GVdE`yj| z$NBYt^UR0Rf3|M?PY?6|*$uj4K!Kc6W#F1oW@5~naO|m2(9EWx=WOnx7|jP%R*Dx# zyvP3Wa$@_oI>+lBKyOjUR?l;oqtd6C!PCZyGJPwXp&D7OsSewwlg3jNQ2XBKE!_FJ z0+{Ozl%9?-yGH1D`xIqN3(XTv^0x)VthOC)m-v|9E=OrN+g04ONLz1hx2#t6FLu>7 zyla*an{O5qyE26+sUcFIg`#KvDE1mLEgip5S{hoT&nH|MMHJjII&pz3`ejT?0Vrhs zJHE4cYMheaR;PoET@zot3k{k{km$3^5<0`2Q?c8{%KkC|so3uBiW~AW@yU#FtwY6= z(8bQ<10fn10-50lPK*q6NK+>d%mm0TT*U~%q8gg!rWlPo(FdCM+dh#hMs4~2P=Y^h zDV5{Y|NiX8g+=2|@0Zl0{7^4@RMBd#YS7FJLsPn#N`)um*JQ&r&`6e+3Pk0y^uR_14<6syO-ar#qJ z)%v@(wXeyKjr&8WVXQX(rDw&=Do9a*%T{y``>(~=MPB_(S1Db)ZQ;-^wk1^qN59p% z{u>s#jny^A%*oxeVG*Ku%vxk6N>24IG7;bkGvj^-j)CMAkhA?{Ss}oid_{BG7+) z2fQIuk3X=NHkRFEH_iGbTpXIo* z(u?NLcZvzA=Hg2Dy_bxFxIokwZ8!JbsuUQr3$L zLy;%(HQLta2{Y#LD)(Nvi^`tCJ54ZWayy(-v^*~y8as7f(T(*+TwKxfCl{6%Hoz+K z&B5P4OS=~@*OWVDP7_DO)$r)HdNuD9EsNSdFHYMs{r6Mqi1fT9ufNc6M)4pc*UsI4 zrjLwSwwkQ|9K^sCox4kFx2%Oa+Ym2f;qq?d6SilR%GAcIA0FzeiBKDOhY3Z>!|HC{ z*PLo?Xpk=g+qRATTeGra2G2&Dnn-chog4X$dv^*?_Xv9 ziNcQ2-sLGPnkyU%m1CqxMX{CI@5KB~hB_Qi5;o=61QxY5`7itTu8BJGCIlzvY3Vjx zmWI!EL(2?WdRxc`eLf0@E?p}=aY2@~JCVOBajK)SaLVelFaFqmnk?hYGZwX9HJylY z^W7wcAS#DI(jVi)EessJ>X>{+S&4v}=61y9X$HDRxqZ_xK7{sP;i?5E#k9OWf!txE_k+&XJ7*AC`M4gLxZQ6vjz4Duc zAPw%bru$`8zQA*qtM@HNvOe4V#ix@wFLQ6!=SdNamjn^fHHyOwn}05!9LMAS4Lzvo z&Ik=PPcS2i>A2H2wk>V*#CB0Thv!CEPkSk&tid9y7l-=bo)=|bzd)L{Mq~&E)mRW) z&IV|GR9{qDZCFei64_~Rs>r#oogH~=s`?>{hq77t&jnzd<+3H;5umRI?}-oL#1c}$ z(Y!u?1AT}nI{9U|^S&?$Wwtv!SSDMXro&+ZN95f)_V~gtQv)}r?$cy)6ulV2UM>!*Z-paM4Bi%sTIh7{HfzM5%4NQhaM$frpENuvw;eG(QgKGM10=Deyd z5)I_y^a0;=%s{p3Z?+61Z}`kh$yk~3$Dv(nTT6tl2vm)gFJ(o}kDk8VrbNxKLgBne z!{wn9=^_r4L3pi}lcx{UQ6>qijnq*q#ukA z)LtKf-=Ur9&9^|iRBtWF1Z)d4q zp|#YN-h|GOZc|jV!CCI}2Av375X={Ceqyo?>1OP+s@(+8%FATAXO{>{a0E0*Ra1A>5shpLo6=H?>CBSBz&4 z(H7;c1Tk(Bz+5k3C!_p7=rujzR1sq4-rUz3l3i~P!glIALG;^#3ps>E*+|}*8=H@XwxWcocG>2gw5L&RdWChXn$~6BtqBso z6Ru8>sJU;h)AVL*J7K0c24K&HAgyaCq0zQ4x>YH^f&#+7KgFdtK)Pq+V~z3>4d*o~ zNKpNMsC)0ICbw>VbSny?0wO9MR1`#d??pinX(COeiAX23(5nbiq>1#B0MdI8ok$U+ z_ZFJe5Fj84BtU@tUiLm`pYPk>xntZv?j7UaKNy3NKaV5r#=m{KZUHokU00(ah$=OvB-1 zNgdYz5Yt!dmA4*AYdVND_BkCeu%L@MI}P8K-=56s+14B+NiQL6`#3?pu9^m%y0wy7 z7PXtl$fc~%b(752)54a3B`kZjUZAIX!^x)W{6XF7;!9(fMDZn^9|l*0gA`!Rr01#X z9`gVZgg!1OB&HeH9!H$Ss{d<_34{SC(C1s$X*y12Brqk1%>;F4cq%PAFAc9I=Vy4y zO6?^ZhY5WJiL(}0ta4S~vx3Xyd-N$eF@-3^8N`SmC%3)+2)-fmiQ08*xI~h+@ASKW z`j?!`gPMsyE!-_PCTDkgg;c|-x)X%dvNpe$oUNZxO0I6WPE&Uy3Ei=bl!!n6ic*LC z1g2EAnel(kw}F<>MK?@HrrN5}eyq-B#z%cHiMI2PXjF#zC2ofUws2O$JAga=UpTgPRv zb9=$p&fVnId64K;Ena>t{p&j$X0&FvwQl4|k9`+*FaszTFZbkQVPBmn_3(S@y-ruE zwz;Ol)=ckNs$f7vj;%+c-CT)56i(bOvP3~}6%dS0I%6g2LfL;qG?%A4-!iAJVXAUC zszv&0+Vl;8szu{^enx4Jl$=2gXV%~I$oW5AjKHf(PgZ6IyDY%Ym)$QcmY;k_ow-uy9*Z;w&5;F#^7}D?|9({izCG0%y z;wp3UbV@c5SzbWf;m9cYsCNtXAt<`PZ~r3x15JZ#=klL1y2`O<#>skl z%?S4Hzlu2j9e?Pj06EzU%D>1tASul8+q36!=G^$1JueI@q^EAL&_&Cv*K3b`&F%A! znPwVXBE%7^<|&V)TiK2_7W47oEB-*xJfGaK0&;{p(_9(ciK;geg2%|-jr7^|c_d|E zfJ+2wpzg_X#JHMWQ_3D^#2VfwAEIwZ+p-Tk{|{`hMtNbpk-vb3%mdua7P>ug|dHw<}bV({)xz6s6w-JtXa_uz8B>KRa* zIOK0~vGymPQlVydTQwJbi~n``^k-t%!RGtr@V=^~q;L|q;S6&4WQmM9<=;|1;E=-D z+p;RYaUaTWW?1M`szd(s2O~FHRRE*w86Rx?@E_N(eGnW|Wfz)PE%a|IkMnh0Hm7gA zv6S%E#h3qi&GUBdKh8CttXryp#qv!8C8U2I0CN6cKBRaPqZuHHuE9c4Kwr~Aewk^o z^jh`*cIM1ltbGl{0T!wLdRUQAb@6xlW%M~D?(xe7|NgQ>6chUDDV5yJC>8(uOWf?uk_dR> zq0vcT^?d-ehB}T^U_y!hob;drnDuphQ>LdW_rlO8A;Qikwqa{bwITHbIyKH1C%h_n?}D)X4JuuH{Oq+mAU{v**`jIVQ=x*A6mpt=G3v?OHUh( z^c_@2p`d7OhxEjSXzaSCruL3EPw5-rU}P86&qG}kOlapGyvI8~_<%W6*6{Qh0=x^) zOR{W*o;T=f-uGZ?2&{Nju-r)j?$EL&u}pFUBWyksVe?8;X=ct@xiLM1@<@HCb&)A~ z5Umcstm(8UV{@ZhBsX9pYX&?QnJ${Mt6VzRo?AYj=CDET*c*kjHkliP)*8)x`~c_)IA-S-eiYV{^E(NA#d~i}06SOxP}{ z+u&JQ)AEui6?Ayn8qM4rmttn~7n#B8siNj@8aFf1W17+RVmxd00AFy%eqgGK#&M;; zB}!TPAnRYGE{2HP*?xPP(Q*Q z!emQg-Zo%_c8{x7@^d+52$Wvdhmh1zW@q0;W!;p$Ubwgj{&*~KX2yVJR%<4uPJpM; z&AQd!d1zO`XH0w%>yF|GkQP->_4b#{LK^Jn2B3!LhU2=F_j4wO+%-AWHYIj63Art} zlBRV$3ccmNDdXUh>N4pMEUOl{=Aq0(5u-IsUH+*31-nygLfqJX0wdl6x#H*#abNVp z*ANWGMn~U-S~}9r?oNT_;>H@JXCWNb?xmn?(oG~ZS_1HBDSq`8sn{b14o8>oWrlHjej^0@6@ZwcpdF_`b0B%OBXA~r zG%IC{XeEQ9#;1(^nnD#x$OI$-JUov4j1y0S>rQ03C=34bP~lE0*H{gkH;i?W#@|1W zYwV*}#OUKupTRZMRIp4FetLo5-;a5*KGJg`_D;MIFPQ1`Ln|Rk=T3g{?hj`bUzZx<=5W&-}2@^r?Vt^$+H^d%ez{%6Bkz76-Z7uQ}RN z0?&$SN?&VbNkHmBN>1C2!L8|w=9$4CTHz)5OLx31*DB|2ep3$Al@r{KM|Sx%%gc@8k}m9M zFWOH=*~D47oO!}shuW{;vt4~=UCJ0+U#KDhH<|bJJT}&x^At@Bt=uypZp>MYBG{4U zKe8GGBF)EYJ|!Ib3xxeMltxkOLgMC64Ch5}J)<-HaeZKE@*^3gn%vCUZ&$+hv!k>W zJ0!e*L@OEcTBf@n&IW89M&bjnJoI~WfLYyd%3yBVYxrfw}h*St3h?4s~?GJ76ayv=u z{?kqGcRq-ChO$>%2jEvs^T8Rvj(igm2b0rr$L2%Ww<=TZSw{oCHmILayOW(0lucVN z5C|2z^Gv5qur02Htfu@HUVrwX-qq$YpXk}GGN_NCgbd_&HI$#%Uw{WqZr(O#g)@>$ z3d6`pBqi1E&vIh&U3J{ViWjia=I7*ZX+;gER!_6^umJp?ZL&Hz=?3i6vwxgy1 zhy_kM&ZgV(y4^~hD3{rn3|{{{N1I;`EC0+55`!1n&PvaWb?2Q=qyT%EUA;c=%1+KO z&dO#Itzai-o@a8}sx=W(j=7mvO9;_A&sTuzONcPCg~}Em1Dh<{<~^N)`O?&8v|9Tw zKrm0mY_DZ+{fEt6a9g=$Kl&12`t2XoF#s6%e*{Wf@X{@&&ztQ`VfQ0J{vrSQ{k9Eq z9;YE>>Xq$o3iJ#QZT}}N`;T)CdvEXMj}j3!F|9Mn^P3(`I|+GmdupI$fEoUeyn-{g ztK|QKA2zyM4?>$1|2>uhuS`jo#KpRdu$e|Z@;oF;NzykLcG)00{#9-b`HR9=h)cOT zoS=`disD6|aO%ED%Zz{gNqvJfdMv9je)B~l+kbqUtN!vu!YKQr+!tmvje!8p?{RM9 z*R|*Wb?pCqYeVzjmzWNA_$3bXIt$C*OT7B8WB=#dzi;4{XcnWm1~AM;T>lT@hsG&0B2LW{`<;l>m)8NgTtC@NREfG1VuI^Jh!9 z)=*$KiI`zKQ9~^nOx9#`GTT6#FnND*t&eZVCmMWK!L-eXB;}XGIwN~ zRjWwDuooD~uDlBJv_p13jNo9ui40NY%~Vt9pASR)9dIHy;jsIF;f1D*5ZkFOu%34( z!psp?a0SeEJ8@y_!+uWSpCY~pau_r{I zS#as)nnz3VK;-sDW%E7K${KbO_osqlGv9kEb2HpN8*fMy$AxT9^$ zZDUtKo-OjFT)P3pg?$l4OEJN2AKumq(E;g~m{gZ7`pC~qbd>6wWF(vePk|xlu)`Nu z=6ad{bE0zVj88_8_hyi}OMtRlK;8Xa>N{Ss9%GH>T_0gxXTf_Vurum0m8g)AS@y_8 zo*cE8qL0{&%6F1qGD#&@brP=b^33*T(&ko>w>8FCIk;HjHfLg{kbX@03e`$MZq|do z=+f<<&2L97yb{@!I4o_nk?`LNA!kW2H0v&T^%-Yv%N6 z$)bs#ZOg8GAP=P7aQ%|W^q@bCI)jYGn>$p*@$6fTbq{9yi{gnfi_{hx4{mP2F;=gS z>pk9WmE${gN6Lr_?Q|BO3=}jn2M`EaZimrgGWhmBR7Z?#;e4pv z-9TY9v8t5Sf&#Kq=qf8wSMeKosb9b6tltJNloO|Rv1dfY5!{ERKkhVAmu}f~`*+hh zY6!}l8wp)LF+KB6ViJXCc&~q&J8U5=*c^$O-HYyCQeiv7aFz8D=w#Z%UJd#k&(PYf ze1Sy33FedMQ0GvP~78kxra#C)dEdNIpyl@GY#G2)v!(tU!_7Kx8FjFxGfi}L0h zXxQ;agzy0v*xzjy?Xi%g4AZGA-f`W_P0A6WlLg$FF!iMbuuHY>?Ehf988G(VS>HlDP85^*q@$ot<(-?kkd7v^pxT!`4d!1WI-QxgD^~E|0!9?IWzQ zNF@HA?rQZkDOr6c>EwTXzf7u*C#oUF7P{VSxLYrVe1f^}73Q>(zBK9Sz;S)wTYYcP zEGnyc_Q7b-))(0m_Om%a{-|txa`&5#bq<2OCU>isxu`nM4d%4oFNQf9i4Kz{4yIFK z9FNCPO&rZI!CS~@tnETFdszS^<&oHappf-P?4u59O~s?7*XNljR$v6#?bhHQZ{E3R z@3VF=uKNCw9mtK(+P zYtq<^yqxQ2c?oKj?n6a9?Kyde#i9e!O!GVqqyR+U@pWcqMsDRE`%b6hAJ#2^pwTX| z!cjD=f3veEY%D&6rh7SO^|eX*+3&>w6)T7oC;Vqc#tNkrCb-74=d-MWDhKz_?Vy;E zmDCAwC)Q4h$ZUvDO! zn3E^|NU-`K4sVR=1r5oax>ci#e2krzR`=mVIbwi}*RRu7(8&NyHBSxgVPDwjqWDAI zziUt3BE~MN4|D^o@PMvUika zqUa>AWp`BcZ&9;H`!35jJQ(bR*b&WQPBHK~Mm!xM4C@eZ2!b(2DxL|jtt07$(;J`*eJ~t*-ET>N`dglua zNI*68aU;BUOT|Nz3hBP@!_T&;X4aipf~tz}-(WIP`e`o#S1XO?9eM@|Iz#k=@&!$& z*b5Q4#67uySTeqwce<-%2suVzb*7wVLt%<{B?}R+NJg9x!GdsY(x2rgeT28;)y-2F zf5Su&#{c@STq8v<^89DhHy7HD2xti~W1qX>{A;V~M?v>Yknd{qVF{I)fC-t)*mfHYs`KUz#mjJr5 zd1l@Hmg}{8(Lgk{Lz?m9U9Y>a79Ky+*%12Ar4BxN>bTmng?rMlN*spBn5G1kEhI=Rj?hA=>r5H??~gfX3;ddwP#>a1`4Yf1Bg{ zLJnFU<5mOu<=qOnmfj=UlZcg!swXpf{bL^AMOf3$)MQ(mS$nCvM+3g^1*_AAvU12q#9It?L1Sj2Q6fI0j<#e z=EIZ6JbVm(fY20rTW+NUdkmWh*SN{RcA}d7t>jREmyTxiYb;%5xxKuTk)Z;YfA_V^ z%y;QHqNCsvb+@|tc5J@yT@2DPXAJo=lHGs*VY)37-AG#`mB|Z&qzS@jZC&5b&!rIn;mw zxayDqka3D-M0NC|t^2KKEJptLWA&K+3QcZCnc9om(zIJ`7A!$5FGM zS+cU(qdf01EkE(SzpEdhKeT4*U)_?bMtx7lN_SE|jQZqBhZyoo`dK_VnbBhuK zK(l>S`X#x5H96rXDvW1&VI$ZNkT}9%cAQylXD49qXb_tl80m4*jq=ht_s3XjqIF!b z@j1zh(0U;leeZhvGRsEuy|PXc!c$4^EeTQkSHJ|88}eKsoj-l5{qDyRlEaY(ap_#ntRi4nI_1EFIoIycb%;Q0&%eb z^hG zTqYRI7$=C_5Yeo!1oxGP*mX zU;Ttlnjl&9A>#gE+3t|6mDdd7!me~t?aud1-dJC8mhQT4-qS}HQjN;J-Vx3gmwRv} zXg4s#xs;`Ece;DGYKf&=&^*B}GP2|Mq)3r9|0un-gWXMv*7FrCT2_SL*lmCUMZ^RU z0xb4C<^^&$d$pvIML(~t2038)Z|?!397BAY@!3~Gnnd+QZFsb#+{nI;AF@vpod zjMz$Cro$z8wde@H{L9pNRt!AkKvS=5ABZg2Kc#0KEF>6v_Qn6{$ISwlXwXy5;85$p5ucbIH4$)4WZRGD0H0{dpbEdNAy4^kGh40ute9O2e z4ovmfuaNk8*ptW?6uKQ|G(|@;{>mxueT-)cxRkRRT}*l6){a1K<`YUf9c4S^#Yw6^ z+$8dKm^2%HlvP9xYNX#!*Kg4%6f{0Gj$%{ALH#E$d#%5iVIE3~aiW z8JG-eSXGh7bw%;Q76>2A_LvJ|SFg`G8F>QbNSM1+2XWh&8`+0_6 z_aFD*g`iK2O&CRfwCDgtFu*sN=?@rXu| zo9N&wBloH}x3x6c9f^;w`-@%Cg10P~6D-Q!$X-da>pW;+w-6lU zx!s*8d$Cs8*6wrzCcQ$9&q2p=aK|1&+kBOX^9H09u?nlpjI&GA|FT z?mtEE?B6Zx59aNrnG#Rb3i9>%;CB*DZOX(dc~k?&UVGY5s?zTygO0@7;R^#Js190x zFZUz-bSDzn9tS|T_Bq6OQ)s?jVDf^cNvr)(|KT$aun9jWJLW2x*m2QX7`0cj_A$f_ zr7~eGlAUGQz8Q>ublmOqyIa;F+bbMJ5gkRH895h;q4k0vH+l1_>Nzuy2A)n3!UgHp zUKEaudsdMbaO2(J^oI(kuPI?!&~Wq3LB}HeA@gU^3qrgV>f?Rs-Fp!G+oIXNv78{K ziPj1@&%li4;dF@=)Q6KfVASAf+B$TYG7}sBM9uYcXTJ`P^AoV{v@Xu>!@iu&gu`5B z3;UDykaHEPkrjE6w%QxBoYhPU;zmLAkAi8~e$Gq@hs6SmRb7Qz@`)1`c(z(qOPRf* z#5?xONAy~CqYkDOPBWHkt=cod`k}+}2X{SPJfoRD=(%x=(c|TL;ostxf&5J*KfZcT zc=G#17#Q_$l;qu8`f(a}XJ6*6!gE%D+EgB=Ahb9AL&>K zs!MNb-aNnF$rs{hT<_`C3b$765)6qQ+-rVk$&BwPxeEn=;_LX_i4)C4Se~qs7RoB*0OCS?Yw zM;_DTwv5>bJ-)uHW;aEV+9n+PWv(}bUaZJIb+#`VZ--rp!QA1x%jB_~VqgJR6yXVZ zW%aoB;Y6wNcXn5jZqzWh>q&Tip0WEZo0PD}!a)owCvK=frc6U%B8~Q@(xyPwXKMW` z<{jLMk>u4v<~gnsk`b|p+{*j&O(3r9*X z*@>l8NNrCTRtmS5R!^{j!&_s&DZw`4YZc)E96PiYTXy@#=0YvgkLNqr3#H)P85S+w z*GSol=$mih+da?)R+TEj9e^bRdU`+V!1V!=KbGez#GKWahZEOxNZj}d&$~leQlMiA zv}tev=3pASw*49tnZyt9*dHNM?Vm~{R}@Bf$@1Tb8N8fM36x>RDUR*9>L9(o^a0C1 z-B9(bo|2LkJe^d8DxfO#X8{u(QIk2gH{ZZoOZhI+>f5+=;UK#X*5_pXJZUPke+jh- zh{Nw5&Yq&6guFG$V%JB{8e*K%dV%zvPWAh%Xs1Mt6mMhrA;yt@u^=g2X!pW?R=hh0 zZi+(Mk`?#C6XV~8-=FUO6)eaiu2%7In$BK5g|{=S#z(;CQ_9_Ow6o*(*6MJi$Gv0f ziiv3IE{ntr;Nps2HAAf%xuDZ>?2fX?>g%peTxY_RBPQY+Kzu0@-_!7 zT~4<#Ai$)0+TK6(oJ)_)PSw0UT-w-=HA+}XytTV%fOQKU9B5R|vj7sctikdUdiQys z8L>sx%kCAdk3ElQ#3nElHQI2*uT{lCBF(j?+mi>>lDQ9hxmDVi#Vj%cAFu9No4;&L z&QbIVJ23^6Ms8U|Z~c~~R{hy^H>c5Eew;d8=ndIrM_AVL2%({rWVBka z$grePyS8n~wX_@d)4$yS!h^@?iVXTKkeiSIwR(e*8Kj095lP%4LfMV@3*7_KoJimO z;Y`;`Z0q)NRopg@SB$KpQ!)GXa=w*L;B{U3EjB4}SR_$im%+DvYqcZ?9P+R_H9Gt2 z(!-0&&h!2vm?AFaRqEEo8yZfJZCVfHk;XH>?`n4KHqu^vY{h^Ke)3T56Z28N{jg5Q zgT)(4z8ef2{=pqT*-h409%lB(0l}G1*nNX3{Glyfq`bemlvi?y`u2(`!xb$h&$hRW zY|RxUBlY)M-HtnM_s$dwtgnjM!cd>(Vf!#D zbJ-=>r-2l26~&#yM+nnj!R$ukj+W2UO4~&{Gan&t(HeOgEH(riB52!fRlzuQpZ#!O z|7|Hka|Gu5HJs3gpskAX8uj4faryIWY|6L7BvVC&77NVSDUd+^0T{PYT`3T{V_dT% zU+H!5IvbNds)}g~bk&O|JU1V01l`Dfm0c>C_Htl%FD>B6c(QuJ+(isJ+zcmFE8Ev|_pGv+#G3C+36Rt>2S|;`Sl*z^% z8e7dC&Bx0IfzGX213!I>7FRnnmAt3GRJigQBQ`1l)t{H&wS7~Y>ud~-#%l$G)Auu1 zT5V7rJf)Qj8gxGo5X&-?7>BrCUtA=fr6iK*;b;Vxh3Dy3aensRwhke>A+0%)PFU%ApDfSjko3cIB{M_x4R#ZOLeFqPDswxYiGk2jvG zzq@oT+lsFAcr4@83UL}k$g3V~sHkkqRnp8h20DZ0hJQEZ;ziB2UU7r_~h?UFVaoBzPr!U>?U6~C@0cergXm6sM$&0 zV+XYl*YLz^)`Dyd>&U156S=K2FBIQ$xJF_aZ%ZS3uK;X$|NmZ_@&A86t-l~4{2%Z~ zTk%`t5<=8Yb03&e*?traO&y$x2u8Xd0`TiZHfqih_OR#SqE8fG)R5nQ^-cXo>`lUK>u#)R z6mt~Q?%schxb)Wz_tXQx;^a;h3A@Sd{evk}yaOo2Ts#q6q@f;_^K-b8Dg1wVrt`DB z?-v&aR6>(X0I`OWPZ4(jE#h=Zwk~^Brg)N1VDUOdHcmlTZsmV@6aRK?dLhbz8OI?N zK$1jZQlsg_<4xr|i(Tm1IK6=78+Re0>Z?d6hj67=?>AmY|Kpbbe#e5AOsN%~dtbMI zb{6)i4M=WA(k=dA;+_DDd==DbC7y-u0}R@OGltnenL)FTaP(=d#P&*ZAfT!o`?a)< zy~O0yOLG7B%BV8y(C)mT`^Nj?x=ZE~E$_F5Qbm_)rxw-D8>R1x@`aQQa>FnXXi62_Ik89p<3ntDwvn2#PnT% z=8-iAu+c(s8lLpGR)+GC9eTR!-_{UfB^Xs3!c zrgh$Zkz>HqdHoCHbBkmn4}jEja1DHRqB(kjj3xFAl@S1qme?7ud5@}UhL{6M(c8sy z9JrnzOmdfN33`Q?qdoWnpr~ef*hzsG{NTH(>Pvd4Tdd3KCo|mwj?EIq9-30Ys;OT@ ziO0KAdB84OJfP_clx*vX3&{I-mNGcm73$V^d|;ZpqA8tSUQIC~&$)!~I6*I5aO>3i zZJNC2f-oO~+b6Df5>Qr9O~TpQmw~b$USOnu@}M-~qbpFpXP3ux>Yk>RE{sN6 zDnCYf%#r6KC#2u|^1l)d#Pw-)r>D0981&B2=MCfT(G zKSzh-A!h%n^77E*H1Bk~SLNDpGSKN`&=i2Y9C|0$?JQk$K$D1^sO1yK1DZF3_@Sd< z8s;DAP1Yk{?eovUrT(CYIA=%|YyKc~B3F}9{q$`P&8hyHyX&tu<=g}rT$YXL3@$q$ z1$4srmJ1cI>^b_YJwh~>>$)iMdw)v#L4@Z1Y(mf`jJT$O3P}@%Ou1&n`cL@2l--Ig z8B4W4e2X1&5Q3MC$7~9m%7h>}WZHiER0)!o{C7WUSuy{=7M=+JVJEV3j!7 zi;SA-a~?tq(f93C6bS&^<@Hb%oW`M@1ivzy-48O$0ktO%V%eNeE8kF2;Y>jK&wJ!S7f+@43xECb%^_El zn#_Fvlki_=_09N9?hMIyeC&M%IY%Cc`PH#u_>FaKOjCdDRQ>cZq)Y|Qa_WO!_e(Dq zIQVP_mZJfT%zZN{?W}XGfh2`rg1D+Z)DtcK3rZ)ik{&IKiwBHsdEk2vtjZus7V?V$ za@_W@n5poy=0X$1OQJa zCmz`|uKF32r*u7))_MGtLBw&uTZ+hX{e5rsAT(Llp#Bk&U3&z@IF(ub z$?jFk#oH42r(JB&PO-Z*qZRi}E-YoZcX^=}2rQe$!?T%R*|CD)HGt5j@h5Qw(DRY@ z*=Vq21np&Ea#zHap6O;-e29a5PFAv!m)>a#c(Yp`6~%B>a46{TtL1la5tkE_0^K<& zFlsn3mTeL+9f7^1&wJQ_@@mv5!3Y$##-0z4XJ zrPlhbkUB044Z0lku2>Tt_C z--UIp@l9*xK#V3)8MYX2ynQkIB|Y^WSUBxF95pXr<20*v1XXuufwBF#N`Csh{#4zM z{89(>`{J}Pg7~jYHth3X=khkhH52_ZqY0Wb)G6ZHI1Pb#@EdXb?W)@fpa?QH1}Zf*mBP;U$J_yDyR0<|}blj6=myFv-gs@}FnGYb7%<$!DZW z5cRt;SWJ8MgMfQy(a43#h4tj09O}geU-Ww-)>=13&v>M!dQ)hLwOAIQi^;-;<=x9N zzOi><2MMT+^;o21`I0?VOm2TG^_xxX-bgn$thpE74NSV}6P!RkS~dT)HQK%J?X1?Y zXj&j4#_AP_Q0>USt9-*f%qg5|P2|^_B$Sr$F7NtKN(#d?_p)XR68aq2tf40{dyxJ2 zpi-#K%-QSBjTZvC9nT<6Z9gQM8|`4!T&g!%^)7xEzRMy&;M75^ zh%#yz0cA+~sXXLm^}X2AG>7B0pLlVqLRwV!xBgM8i>p?aN?-Z13i(3m1Jb9)sqPFf zbXGoRrXg%}x3MdpK9jz}g?YQ`xcm}V?7Hcb4KW$qcrOJaKZYQV$!Cw-!mgpeILTjd zlfz%?4BRh)1$~$q>!dXtS2R9${iZGV`g`@N?B;^*CeFFsHPL*^+A4l1%N|<^xnNmS zPMQ|*?tmOOHSqdAPp{|=d~b=)!iAa1)#3N7ry=6`h4^H;_Udf3B2#6=oY+x_(F zfYS#)^R=#s_x-)pe1ds%hw198=GPxkgc*2jqn#w`utdhTq#)(T)_j#vfwpsZ$OPhST8t7S= zv{HkaZtNp)%|uUe@JKl9PY-75i=^qjf>KCJ-7j=ko2)&RkX!C(m~Um(q9l*7b7skS zWcG!$@8&bZD2q`~_Z$JVX?l7NJ+PUNK86ney(My-`y#zKaDT|CAYP34&{w3f*yD8H z{tti{6Q~cn3O{80nZ4Jm$&Ea?gte?vzI+4~>8gJ3y_ioH{5$8GiQosh+oJ}Kqe5*I$EZuo@&bGSb- z^f=cZ7(kjFRYSSgAN)9=Zb05fu;w#cwC>X$3XS5;(3fuv(Jp(Rc@%njPFrn_ajCdw z^CUHX2x?C6+W}(_We2G*7)oSpVfel|WE%It3bgAz5XB?WwmwNqsX>)X3O#Zi&(eUk z=~AGe`cWB)loLQQZ}P^Mywa~D1rZR-LPeD74zebj0>i`>{F$+vbi!Yg`}@wD_&Z;I zY0ctD2LFkWO=#DL|GX*s^wQx{2(qTx8KV>d%}9feDT7!Y@CK)7TSFfdEzO| z|5|U4unQkz9!6?5i~C^*>HsN*;1hbU+N)EHpioQtBteG>YG>j4LnVc?GYid*B#j?` zSn;Z&U-7OO#8VVE`jnY40tu;kWhB+qFHh>i{2um~?8SUP?82x~aCwZNgLt-gtlEEK0J5SM~#X zBhP^ct;tcZH{DdBKBpS2sz9B8g%3Y2Rr7E|4Sfk8R(&6;>!k@ob*Q=-`W{L_8J#k8 zeH!-+?01GsWXl_Cin9wfmJCMMKO?VpMm7Ivq2^nDnYSkojk5nX$gcP%aYztzy{5K~ zWbmHpZ~LNgz-75IcwR1=^L?YxNXfG|*R;O&)$}69cZO4GuGg0of~W&|McR!C7)U;O z1dm_Q(3#~4?ykK8u0TH;4XmQE_~d7ia$P(F+-F5QMb(R(BX#bWd<*_yr|oVd7nfL* z)d8)Dsp@Z`=D^%?4m(W3KQM&mxnE?)#3JeWzhiu~>PW{|N`&Q2uB2jo4;&w1S&5=+ zN46{+a?hl)XeR7lEu@@wY_qi66p_thd^)`rZOp2QTSFMUaMQb871oW1|(1KV4EXP5#U(lSZRru22%+fv{4C7?)=E2tkfr zuD}sgU9fXah^dE+eJAUbz!p?9gPW|^-^QFiF(A_|Y+@gVE6cI^>5U(lk-XSECJ(Ze zd)*0XqZT)*%oVRKvZ$@`yRZb-oQ616biMrv+eaw^J~@ml8?A}qpNSq=S`5>aF2^iv zZcoT#sl2{;NGw!(hOE7%EmJ@D#tLAYYW@BYMQ3ieOBzG)c{kG?g&6nyz-DJ(-P~iJ zxKICvd8D)XYj*zA)CZ1p<~qx#Dim2R2L(2SgG4I12t z^kjMjtm9OrgbTxtGKE$16`v_S{KM_G`ou<^7V=Akl0yI2Uk{_rotP+Z3*Mj)zkd7n z-5ZWdX<8Cm0@_*6thD8s!pWQ|e{P&-xiOR%+rwWpQY2=)73N-K&J0Q#ndECZv4x^k zE-z5H?G-*<5sGO=FB7t*#bjMHn(NE+LTn5Jw?eFw{Z9|XP7`mP`<<4$)o9#Wa}n~Z z99y}bO(WdFnoD^CL-WPK!l<`i7k{}kioiYAq?Ye_=Y*M}Sa2?r_e5illd;|?2z39I zW}Nz?K1*_VvHSgP#O8$En?9Lwh$bXNeNEa@X>XJs0OcMx3=DFjRSkW`qZ{KWl`Q|L zRAd*D?=!gRh9og_Ei%lik%Rnt!#GyB5cphjn7r+p033^PeWq+n!_-$o+<3{kTgc;= z2xww5uv)qmwGJpmeB!oY@zXHMx1~w#)gKcI-YB<@6sHRNm--#Le7Nv%;}^yD>5;D;nO_sW&vV7tB=fl1+3|g*(NvNkE2r z#atXS^wws}{MPw|W^C0_8O6P3T&6Tmp?<(rgT9u!Ok&uX)q`;ea<+U5p=PuRWe->W zL4BK{nx^+*e!(9Gly_PFAlLXWClVW3{gUlc;FI#%j`EYWq7LI_odSz|j)X^j;+>I( z(dE(aE-t?|4rNYQ94iR=O@E+}+j6cK9IN8`Kr1$hB7!}2x#K4vgR$__%r^~nZIP5v zuo0Zez;IOW*XCOtM~SK=Fun1ol?>OSJY!=kt%OZ$6AX8CW|55s)TUPq6jh^9BOp1hzyN*8wObTVFF*jKx4Gl@I>se`tUk^ zIDKmKuuv+5()gEbF|Nk<&Jz*!V*Ip{HstB4MpKrJj?mtHN(%<6e|3le3D5on!ZE|zClUY+-5?8d51*)@`j-L1hiq9>dYGbUMoOyD@_6>m7!S4 z5b`a<1;GHGuPlR9K9!()xB8ghR5QGhjpAo`dIO!FI9r$^r@hOw}wy-S>KG* zHfnCjAi?~IQj_6^-VHo;K+;~;PQ;81$jNw{4i{VBd^EXzOI3>O?|EewyU8wF}B z#&fd2zcZ^#O+C>tx)oAE?gq&QCY99Vwx4zrXLO1S7GG`#MOtrNj27SAC{lm4mH9Q# zPOt9NRj*X*uv$%d{rlB0sslM(J&&K{2(Szs3bvZ4 z$#EEy-M#>-734j!^buiJp|RvrVzjO}3Uwz#J|hGnnX2&(`BfB((v3$U>}YNK!#*KX zb*bG(eGN@SRR6^gTNcjpF&u9P?7vrQr7>EHA!NO>xSXpb*Y`N%(Z3z6i;$Th)8SjJ zbO1Kau80VLpsTcLC@huCAk=BzKXjQH7u}pFk%{AHJN&K8NA~na+ zcWwBd+9#FuVn%vH<=Ur?ADuQfqv3sjr6I)cV9cgnM#A% z;z{rD#dd}}e&_`A+B|kLiV3+vk@HjPJ2;yp?|NNXPy^zRYfirJUT-j6drmUywSw1! zojtVj(hyGV*%HpPR>Lf7q<(d52v9oJ8{>mMo2e*jLT=V(@yM=T{y*HkcUY5KyY4HZ zAW9V#k)|LbQ+f>@1VN<=C?HLwOYcMoMXE}X-kWrh4xvSm-U(8qcLGu)p@dM+i1VA@ zI^X{0oM)ZA*FO7N=RdDpx#Ugqj(0rcdG7mncU|0iYvqUt9vU>E?kdv>zzB`nSzzYd zF4)E{`{wMPE~j6x%zn8Z`KX_ z1NRPAWB8Oadu2fQ58Z5 zbBE0dT#yAt8tI9W{m*hMU~Yl#E*iNH&HvbAeqU0_weZVB8<`yaTrEN$ighl=+ATVe zLIaN;D$pE$L_~V~Tow3nvnjPC4bwZ@o6coNiG}ak2tz~2Z_9TKetY2l6aoj`jB!ps z8-)nQXqI~69vEdG)843EIbR1Zx!Z{hB2`3zaw4~Ap6{3wl{wwpXiL}cT2Hzng zZC{8Gq+x~bk45){;`^7=m-niLn_5-2Y!$_Qyh(x%ZhQ-T3j=G8{t@qoTSNiT$TLZ_ zHnh{SRL*5{$~M{X|y-F@)1W;6T z1pcy2mxO%RG|(STKM7@g_Im@j!Wj74WF)I?vI`>`?7zUhnncCa?$@2ym4!UnESQUi zbIq3=M7>7V*{ zB|v-ZQP1_FOiQjO$UUG@^KH4LA}qI%`MNjn%B{_)4b6T{udfnMk+LocVK%1mHgW;T zGJ#-JO>KsTXLYzXW5Ll2w@zZFKE=8tFSHj{`c~>miw1rM)ys6alpO+j1{UA9yZNrq z%2Of&sJK{AYd4;l5`OmQYqcnJthf@5D@!yd#OMgLe6s)Ys<}=VKiMhjgK%yOtUPPW z4xzI=1@ve~gW?=2T#+4fnB5Lp4(>7Knrmav zEI;XXgLN6l8oQg3{G`4#Dq6zg9+rUrT2oP3*Vz|}KdyuvBu7;8uK7Zucg;qFOO|c6 z*f-oO&VRc1WT=%marJxTz)7^+0-u3;hLXm7n9aPwC+;4BhijrN>G=k?Y+E8cOmaw5 zGN{Zn4xHbqe!eLkpGDaHtu^muU%qbs&Gpy2(5L89E?9b@3V}QV^o!hMZCu`whKMFn zTIxu4ckuUv&Sv#1$+yGO<9h@f(y<{d=t!C$74KoD9(9G2QQ<#K+S#uQphACNkSc5g zx9AI4m7%HC@^t|opa=v@(xK3T#))yypCH}&#@Tkw!4w|%`t|o~vbbbI(Z1`>Phj6# z$+sA0OK2D0`&6)RkSNZdg|d%VP@Q5@O}Yn%RD6)niu+tt1(8wapP(F=C%UQTOuJW6 z@bR$anH;bj7aic#wu2rf49QXe<#cF$ozUlF2+(-_YmLuS>v*`iUBZ-V+b^Ni-KT5=L>-!AR zLA650i!o(=%-jzQ$#>71*1k3v(qeVs5MsXDjb`*X$^NdR@m;2WC2qu!>s5tSceZeHYi6- zC@+=s6rgHsn1r%lY3=uVP*`3mXm>ar9k-~$PcckANPgSl)SrfbL8z2p)#6}N1IM^^oUyEi=k_`G?>JbCR-54wcHfwvS*0KmPuT+ z+12yB|H;;Hv?QHNvN2CgAn0)lm2nm^Kc|D5EC2g&{1hBgWrDc=$iTBhjl=I2-?+6^ zD49GqhU_ubN;vmT<4XpT#ei{`N;B#UBa|_z?!QCIXmE{It-o+v#>DCcFu1xf2-UJwkw_{wyVd#~|c(w{XePdHy?c@=06M zqv)C2pNJv2Ij)`nWQPFdC*3!>!;kG!Or)3 zROOfGpkvfT5tr5$D(h5zom)PVm3@^S&YaokZf9MhbfG(-#QH+FP05bDOAQ&-m_PU& z#IgD>AMG}JHOQGjz-OSB|AGm9OrMD2GiP4#1!M9bpaPY!X8WaXFtIMnK2jAGxMy+u zL0}l_;s2m^_~(rOzxO*LZLOQwF41HII3f1r@yYhThxC=-7;HfMguZ2x5wRR(yhR>;C!GX#r=WXx-`B1dpF)HfES% z0Ahw9v-AI^tr+OM)02#Q?#csLk{NE@9il%{U$55u0*89ryc{+!7{rhEf6e^KLFk3R z@)Q;iAU(!PWz{%IDVe9jWJGs&oCdWFZQiYEzo?*3ggCK*DLY6Y$e-pkrojxmjLbyV zA8yu7bIQts_|;O@36ji&>CuqPFcA^hR%_fBUAZjszrH>*>R%*z5|A%3U1!R|vXWkK zDJj7d9~_YCwS*I|LxXGS2n$w~(vJaQB^%$44)H_%HO>H{tPrmI1OeR&Hi5Kd&g_~GQG!`LiS_#&Qj=Q`>zvV(_7)}FLY z9GJOXCNC!*!{QzCDx#=$@$Jh702sNG$z(U8%9i5z%vA-CE@gnNv%}iwXT{gn-@^Ds zjANNp3V~c;C`OjLorb)GkX)3{<`mEX@C41%%bR!sgxHCzUG3gM(&1)`RjR{x9Bx{) z@mS@{{J3X0UiDBha}u;Gg73a_N;*jOJT`Ux&9b>+d)Yg(sywaYopXVxD%1cJ9PTsQ zi2}GXFU1SOjbEe=CqwF&UA`@L4~|zRVY=}F7w(ixyzME8u^jrbRZho%>M7KoX2pE6 zL>q^|o=oC7eO7U)cwWEP5~R4!*SrBl&@Ad8A~qu=r6+?~9Hwlru!G*ScTOigW@K^D zbX~i;0&bOTKO0n+>NYHZ8onxrGE5~rEkonONKF0qqmfphHO#5UQ`rd_9|qxdJd7y= zy5-Y-?fiE?hVpHA*9|gl^Mecxzh2{L_O55*gA=w5bx4(HxLL8(aU~i@FgFcyG%NxA z7MJKx=bB5M=3Rd$#cRpGUVQIh&2G1xY4P6teP|*OyNF1pbV-bGnYX{UCh>Fwk1B@5 zs{)bCvh9wy|3i@UC`vh<#j6XYHPV;fJZF!|Up8637RHO2| zAG29|c!Ho{L(VCreqgu>*|X=H<>9<#oqUlsdm)&|t{&9~(q%VF68u6Ii01omb3u&k zc~ac~-3PEmarGC7@p1zwojrYn*5@OEQ(M2E%rMHZ!s^_d9iWi`{sCwEpAoKDsh{?# zp$EOfGfVbByriqCm{KR6 zYR!}+gnlAizTGXcoh*W0z+Ec)qFrWUIjvevdi$%$BgqBH4mYaP9LLk1a&8miA1ICD zjjp}mkaP87U>hLsz4&jcvaHTKv-?dXEu{IsLCBh*1V_Cga>?XT+zE+*g3vlGL1#Xf z0&t`F^r$h10KYdpD?7v|WW-dO&4KpfvoD&BT0YB|@sSN@(Dt!4&DAEiTFNfHnH39+ny2)lo zVbzYL?eeu?=)TrILeBZ+{aA^!{uEjl7ejwxP+LFG}1*@>RsS zZ;+QMT7^&)=Mc<$FWmHMf=i21Yvij@khQ1)1#+WZ5p9to1i3xE0~Z6WGG&@d*tz5c zh>Jtu+$0CXWo1hFVJdp;P^=_}!uU0&fv|)Ck9AyJ8;UQ3>-f{ee%)&&1{b6A*5=-7 z)4KkKZBm>0SzHoCidn{43Q(IDH3nwWrSx|#v3Pti*5w@`wsEWHf*I|6qo_c^7Hv1U zF;$RP6hO#*@}RYO=XZNKcq1;GKfy{a9yOyTS)j7jSfuCvEgI2c6-^VyoiE9fXHZUB z9$H&+7G7HHx#!>gg+mwqksH}kxr%uV5!6YH^(A7?d<#S=>K|px-~5|25X@k0$ghh| zDK1Mx2<-PNdi!rHot!t5p7vUnz}1ChFJ#^j;yHYq@TkY^teMQb07rx0g_anIQ;N#0 z^pC}d!3ky@rkz-RhjHhZS!Nb|<>6z6rQ-J{Rzc7GkDDv6uYXabRPPS9RInHPi%;yb zxv0Z(ygd)q=_;vms?nmxrr(%L&!`E>7^XVjfgY&F+yjUAd7Q#$7Fq+Po0wo`_{=XQt7S>@GxP+IbDwzXsB+Ja1P^xFWIOBdvWU2TlP#;c70;|{l?po71Boz6$^J+C)rN7lxFyEt*;6T z)Qr?3M84;hlT3+gq>iPXc&e$a@iCoufrcE(CXz3K#>7@*#-l_hMx%x5#r?~Dv>~$8 zY%E)|btwd>OmKOY4nS0h<*ZYzR-Wm%zK2CN{8VRDYlJfEUc?tdSvwN-du{8z01QtE zc&!71|Dxd?w{D_Vl}urH{q%=3cM4%PwNIaCvbWfJwUxmp6|uH++u(}S##}o_GWNt| zWefz6pg8wzg}f^PO{$Gxq0(L_+P==B!D~HQ5yI`)Htj z2*W$VT7GLGGw+eWN{)h}Ym%EhChf@i5YOR#M9o!Q&HW`2Kk$E82R3D~wB{Oo<`lP7 zXAe)mepn{@9N0!n;xyv%i18< z{3w=9iCLFj2#w|-ZH@FReSGy_Vc@6EuNP>4t1{jiA~LWCCb1~f4`ZsL0PXN$f42WN@-ou^`#k^m{9nJ!Ku|>}0qN6K%=Kk_RU&fy zP$4#htC`-Kk)^PEJD!AIvC>hm@^cHO7quN&>-j#)5i7B$%w50p7#$nR^UyatA3BYv zE;rCFLagvIwR+5ZhQ(>I7>|fjAN=D${eV#zq}zPi`YyJz#g^6$d_2AY?z?iMJ0dvx zpC=Lsh_A|e1e zgN<&)RO~C?v3UR_T-)|9RSH{@k8HS3;>1VU@a$VU@1j|`P2G)_7!>W>l-jr2;D9Q~ zYNT@`aV(gb&+8|C;W}G9>wox;l;K~lDaHD1*u~gqCY>WTB(W^VNW+a}5N_bQ^z(k| z{DcoAr2XDRq-+$%0c>EH%f&7;vR5Mt>He}t|EK2s*Ju8-Q^tRvca#;5;!}iF*pi*i z4syLupyMD$Zm`U>+XFjP{(5)W5>%gp$3NO9OuvA#{ELTNn=t$jZTp{Yoi>ekJh4-5 zD<3=Ka)EA<2L?FHIN?**W^iJ92+jtvYv_yv{T5fJHUJTTvybRaZ7-yG77U+Twe4d{56t!%9< zJU$-=0^~!sUK-81R38gRjXoY(*2#&Z!OP?*Duh;%=?bVg>c{A5x6;lu+M z5m@%(;b!U<{;dI@JPL9}vy*J=GZ*T)8}yPGV)2~wVq8;5+_oKkRLZ^5G}iJg+- zJSD>i$l_x}q1Q|&>hWd)wzStO&l^q(5O#RYcm@BRtn-(yEzQ_$&FO*j?&EHqB(Uxy zHcS8ZR}>gKNB_QR+EvS7+GVDJJ`&_+79w>=hRd58vuJ2ER1lVa}0Q|0PcLnZ_zg%hR=G69-d>(veB7BONU*P+;v*oOc z?YF(#(W@LvO)uEBlf!Ker`?^NiGpJ&v~%>gl=)_B75Z?W1t)NrS}CeSBO5Y0GdjyE zz+XEs7W>0k@@KUVc+f(wB1P=fUvJ`Q%K05Ya>KwDTk5xE=@zQsK}zC>n++KVO;u;)40p z6V3l`-_aQ?BB1b?iQC|59jsblVD4TeXNO}}^lyKLlEnMco=$yr08{9QqLROK1N~`F z>%V-rF`0x2#Bm!&FnaBO6WD!MFp#amWp}mRo?}__+rRCte>j|e*@fByKyT-^N*5To zq1)!heI2 zybJyQt?%PZz*$P!?A7-t<}LeNOE20eK!QP6IqJ18287=8UNZt@k!Q8h`PdU@TA&7 z5biP!v6r#ZS|*ibZy!C>n|ZC>#=lS~o?~bh^ ziv2y9kMKF%u-)On>B5a3DE7GCN+>`#Tf;M0c*~rr9kI3ad0JwFlFRb`_z`}~ENa+- zR~R+t9O5%&R)G4w*JuFxopWu(J0?tOE2O?pNRBYu-)d&7%7b`_N}oFcgYp_u z*H`3DpVlxixc_`&X&Mf*7}tUy|1dP8J0%)@e2@l76{!CCQF-N}U#}F8(~{NkJoT|F zD!q2YyGEmSE=PG;aLPQ(P>?Aa`TF)+#U1?IhF>ql)%#5cTrNr~v%)AFB-N};vm{y; zEQ=1;P3>#7`OESrCxBR~-UdT&<7dx7R{2RCnBUNallRhc*C*3ScE4fX< zywTIqwzar0=hmkq%NI>HiMI!2g6OB>y!?Fa?N=vHzc$y*Re~N+1zsmzVgzi!RB zFfHJQOiH`7GN3uTI;%I3RXD)L>54m^wnR%Yjk+xO5VgH!ORE`Eyk+TqkU;Hdynx9c z*_)E(Iewd4ZZyZ(>5Z?CY}3j7|3{aT_x~xE(@VAC+_a*uL#D(%i<8jI6Oh1*;z|Fd z9P_rDMucw*0<)^kruiFio2eW-+8m2dQWM^NI|%Z?28s*i5VY|_&xF>1Bw8;McpZL@ zE~xIUQE=u@w7>ZDD%WF-{I)Wq*W#A*;x{%FwzP36&8MMzhQN~QI8B_JK4X!#=|^-? zvd7qvRoQ~@oqNCH<-PnW%cuIU?BQ*6rL5Boa`5wai>D6wOXAFvUA)>G&B0hOSF~he z-`XMQPUZ`Is*e}{YVwy41DdHksnJXV>r;KR?*(cj^Vl09lk` zyF}&~L3L(m?-tM}FgFCVr|@Ut7;9350D)g|;l43;4Js z7GG{quAans=+`(tRo&0UT5+qXuAh!HTdlqSZ739Y2bByx0{3)BF*!Sy?{(gp_z;UD|hT6=#y5h>)kUqI08q!MMp;H=N=Fh>MGMhT%ER7)W90&(3cBq z{X}W=%NnsvKk9t zAh$w&JM`g~hf>!}W4$PEO7ZhYdXgx^M0)lY5IJ5YK6`gy%tO4T;a>FC_lFEy{7RT9 zvSEzydze*OAX)kql$xjG0scBel{WVb=`9QJ?E>BTtFt5 z&%`mSO22rgg+Ffc@!QZv42FH!|o#7wX0=r4+!MVdVGmeOBrgXs`rhtp=V{PSV zQ5Nncn>;w=p+q`2_RWkI3BHN5s3uh;RF9m^&q z+Lwm=o-{|EvTFWdn1pvy3!vFEx zASp`sc!a%EijVz5qJU;z*2~+Y_R>U|yqC%R%9wKoDTwJ9#9U&yw>ZSK_Ty0MDLEE4Mp4@WJtGx9ij;Rx%EHvn-iPmLifH4-p}Q9k-MW-mKk7 zpH!WsrsM{gz$nS1Zl^GL$Eu2$%vU&)Y9cZh49(Wfl#fq3zO-A&V#K+dc^^l}Uxmi7 zudQe5wOo*BTEs<#Z*wd$>dFRrK#^*a6X~3i2ot%QFe`F_P&qhjqV?H5ADZk5G=eRT zbzMck;BJ(F^^Y@|^y+<<(lWX=L3hNQuo4tzhoQ>Hi%|i%S`ZMAWXTl?()r1&z78-2 zj}JG!Ez&lu-&2f`(6!b$55%~@G(5XROAG%OJx``nS132}Ze=n1x2lNbDi`=U8<&eV z?DB(yPh@WJ-bnPwFxZ5vMDz`fog0YQd%j4UObg-q=*7B`G(JH9{ght_fFre`-knxQ z-P^gJC!NrKBH_HoZ`>a+X2PzO-|iA;vX>gIvOjs!1_Z7XnCqy(rw=~%e0#=Ld|94t z{FemJfrDS=E=v}L&8vajabBJA8lPfQRLn_pVlIm;ATW>EDS(b1-sTkJ26Kbw- zWALQ4^HJhfQHv96xC6yx_rqT1558b5>pl(n!3=%}=(I~_Q)fGAa4`84TwL|!eS@#~ zjfM$~I5fajCSf@tV!$$5)LxRjmrwFZ-}q`Hc#o&!#C#@h>{gctI|?#uP;L8l1~7D1 zG`Wj);F*cRj`BCu`bq{7PO+%elI|Tc(XpTPhbxs1GJ*&U)P{6g9*n;x_Iwc#5h=LF@V)v6njZ1l#{S&%EFll{8a;=Ot} z6_-k8um=gWeq2?%Y3~Q|!Z?+i*S4L$6a}`);fU_1@ZK8MJI}BS&JGimsjb-cJ3s0+ zuY)a8uL|G0ycY@=-}M~*fq|aSvVx!<6D4|&HnbZYE+5_{uKRE;>k)2UB(_l)ztji5 zFMf&HuHiamUL_ijv3@Ta06gJ0HuB(Zv_&G<=_I2;C0Q|cj*6D??qD=pw1f~pL@aPa z{^sIh)ekS`l+0Z1UtC(qW+XhG@j%Z!ZP$2|LNzf!t}M^tU`Ig07^7dwH!GtV>cy6q z)hS?#>a!*nrMfP-ZFjnrG?`Avl}EXvogVd}>te9*RSiw|V#I;G4N4K!r}#`nG&sBR z$2nB%y(ad-0&>jxl=rG93kj3gZ%!^7y0d>dInX6M2z;jR>Er&vHN-iQfB6eI#QdDx z^my?csOJZ_w{LQ}kPX7mY7uj%(yJO*9^8K<8$m=&7E?>4P3^Bh=x2Jh;q>Hik^pwn z@_tZw#&g1>MZO~~Ld(}<4)=3F$uF6e%VM2W015wn)yw}sIiOZ0WOv7bukprvQ_t!) z>A{C4x*z{vdZ5NED3EFJr{z~demcDoH&rlMT*%aKvprwa)xBUuxwqZG>oXn&-SV3A&t?Y6U z87ZVCu65IPk#jTDohpbglo(@eLhT}SYoN?CHo`pp-|QL(j2=`r_FV#|bRPG0KO9~D zu-vV}JO6Bn|Hn|hO}DXLQds8z$$eZlz1zoe+gsvA5909(TJq?WyZ6@bb(?&}CF@Go zRePyPE(-BinY5S%&)e(4Q)HmqRR$~fFqTb&E z-r-)72cPrSnu((E-i=|el3 ze+v$f}v8$PaHt)Md&HCZ&j8DM@%rgxS;?&_v2iNLsu{=7|c> zK5;iymBY7t%w>4y9nyc_gR_{I{02BuE?=dJIRlijPcvuaQ)Ibrknt+MiGzeSIzTi# zq)l$~X=?gNBWP{pQF5(H0oPKL2^?-Swus!!R7Lz85Es30f$g^yA#JZW-%0>2liWaF zw*lbBp*d_<-Gzr*b1#M>#Sh@`(czfM{SJ|>`TE2gIX35u=sp@9?2gRr=&ENG5qy^u zOnIalyZtFu@gxLs@tYcMipyh9;CpHZ&MF;x4OGyTN9Xi1Lll9NqyFZ+ZjM`m$`;3d z(!zcfsc_z<2C&r;ZN3=zeThYzmix~<6{B*s*D@;8iX5shIW{#pwM{&HZ-S*`X9WKOMJnRcYS2WSmw;6u;&j!TLK%uoC zSt?1wOuu_O=SAbE{N1sI7NHdUqIT6Q@MPO>fuF_)F*@glt%S1m8T@CWQ?0p+4Goeu zj=C!sQi=ZWt7;PnV96mto{i=C>R@LCeh+D{+^P1PyrQ{zhwSJGZf3>|KJ*YO6!?Et zpdqgJ{FttHc3B(^P>m7I#co_{GS<}}`)x2w!&7@8##Mk{sM@2re6phJi&6}*f!CX7>!*9f$d*$W(@p(KdA5CA}ylBuO?umJ~wmvWxi_- z{>pb@{ff?fZ4Gu3HkByf#NGMsU%T_PJSDh2)*tIg}l_Y zW1ZyY(&+ZP+y0H~_hSXZCE1EJDoK=41uKa=Yu~~jB;-g1dPyCeb{XTXgth-%NP;re zh;5!cAXp)KyyF*;NoIkKRv|QUK6AyYN_Td=yq5_;o%pIg7uRWzx z(M~b5nD;z7G*(@zj+*{_$A2)|O?%)=A6J{pr^8Q3QywAlrt4ux{MzFO*B_X;rz?$& z*;}(HLgNakTx2yQh;0tv%V<-D>(y@fW z#L{mxNTl^2Xb2uC3y3V{(XSfh%qPm;xbOSR(;cfEz zCjqY*xfY(KD9egNV|yfB0&_Y>fgcwvlyeiq0t{&5zoQ<>}H;_~0k1La<2+2wsS5xrahP4;}KL%T}a`wur@y=w35g;iON5K$~DI#6^W0?LABOoaBOq6$}&~6W1Uwv%sx%-*_ zrABe}C*y@Wa=ibd_9xUH!O`#QJ7?}cR6{MKT;3X79(vLDiKb@c6W@`i0>fPy`0u#^^cN+Z;9ycSQ@mFGQwKRH-eU(!0WuvF$~ z&EVOiDn2gLN%w#8MO_x&OncHWyz}1tiO}cO&6?LXV2wb1%kF#5C(?5>@BXqDKFdIm z?a?J7s(Ifep`bUdnHbPRX(3AIS7Y+nKEdCRQE=k~V1;9+b;?vCuUpQOA6zhxZ2j z!qPuU6iQyo^DuBpIXk@L3m47asN-)bND_S@3Qj%DoZaTMP@-{g99tf$i~;soQ(xCx za9__}^%75(aN`dCMFr8?Q5sat5n)B#|4v&}rv^Rs|0Z9Q=rs1FA)OwLf;y>5u*@wK z|5r14-9W6`IZ)zh=;r^i5X(sjkO>FTo?o}wPM3Y(NT4z<3gKZg2L<^|pZ&#^p)K-f z=K9;;D9;`Yi7ht#awDd1BqFq4=-y?E_UIx*bL$lsrj_)OM>`K9HOA|G+|I8nv;?WT z4#B(|5+w;tlb#xAQ{`rX9{z{~=10`4Zl^)XWY-GiQKZCAkb-6aCwwagkK+kU^xhAh z;@Xy}kOC|j^h1Q5oFU)D>a@PkK5u`35SeA49nmh4p4j@$=n+egINEn)Ox7nPtJB=X z_k{rzF;Kq3PqF0cXwiVAn=I(Az>Bl+t_x8C--`ipFu4GT+G@xsXbU8o^(Iao7I@(2 zVu>NQGp+Wkou(8@XiJ^H`YJ5KG|8`f(`%_|eT!~LnngHjQvGJW#M>NW<)9qf_|oL^ zRekC6m$@NRl%e6Pf|=_6)v9m}84Vl(R#Spv*i;lAV+5zVD%m}7Gj@43P-SaQ@+I^$ z#&3$1$rHl8fjRtgI7JxX4lsMaW>((oNpXDh+5jl?ATw)Rr`J{fntXLgbg`9O3|YzL zt}B_9UEkEzmbzc1l69DWqr4PMQ6A4ch5mxhK-kia_Ckld)y9 zMTCJe3q}H$w!>1tnBdN}#nBb`)E_*%7l2ajmc&DvA_c~m&`#T~$`1Hrjj89cy}uzi zNswTUheH1aa)lWO%pG>SyN-xVMaMJ&qrtply@&Wu!K#r@SFZ14dwX-jd^*V zpy@V)b{LoZRVS6H$LEbk3V@C;++~FjbWeEZzgUm7mRlESn7jbO&WGI?9r;vW_?}Sv z)9pu}i3Z>l7Q|&H^w2njbgusTy@?4MRH~;Oo0v*tI=fv(rCnX8v9o9d`J6VVW!H9# z;5g@`)tD`F-zHbGZhi&jj_} zG(4B3Y^kb!nWjT=F~3^qH@sI-dE?x^_3o-3R&!e%nv>Yh%v6bj?maPlVq37`jz4W3 zDKnaj%?W)`_}+-a%jJ-Pyl3uqS?Ee!0QRi?=-r!st@(8c4ut+lmwE9bRbW_jC;@DE zMr%LER%n*6rF7jz4@ye%zDq^j>eXo+deK!?V?Wc23WxR(=^DSg7Kdb@c~<=L2JCAb z81)^L8n;>wFg?MZUT%NM@}}%)vvk?;Rf?b~!#O~COXZ%R>Djv!L~UC2+F&Q2vUpYU z$`W8WtZT3pUvPj<{4iz`PLZTudGBcH zOOU|3;e~2%YnzG*V3~gdl-u9QQ2a(Z4zV=h+YgIZ>l8^GGHp6{t8G`rZ!<-^epr(` z@y&6gz5e;vnoOMLt}{&sYm!I>tjU*@H%zO^yFA7i1K_W@ByT;f;YP z4d&DXehIOVyLAbz?Y#8eBFVaZz^BA5X>vEVk&@O1UfD*JdDumi9lX;{^P%)Scbb-- z3k-Q_{cFANO+GyfY9b2m_oR1!e8=4^6D$D`=vwlm!kAa))g9W+|Ip90-O=qj72u*z z^f8Vci-oY`xXh9ufyM=WN_g`Uicb6F4J|cuW-qWW^+z}i_PXtGRyE#zz(B~{yMLAs z{(?PAyG+GIFVbuBC;x3=zE$8kWw;D=y@^5#L@QgoU*4_@nM? z3;Cmjv|ne|P6h^BH-XPV*v(a%b?~CWkeQDjdcJCq^o2X zQ5yD_dhQhyY9P(x6uT~DJ=$MqYQo@*7b(47=+*hsAXK_qKD^=|)u(j2gOpOmYXuUw zHxIvfs2`jhG7U`DFy-(g>u;t2e8@^cu~4fE2hVeI<>ZExm+W1=6!e zGcc?^@NH$tI_-}}Zuoywva@dckI6f;deC29pJh3T)pyT`6#wp6PV`h+M1*tya6qq8 zy%U?#V^yhb&(tX_xE2$Imj9T5!bT)0vYh&oDtbi)s_xjE0CukOSg8p8kA8Z||HL-} z{vyADrwH<60oUBSW&-me09TAPS4xF#2EY^t_;fL)?P*GQ0rJ6!_YAMT_ks>3#PgC z?XXkFhvRmq%?I>}$}5A{(yE!vviZbfD&}T@u%mNgO!fJL+NUYG;>Cd3h(JS?6Fqer zSpAb`r_*4z@-y4D78sP}#<()h6ikSn#4l_E6{NCaELZnL%?W-&zJL^@^4< zH<8s1zC}tIMyW_S-8W?PINq%~7^A>kb;uCME8^(WR8Xl_apemS;D76^>8FxHVG69w z`{(Q-xFM%9r%UbERk8r`R2047?loAW%61anUGx|)b(ju{S_W#)4suF*4+yP&d@QAq zN9IVA5_--LJ``sg^gHrH1#;t4f!%12{IIW6Bq|l!my8A2+A#wT0MSLW=@DI? zO}?Gxz_eHw?5$Dby);HsMz{mC7p|rra`I>YQjQHkBKDqh=UxVCUQH&NL!3D=lV?^5 z!i%7g5~nZGsiEaRRm5>U6}D5g>(xy%GV#s_gr|Xi7d{!uLKy8!=6GIyzsa8vxY|#; zOg(3>-?!k|)JWCD!JbU+Q=XArI(Ck{t-LQ`6#2V}2OU0(3nNPCL99=xJ5uLz|2e%llKkwLAWLM`!kPIy>}CjbVUWa zVUT=#J*u=)l@#S4J4y~pf#p;Rg5GibLP=kBw3m2`sEo+LWQ*hQ%_~};RsJ`a1GPB2 zwY)xNwzL<;?wgQKS~Y0|q4gPT;2^wkl2D~T&cI8M0jLXfruv>=qviTLw_u*@r#Q_N z!nt#^^rFiv@f4492~v(AE%7n!W$$`KU*^1gBxrq;G&U2^yE6~yKhtX&5JSQsabY2M zf>qfR&h{xK*Fu`@ZDYyb-no#udLhi?l_FCti_Loq%l4ioiM=Dm1;+%nIIm%wBYlaS zFuXmfTj3XSCPJu0kDDK@O&(owxNGOyeJI-MdpPTEcCMUs>jgvN z@P3FXxG{6h-?31$-RZN0mz!8Ym?vhB1`>J%nR_sHchjEc?!VCDLRdUDm>2B2)E=jq zMg`bTfn)Oe+5{7$TA;O#GQfkZ;>_otyFgi!6FHQ-r3oXxwct$(-~LRm4o>z$#H1;k z*-kf;&pihx;W9{qTwNqnkT*#yUd2<1~5++%jE9!7G(aZuvpTO{z zKc(792@)Ud4Gd369t=CSab48Ry3F4is@DSvv%=VkH^1_XuW3hbiON#PxAs)I=y(a4 z3Az0;T^S#3dN8hwRXrz4KL|-jNDiSUL_dL6-+p9VAfK!g4s#Vc(FcO!<2=ae?(!x6 zol%amuWG=T8r&Gbn6uz;_B%{A%9I@^L{EOFX;~})pm0UG=sGOU*kn?$_lTXA%+ zliMTTLn1$=9OB(Lvy^#F>+;DL_2?ciYoxH;`a1W9pTJ!CD*ZK_$9q+~qv@A;-PK`z zXK*cGz6g^m*Jmo!iVJL@@fm%+_@9q#NTPU^7qmApbcuS@#8fli7HL21wdAfG2Ih5+ zU72+jUx_Za0vc~2dbugC;!eTD`V3l7r9`eT&>n%P(SuYc9GS9N)0UEZ;8&O&LIgc4 z8{VrpaCWQxTUchaecDkwKMd(#QZUoMXt0J^(gxgH=WQjZnfJlAj7VX(=anH8FNVTW zG~Uhv4&0J=Ec>ATp$m};9iYd{Ws5K3Z?Saev;7I-+je-ENVmlNnfHC}qQ|)sN7~cv18E!* zb$CcU_g5W%S$|e$3b4;eE)(;o*`Kv%>@JG!^FKp;Cd@}Pmx}ziWX`#e)kR=DTg5|A z#v-%>s^>y#fX&&X%G&?1H3NfpN$eeW-?D5vPlL_Y`n5M%x`AZnWhV%>EPrGX#g;(Z z=8#OMX!R^^^s|Qn$}TU5VwQB?BO8w*#u?b#FDPBqeim1eFWG&eA;deyIBx?A1AEYV z`Xa*iCI@{xB%WnTr;VmM94|+WTY`LhR2R>yFg}g_T7e+tJA7mgC%{r|nN19jOvanf z$|onV_BeJVD;&)Fqi8QP(I+nI0Qu7c&o)sPp^PN+#|IzaygnI^^%)nEJqlCE4z4aU`p-DAX`^)zDr|zkLQF#A1f5*f-Wo;m8c5ZrP{<~=c zwkHAM)P*D5R3*U4DRu8)&~Px^3!(qrs<>gSPQk?U?;Rmy*Q}e|W?*q#iJs6}uzCgo zVE=>nwwCgC5TC=?-jzi>*;xRpRpHEv&HdBy5ete z3Ow=vpJw6N3#bQoI1Lc_b|5yRry8-bS2x&jau}uq#FY=8S9!sv74(e9Mk#?mu6@R5 zu3sJoGU6dN2~R$&*M0B67gbQNn+z9Stn4hVoE(TF+i*PXk^A+ z7oUY7x_JoX;bTT3K$nh7VN6}i(ArMe9B(ZC=`X#SzC zX8|@Hp}#i;fr_xG?j%-xjn_^#B);wu*H+>l{NGCH9} z7%-G&dHlVT3mD3XZ08#lf&Z=gh5vNN5pu$};YHNgGa!AF4TNAcj` zX1V*~d;3u<_>-+p!g>QPR;&&P2sJmrhL~DR6{g0JSXTJ=OAQEH!Rb`7o!;%$?@mRd zcKyMMAf~mXTb*tkY|8ZrM+@%(9&AER)4mAY5}k+Xzzc@sFzy!7L*sSdA_7{)C*pYHhAo`5 zC`_3a{r4;LKNU)Jdb&5=JW=+sXXZ55tk7WviSu%Cj;A%V7xAJp38a!cCnwFvEK*g` z5-3mkR0RhMR7_+?WtH77X6>qZa=t#M}z!& z{~xdCkuXO-p_aRyDN}ww;z|NNu+#o}|36;`AxyviL!#b`57bQ@K?2e5@BicV|Ede% zHz(??5l!_x8UDUq?$T3v$jC_7Y$SsD`LiP^advJlfW_Sv{3s;jMJLFx_T0!JdF8+TvM;rz5$OCefziEj}wM?m*{(`W;l1s-%tN$^JsVAsrj=_;-G$ zNGy3Zyw(dGh$BbGow+%E9Q2aMJA+G^;gX35l|0%VTdbGTT=Ge<({A3|6sP;yj@H{L z=r}}OsZ(oA!|`Vd0hoGjhbP}iBF_xei|YtvM3E(s*@*vgQ0)@5m0cf<4CuaZ+ur;1 z#3AH~$!5Ymk2bv@O>cNDUiO%L@U?r+#7&o)C{}!mWiPgs(quUT4v~M5zxdW&@5FdAMEoGNIPuON`mc) zRqJdubvdSb{7kdAw>c#ww=;m*JgteHOR+x%8hVRq5A<<s-?s(=&LR>qi0Qc+-AkAvqMW)6-# ziwq5S5Xi7g&b8w(ABAZ53l-fzR+b1$8(JGe6ZlnCD1v%obP1f!QiX`VFSB_Yi@#r+ zY(MT7R*6ruvNHU+4qZ0Xn@(GH2y*&bj+ChS_+tp`dNfx7zdZ7jEqtM3MMw8&=bIq8 zyg08}Jkn_$(QVM%owg!7QaQP2?3n;;-TjZ-(yG%S`zu>k^He+cGL^HJ=A-1w1E@_;o+8ZJmnNHV^YJ!q1v3nCyC-8b7e)sBhgu-b>&5!x+ z+#;dgv1PsfWY+_o?6c6FQno~<_1gc7y0;FCx_|e5MU;>hfuRuuRHQoxq(liZXaocX z5Qgp;z@b|KDJhYXlx}c98iwxft^uh5&Uf_p?6cP1&$HG(=URJR=lrXJbA9J?e?ND; zU-$c%>9Q5eg=a$#_ERu({^)QJDKrUfd}c>G0Yc4&WY;6lvAxd61i(WDK)^jM~U6q5w0(mii$b53+?B zJx}I`=(i93197h1jM`gVVTqI&LEA<$3KkX6ykUw1?-^1*_gd@$)+6B&5aBbaZIw(m zu<8fJsngmum9{7uWUA?TqI4&PCSfkCGw1JuR%J;HhS1(us|MNr7DH%Rx{HN;gE+JZ z`B`Uw&3!O)NipX5aV5);M~ctKKu!;ELmSj9)xmq)JJmy3T$Se=BYieBKG|H74$o&F z-5Ih^@H+*?V0_3rYEd0knB&ETi;!zIDikzoK%w|ByXn^*-ay)LRdcvlS@9v=NP3)+YTFvtZQ zLR7RJb*otlPcZd$rD#2-RTl<|xzVA%Ij)>+2_d8lvf=GwuVa|W%j z!UQ*A^S4eHzbeF4bU*YdCI$6W%J4sAgM72)v1FwodWEz4*~5qo_NeQ8+q?bA$R8uA zWS0xO=ea!1fRU65AI3<^Tl;eKz=JNQB~rxR4%Jx=Ffm7OWpGQp zY9OR*%g+(x#17lKBSMpjHD9%Lke3ZBupXjwZc%&cPWonn@JaTgYgor~t?Op!5r zK1okayHA$gDlGQ&cBM<_3Op|#I1|G)zk z_qo~8#(nV5G1BFiawA#K$osGlgIftrPYf=PHZvQr$|6;DCm;10ElYJe={NM(Z`z!A z_1koE)igbN1@ZG2>c6`}vop{i-l}8ZTE!08{-Tac=eU$sxJ#gBFrBzbu~Q`YEz~tK z8CGnTfbTi*F*UZaZnKNK@hssyP<7BFtXdrAeSF{o8Vax7sz9bm%ARwU)p5Yi5O87# zl4FIbF0ZU+KTzrpDY{$qkqT9QM(2&1(|O~zZ;)i8-|4pW{j&=`$@Y6Zl07Nq zTNz;}^!HG;hqaFn%WcjNKyZi8p+fiOMNs(;oxG1`$qT2f?;0r9noc?2IV^z8U9hNZ zRDefY*BNEjNOx{CbXrQ+3J!!?@+QSOLNaj@d5Wl29;MLg;dgztv(jk-qFq= zlC%O?=1f2X2E4e!x(J%}a%0d>^L`@fU+a{ziw#alj__DQ))@4^CV8xx!Y;8!bxKPl zt+-~>R$51JiGyZrJgr?DBMkXsmB$BF0n9hlQ|g+NB1NkD%!ki7hqV zWi(w)E+8>>q6d<#vK#WP-|v_5TFby7ruR;70}E)h_S+ov7XdML)vZMla{#RJ!>;@d zRuO^#u!>ITmx8!t(b|#(6u;H(tQG&f^#>kcAH{>QkJ`QA=X;V5;8hzIh)_zWeoAmN zNQjs+>QkMfu0iHD&2FcmXpMq6OSY^v$}R;TaE}6RneXQ}Moaevn7Hg|gIr8sKlGCB zb)puiZmqhjaAQM~G9b#iEE$ibrrjgjCg&xONpu|cMsSXey#Y>Z|DMtT(uy~PEvUUa zed|Sl@7X;|kUHtn8!uHXJmM<9c0=Ggs6BjG7|ZU7Xj4sc`%T}TvTF`Y+0x2 zM=h-6ePE~Uf0i)9GsmzFS}G$tL&&nTbUK}MTrdx)#<8X0I>z)i?tOgmsc+d_S)I*d zjOUty=-1C}@Aez)N%X}W_E|M4FBD$(E1Ybg7(##r^26U;BJaRB;0cV5hsK>(n_+5%EMl zwa>XDb+X%SCj@+5e|tw6;{*WSQNictwNcL1_4HBMHNY0((G3SQYteq(VRk+bd8|Zh z2tIOGVsX4E{N*;iv3iutt%K`cTOBLHYW9CL79MC^%OoNI->~ChYJ5Sw zX%{;cz+~{Uk)N8mQq%XmM5Z+B*KgaXs?h%Xh?Kj?(M3P%-Zl{sOmXbA$KZ_4Nqbqp zDzXvlD#Kv*Z1)!@Zta2@sO8zLh?Y+Sd2dC-(@DXJXKS=jw~f=jwa;&`_GuKVyOmKS zqm?s|wgU#Y5&}D!&r4;iZ`fvS3%k;kbfaM$$VF~%(HvTHO?$45J2T0@-j!vXo$;NB zMg*vR^oE2=0Y&;a#xu&AWg|mHCKD^ z!gH7V7WW6{($WV;u5G>-K%a8=K7d30xM>)F+&|4O-~~VQTF&7D%Ww%dUG3MVkSW4L zZ3JR=4PYaC%aYiT+KZDWB#l*SY}b>}M``2JX}@TJC^qH|#06Iw$W5#d+~_o!et;to zqVOz#CbabFg{mA+kTf|;6}ks`0XgS=V8Umo;b}Dm0oUyjnwho z3Z$Lf%dQ}&+MCCF1j21lMKTf$E2YoN_r*GGM=660&+Bt^u{Z3TX_&Zg=({ysGTL7*+GwT} z0hS&QCh(hcF22^4o&^p|Rt>%eg7FlOgu}UnSGb92>ehnf!WA9EOoEhIzR^Nn{d?p5H!VDX_M{ApTj{40iy&0nD@I5*AWf#lAyo43T112xg zGp(;iDO>MnTa;8irVz71+yf#JRdHh1GgfW5YVyO<6~)QmY|suNeUp#$G&7@d)SAsK z`HM@b<6msT)a4+!osQ;^0F?P1<2U@t0wdW3`c6#bFXK-FQkAoQ6uv4|1>)>JdfW^P zv&*^jAs$4cH%5po$p+3w0c;6{Y{ujS<=jXs_>wE%7%2qT6QFq;dm~w7$Ku&s!ebm} zmJjJ)uHQiPSn>1SrQoN~Ar!jl_raEQ#YdqPlg2`DWpw>#a3qGGNfn}uXs zg+&$waBCX%`4ouROMzk=>|e#D`nZPLV*_c@rlrh08>~0lo%#i@DQ2Pb7HoWCG)7O+9J^q9$%0mz1j$<}3k$ zlp4!nut7w^A?EG&%Z+sgaEjWrPz_D{Rm!n5(R5LGvgG*-eBR@Bx!_Vas63!B(wBu# z7AMNdGLv3ZPrpZa`o1jJqE;id%YtCZWx}ibv6*d1P3i%|DKmmhu~!`GW~_DYti_Nq z-MNIzmdr~Fre!{Fnx3-$A=z6VTR_L&jA;H;SeBvv{l|IfYigvKYl_)E2i_I@bFWuf zHANY4u+Ypv3>C_spu{`SgTtz6gLz{Ad7%1v0?Ncdax88YpCk_hNO8c|22E|Tz2UBrCyg8u&2#6C*%w<>nFe%u?R>xE z$0pPuXS!?sW;23ilO3Aabi=LUz8P)*YKkszK{sxh!z2!XNO>8HPE86Cj|dmOr_JXw zd4>WxAX0V6YdSUKQp37&9RRY zFdk9EBa?9nN`!z%)M|h{mHxcZ3RO54&E4mkJ6^?K;Eu#ssO|~n)N5rw@@FJUtFluPClHW-jOJO~xBSZ5h15@fP_nl^ z;HM|V?|8$^!=J5q;2qGh0OuhoW4F~U!sf5a3MR8sI*w!wT>Dsdh#LFVDoT1LtDODK zw5DlHE~phE2K(3$apK+IOG35#j+EE9%u(GxZ>fkKc0^<#&N%)Df2u@{Qy`4RDvvqJDXQX0>Vd6j#u z6V>FGQiyJwEtD`=wL7?LYC1rX=yhah090jwB~%BQRkG?8@9}&v_FuQhMuXP$AnxTC z<24qe>ML#%f$!xG&ui&{Bu)$lZ#bm+eS2i$e--55=gs;4B6|Ciu@$>OIs=_QaCrc= z*iw0+9R=G1-j1LOE}o`m^!k>M3*mhFuo2UsRfqFTn+4dY2xwm>xm{QoyHi7G1q(Lh z#FFY{cwIxh((%s19{tLTE%Ae z4sfabEGQ$Wn>fbn@Sb$&$(@(aH`nevu0PhK*E;{M^K!IeGXEu<&EuQ*u}3Xs23wm5 z$E`^@t96TP5~ye84}OUx3y0K%bVo{1lk~~=Cye#xJ(OxeBC9#1@$&L5iZ^F8`hlhS zv;r^2#Ime|u3fI|YR$8kX0!=P-8>nt&?oBCN?$PjMZDYb>pCG`^!Ij8D8KP!4#y#v zZJ-PT@l4z?onZJmqB%`4yw_^oMmJq4-L&ySLKk25KG7qw4}O3jl$@B^J1o4tfB8X4 z*YIA8o`%vI?%XCOOtl(spVOjsnrCFa+AEZJNzj#ZC@6#n-c=W#3aX?_1@03icA6f) z*w#DYN@6=L4^BTFn~m7edw-zR##}Dj!oXE=lAceRvKM_W|23IQrQNhN;6P|cSYW-1 z7oN23#srDt-HW*7<^N+3Rh~Q2+py;s@ltbvA^8$0mTqA>B^_rkn@@p7zy&SXOCqdW z=Hxre#QgNy0)G%Fi#$!+)C#pBdOx=z8*`v>i!D>0GGc)RT^|;@|GbUl zaQK1OZ1P>bjG+g7pM_L{s=6%z0_qGPppaz%0kutoA)qFt8z3B74IkPhm#7a|u=Vvq z51w9PIrka*;7QJlEhlv($>`27ZFy}^svm%`pL9o=r4byztE%ipd2N5Pn^bSXT@F&^ z+VvH`sy{j&c?g$4mVUKtLd}Dh9Er{IjN5;t`q&5Q>NTqkgbU0wOeunE8`70h7ENdJigmT7&X$C>*QNwTS3b>Id?+YT8v*$+LYw%Uz zr^o-)Pvn3p+Z9#8+_WuK@)w(DB0h~(vR*whv}}b(zKx)dZ<%G4Z*^GsU;wC&Y&st0 z=Guv;Uh9HSfo8~8HS+5N7ywH8Ec&WT?#CxyLVQ-iU zxM>ozHW&6-KVO$M#YB1yK41wG1bQNXH56{1D6$)28<%hZ4bPdn*7ZCq zz981@nJF{WA^z-uWIjD(Oo-h2)kG)Re4*y&6$zC(`3zFvx*|WWoTy!PC-bg@7qk#cxw6 zP+6#Db^Va$PKRPyGS4j>eYcDvFY%`g#(lxAc+Ky!IFRHc=9PPe)zf^yRoD1MzuRFA zpIn++;KokwBE9evgF^qSs6kP~xiBRvCq*jyFVVD#G7We^N%`zn!30aJ2d_?gKFlhu zq!v0~-=nABND%`Jp*AEaPjk4D4&i4Z_PUjer@-?(O_k_%o7&z`toVTnjgYiUGg7`5 z!Z)G$r#)HCU{WIDB+Oxb?HJe*+w6_NLYvwKp#bMZ#u$zimWE(B$o7^k?&8hM5{eyu zq?Bgwv4v~jh{nbF`y?qma0#9dKOsNGtvTc4DGZ1NI4PsWPtEbUn2uzy zvn}aFTa{AW<;$7#Ewyqk!aVG|n|GWzqNm^08?55=C|Qv6Lfnf7fbsPGypt+m1yX<+ zKW)g9f&II(--!a+Yaqs!Ry?)b!uRD(#GIumDIKNM#4qxZV#Rry@gez^Lw@_|rR{$2 z)x$}cH?cS2Y=pGM+Nn9X&GM8qfU@OY23yc0<(00>GGLyL)qF3HlNVzI)d2UXsuY4C z0+>Hq%{K8FYA6TgTM8Yv;$Tyor8@jDtR;fvnuAE!TZ!8d?+c>dc8PsBl~w_fOwd~$ z|J;!OKooo=LoQ$*k}rHsPT?fCAv3kx`}c`qgK;Y(QMlYVHJ=ohC83yrb)Z9g6p z^4k^~bI+KumX#YZ#5I|3s(5CVE46d{Ob&uAXtct!8Ef^U`G6 z2v|hS_wIc=!lYqK?f>^Gj=z(UP|K6203x-OWS80Gvta>tZqfSch0a;k3mq-b!+yn{ z>{OW85wIveYSB`P$qO^$1f&q)&tm+d-rfhf5J0JEsZrqWwb8vLUGo7(OO6^>9Rn@u znxq@g{=M)e!6*?k&!xm}KHqHwJ3*|89D!{ZswS7q|;`cfIt)@{< zWvkn7P5Swy3YZeVG}GXZ!>JLf)b4Nr=9P)Mm$n|-)5q;Bkrc8m97T0Hg$7PX<;%zN zaeDo9PTh921u_m^*JW3z%~JFUlS+MYdd7{VCh=*FJwqQkZUKHW3UG)&^8-FnjP&9! z9nWAkK4u7=|0S=|_UD`r?>k_!|A2!H*nyZ0=d{q~beldB7EH3PkVh>SS&e)?%0uDg ziQ5GZ!}ZS5RKga-B5Um>2e$#{=W>Pda{t+21mNoQ1;lRPzP=3E^&+8}3iU+=u~3m{ z*tb3ehv~FE5`*1?vjuPy8j4>SA|cV`z5YdJ4|7(1NXLgbz5zL8*`vf1*wMHec;S`YKs zK7t>L?fAXSg5I6FxeMEbcHyi$q4BeYY#Qs?8YT8yqFL#xs*x~UVU9Oi+P#ZcT(#S} zh{#krv>J^Wu<5cN(*K>k!dmhijpBHkXk5o|bKr7va_5!CzCxWM`kE0-n4eQuK}Ax< zt$4Ju?4Jb3Q1jS8DaWefaSA{1E-iCOB)+)c38O zgEvdK=r$1DZp$&Bwtf=PYtmi6{gM@c(lc*3Er5^ea*WM=cQ%2r^|@F`?!i1vQvGG1%Hk3N%g`}AyuJ**!`hQ z(S++CUl4I@h9?NTmRq?rVK_zr>trU+tPn`9sxvVKh-_YJY7`;P_k9C}ck589yn04y zO)5ASzKupq?9=7}#4=#Y!V0i+sAMvm9Qh}?ccs6e1d zk$3w7vbJ?E4bX-sYXl@X6u$wDfiPgx+g=CPpk#4A)t z4;K&RibMe8{K`GIFpp}=A=7Ic0`IrLWy_O78?Tp^$PYst+n)6LT}RNTVb#$pOak*f zkj!q)xmpiK3K5~M$r;*B`HTMVwT(c7$NjnFOIln6UK2lIFFy~XNd^`i4QkPfZL0{$ z7kiueHp`jT7QTJoWyZ9~*EjaO1l;81CrZm#!z9s6h!5iD-FQpbT$Mm{TYpXgiWh+y z8&t4t6Oh=obs~U)wCt*LLLa5~k?3X7u0=*qfe%WLpnow~9iVJEBirf+| z*5~Hf9V3pZI!6{kwF`*|uy=o4RCrC^wzP=!xK&sY$(k@q zq=t8#kXf%>-OU~@-b>>EOTv`KF_6=-8SsQAkXsN&sP)ayi#kAKd|6+k(9nw@d%Hm|Z?d zv*NZ;@mX-JQaWJu-G%{pHAKg+J005`m9~)vC zRwe#c4cr=ZfvMuyioxNS3IQxwn2JAXEgR_=zS&L5>t)IMV2 zOy?xf(+bRgK>Frj;2y_sNv6FuinHRuq+}pYNdB{byc{#}jXb+>KBoy0o3LCvHojqX z9>6yF;s7c_s9c3~xn&7wQ^3$oLg}AZxp&Ye`@ze!?hkS7C1-1Wuiq^MW^ayw;jYy3`+ZlKE zGko{qv1%YJ*9fR)Dev8;Yd&|=dd&TNZy7%WWdMindYHR7z(?@j8zB`6;{_yA%R>pn zdkvshQdd7!61QE(%C#N0g5f6{m|6VYonGL!Js|uoyfQsk(g?6)M7EA39#JMi*JHh9 z>A^m{LA$Y+qbs^`EMvxecG-dh8+&+$;@)6tdfw*;Q}^d61B?l~$#$(4 z3F_L2gl8mz9KzOG^z-9cths9!HcE*2MuW|Iv3AMkSEi`JSFg2wX^kMUJd<}(bo+3! zPXhNOKmr}5eu1tbdygC^1dL(?SYbhv@lDSMKef5840IJf+*gz+A#!qdn37P?TV2({ zr_(LBH_+F3d%p5{rtgyt?+felqhCE3@zzH7yZEn7BST-0Kj}h+p*KZaCmfKq=FegM zGBaLU)l}MeV}L(o*xzWlv((77?)vXTjAvG&Ub}&)5lyV6*b1$)dXD2|+b+WQcoc^7 zu12U@q3ni1vfS}En3!pa|LL7dorMoN)XJ>pr8yj<`B?B|{NM$IN@M2xO|yK*slKr> z!o=^ak91{AY1HL}=>91d`IX6eUKN)!>o!;`7t^mdUbL;4ife0{^>Y1Yntr&-ni}(& zzmSU1_k1zFP`>Sv!(0OUr%K@8N!|ZHFMhvck|3zt!e{ zSMJ2IEph5xS)vM(fY)I4>EYmT9*x=?dv}bwoAV0$s?BDn`l!ORCo2is?|B)T6chUa zNZ}_U8!U?#{9}8h&gu2gQ>K+(iL0pw{1yFF3>tcX^XSi>xW*D~Q2_cb!xWdCqj;89 zw6wUZK0Iw#KK*=GI7Eph-~Ux#|NV6bP4r2(1(IXJ3UmGM3;vK}$zw(k=$tSyQtFpn zb)3yB*xr0#k9MP2k?8qnf`B(3n+27jKkUbokMDqY0Tu3PxRJeOM{sf6S7VNR!v zGoGk|6+rZ@qoMvw-(#+bL=dA%MFGV?tR*J@!$^S>F-aGChkyk6wy))Rq9zoFMnGNx zLr?u9{ZRvSN*1bD^@tco~@_CK&fJStiFIPt^=sCe1h(hX57VT)im%b826Zk!a>1(!89_DxV6>#LY{*&)C-_^*p6jOZuCI(c5C%;smC2rzy+&hg}256`kh1+E)hMq6R zYIFbuqB;ZURZ9f7RvW9791u#+vb~N=Hfc=2l~eC(A;5WyG25_oa^*333%WSa6yn%< z8}E5>B-|;u#%F#YF*$ZXc$o~;6uvSJ!{0`epbe;t@`@kB#SdsP)>4@E*xxnST);> zw>*}V5DI9vU-}Q&qSNQ(5)u*{#&@ca6p74yxBqQN<-hl{15L+)FE&l^SALWPpUmnv3qbCJ$aleXn%7_;feoqQ|jM++mvB4C}0th z#iiqJYS;dj15zznKS_wpxSSQIGXViiGXG<)$&fIS1bvjgVg_iq>1Iz>u7tSj4-bZ7 z*8xt5gHusELA&{X=XdM@jhT?URot{UlsU&NQc%H3i_b4)Y3H)g;KBJV{d_n#{I#|nNK)Z$8&Bb^% zgv0w>o6-F2tLleSlfMW98_7qse6$m;*SB3KP@C9cro36K1abaT5lMOIMNmfjRH@WB zKk$&qjoILYo`d%3v;w2@tG)z)&rky2L^ukJ!>We0Glj@(vvFIc>($ty(lAYV^Ex+$ahmoRQ%NcL) z9*?@Ck;$G|O?}-dlRc|fGhWB_D?roAif61<2AdT=i|NUIzy+Wva8bjV4r*{QF6Q`i zN9_&ha*!?gB|7Emw48Ibo?LZx!H+x+*hKrG+DP9;dd6)vdF9KqLi0E7r?I*GmN`e< z8$Q+fljn%R*Ok|ux;ee8>c@fmW%L`>N|KXk)Kl~}P(PRolZ^AkbEvo;_O~U~{}L^B zL-kZ<_2&E5Jx!s{q!%0w8*E5c8CjMd1C{}e)0M8Be0LuF5FS`<&E9=Hw+j#;T$}R= z(zP4F+MJ{_K`}2V>-Y&sk^HRH4G@9`0QiTu$4URntk8w`V5?$IV{Y4iw0rWIq@iKF zbH}_Q!z7*OTK`~c(;0fnCd|w(`Min|_|XFg=r%!$l`JqV@r%d>oo2ppUp&o zKaXfE&|EIreHN0m3{91)Y5ftz-b#pai%51E&vQHF_gbs@Gzkmic8F-i(&;!MKPJZw zbCIt@RGs4P0P7Yk=7a5OC33AXjZjoq>8Ql$Q3{#2lT^EfWSo;u9A=;b33ZZ8VJhM6 zH$}FK2}Hv-?}4&1G1EZ^9C@t4N%s9M;i>Xy`}vk<1n7= z5~n~iOPPrfKUhl@qSE&~9U9KUFme8d{nA712Q6RivaOPv2!#gWu$*)jpe^E zdkGi_+c_8)h5`;rHKLd%AZTir_c88s2_ohs?+_d2CnAUo?pWUTT30Z8~2bL zpQxiIzRlmXKgA~bgf%QY<5}wGTl~DwN8)>z_4y~qyKfYrEm+9gfQOEh-99ijowPci zPF8$J7v=4$cA!SDvDO6+BDb?2+`TH+pow^DAgV*PtSCoGxmklfkjXzJ*_LekwAAwy zo=Kc$odKJhoOZ}n(YHPxE}#S2r#X&+bDBk;k;|%hn%WAaUWMyfG z9+2|weFSYSgk0!CjyNpb7Q$?xM2&YUv{6cor+CBzSD3QYo1dDJzAR@fZ;oIX0o#f2pb!WvC;q|t?<Z3pXA`E8$3FQ0JzekB~$92wqcHn-5h!peyaw6)EL>0Dl1l~^FW+eQnKXtDFC3Cbo z*+9-|*Foc_*+pqqSj&gdB(oH+LUb0wq)!-aSbP(ltLz){*(H5nUIgDpI)J^Dtnk_~ ziRe~5ruwCMwdVC)>1DiDwLK;kzB*35$~fIF2Xvg+C*z6+t~s96A`#l^PC7WC@!TMb z7#zRF-;K)h8g+*;GVp_S8P{NbrsR@qH>TjUmG&e94cxdR&axRZz)E+bt(2Z6SxXuNprI z>6%}`bQmEHQH>TcZ$WG%`!h>F^e1#adRgB9b~=ol0z2w>_~I-?%+A)M>2aL8fPn|U zIkFE%z`2W=rKB}uda^EVzj%==u@}|9oto6#=h-a8p8{J@vaex3`R>kDl(-G-C54n( zTzC82d&ffQa$)Z3$#KIkp<_9z^@*PMbx+@PV-SQMxMhs-0kzwFqtI+k465B&boVyH z#7#1WIWL&qNYOLu)l*}t)K|{_YnHRWmU(ejMW~=p5HcRn7$MsE&OcU7tx!do*>^ZI z;DN8!=MK=%mt=m#^IY@kbvT3)3hs8C8l6$S-DmQpcwo~M7v>%N#13?S7XINlh^J@U zW`KARtL(Q?Qyj*q37p2bU(1cmAUGt+&9=p;bmrLeG;AZ$+Q%F<8!~{H%?}swY0AJ_ z!@Jma{p9jv*5_(b*qe&pp$4^rx_89t))sL}=0f;AsBtY&8-xie^sNK9R9H`;#6 zy>=@ye>RMd3ovSOeNx{(hHLuCj-3fy$_E%V0nB0ko%!lQJB(3Nfc!>$RjUYbBIyy; zd{aR?{6ix?c0gVZZeVzQzbcYLOjJ$xz1?Tv1<+u}gLo`{kMOzlG*TSPh)HVGnY7qF zaqo+~e%VhX59Sv8%DUS>qG?gvTKkqqVbt7g$*~iaK{^moL2e{RjYXMoQ^2 zfm5OX23dk=jD9E2^HdX}-8@YQLfJ{8`Gn5>C4Ui4PXY~px=PE+WSUY-Yd2uj1bO-M zh1NqFm_rKT<39+IL;rj)eo*Z^J9Ws@hmiL@IIlhmC@{+|hs4W(39SgX%3e44@skwp z#cjW!E-nOwYB_6|QtD@#>j*cJbN7kN+pHmF@dr+>*J1qFp?lAL_%Q9Y^}3b!%0D6^ zD2V)aJ&$oyB|VmOc3%)kOSAa+PHB0OlLp3Mi%ml5pVDZ7x`W{EOxAavaMQGOuMpH6 zs0qB8t`EDu5FQ{l5A@cu&F|c9ji-1VzfRcpNS@~P((4L>d751c zesSCALw3fv*Ey*cMA$nYB4ku2)3_xZ`M&4{rcQA)Z#!CCcb8UNM-y;AFvZu8XuV_l zQI!VUFh;i1ZB5IdI*=>5`s5==C@jMcgE8$N`%}Gn#GmaJ@OqC|_iVrIYR0N@(Hh?C zVc@#QE)Zfy{k6-1KI~}%4Q@MREyH{`gQ#ru1+b;;zx7~$WYCK_V&%lIrw5B=Lk_0j&rebes zPXechF6F-2zm%w%(Ea1=5SbX5#f;R4zrvdO6%w}M{EAAwHwe3vS}Yt(2uCx&y1HL|{H)pLst{*1bRvf*a zDC~dpc-Fk@B{EQ9_3&2EC{L#;B+evIPaC%$KCG?bV=`Wv&5&MTup3&ih!xKh1<4tX zbc3(DMxVm1E11Z6i<_8?OkN;Ve%_&&VZ1tA9qEkgOjgxMp>G+{A$&iuf6K+*vs|XZ z(DnmV?f)r5wA>(tm6N{MaUr0wNz6(lPeUj0YJ$elOD+R`Y!W33iIma23^p@YwkNsd z6XAJBck>@eB1#P$ihoZMO%-?U;FQnyQ8Cbjib|aP_`?G}XWLZeO#>_64;oIC7LBA( z^;%|_a9ja4rN8SHL2a!Rkz5vl==QN?Z;C077p7_#1S)xnP6Qi z&`(e@NQ*1v>Xu#-VmChCeVpVPXB$T>ra(sHKO{bMlQ4@I?$V+~W)VA^%MCO419Yla zEYm*6`9}g9Y$+uFr*NWmX$TA6a-6+HSk3f%j}!l-#fpp|+)mXPio#_+>OBeMN*Td# z_<>ZY45tSRowYRpW8<=r4NS2OFX^r&V>`HG6tuVM^6@k~FS)5nX~~U^u=wK5PyyDF zh&WLc)q6k%enldBwO`4B9CiDQzO(ITGz5DwqkSQJMd(tq@uNY4ao*^ss?Z8fm9MT0 zAfZTYZWbS0?Y{Ua)F;Kp_MPSWmF(Kv{~-sjC~n9$=`MoynGD=q9lwC%Z`nzzuBP=q1pioeg57{QLO?7$ff@q?NzIzVj(p~`XYhaMMNn>r#&@*r2 z$3DQ(sGIbrN8l<7cfG5>jhP5#LWO2iwVzm|yj1Y~&}!FGKSTzS^mgbsH6;YBmq38^ zQpGwm{LY*4b*N8yb5Fq^!EqT69n~t#TtcWEXt%}IVIBwB&eU1A|Gy2 z8F=RAzc*}MRJQm{<-Q<8$yjKV%FD~KUV~DoaGrUUnZ}z7v^>NYvzvm?+rDVOCy-_S zO8zFEU(z__mFlbRSLVE9cSscwGV$1atN(8)BKB(;r2m#8QfJB+5HmhfGPn#5cuEY$ zZv2p{m{~+Oyv)utQv&|O5b3%)NXYB#c?;y1{BJNs6M_FV3=zeX|8|B*gOKOHf+2$F zf-6keB{#81a8h#H-Wgx}KaUXgi!~{USN2FhNm-}unxCn#<7xd4LM~A6WJ)L`v=M1g zm1MewiO#DP;Oj5vb*Z(Qf>P6!`QJ2G5iJUzrZo62SJ)NfonM`=RATr}W4lVOXHn%v z1XG#F=C4@|CkYRDi75kw(x#&;2YMa#jUPW75rbi`Kd;2DPGQdgkP5ysdfwi*KKHoZ z5w#T87 zUF+m|MGQ^O-E+A8g-qRy?cvbJjw~F>T)FYqyBbsW-jbpCc*gZ4;)<6k3ba+oe8z{{ z1r;+5-O6v7f9Rtaxvdqjv$?OL0uy>-7sJPU_vCWZHN@ievd2^^FK>I zE3(w!pJyf%jWGKtR1)y-$%iQJCrODFmP?j64hwp!x;U2iqvsiyKgv84dtG*6j_usT z=KmKKdGh#fUvWLlLD7^|?E%3*EFEb@oeq)r zgW9iT7p$7*g^iBoqKptQp_@JE-R4vOvn+573 zX4AOq74ReTQ-K8CqNh`t@Lm3pN$oOd5?>{U$dAYBQ6OKR5V69Wyf$Nz_FCl^Z$FYj z^_xf){}-spu-cL?>?BQfDJcodl!F#^4ZKnF0V&3V#la*obhT!Ofl)2#9u4@FZA`qV z+@x`r*5wTJpZ#34_(8;|{B4;pAf7H0cjcO3{OXWDvziR7cd!jRAX1sgHb0p@M(2)u zhC-iu4p^H|@C>=#J0Bd4o1gku33k>B7>+roZDp`06uO(%dS7-@$uc`m)%&Cw`8UuTcr#B@#x{h zj+~~+hlw@z=5U2ux@~2qAau{{cZ3>5@tEja*mYPrR1;f3BgZwNzS*Os{u(yoRlJEc zj>)FBGIWT-ovNyti3E4I%OfJO)ob3U53pC#Wwi|#fC4ZP_WO%pC@WUNbb;bEx!Y_F zShv?dTaaIC0@FMeh_d&+Hx2UX*r_1m86_&d*37Oe#3w@8H`i^%8rgbF1$Mm5Sm6+2 zR$W0_@tHN*T!5T`=A{7JdKG#0lI~2ZcB2zoUS}!bwX<-}ML@$|6jcxvf*fYw7*sZh z389haGp&I3gO+^^ztU7cWt7DdnssnNH6bDhJ-W3s_$#;u&J%e?)YGuX6V>&Ue<9=~ ztzT!;BAK%9(;F!Kx)WO3AbH?;ni?VaG?}^C;@{8;^n1#>y7&`?>XhbGUx=10E8Z{D zx=qQZ+y(RX{VcyR=`tnXDB96&X<>mP<-4yDwmuhQS;`Oa;ZHk*%!(t zK}vT;iTb+DyLe7xumdbyHFb0U6?umikEO+4rhX)O;(g$qaQ{TxEk}kN*sKB+I($nO zoh&q1Rn1FJ1hB4hUE00N*_Ooauc4x0Hzyv8rcb@JUTd5)m=!TfA~rFvOcSgkUv6+_ zw=|G80CvLc?R7*{?Cy^4lRvK*U-qZB<7)=0D;H!vi8&`yf0SpUUua%zx5)tJAXSNt zFFp}U8@<8^%a{~plsjjs^j%}=pAGtM(p!F{@3Y6-5BMqB_1dr<;hfNm;f<#@G<4si zk+QzTpE!%-H@X8%Ks$n*ZF%zFP`8SR5w8*IP%lEE7?O|FQ0$!URSR} zRTeCq7`bPa_3U1Pesf#$q}2PKu*_uVnGC%QducSUo{X-1w71I-2R98e#Wx9Uw=~fR zwTd5zFDmj>&wb@^&F*~JS3jqYWp44XPq~%YN#dG)CK{oK_g=4`nB}2oMdrMrN1-~v zh0MTlnC;@gW65q?`|OD}Fw04cUFmtuuqX*LO7`4JQl&P^&%MbMq@X0J)#C=C45;mn zv9Xj}#?cDk`)O4mp?gcX18${1v;r}>oY&UiC0q3ic1g*#EsteE=obNM!bI0lg}Z=x zeCw62jjjelr;%iy4eb}p6K%$<&&+Ax{BUZ!6E$yU;2M;s7y56DZ7g%a=6&-D==$V*R|NE$uU zW8(ghjj)M8tMXj|_upLk>%6Da|5tTq{txB;_wgKMsj-w~YHU$DeI&k@pto}35qXZtkY^X2~1L;h=I=;cv8?_$G20-tFUsD?}5?ItK9#$JpP)#;}AilFGnEg{A zefLtleUj|NDoVq_S#}{!1hxk(hv1<^{1HM{u^x>vvwsw4bt1$kNYNZ4vT#*~sUv;Q zETC{>kw1${GUKj7VjAa){i~cR;4^9eArzsh-m0_)TD&B99(%_&gjfmn+QH;y4x$4b z``>gT$5qek1InnhF5!R=tiusjORD`6S>c`xa5&j8U1x?KMPYFf({&?i!x>D94G+Ra zZ>?qk2U?VD#A=foFtpCNAU9`8a!V*we<_ykGd+!BxP@zPw5;WWqzf0q}m{4VHT>nnV~bNIk=v zyXVo6yM%kN-?Z!DJ8q|HJdJ5dkvEbL#hw4I?t>s|d5}L|KKoeicn^#$HFb}#EU!xC zFixbJd>B_))rDB_L`daxos!(cO*XgETX2I4ln{UNDutNj_@(R%w(B3)x6!urr|kr6 z%oP7$AkG1qIorVY|LZiy_av2nLMq<kB5EGzGnJ%{|06C;r?CrSQ!{-@Kp0s&ZQ{e+r zd&E}xr5=9|V1a$O54fm8IJ`e_bN!W)hjTJzWt>663{?0{b{~QgKMOWFLcS3`&?4ad z>1L$9xg*Ko^vWA==-YNpqy||HRC^>W^_vQHJ*X^E1c{`YAeFNPLPqb{4V@|fT4z$> zx)qnI6#ZPwV-fmal@M>DtaJSNaS;6VN=d4n;LrX25Z|w;p>TBn3EgUl2~;m26{Bcx zi(7szPZ1I8?wt)`G*6bF6Zg)9OWp7u>vUg#oslC~Azv~YI{v411OueXObNji+rY_} z)yJoNe|b#*U{{^Kc+GR7&sNyH?13y7H_;Fz37$7m@E(1S5yM?*c50l;u6RYiT_8u2 z540^9&$M`kzSj5fRHpc7&lcPS5X0D*xLW{LL~qVST97KW*>^ z?CCktVtnpnC8HH=hq~Q+HbAcw{IEM1pSgWiw$eGbzIoMwfK>mS;z4wrihbgp*1bkrNXp2AQ%#LMC^*fCm z|GdC(&XGv%22hrw%buZ=_$9C&s+`XmF;IQ$y*jPDGWPIT;)$WkmVc+dif?++T?Y0A ztc?x^wyVy~NJpvwFEsDY6deGHhV7yw3qMCK4)lAb=ZB&}stz{~0(&IW)b(xOo2!+h zNzh`N%3TlGI~30qmE5v5pv#n1^OzzGSM=0p;+!#G+1NCkVB*sokQDJr?~06upg`N{ zrL~T}i*s>ffpSYq$6rK>E?I0+H~&C2akaS3!EHnHg&lqRS40GEOF6fw46JNOuJ7<_ zQ(LOGW4q~vCKVw{l!)CHfhlV9GdjTGtWvkD4mjEj5S3Duccda#JL}#3H zyJrDRS)6RWOPVQnc8PI?fVQ&N@IoXJd$xrA(zHpLIe`vdg$>KAjm?k02$PrZM$UdI zpV+9|aStmX&B^rv=4$<0gH6p|*TlK0Jqb__qw~RrqMI^Y7pw2><>DMsz^FaIBbEj=Zl=gr|yN>wdYts3!74KFZje!n84cN2tlgmTPxq}fNLYD#$oZTEtJI8PB>Nu%?f zmMET)T{9TjeG2MZU=o?ZdRmh2BitV;piv4i9MTco}5}0-M)sCT;>R?uERc`|Iu$PD@;atO}*F5?^Z=mVWTw$g{7*+%@3SJo1U< z-7tKZY9kfy5LWS3bhCTujoV*5>jHRhFK-rxNXTJ_)&axaZrO?W-0VAZdMJQDu=EOH z3U2JI{Xw;Zt#wV|2xfi0;Arcz7MK&Qo?rAl{ViIa&9d0V?7 zPNpMxGQLMuP<`L z5Rln3;S)6=_f5TeQ&(SfRzug%rXpzC$HcqdGr6`8N`H2Dxdz7zFzt1a48cfeT4qf_ z6qsJIj)10KCVgIPFvz)M=2ZZ>21hyL(>>c7tC^(5RY-sj0k+d>17s+w!sLG0WcS z%|WVJ7R|<1BE!_$*QoXF!OK0vIj8G47c^ZuWKkE6k();~yV8Y8snQwJ3NM8`nY^4r zLpjC{j|q7`fVyZH@ z^R1gCf}==6+LD1r(PJOqtif7V`J-M6rk}FterGHp1qoNSrduv24_@<&e5u95X z!bpDSBJstOlLN{itOjP+~R<;ePvI!cW8q z5KL<`g+{4`1UYm}E3;F8$AhKS{@keCK3Gw>(J%RI4vjM5Jx7WnRQjGR@^+2uTa+_x z|7ob67V&()*Uhi%5?qe=7z=2WcQ?7Tmq*G(y-s)rqys|aMM|KFdQc|Ll5T>ayko znZJ*Lo|q?){lXr(XJi%Lgy1b8qt_hSMSdw$29f8EvJDDdiN5_h!Lwofv&@>NvW7F2 z+qr}Oq{`jLiD<-}N=Rl?O@koU$#^lO;>P%k=9exNl*2&^uWzgumLpwHacGPBR2|u| zmws!zcj`Oj#meORf3<|aPpQl|Qtt z`iup3$Gt3J`s^L+d(-DPr!gw>jK&gm56{B}Y?ohPRK&j!(OS{7ZeNC@!As9&KwJ3H z0%E(}&)*{b){OGMjk5obh9~L^-kfssYx?HhnuIq0p^O$!2CF^OY-PA3#uEfAltKRa z&5a?6ir*r9S(L!Z&;~;IG^h@Ne)I3mMmQL0hFvcK#m+lBxcuCxpo;(NHJKNF6pCUW2Rm$#_@I6WWor#p5B@}Aa36PBA(FS-uXUHxbpR?#q%_RD*PIm^(n+F4)8n;Mi4GvELD(-{E z<{Bw4ynH5ic(!y--nD!!rlrXZ92P^vrE9V7HEYI4RaNf$Y8%|d*cCJ+Me+TU=<)z; zj;(Wbra%V(3gq%{R#twrr}=?o|E4m~hy*e%aIIfEy`j{9~C=Dh}Z1ahAbpP`RKCq@FJ7k1x-Vi2Zs=rVlYD z0xmp4iT3Aefs)vZLCkvd<_w^vl_4-XKQy1!13Bz!pu~{`jZtR4VE;$b<~Qxo0GqBc zFAF^W0LX7>FLhF)B_CJ(p+*9Z=-~(2G+8h5%cd4jed*~1J7P|2Y?4+%dF*Ejp(?lk z&?2USJXXmAEeHu-{R{PW^(24D< z+DiFyl}y}aq-R%iWV4>-BP`>ZD|~`lU+x@O9_Z}>P}AnvJb=X4I9-B8-W~D)BM>R< zWO?Zt0q}8*b|>2Y_=q3f+JJr3txJhe%PyW?JQb$E1`{@JtBQl`EG!7lr+_T~I_ca3 zak@x{ah8qy`mkR1iGikC2f7y@210Si!IefVKTPm5^|*$I`T@pMk78sq6pI5|bL2%E zlN*iRg0b0wEe(4P-SYn+YGLd4$Zl1Rtn`YM_uxwC2U}XFjMj9t9Tr@GJ^=1^-P@aNltn|M-iN1M5v(IJlc>JjL#hJfLj0`1GD*dx* o`yV~Z-L9yKc$4Orv9igL_ToYm^|bcR9pK*uol9r4&sg63FITxz5dZ)H literal 0 HcmV?d00001 diff --git a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json new file mode 100644 index 00000000000..235c4958fe5 --- /dev/null +++ b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json @@ -0,0 +1,729 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"3d2a1e85-63b4-441e-ab8c-daa2649a4347\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"3d2a1e85-63b4-441e-ab8c-daa2649a4347\",\"fieldName\":\"email.from.address\",\"title\":\"Sender\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"fd53de73-57dd-43b2-bebb-568d827bb1c0\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"fd53de73-57dd-43b2-bebb-568d827bb1c0\",\"fieldName\":\"email.to.address\",\"title\":\"Recipient\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"9ecedc0a-e663-453f-8749-a65c1a7afdb2\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"9ecedc0a-e663-453f-8749-a65c1a7afdb2\",\"fieldName\":\"email.direction\",\"title\":\"Direction\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{}}},\"18aa9b9b-bcce-49ad-98b3-2f5922e86ec5\":{\"type\":\"optionsListControl\",\"order\":3,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"18aa9b9b-bcce-49ad-98b3-2f5922e86ec5\",\"fieldName\":\"email.message_id\",\"title\":\"Message ID\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}}}" + }, + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": true, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5e5eebc9-c386-4646-acb3-dc5a73fcf3d5", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "6555a537-2dbe-4a56-b24b-afbd842150c8": { + "columnOrder": [ + "c4931f6a-7fe1-48fc-9954-c0270412b48d" + ], + "columns": { + "c4931f6a-7fe1-48fc-9954-c0270412b48d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Unique Mails", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "email.message_id" + } + }, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "5e5eebc9-c386-4646-acb3-dc5a73fcf3d5", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "6555a537-2dbe-4a56-b24b-afbd842150c8", + "layerType": "data", + "metricAccessor": "c4931f6a-7fe1-48fc-9954-c0270412b48d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "cf08de60-285a-4631-a8bc-f82f2b0d8ff2", + "w": 5, + "x": 0, + "y": 0 + }, + "panelIndex": "cf08de60-285a-4631-a8bc-f82f2b0d8ff2", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "27ddc785-e09f-4f3c-9ecc-296dd4850ed7", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "6555a537-2dbe-4a56-b24b-afbd842150c8": { + "columnOrder": [ + "c4931f6a-7fe1-48fc-9954-c0270412b48d" + ], + "columns": { + "c4931f6a-7fe1-48fc-9954-c0270412b48d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "27ddc785-e09f-4f3c-9ecc-296dd4850ed7", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "6555a537-2dbe-4a56-b24b-afbd842150c8", + "layerType": "data", + "metricAccessor": "c4931f6a-7fe1-48fc-9954-c0270412b48d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "c49fa1b0-d063-47ef-aaea-ddbb86a55c5d", + "w": 5, + "x": 5, + "y": 0 + }, + "panelIndex": "c49fa1b0-d063-47ef-aaea-ddbb86a55c5d", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-87a010e4-c30d-4e6f-bc3d-92243524aab9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dd24428d-5254-4f78-b5c6-9d86a5d91936", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "87a010e4-c30d-4e6f-bc3d-92243524aab9": { + "columnOrder": [ + "7cf0d637-3c30-4985-9e33-bbd10815068f", + "8369ed93-f022-456d-8271-52ab4184930b" + ], + "columns": { + "7cf0d637-3c30-4985-9e33-bbd10815068f": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "8369ed93-f022-456d-8271-52ab4184930b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "dd24428d-5254-4f78-b5c6-9d86a5d91936", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "8369ed93-f022-456d-8271-52ab4184930b" + ], + "layerId": "87a010e4-c30d-4e6f-bc3d-92243524aab9", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "7cf0d637-3c30-4985-9e33-bbd10815068f" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 10, + "i": "c2941fdd-a809-4df1-9e6d-d7eee27beb94", + "w": 38, + "x": 10, + "y": 0 + }, + "panelIndex": "c2941fdd-a809-4df1-9e6d-d7eee27beb94", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "babc91d8-a1dc-460e-91a5-d4ed43b2f403", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "6555a537-2dbe-4a56-b24b-afbd842150c8": { + "columnOrder": [ + "c4931f6a-7fe1-48fc-9954-c0270412b48d" + ], + "columns": { + "c4931f6a-7fe1-48fc-9954-c0270412b48d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Sender", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "email.sender.address" + } + }, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "babc91d8-a1dc-460e-91a5-d4ed43b2f403", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "6555a537-2dbe-4a56-b24b-afbd842150c8", + "layerType": "data", + "metricAccessor": "c4931f6a-7fe1-48fc-9954-c0270412b48d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "c76a7520-c667-4361-b6d3-c4456707745c", + "w": 5, + "x": 0, + "y": 5 + }, + "panelIndex": "c76a7520-c667-4361-b6d3-c4456707745c", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "599c1b5b-7d55-4694-b3b2-7ba02c4753e6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "6555a537-2dbe-4a56-b24b-afbd842150c8": { + "columnOrder": [ + "c4931f6a-7fe1-48fc-9954-c0270412b48d" + ], + "columns": { + "c4931f6a-7fe1-48fc-9954-c0270412b48d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique recipients", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "email.to.address" + } + }, + "incompleteColumns": {} + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "599c1b5b-7d55-4694-b3b2-7ba02c4753e6", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "6555a537-2dbe-4a56-b24b-afbd842150c8", + "layerType": "data", + "metricAccessor": "c4931f6a-7fe1-48fc-9954-c0270412b48d" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "4b074730-0383-424e-94db-29a8e9147189", + "w": 5, + "x": 5, + "y": 5 + }, + "panelIndex": "4b074730-0383-424e-94db-29a8e9147189", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 22, + "i": "2028bea0-99d5-4ec6-a790-be7642c5a083", + "w": 48, + "x": 0, + "y": 10 + }, + "panelIndex": "2028bea0-99d5-4ec6-a790-be7642c5a083", + "panelRefName": "panel_2028bea0-99d5-4ec6-a790-be7642c5a083", + "type": "search", + "version": "8.10.4" + } + ], + "timeRestore": false, + "title": "[Logs Exchange Server] Messagetracking", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2024-02-08T09:17:13.417Z", + "id": "microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af", + "managed": false, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cf08de60-285a-4631-a8bc-f82f2b0d8ff2:indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cf08de60-285a-4631-a8bc-f82f2b0d8ff2:5e5eebc9-c386-4646-acb3-dc5a73fcf3d5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c49fa1b0-d063-47ef-aaea-ddbb86a55c5d:indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c49fa1b0-d063-47ef-aaea-ddbb86a55c5d:27ddc785-e09f-4f3c-9ecc-296dd4850ed7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c2941fdd-a809-4df1-9e6d-d7eee27beb94:indexpattern-datasource-layer-87a010e4-c30d-4e6f-bc3d-92243524aab9", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c2941fdd-a809-4df1-9e6d-d7eee27beb94:dd24428d-5254-4f78-b5c6-9d86a5d91936", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c76a7520-c667-4361-b6d3-c4456707745c:indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c76a7520-c667-4361-b6d3-c4456707745c:babc91d8-a1dc-460e-91a5-d4ed43b2f403", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4b074730-0383-424e-94db-29a8e9147189:indexpattern-datasource-layer-6555a537-2dbe-4a56-b24b-afbd842150c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4b074730-0383-424e-94db-29a8e9147189:599c1b5b-7d55-4694-b3b2-7ba02c4753e6", + "type": "index-pattern" + }, + { + "id": "microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af", + "name": "2028bea0-99d5-4ec6-a790-be7642c5a083:panel_2028bea0-99d5-4ec6-a790-be7642c5a083", + "type": "search" + }, + { + "id": "logs-*", + "name": "controlGroup_3d2a1e85-63b4-441e-ab8c-daa2649a4347:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_fd53de73-57dd-43b2-bebb-568d827bb1c0:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_9ecedc0a-e663-453f-8749-a65c1a7afdb2:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_18aa9b9b-bcce-49ad-98b3-2f5922e86ec5:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.9.0" +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json new file mode 100644 index 00000000000..d68f83a6c7e --- /dev/null +++ b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json @@ -0,0 +1,1519 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"3b96aa56-e784-4ba5-9e3c-c7a260f817aa\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"3b96aa56-e784-4ba5-9e3c-c7a260f817aa\",\"fieldName\":\"microsoft.exchange.anchormailbox\",\"title\":\"Anchormailbox\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"ecdd0ef4-0779-48f2-a283-cda224f888ff\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"ecdd0ef4-0779-48f2-a283-cda224f888ff\",\"fieldName\":\"microsoft.exchange.authenticateduser\",\"title\":\"Authenticated user\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"60ed44b4-dae1-48de-801b-f4ef52c7b52d\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"60ed44b4-dae1-48de-801b-f4ef52c7b52d\",\"fieldName\":\"microsoft.exchange.urlhost\",\"title\":\"URL Host\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}}}" + }, + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": true, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "393ff722-36ef-4257-a95f-a704eeaab9fc" + ], + "columns": { + "393ff722-36ef-4257-a95f-a704eeaab9fc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Requests", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "metricAccessor": "393ff722-36ef-4257-a95f-a704eeaab9fc" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 6, + "i": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9276c7a4-c750-4092-81d5-ea02cccadc91", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "952417c4-82da-4f1d-91c3-c7343981be3e" + ], + "columns": { + "952417c4-82da-4f1d-91c3-c7343981be3e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Requests Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.exchange.requestbytes" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "9276c7a4-c750-4092-81d5-ea02cccadc91", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "metricAccessor": "952417c4-82da-4f1d-91c3-c7343981be3e" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 6, + "i": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb", + "w": 8, + "x": 8, + "y": 0 + }, + "panelIndex": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9048201a-d0d3-42b8-bd95-4a8caaed9cef", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "952417c4-82da-4f1d-91c3-c7343981be3e" + ], + "columns": { + "952417c4-82da-4f1d-91c3-c7343981be3e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Response Bytes", + "operationType": "sum", + "params": { + "emptyAsNull": true, + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "microsoft.exchange.responsebytes" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "9048201a-d0d3-42b8-bd95-4a8caaed9cef", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "metricAccessor": "952417c4-82da-4f1d-91c3-c7343981be3e" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 6, + "i": "734077b2-55d3-4827-8d61-555ccca7a87d", + "w": 8, + "x": 16, + "y": 0 + }, + "panelIndex": "734077b2-55d3-4827-8d61-555ccca7a87d", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "952417c4-82da-4f1d-91c3-c7343981be3e" + ], + "columns": { + "952417c4-82da-4f1d-91c3-c7343981be3e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Users", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "microsoft.exchange.authenticateduser" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "metricAccessor": "952417c4-82da-4f1d-91c3-c7343981be3e" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "7ef48143-1bb4-418e-9b66-4484816bcf56", + "w": 8, + "x": 24, + "y": 0 + }, + "panelIndex": "7ef48143-1bb4-418e-9b66-4484816bcf56", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7eefe26a-cbbb-424b-a989-b3be44ac08ed", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "952417c4-82da-4f1d-91c3-c7343981be3e" + ], + "columns": { + "952417c4-82da-4f1d-91c3-c7343981be3e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Mailboxes", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "microsoft.exchange.anchormailbox" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "7eefe26a-cbbb-424b-a989-b3be44ac08ed", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "metricAccessor": "952417c4-82da-4f1d-91c3-c7343981be3e" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2", + "w": 8, + "x": 32, + "y": 0 + }, + "panelIndex": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b3936adc-f4db-45b1-845e-a13a7c890d2c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "952417c4-82da-4f1d-91c3-c7343981be3e" + ], + "columns": { + "952417c4-82da-4f1d-91c3-c7343981be3e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Hosts", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "microsoft.exchange.urlhost" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "b3936adc-f4db-45b1-845e-a13a7c890d2c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "metricAccessor": "952417c4-82da-4f1d-91c3-c7343981be3e" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 6, + "i": "dbc72b95-0aa9-4962-83ae-69c119bb819e", + "w": 8, + "x": 40, + "y": 0 + }, + "panelIndex": "dbc72b95-0aa9-4962-83ae-69c119bb819e", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-f50b399c-7fd8-43f7-8464-fcf7127eb0c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f50b399c-7fd8-43f7-8464-fcf7127eb0c4": { + "columnOrder": [ + "d782126e-8851-4571-9253-98e8f5dc345d", + "61f96ba6-2d0f-485b-aaff-28c6acf281db", + "bc81f4da-631d-49c4-b5c8-27de3d250b82" + ], + "columns": { + "61f96ba6-2d0f-485b-aaff-28c6acf281db": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "bc81f4da-631d-49c4-b5c8-27de3d250b82": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Count of requests", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "d782126e-8851-4571-9253-98e8f5dc345d": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of host.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "bc81f4da-631d-49c4-b5c8-27de3d250b82", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "bc81f4da-631d-49c4-b5c8-27de3d250b82" + ], + "layerId": "f50b399c-7fd8-43f7-8464-fcf7127eb0c4", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "d782126e-8851-4571-9253-98e8f5dc345d", + "xAccessor": "61f96ba6-2d0f-485b-aaff-28c6acf281db" + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "dataBounds" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {} + }, + "gridData": { + "h": 9, + "i": "2686237c-5a6c-45c0-854f-cd2e109c4689", + "w": 48, + "x": 0, + "y": 6 + }, + "panelIndex": "2686237c-5a6c-45c0-854f-cd2e109c4689", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2f74c5df-c534-4145-a74f-8489c346879e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "4653379e-f45d-4357-bc4d-aa3e9d96dced", + "02cf54a3-79f3-4c18-be82-96e2f2f2180a", + "393ff722-36ef-4257-a95f-a704eeaab9fc" + ], + "columns": { + "02cf54a3-79f3-4c18-be82-96e2f2f2180a": { + "dataType": "number", + "isBucketed": true, + "label": "Top 15 values of http.response.status_code", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "393ff722-36ef-4257-a95f-a704eeaab9fc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 15 + }, + "scale": "ordinal", + "sourceField": "http.response.status_code" + }, + "393ff722-36ef-4257-a95f-a704eeaab9fc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Requests", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "4653379e-f45d-4357-bc4d-aa3e9d96dced": { + "dataType": "string", + "isBucketed": true, + "label": "Top 15 values of microsoft.exchange.urlhost", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "393ff722-36ef-4257-a95f-a704eeaab9fc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 15 + }, + "scale": "ordinal", + "sourceField": "microsoft.exchange.urlhost" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "2f74c5df-c534-4145-a74f-8489c346879e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "legendDisplay": "hide", + "metrics": [ + "393ff722-36ef-4257-a95f-a704eeaab9fc" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "02cf54a3-79f3-4c18-be82-96e2f2f2180a", + "4653379e-f45d-4357-bc4d-aa3e9d96dced" + ] + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c", + "w": 16, + "x": 0, + "y": 15 + }, + "panelIndex": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "af78ff4d-82f1-410b-8478-0732fffc9e5b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "4653379e-f45d-4357-bc4d-aa3e9d96dced", + "02cf54a3-79f3-4c18-be82-96e2f2f2180a", + "393ff722-36ef-4257-a95f-a704eeaab9fc" + ], + "columns": { + "02cf54a3-79f3-4c18-be82-96e2f2f2180a": { + "dataType": "string", + "isBucketed": true, + "label": "Top 15 values of microsoft.exchange.authenticateduser", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "393ff722-36ef-4257-a95f-a704eeaab9fc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 15 + }, + "scale": "ordinal", + "sourceField": "microsoft.exchange.authenticateduser" + }, + "393ff722-36ef-4257-a95f-a704eeaab9fc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Requests", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "4653379e-f45d-4357-bc4d-aa3e9d96dced": { + "dataType": "string", + "isBucketed": true, + "label": "Top 15 values of microsoft.exchange.urlhost", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "393ff722-36ef-4257-a95f-a704eeaab9fc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 15 + }, + "scale": "ordinal", + "sourceField": "microsoft.exchange.urlhost" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "af78ff4d-82f1-410b-8478-0732fffc9e5b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "legendDisplay": "hide", + "metrics": [ + "393ff722-36ef-4257-a95f-a704eeaab9fc" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "02cf54a3-79f3-4c18-be82-96e2f2f2180a", + "4653379e-f45d-4357-bc4d-aa3e9d96dced" + ] + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "7361b95a-a28a-4de4-89f8-f6f4231258ae", + "w": 16, + "x": 16, + "y": 15 + }, + "panelIndex": "7361b95a-a28a-4de4-89f8-f6f4231258ae", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c9c5c37e-da56-4106-b488-560a5da4a1f8", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d64931ec-87ab-4503-9c67-dbb397048ac8": { + "columnOrder": [ + "4653379e-f45d-4357-bc4d-aa3e9d96dced", + "bf505ffa-e7ba-4202-b117-7f61e5e6fb8c" + ], + "columns": { + "4653379e-f45d-4357-bc4d-aa3e9d96dced": { + "dataType": "string", + "isBucketed": true, + "label": "Top 15 values of microsoft.exchange.authenticateduser", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "bf505ffa-e7ba-4202-b117-7f61e5e6fb8c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 15 + }, + "scale": "ordinal", + "sourceField": "microsoft.exchange.authenticateduser" + }, + "bf505ffa-e7ba-4202-b117-7f61e5e6fb8c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "indexpattern": { + "layers": {} + }, + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "c9c5c37e-da56-4106-b488-560a5da4a1f8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "d64931ec-87ab-4503-9c67-dbb397048ac8", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "bf505ffa-e7ba-4202-b117-7f61e5e6fb8c" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "4653379e-f45d-4357-bc4d-aa3e9d96dced" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "cdc6c5e6-e8b9-40fe-9c4c-204074620499", + "w": 16, + "x": 32, + "y": 15 + }, + "panelIndex": "cdc6c5e6-e8b9-40fe-9c4c-204074620499", + "title": "", + "type": "lens", + "version": "8.10.4" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 27, + "i": "0eb79219-ddd9-4ae4-8278-9b12e3e7668b", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "0eb79219-ddd9-4ae4-8278-9b12e3e7668b", + "panelRefName": "panel_0eb79219-ddd9-4ae4-8278-9b12e3e7668b", + "type": "search", + "version": "8.10.4" + } + ], + "timeRestore": false, + "title": "[Logs Exchange Server] HTTPProxy", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2024-02-08T09:17:13.417Z", + "id": "microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af", + "managed": true, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767:e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb:9276c7a4-c750-4092-81d5-ea02cccadc91", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "734077b2-55d3-4827-8d61-555ccca7a87d:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "734077b2-55d3-4827-8d61-555ccca7a87d:9048201a-d0d3-42b8-bd95-4a8caaed9cef", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7ef48143-1bb4-418e-9b66-4484816bcf56:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7ef48143-1bb4-418e-9b66-4484816bcf56:db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2:7eefe26a-cbbb-424b-a989-b3be44ac08ed", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dbc72b95-0aa9-4962-83ae-69c119bb819e:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dbc72b95-0aa9-4962-83ae-69c119bb819e:b3936adc-f4db-45b1-845e-a13a7c890d2c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2686237c-5a6c-45c0-854f-cd2e109c4689:indexpattern-datasource-layer-f50b399c-7fd8-43f7-8464-fcf7127eb0c4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2686237c-5a6c-45c0-854f-cd2e109c4689:46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c:2f74c5df-c534-4145-a74f-8489c346879e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7361b95a-a28a-4de4-89f8-f6f4231258ae:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7361b95a-a28a-4de4-89f8-f6f4231258ae:af78ff4d-82f1-410b-8478-0732fffc9e5b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cdc6c5e6-e8b9-40fe-9c4c-204074620499:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "cdc6c5e6-e8b9-40fe-9c4c-204074620499:c9c5c37e-da56-4106-b488-560a5da4a1f8", + "type": "index-pattern" + }, + { + "id": "microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af", + "name": "0eb79219-ddd9-4ae4-8278-9b12e3e7668b:panel_0eb79219-ddd9-4ae4-8278-9b12e3e7668b", + "type": "search" + }, + { + "id": "logs-*", + "name": "controlGroup_3b96aa56-e784-4ba5-9e3c-c7a260f817aa:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_ecdd0ef4-0779-48f2-a283-cda224f888ff:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_60ed44b4-dae1-48de-801b-f4ef52c7b52d:optionsListDataView", + "type": "index-pattern" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.9.0" +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json new file mode 100644 index 00000000000..52e9cda0be4 --- /dev/null +++ b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json @@ -0,0 +1,77 @@ +{ + "attributes": { + "columns": [ + "http.request.bytes", + "http.response.status_code", + "microsoft.exchange.anchormailbox", + "microsoft.exchange.authenticateduser", + "microsoft.exchange.requestbytes", + "microsoft.exchange.urlhost", + "microsoft.exchange.totalrequesttime" + ], + "description": "", + "grid": {}, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.httpproxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.httpproxy" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "[Logs Exchange Server] HTTP Proxy Requests", + "usesAdHocDataView": false, + "viewMode": "documents" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2024-02-08T09:17:13.417Z", + "id": "microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af", + "managed": true, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "8.0.0" +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json new file mode 100644 index 00000000000..301c015ecda --- /dev/null +++ b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json @@ -0,0 +1,76 @@ +{ + "attributes": { + "columns": [ + "email.direction", + "email.from.address", + "email.to.address", + "microsoft.exchange.messagesubject", + "email.message_id", + "network.bytes" + ], + "description": "", + "grid": {}, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "microsoft_exchange_server.messagetracking" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "microsoft_exchange_server.messagetracking" + } + } + } + ], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "[Logs Exchange Server] Messagetracking", + "usesAdHocDataView": false + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2024-02-08T09:17:13.417Z", + "id": "microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af", + "managed": true, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "typeMigrationVersion": "8.0.0" +} \ No newline at end of file diff --git a/packages/microsoft_exchange_server/manifest.yml b/packages/microsoft_exchange_server/manifest.yml new file mode 100644 index 00000000000..b4515b8ddb3 --- /dev/null +++ b/packages/microsoft_exchange_server/manifest.yml @@ -0,0 +1,45 @@ +format_version: 3.0.3 +name: microsoft_exchange_server +title: "Microsoft Exchange Server" +version: 0.1.0 +source: + license: "Elastic-2.0" +description: Collect logs from Microsoft Exchange Server with Elastic Agent. +type: integration +categories: + - security +conditions: + kibana: + version: "^8.10.1" + elastic: + subscription: "basic" +screenshots: + - src: /img/screenshot_messagtracking.png + title: Screenshot MessageTracking Dashboard + size: 600x600 + type: image/png + - src: /img/screenshot_httpproxy.png + title: Screenshot HTTPProxy Dashboard + size: 600x600 + type: image/png +icons: + - src: /img/exchange.svg + title: Exchange Server logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: microsoft_exchange_server + title: Microsoft Exchange Server + description: Microsoft Exchange Server Logs + data_streams: + - smtp + - httpproxy + - messagetracking + - imap4_pop3 + inputs: + - type: filestream + title: Collect Microsoft Exchange Server Logs from file + description: Microsoft Exchange Server Logs +owner: + github: elastic/sec-windows-platform + type: community diff --git a/packages/microsoft_exchange_server/validation.yml b/packages/microsoft_exchange_server/validation.yml new file mode 100644 index 00000000000..1189aa63c89 --- /dev/null +++ b/packages/microsoft_exchange_server/validation.yml @@ -0,0 +1,3 @@ +errors: + exclude_checks: + - SVR00004 # References in dashboards. From 079c279010c0a7f6880155eef28e7b1d7eb499cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20K=C3=B6tting?= <145989254+SimonKoetting@users.noreply.github.com> Date: Mon, 11 Mar 2024 12:54:26 +0100 Subject: [PATCH 19/34] Fix Exchange Server Dashboard references (#9325) * Fix Dashboard references * Adjust PR --- .../microsoft_exchange_server/changelog.yml | 5 + ...-2b868ef0-c041-11ee-a682-0f218cc418af.json | 4 +- ...8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json} | 159 ++++++++---------- ...-75b14bd0-c034-11ee-a682-0f218cc418af.json | 4 +- ...-ee0a5030-c03f-11ee-a682-0f218cc418af.json | 4 +- .../microsoft_exchange_server/manifest.yml | 4 +- 6 files changed, 79 insertions(+), 101 deletions(-) rename packages/microsoft_exchange_server/kibana/dashboard/{microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json => microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json} (93%) diff --git a/packages/microsoft_exchange_server/changelog.yml b/packages/microsoft_exchange_server/changelog.yml index 94df0450626..c5b5e92d7fb 100644 --- a/packages/microsoft_exchange_server/changelog.yml +++ b/packages/microsoft_exchange_server/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.1" + changes: + - description: Fix missing Dashboard references + type: enhancement + link: https://github.com/elastic/integrations/pull/9325 - version: "0.1.0" changes: - description: Initial release of the package diff --git a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json index 235c4958fe5..18a0ed7fc4b 100644 --- a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json +++ b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af.json @@ -639,9 +639,9 @@ "version": 1 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-02-08T09:17:13.417Z", + "created_at": "2024-03-11T10:14:48.072Z", "id": "microsoft_exchange_server-2b868ef0-c041-11ee-a682-0f218cc418af", - "managed": false, + "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json similarity index 93% rename from packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json rename to packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json index d68f83a6c7e..cbafca63307 100644 --- a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af.json +++ b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json @@ -4,7 +4,7 @@ "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"3b96aa56-e784-4ba5-9e3c-c7a260f817aa\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"3b96aa56-e784-4ba5-9e3c-c7a260f817aa\",\"fieldName\":\"microsoft.exchange.anchormailbox\",\"title\":\"Anchormailbox\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"ecdd0ef4-0779-48f2-a283-cda224f888ff\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"ecdd0ef4-0779-48f2-a283-cda224f888ff\",\"fieldName\":\"microsoft.exchange.authenticateduser\",\"title\":\"Authenticated user\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"60ed44b4-dae1-48de-801b-f4ef52c7b52d\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"60ed44b4-dae1-48de-801b-f4ef52c7b52d\",\"fieldName\":\"microsoft.exchange.urlhost\",\"title\":\"URL Host\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}}}" + "panelsJSON": "{\"a5fe2192-b77c-4f16-888e-4e59fe064c78\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"a5fe2192-b77c-4f16-888e-4e59fe064c78\",\"fieldName\":\"microsoft.exchange.anchormailbox\",\"title\":\"Anchormailbox\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"7c8291ec-dc6d-4fa0-8d67-bb53efdf6c57\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"7c8291ec-dc6d-4fa0-8d67-bb53efdf6c57\",\"fieldName\":\"microsoft.exchange.authenticateduser\",\"title\":\"Authenticated user\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"f542c63c-4265-4ebc-a9d6-7278f4d3976a\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"f542c63c-4265-4ebc-a9d6-7278f4d3976a\",\"fieldName\":\"microsoft.exchange.urlhost\",\"title\":\"URL Host\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}}}" }, "description": "", "kibanaSavedObjectMeta": { @@ -142,14 +142,13 @@ }, "gridData": { "h": 6, - "i": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767", + "i": "d2e19276-b24c-4239-ab0f-3b9c328fb252", "w": 8, "x": 0, "y": 0 }, - "panelIndex": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767", - "type": "lens", - "version": "8.10.4" + "panelIndex": "d2e19276-b24c-4239-ab0f-3b9c328fb252", + "type": "lens" }, { "embeddableConfig": { @@ -160,17 +159,13 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9276c7a4-c750-4092-81d5-ea02cccadc91", - "type": "index-pattern" } ], "state": { "adHocDataViews": {}, "datasourceStates": { "formBased": { + "currentIndexPatternId": "logs-*", "layers": { "d64931ec-87ab-4503-9c67-dbb397048ac8": { "columnOrder": [ @@ -193,10 +188,11 @@ } }, "scale": "ratio", - "sourceField": "microsoft.exchange.requestbytes" + "sourceField": "http.request.bytes" } }, "incompleteColumns": {}, + "indexPatternId": "logs-*", "sampling": 1 } } @@ -252,14 +248,13 @@ }, "gridData": { "h": 6, - "i": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb", + "i": "8a0f3277-f4af-40f5-9526-0b8be36b2daf", "w": 8, "x": 8, "y": 0 }, - "panelIndex": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb", - "type": "lens", - "version": "8.10.4" + "panelIndex": "8a0f3277-f4af-40f5-9526-0b8be36b2daf", + "type": "lens" }, { "embeddableConfig": { @@ -270,17 +265,13 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9048201a-d0d3-42b8-bd95-4a8caaed9cef", - "type": "index-pattern" } ], "state": { "adHocDataViews": {}, "datasourceStates": { "formBased": { + "currentIndexPatternId": "logs-*", "layers": { "d64931ec-87ab-4503-9c67-dbb397048ac8": { "columnOrder": [ @@ -303,10 +294,11 @@ } }, "scale": "ratio", - "sourceField": "microsoft.exchange.responsebytes" + "sourceField": "http.response.bytes" } }, "incompleteColumns": {}, + "indexPatternId": "logs-*", "sampling": 1 } } @@ -362,14 +354,13 @@ }, "gridData": { "h": 6, - "i": "734077b2-55d3-4827-8d61-555ccca7a87d", + "i": "8cd05d59-543a-4b41-9bdd-49b7b8e2cd31", "w": 8, "x": 16, "y": 0 }, - "panelIndex": "734077b2-55d3-4827-8d61-555ccca7a87d", - "type": "lens", - "version": "8.10.4" + "panelIndex": "8cd05d59-543a-4b41-9bdd-49b7b8e2cd31", + "type": "lens" }, { "embeddableConfig": { @@ -465,15 +456,14 @@ }, "gridData": { "h": 6, - "i": "7ef48143-1bb4-418e-9b66-4484816bcf56", + "i": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba", "w": 8, "x": 24, "y": 0 }, - "panelIndex": "7ef48143-1bb4-418e-9b66-4484816bcf56", + "panelIndex": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba", "title": "", - "type": "lens", - "version": "8.10.4" + "type": "lens" }, { "embeddableConfig": { @@ -569,15 +559,14 @@ }, "gridData": { "h": 6, - "i": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2", + "i": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91", "w": 8, "x": 32, "y": 0 }, - "panelIndex": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2", + "panelIndex": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91", "title": "", - "type": "lens", - "version": "8.10.4" + "type": "lens" }, { "embeddableConfig": { @@ -673,15 +662,14 @@ }, "gridData": { "h": 6, - "i": "dbc72b95-0aa9-4962-83ae-69c119bb819e", + "i": "2997a185-6ea5-4e41-bd70-f5a46bd4e127", "w": 8, "x": 40, "y": 0 }, - "panelIndex": "dbc72b95-0aa9-4962-83ae-69c119bb819e", + "panelIndex": "2997a185-6ea5-4e41-bd70-f5a46bd4e127", "title": "", - "type": "lens", - "version": "8.10.4" + "type": "lens" }, { "embeddableConfig": { @@ -859,14 +847,13 @@ }, "gridData": { "h": 9, - "i": "2686237c-5a6c-45c0-854f-cd2e109c4689", + "i": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3", "w": 48, "x": 0, "y": 6 }, - "panelIndex": "2686237c-5a6c-45c0-854f-cd2e109c4689", - "type": "lens", - "version": "8.10.4" + "panelIndex": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3", + "type": "lens" }, { "embeddableConfig": { @@ -1033,15 +1020,14 @@ }, "gridData": { "h": 15, - "i": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c", + "i": "0720a83e-43d7-4993-8072-26be8aa3feb6", "w": 16, "x": 0, "y": 15 }, - "panelIndex": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c", + "panelIndex": "0720a83e-43d7-4993-8072-26be8aa3feb6", "title": "", - "type": "lens", - "version": "8.10.4" + "type": "lens" }, { "embeddableConfig": { @@ -1209,15 +1195,14 @@ }, "gridData": { "h": 15, - "i": "7361b95a-a28a-4de4-89f8-f6f4231258ae", + "i": "70ef3233-def0-42d0-9b35-2e48221fcd16", "w": 16, "x": 16, "y": 15 }, - "panelIndex": "7361b95a-a28a-4de4-89f8-f6f4231258ae", + "panelIndex": "70ef3233-def0-42d0-9b35-2e48221fcd16", "title": "", - "type": "lens", - "version": "8.10.4" + "type": "lens" }, { "embeddableConfig": { @@ -1352,15 +1337,14 @@ }, "gridData": { "h": 15, - "i": "cdc6c5e6-e8b9-40fe-9c4c-204074620499", + "i": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb", "w": 16, "x": 32, "y": 15 }, - "panelIndex": "cdc6c5e6-e8b9-40fe-9c4c-204074620499", + "panelIndex": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb", "title": "", - "type": "lens", - "version": "8.10.4" + "type": "lens" }, { "embeddableConfig": { @@ -1368,15 +1352,14 @@ }, "gridData": { "h": 27, - "i": "0eb79219-ddd9-4ae4-8278-9b12e3e7668b", + "i": "f2260518-d4c1-4b3b-a602-c18c06fc1562", "w": 48, "x": 0, "y": 30 }, - "panelIndex": "0eb79219-ddd9-4ae4-8278-9b12e3e7668b", - "panelRefName": "panel_0eb79219-ddd9-4ae4-8278-9b12e3e7668b", - "type": "search", - "version": "8.10.4" + "panelIndex": "f2260518-d4c1-4b3b-a602-c18c06fc1562", + "panelRefName": "panel_f2260518-d4c1-4b3b-a602-c18c06fc1562", + "type": "search" } ], "timeRestore": false, @@ -1384,8 +1367,8 @@ "version": 1 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-02-08T09:17:13.417Z", - "id": "microsoft_exchange_server-e52391d0-c034-11ee-a682-0f218cc418af", + "created_at": "2024-03-11T10:15:01.086Z", + "id": "microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88", "managed": true, "references": [ { @@ -1395,125 +1378,115 @@ }, { "id": "logs-*", - "name": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f045c6e1-ff4e-4d5f-86b5-6eb6be955767:e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "d2e19276-b24c-4239-ab0f-3b9c328fb252:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "b4f4da92-d6f3-49d3-a5cd-14421ddc25bb:9276c7a4-c750-4092-81d5-ea02cccadc91", + "name": "d2e19276-b24c-4239-ab0f-3b9c328fb252:e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", "type": "index-pattern" }, { "id": "logs-*", - "name": "734077b2-55d3-4827-8d61-555ccca7a87d:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "8a0f3277-f4af-40f5-9526-0b8be36b2daf:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "734077b2-55d3-4827-8d61-555ccca7a87d:9048201a-d0d3-42b8-bd95-4a8caaed9cef", + "name": "8cd05d59-543a-4b41-9bdd-49b7b8e2cd31:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "7ef48143-1bb4-418e-9b66-4484816bcf56:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "7ef48143-1bb4-418e-9b66-4484816bcf56:db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", + "name": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba:db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", "type": "index-pattern" }, { "id": "logs-*", - "name": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "4d3d518a-c20e-4ccc-8904-e5cf35f60eb2:7eefe26a-cbbb-424b-a989-b3be44ac08ed", + "name": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91:7eefe26a-cbbb-424b-a989-b3be44ac08ed", "type": "index-pattern" }, { "id": "logs-*", - "name": "dbc72b95-0aa9-4962-83ae-69c119bb819e:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "2997a185-6ea5-4e41-bd70-f5a46bd4e127:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "dbc72b95-0aa9-4962-83ae-69c119bb819e:b3936adc-f4db-45b1-845e-a13a7c890d2c", + "name": "2997a185-6ea5-4e41-bd70-f5a46bd4e127:b3936adc-f4db-45b1-845e-a13a7c890d2c", "type": "index-pattern" }, { "id": "logs-*", - "name": "2686237c-5a6c-45c0-854f-cd2e109c4689:indexpattern-datasource-layer-f50b399c-7fd8-43f7-8464-fcf7127eb0c4", + "name": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3:indexpattern-datasource-layer-f50b399c-7fd8-43f7-8464-fcf7127eb0c4", "type": "index-pattern" }, { "id": "logs-*", - "name": "2686237c-5a6c-45c0-854f-cd2e109c4689:46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", + "name": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3:46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", "type": "index-pattern" }, { "id": "logs-*", - "name": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "0720a83e-43d7-4993-8072-26be8aa3feb6:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "f977ebfe-fe73-45a6-a1ea-c06e482cda4c:2f74c5df-c534-4145-a74f-8489c346879e", + "name": "0720a83e-43d7-4993-8072-26be8aa3feb6:2f74c5df-c534-4145-a74f-8489c346879e", "type": "index-pattern" }, { "id": "logs-*", - "name": "7361b95a-a28a-4de4-89f8-f6f4231258ae:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "70ef3233-def0-42d0-9b35-2e48221fcd16:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "7361b95a-a28a-4de4-89f8-f6f4231258ae:af78ff4d-82f1-410b-8478-0732fffc9e5b", + "name": "70ef3233-def0-42d0-9b35-2e48221fcd16:af78ff4d-82f1-410b-8478-0732fffc9e5b", "type": "index-pattern" }, { "id": "logs-*", - "name": "cdc6c5e6-e8b9-40fe-9c4c-204074620499:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "cdc6c5e6-e8b9-40fe-9c4c-204074620499:c9c5c37e-da56-4106-b488-560a5da4a1f8", + "name": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb:c9c5c37e-da56-4106-b488-560a5da4a1f8", "type": "index-pattern" }, { "id": "microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af", - "name": "0eb79219-ddd9-4ae4-8278-9b12e3e7668b:panel_0eb79219-ddd9-4ae4-8278-9b12e3e7668b", + "name": "f2260518-d4c1-4b3b-a602-c18c06fc1562:panel_f2260518-d4c1-4b3b-a602-c18c06fc1562", "type": "search" }, { "id": "logs-*", - "name": "controlGroup_3b96aa56-e784-4ba5-9e3c-c7a260f817aa:optionsListDataView", + "name": "controlGroup_a5fe2192-b77c-4f16-888e-4e59fe064c78:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_ecdd0ef4-0779-48f2-a283-cda224f888ff:optionsListDataView", + "name": "controlGroup_7c8291ec-dc6d-4fa0-8d67-bb53efdf6c57:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_60ed44b4-dae1-48de-801b-f4ef52c7b52d:optionsListDataView", + "name": "controlGroup_f542c63c-4265-4ebc-a9d6-7278f4d3976a:optionsListDataView", "type": "index-pattern" } ], "type": "dashboard", "typeMigrationVersion": "8.9.0" -} \ No newline at end of file +} diff --git a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json index 52e9cda0be4..1beffc5ea94 100644 --- a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json +++ b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json @@ -2,10 +2,10 @@ "attributes": { "columns": [ "http.request.bytes", + "http.response.bytes", "http.response.status_code", "microsoft.exchange.anchormailbox", "microsoft.exchange.authenticateduser", - "microsoft.exchange.requestbytes", "microsoft.exchange.urlhost", "microsoft.exchange.totalrequesttime" ], @@ -57,7 +57,7 @@ "viewMode": "documents" }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-02-08T09:17:13.417Z", + "created_at": "2024-03-11T10:14:48.072Z", "id": "microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af", "managed": true, "references": [ diff --git a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json index 301c015ecda..0dacd4c026d 100644 --- a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json +++ b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af.json @@ -4,7 +4,7 @@ "email.direction", "email.from.address", "email.to.address", - "microsoft.exchange.messagesubject", + "email.subject", "email.message_id", "network.bytes" ], @@ -56,7 +56,7 @@ "usesAdHocDataView": false }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-02-08T09:17:13.417Z", + "created_at": "2024-03-11T10:14:48.072Z", "id": "microsoft_exchange_server-ee0a5030-c03f-11ee-a682-0f218cc418af", "managed": true, "references": [ diff --git a/packages/microsoft_exchange_server/manifest.yml b/packages/microsoft_exchange_server/manifest.yml index b4515b8ddb3..7aa47440508 100644 --- a/packages/microsoft_exchange_server/manifest.yml +++ b/packages/microsoft_exchange_server/manifest.yml @@ -1,10 +1,10 @@ format_version: 3.0.3 name: microsoft_exchange_server title: "Microsoft Exchange Server" -version: 0.1.0 +version: 0.1.1 source: license: "Elastic-2.0" -description: Collect logs from Microsoft Exchange Server with Elastic Agent. +description: Collect logs from Microsoft Exchange Server with Elastic Agent. type: integration categories: - security From 3f54476bba8a84829679f91f51cae065f4054af7 Mon Sep 17 00:00:00 2001 From: Mariana Dima Date: Mon, 11 Mar 2024 14:05:14 +0100 Subject: [PATCH 20/34] update ownership for azure missing data streams (#9297) --- .github/CODEOWNERS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 896e5f2f771..dc1d682116c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -72,6 +72,8 @@ /packages/azure/data_stream/provisioning @elastic/obs-infraobs-integrations /packages/azure/data_stream/signinlogs @elastic/obs-infraobs-integrations /packages/azure/data_stream/springcloudlogs @elastic/obs-infraobs-integrations +/packages/azure/data_stream/application_gateway @elastic/security-service-integrations +/packages/azure/data_stream/firewall_logs @elastic/security-service-integrations /packages/azure_app_service @elastic/obs-infraobs-integrations /packages/azure_app_service/data_stream/app_service_logs @elastic/obs-infraobs-integrations /packages/azure_application_insights @elastic/obs-infraobs-integrations From 7724c823bd380395873d34ac1f215393bc4477ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 16:59:48 +0100 Subject: [PATCH 21/34] Bump github.com/elastic/elastic-package from 0.98.1 to 0.98.2 (#9330) Bumps [github.com/elastic/elastic-package](https://github.com/elastic/elastic-package) from 0.98.1 to 0.98.2. - [Release notes](https://github.com/elastic/elastic-package/releases) - [Changelog](https://github.com/elastic/elastic-package/blob/main/.goreleaser.yml) - [Commits](https://github.com/elastic/elastic-package/compare/v0.98.1...v0.98.2) --- updated-dependencies: - dependency-name: github.com/elastic/elastic-package dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 40e44bcd0a0..f47c19cadf3 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21.0 require ( github.com/blang/semver v3.5.1+incompatible - github.com/elastic/elastic-package v0.98.1 + github.com/elastic/elastic-package v0.98.2 github.com/elastic/go-licenser v0.4.1 github.com/elastic/package-registry v1.23.1 github.com/magefile/mage v1.15.0 @@ -140,7 +140,7 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/rivo/uniseg v0.4.3 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/shirou/gopsutil/v3 v3.24.1 // indirect + github.com/shirou/gopsutil/v3 v3.24.2 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/afero v1.11.0 // indirect @@ -155,7 +155,7 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xlab/treeprint v1.2.0 // indirect - github.com/yusufpapurcu/wmi v1.2.3 // indirect + github.com/yusufpapurcu/wmi v1.2.4 // indirect go.elastic.co/apm/module/apmgorilla/v2 v2.4.8 // indirect go.elastic.co/apm/module/apmhttp/v2 v2.4.8 // indirect go.elastic.co/apm/module/apmzap/v2 v2.4.8 // indirect diff --git a/go.sum b/go.sum index 6077f695cbc..a4209b2456b 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elastic/elastic-integration-corpus-generator-tool v0.10.0 h1:sx1lpZuTG5suJuvgix4FWQFCLFFbzkoOmPoHWYOPLCY= github.com/elastic/elastic-integration-corpus-generator-tool v0.10.0/go.mod h1:2/30n+2QRzRzus4TPVUV1T3U/j8g2ItUgvP0pcpjLGk= -github.com/elastic/elastic-package v0.98.1 h1:TWQPC4bmOv9EUjROT3KIoCtFGjuFD5EC+zjYfuIH7IA= -github.com/elastic/elastic-package v0.98.1/go.mod h1:qZcT49UAq2JGOEsmJxH6TYjwOOhnAUaouzSwVwsnFvU= +github.com/elastic/elastic-package v0.98.2 h1:/IXy/Ql5m2qYGMTruGSyDrZa3oW8f7D9fz8CYGi4sqY= +github.com/elastic/elastic-package v0.98.2/go.mod h1:O1ERev5BK6C7MvNnoYqghmxrOByEqnbxaZ/GkfwERX4= github.com/elastic/go-elasticsearch/v7 v7.17.10 h1:TCQ8i4PmIJuBunvBS6bwT2ybzVFxxUhhltAs3Gyu1yo= github.com/elastic/go-elasticsearch/v7 v7.17.10/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4= github.com/elastic/go-licenser v0.4.1 h1:1xDURsc8pL5zYT9R29425J3vkHdt4RT5TNEMeRN48x4= @@ -405,8 +405,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shirou/gopsutil/v3 v3.24.1 h1:R3t6ondCEvmARp3wxODhXMTLC/klMa87h2PHUw5m7QI= -github.com/shirou/gopsutil/v3 v3.24.1/go.mod h1:UU7a2MSBQa+kW1uuDq8DeEBS8kmrnQwsv2b5O513rwU= +github.com/shirou/gopsutil/v3 v3.24.2 h1:kcR0erMbLg5/3LcInpw0X/rrPSqq4CDPyI6A6ZRC18Y= +github.com/shirou/gopsutil/v3 v3.24.2/go.mod h1:tSg/594BcA+8UdQU2XcW803GWYgdtauFFPgJCJKZlVk= github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM= github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ= github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU= @@ -470,8 +470,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw= -github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= +github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= +github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.einride.tech/aip v0.66.0 h1:XfV+NQX6L7EOYK11yoHHFtndeaWh3KbD9/cN/6iWEt8= go.einride.tech/aip v0.66.0/go.mod h1:qAhMsfT7plxBX+Oy7Huol6YUvZ0ZzdUz26yZsQwfl1M= go.elastic.co/apm/module/apmgorilla/v2 v2.4.8 h1:Yulr18ASd4fK3nzQsCxGgFSE4bbS8nouQlS1/ZgmDRs= @@ -599,7 +599,7 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= From 5cc8568701b88b7c816a8639414770d6c548416c Mon Sep 17 00:00:00 2001 From: Rickyanto Ang Date: Mon, 11 Mar 2024 11:02:45 -0700 Subject: [PATCH 22/34] [Cloud Security] Bump up version (#9331) * bump up * added change --- packages/cloud_security_posture/changelog.yml | 5 ++++- packages/cloud_security_posture/manifest.yml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml index 320cc545142..ba9c6327dfa 100644 --- a/packages/cloud_security_posture/changelog.yml +++ b/packages/cloud_security_posture/changelog.yml @@ -7,8 +7,11 @@ # 1.4.x - 8.9.x # 1.3.x - 8.8.x # 1.2.x - 8.7.x -- version: "1.8.0-preview08" +- version: "1.8.0" changes: + - description: Bump up version + type: enhancement + link: https://github.com/elastic/integrations/pull/9331 - description: Add cloudsecurity_cdr sub category label. type: enhancement link: https://github.com/elastic/integrations/pull/9213 diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml index 177c53abbcb..c484b4a204e 100644 --- a/packages/cloud_security_posture/manifest.yml +++ b/packages/cloud_security_posture/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: cloud_security_posture title: "Security Posture Management" -version: "1.8.0-preview08" +version: "1.8.0" source: license: "Elastic-2.0" description: "Identify & remediate configuration risks in your Cloud infrastructure" From dffe131e660c9db1ec2f3cb9dc2772e96ffca432 Mon Sep 17 00:00:00 2001 From: Alphabeet <52979715+Alphayeeeet@users.noreply.github.com> Date: Tue, 12 Mar 2024 12:41:44 +0100 Subject: [PATCH 23/34] Fixed Grok patterns in apache tomcat integration (#9243) When parsing for example a 302 request, the response-bytes are "-" and therefore, the grok processor threw an error. This should now be fixed. --------- Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com> --- packages/apache_tomcat/changelog.yml | 5 ++ .../access/_dev/test/pipeline/test-access.log | 1 + .../pipeline/test-access.log-expected.json | 78 +++++++++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 2 +- packages/apache_tomcat/manifest.yml | 2 +- 5 files changed, 86 insertions(+), 2 deletions(-) diff --git a/packages/apache_tomcat/changelog.yml b/packages/apache_tomcat/changelog.yml index 4d07f6c2338..f3603399680 100644 --- a/packages/apache_tomcat/changelog.yml +++ b/packages/apache_tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.2" + changes: + - description: "Fix non-matching grok patterns in access log pipeline for 302 errors" + type: bugfix + link: https://github.com/elastic/integrations/pull/9243 - version: "1.3.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log b/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log index 0fd8d1d1d81..5df7d49fd0f 100644 --- a/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log +++ b/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log @@ -1,4 +1,5 @@ 81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] "POST /host-manager/images/asf-logo.svg HTTP/1.1" 200 20486 81.2.69.145 + 400 "http://localhost:8080/host-manager/html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" X-Forwarded-For="127.0.0.1, 127.0.0.2" +81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] "POST /host-manager/images/asf-logo.svg HTTP/1.1" 302 - 81.2.69.145 + 400 "http://localhost:8080/host-manager/html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" X-Forwarded-For="127.0.0.1, 127.0.0.2" 81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] "POST /host-manager/images/asf-logo.svg HTTP/1.1" 200 20486 X 400 "http://localhost:8080/host-manager/html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" X-Forwarded-For="127.0.0.1" 81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] "POST /host-manager/images/asf-logo.svg HTTP/1.1" 200 20486 50 "http://localhost:8080/host-manager/html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" X-Forwarded-For="" 81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] "POST /host-manager/images/asf-logo.svg HTTP/1.1" 200 20486 81.2.69.145 40 "http://localhost:8080/host-manager/html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" X-Forwarded-For="127.0.0.1, 127.0.0.3" diff --git a/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json b/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json index ff88519e58e..ff4a32343c7 100644 --- a/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json @@ -82,6 +82,84 @@ "version": "109.0.0.0" } }, + { + "@timestamp": "2023-03-02T13:28:17.000Z", + "apache_tomcat": { + "access": { + "connection_status": "+", + "http": { + "ident": "-", + "useragent": "admin" + }, + "ip": { + "local": "81.2.69.145" + }, + "response_time": 400.0 + } + }, + "client": { + "ip": [ + "127.0.0.1", + "127.0.0.2" + ] + }, + "ecs": { + "version": "8.7.0" + }, + "event": { + "category": [ + "web" + ], + "kind": "event", + "module": "apache_tomcat", + "original": "81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] \"POST /host-manager/images/asf-logo.svg HTTP/1.1\" 302 - 81.2.69.145 + 400 \"http://localhost:8080/host-manager/html\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36\" X-Forwarded-For=\"127.0.0.1, 127.0.0.2\"", + "type": [ + "access" + ] + }, + "http": { + "request": { + "method": "POST", + "referrer": "http://localhost:8080/host-manager/html" + }, + "response": { + "status_code": 302 + }, + "version": "1.1" + }, + "related": { + "ip": [ + "81.2.69.144", + "81.2.69.145", + "127.0.0.1", + "127.0.0.2" + ] + }, + "source": { + "ip": "81.2.69.144" + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "extension": "svg", + "original": "/host-manager/images/asf-logo.svg", + "path": "/host-manager/images/asf-logo.svg" + }, + "user_agent": { + "device": { + "name": "Other" + }, + "name": "Chrome", + "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36", + "os": { + "full": "Windows 10", + "name": "Windows", + "version": "10" + }, + "version": "109.0.0.0" + } + }, { "@timestamp": "2023-03-02T13:28:17.000Z", "apache_tomcat": { diff --git a/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml index eac23bc3599..002f9fa5065 100644 --- a/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml @@ -42,7 +42,7 @@ processors: field: _tmp.dissectgrok tag: 'grok_parse_log_dissectgrok' patterns: - - '^%{NUMBER:http.response.status_code} %{POSINT:destination.bytes}( %{GREEDYDATA:_tmp.grok})?$' + - '^%{NUMBER:http.response.status_code} (-|%{POSINT:destination.bytes})( %{GREEDYDATA:_tmp.grok})?$' on_failure: - append: field: error.message diff --git a/packages/apache_tomcat/manifest.yml b/packages/apache_tomcat/manifest.yml index bb8323644d4..25b10f12efe 100644 --- a/packages/apache_tomcat/manifest.yml +++ b/packages/apache_tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: apache_tomcat title: Apache Tomcat -version: "1.3.1" +version: "1.3.2" description: Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent. categories: ["web", "observability"] type: integration From 06e89f89bb5a1531fc620c6dda4390b9c4a11f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=B4mulo=20Farias?= Date: Tue, 12 Mar 2024 13:24:03 +0100 Subject: [PATCH 24/34] Label keys as secrets (#9343) --- packages/cloud_security_posture/changelog.yml | 6 ++++++ .../data_stream/findings/manifest.yml | 11 ++++++----- packages/cloud_security_posture/manifest.yml | 4 ++-- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml index ba9c6327dfa..f6a62fef444 100644 --- a/packages/cloud_security_posture/changelog.yml +++ b/packages/cloud_security_posture/changelog.yml @@ -1,5 +1,6 @@ # newer versions go on top # version map: +# 1.9.x - 8.14.x # 1.8.x - 8.13.x # 1.7.x - 8.12.x # 1.6.x - 8.11.x @@ -7,6 +8,11 @@ # 1.4.x - 8.9.x # 1.3.x - 8.8.x # 1.2.x - 8.7.x +- version: "1.9.0-preview01" + changes: + - description: Convert fields to secrets + type: enhancement + link: https://github.com/elastic/integrations/pull/9331 - version: "1.8.0" changes: - description: Bump up version diff --git a/packages/cloud_security_posture/data_stream/findings/manifest.yml b/packages/cloud_security_posture/data_stream/findings/manifest.yml index b517accf1c0..5c54cde3146 100644 --- a/packages/cloud_security_posture/data_stream/findings/manifest.yml +++ b/packages/cloud_security_posture/data_stream/findings/manifest.yml @@ -31,7 +31,7 @@ streams: multi: false required: false show_user: true - secret: false + secret: true - name: session_token type: text title: Session Token @@ -81,7 +81,7 @@ streams: multi: false required: false show_user: true - secret: false + secret: true - name: session_token type: text title: Session Token @@ -161,6 +161,7 @@ streams: multi: false required: false show_user: true + secret: true - input: cloudbeat/cis_azure title: CIS Azure Benchmark description: CIS Benchmark for Microsoft Azure Foundations @@ -197,7 +198,7 @@ streams: multi: false required: false show_user: true - secret: false + secret: true - name: azure.credentials.client_username type: text title: Client Username @@ -210,7 +211,7 @@ streams: multi: false required: false show_user: true - secret: false + secret: true - name: azure.credentials.client_certificate_path type: text title: Client Certificate Path @@ -223,4 +224,4 @@ streams: multi: false required: false show_user: true - secret: false + secret: true diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml index c484b4a204e..f6f7f1448f3 100644 --- a/packages/cloud_security_posture/manifest.yml +++ b/packages/cloud_security_posture/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: cloud_security_posture title: "Security Posture Management" -version: "1.8.0" +version: "1.9.0-preview01" source: license: "Elastic-2.0" description: "Identify & remediate configuration risks in your Cloud infrastructure" @@ -11,7 +11,7 @@ categories: - cloudsecurity_cdr conditions: kibana: - version: "^8.13.0" + version: "^8.14.0" elastic: subscription: basic capabilities: From 97ac856ff6f667676699386a80ec1e84bc65271f Mon Sep 17 00:00:00 2001 From: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com> Date: Tue, 12 Mar 2024 10:05:51 -0500 Subject: [PATCH 25/34] [panw] Ensure empty NAT IP is not appended to related items (#9333) - Ensure that the NAT ip and port are removed prior to other processors if they are unset (values of '0.0.0.0' and '0', respectively) - Update test files, sample_event, and readme --- packages/panw/changelog.yml | 5 + ...w-panos-inc-other-sample.log-expected.json | 3 +- ...-panos-inc-threat-sample.log-expected.json | 312 ++++++------------ ...panos-inc-traffic-sample.log-expected.json | 300 ++++++----------- ...-panw-panos-inc-traffic.json-expected.json | 5 +- .../elasticsearch/ingest_pipeline/default.yml | 23 +- .../panw/data_stream/panos/sample_event.json | 19 +- packages/panw/docs/README.md | 18 +- packages/panw/manifest.yml | 2 +- 9 files changed, 241 insertions(+), 446 deletions(-) diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 377723d814f..d9eb5b95d97 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.23.1" + changes: + - description: Ensure empty NAT IP is not appended to related items. + type: bugfix + link: https://github.com/elastic/integrations/pull/9333 - version: "3.23.0" changes: - description: Update package spec to 3.0.3. diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 310a52a1cab..a14abb817d6 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -1480,8 +1480,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json index 32b3e23bdac..f43f1c044f8 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json @@ -134,8 +134,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -302,8 +301,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -471,8 +469,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -640,8 +637,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -809,8 +805,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -978,8 +973,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1147,8 +1141,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1315,8 +1308,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1483,8 +1475,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1651,8 +1642,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1820,8 +1810,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1987,8 +1976,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2155,8 +2143,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2322,8 +2309,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2491,8 +2477,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2659,8 +2644,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2825,8 +2809,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2994,8 +2977,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3161,8 +3143,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3328,8 +3309,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3496,8 +3476,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3663,8 +3642,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3831,8 +3809,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3998,8 +3975,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4165,8 +4141,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4332,8 +4307,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4499,8 +4473,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4666,8 +4639,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4833,8 +4805,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5000,8 +4971,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5167,8 +5137,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5334,8 +5303,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5501,8 +5469,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5666,8 +5633,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5833,8 +5799,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6000,8 +5965,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6166,8 +6130,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6333,8 +6296,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6499,8 +6461,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6665,8 +6626,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6831,8 +6791,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6998,8 +6957,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7164,8 +7122,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7319,8 +7276,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -7483,8 +7439,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7648,8 +7603,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7813,8 +7767,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7979,8 +7932,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8144,8 +8096,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8309,8 +8260,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8475,8 +8425,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8641,8 +8590,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8807,8 +8755,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8968,8 +8915,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -9132,8 +9078,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9293,8 +9238,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -9452,8 +9396,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -9616,8 +9559,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9777,8 +9719,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -9936,8 +9877,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -10100,8 +10040,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10266,8 +10205,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10432,8 +10370,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10593,8 +10530,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -10757,8 +10693,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10922,8 +10857,7 @@ "related": { "ip": [ "192.168.0.6", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "jordy" @@ -11074,8 +11008,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.6", - "0.0.0.0" + "192.168.0.6" ], "user": [ "jordy" @@ -11230,8 +11163,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.6", - "0.0.0.0" + "192.168.0.6" ], "user": [ "jordy" @@ -11393,8 +11325,7 @@ "related": { "ip": [ "192.168.0.6", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "jordy" @@ -11545,8 +11476,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.6", - "0.0.0.0" + "192.168.0.6" ], "user": [ "jordy" @@ -11708,8 +11638,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "picard" @@ -11860,8 +11789,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -12019,8 +11947,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.6", - "0.0.0.0" + "192.168.0.6" ], "user": [ "jordy" @@ -12175,8 +12102,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -12331,8 +12257,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -12487,8 +12412,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -12643,8 +12567,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -12806,8 +12729,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "picard" @@ -12958,8 +12880,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -13114,8 +13035,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -13270,8 +13190,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -13426,8 +13345,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -13582,8 +13500,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.6", - "0.0.0.0" + "192.168.0.6" ], "user": [ "jordy" @@ -13738,8 +13655,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -13894,8 +13810,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -14050,8 +13965,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -14206,8 +14120,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -14362,8 +14275,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -14518,8 +14430,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -14674,8 +14585,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -14837,8 +14747,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "picard" @@ -14989,8 +14898,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -15145,8 +15053,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "picard" @@ -15308,8 +15215,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "jordy" @@ -15460,8 +15366,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -15616,8 +15521,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -15772,8 +15676,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -15928,8 +15831,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -16084,8 +15986,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -16240,8 +16141,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "jordy" @@ -16400,8 +16300,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -16560,8 +16459,7 @@ "related": { "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "crusher" @@ -16769,8 +16667,7 @@ ], "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "schmidtdo" @@ -17009,8 +16906,7 @@ ], "ip": [ "175.16.199.1", - "192.168.0.2", - "0.0.0.0" + "192.168.0.2" ], "user": [ "schmidtdo" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json index ece09ea9d22..6a85e28bfb5 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json @@ -92,8 +92,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -213,8 +212,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -334,8 +332,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -455,8 +452,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -576,8 +572,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -697,8 +692,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -818,8 +812,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -939,8 +932,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1060,8 +1052,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1181,8 +1172,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1302,8 +1292,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1423,8 +1412,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1544,8 +1532,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1665,8 +1652,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1786,8 +1772,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -1907,8 +1892,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2028,8 +2012,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2149,8 +2132,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2270,8 +2252,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2391,8 +2372,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2512,8 +2492,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2633,8 +2612,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2754,8 +2732,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2875,8 +2852,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -2996,8 +2972,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3117,8 +3092,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3238,8 +3212,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3359,8 +3332,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3480,8 +3452,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3601,8 +3572,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3722,8 +3692,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3843,8 +3812,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -3964,8 +3932,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4085,8 +4052,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4206,8 +4172,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4327,8 +4292,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4448,8 +4412,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4569,8 +4532,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4690,8 +4652,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -4808,8 +4769,7 @@ "related": { "ip": [ "192.168.0.100", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ] }, "rule": { @@ -4920,8 +4880,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5038,8 +4997,7 @@ "related": { "ip": [ "192.168.0.100", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ] }, "rule": { @@ -5150,8 +5108,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5271,8 +5228,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5389,8 +5345,7 @@ "related": { "ip": [ "192.168.0.100", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ] }, "rule": { @@ -5501,8 +5456,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5622,8 +5576,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5743,8 +5696,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5864,8 +5816,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -5985,8 +5936,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6106,8 +6056,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6227,8 +6176,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6348,8 +6296,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6469,8 +6416,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6590,8 +6536,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6711,8 +6656,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6832,8 +6776,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -6953,8 +6896,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7074,8 +7016,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7195,8 +7136,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7316,8 +7256,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7437,8 +7376,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7558,8 +7496,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7679,8 +7616,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7800,8 +7736,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -7921,8 +7856,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8042,8 +7976,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8163,8 +8096,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8284,8 +8216,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8405,8 +8336,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8526,8 +8456,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8647,8 +8576,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8768,8 +8696,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -8889,8 +8816,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9010,8 +8936,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9131,8 +9056,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9252,8 +9176,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9363,8 +9286,7 @@ "related": { "ip": [ "192.168.0.2", - "192.168.0.1", - "0.0.0.0" + "192.168.0.1" ], "user": [ "crusher" @@ -9484,8 +9406,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9605,8 +9526,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -9716,8 +9636,7 @@ "related": { "ip": [ "192.168.0.2", - "192.168.0.1", - "0.0.0.0" + "192.168.0.1" ], "user": [ "crusher" @@ -9827,8 +9746,7 @@ "related": { "ip": [ "192.168.0.2", - "192.168.0.1", - "0.0.0.0" + "192.168.0.1" ], "user": [ "crusher" @@ -9948,8 +9866,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10069,8 +9986,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10190,8 +10106,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10311,8 +10226,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10432,8 +10346,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10543,8 +10456,7 @@ "related": { "ip": [ "192.168.0.2", - "192.168.0.1", - "0.0.0.0" + "192.168.0.1" ], "user": [ "crusher" @@ -10664,8 +10576,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10785,8 +10696,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -10906,8 +10816,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11027,8 +10936,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11148,8 +11056,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11269,8 +11176,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11390,8 +11296,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11511,8 +11416,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11622,8 +11526,7 @@ "related": { "ip": [ "192.168.0.2", - "192.168.0.1", - "0.0.0.0" + "192.168.0.1" ], "user": [ "crusher" @@ -11743,8 +11646,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11864,8 +11766,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -11985,8 +11886,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json index 31f3053017d..73dc2990809 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json @@ -139,8 +139,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -314,7 +313,6 @@ "ip": [ "192.168.0.2", "175.16.199.1", - "0.0.0.0", "127.0.0.1" ], "user": [ @@ -490,7 +488,6 @@ "ip": [ "192.168.0.2", "175.16.199.1", - "0.0.0.0", "127.0.0.1" ], "user": [ diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index 81749a4ca89..7c142af712e 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -335,6 +335,18 @@ processors: field: session.start_time value: '{{{panw.panos.parent_session.start_time}}}' +# Remove NAT fields when translation was not done. + - remove: + field: + - source.nat.ip + - source.nat.port + if: ctx.source?.nat?.ip == '0.0.0.0' && ctx.source.nat.port == '0' + - remove: + field: + - destination.nat.ip + - destination.nat.port + if: ctx.destination?.nat?.ip == '0.0.0.0' && ctx.destination.nat.port == '0' + # convert IP fields as the output of the CSV processor is always a string. - convert: field: source.ip @@ -1550,17 +1562,6 @@ processors: - _temp_ - _conf ignore_missing: true -# Remove NAT fields when translation was not done. - - remove: - field: - - source.nat.ip - - source.nat.port - if: ctx.source?.nat?.ip == '0.0.0.0' && ctx.source.nat.port == 0 - - remove: - field: - - destination.nat.ip - - destination.nat.port - if: ctx.destination?.nat?.ip == '0.0.0.0' && ctx.destination.nat.port == 0 # Remove panw.panos fields that are copied into an ECS field. - remove: diff --git a/packages/panw/data_stream/panos/sample_event.json b/packages/panw/data_stream/panos/sample_event.json index 930e6f7d2a6..8e0fe3af61b 100644 --- a/packages/panw/data_stream/panos/sample_event.json +++ b/packages/panw/data_stream/panos/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2012-04-10T04:39:56.000Z", "agent": { - "ephemeral_id": "3a362c46-abee-4440-bd82-f0e41a651188", - "id": "f25d13cd-18cc-4e73-822c-c4f849322623", + "ephemeral_id": "be1891e7-30b4-4f85-b31e-e719ee92c1ea", + "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.10.1" + "version": "8.12.1" }, "data_stream": { "dataset": "panw.panos", @@ -34,9 +34,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "f25d13cd-18cc-4e73-822c-c4f849322623", + "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", "snapshot": false, - "version": "8.10.1" + "version": "8.12.1" }, "event": { "action": "url_filtering", @@ -48,7 +48,7 @@ ], "created": "2012-10-30T09:46:12.000Z", "dataset": "panw.panos", - "ingested": "2023-09-26T16:43:58Z", + "ingested": "2024-03-11T17:57:37Z", "kind": "alert", "original": "<14>Nov 30 16:09:08 PA-220 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,\"lorexx.cn/loader.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -68,7 +68,7 @@ "log": { "level": "informational", "source": { - "address": "192.168.80.7:47488" + "address": "172.18.0.4:53212" }, "syslog": { "facility": { @@ -135,8 +135,7 @@ "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -169,4 +168,4 @@ "user": { "name": "crusher" } -} +} \ No newline at end of file diff --git a/packages/panw/docs/README.md b/packages/panw/docs/README.md index 882a3968bbe..6a444bbb2bf 100644 --- a/packages/panw/docs/README.md +++ b/packages/panw/docs/README.md @@ -36,11 +36,11 @@ An example event for `panos` looks as following: { "@timestamp": "2012-04-10T04:39:56.000Z", "agent": { - "ephemeral_id": "3a362c46-abee-4440-bd82-f0e41a651188", - "id": "f25d13cd-18cc-4e73-822c-c4f849322623", + "ephemeral_id": "be1891e7-30b4-4f85-b31e-e719ee92c1ea", + "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.10.1" + "version": "8.12.1" }, "data_stream": { "dataset": "panw.panos", @@ -69,9 +69,9 @@ An example event for `panos` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "f25d13cd-18cc-4e73-822c-c4f849322623", + "id": "bf959e04-184d-48cb-92c0-4f7f748a2cc0", "snapshot": false, - "version": "8.10.1" + "version": "8.12.1" }, "event": { "action": "url_filtering", @@ -83,7 +83,7 @@ An example event for `panos` looks as following: ], "created": "2012-10-30T09:46:12.000Z", "dataset": "panw.panos", - "ingested": "2023-09-26T16:43:58Z", + "ingested": "2024-03-11T17:57:37Z", "kind": "alert", "original": "<14>Nov 30 16:09:08 PA-220 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,175.16.199.1,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,\"lorexx.cn/loader.exe\",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html", "outcome": "success", @@ -103,7 +103,7 @@ An example event for `panos` looks as following: "log": { "level": "informational", "source": { - "address": "192.168.80.7:47488" + "address": "172.18.0.4:53212" }, "syslog": { "facility": { @@ -170,8 +170,7 @@ An example event for `panos` looks as following: "related": { "ip": [ "192.168.0.2", - "175.16.199.1", - "0.0.0.0" + "175.16.199.1" ], "user": [ "crusher" @@ -205,7 +204,6 @@ An example event for `panos` looks as following: "name": "crusher" } } - ``` **Exported fields** diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index 5d1bd8eb8dd..c49cf4aa1c9 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: "3.23.0" +version: "3.23.1" description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration format_version: "3.0.3" From e0f4475aec8d0f475cc5955c5eb58685d65017bb Mon Sep 17 00:00:00 2001 From: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Date: Tue, 12 Mar 2024 20:45:12 +0530 Subject: [PATCH 26/34] Fix event.outcome condition for redirection status codes(3xx) (#9348) * Fix event.outcome condition for redirection status_code --- packages/apache_tomcat/changelog.yml | 7 ++++++- .../_dev/test/pipeline/test-access.log-expected.json | 1 + .../access/elasticsearch/ingest_pipeline/default.yml | 4 ++-- packages/apache_tomcat/manifest.yml | 2 +- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/apache_tomcat/changelog.yml b/packages/apache_tomcat/changelog.yml index f3603399680..c405f70d37e 100644 --- a/packages/apache_tomcat/changelog.yml +++ b/packages/apache_tomcat/changelog.yml @@ -1,7 +1,12 @@ # newer versions go on top +- version: "1.3.3" + changes: + - description: Fix event.outcome for redirection status_codes 3xx. + type: bugfix + link: https://github.com/elastic/integrations/pull/9348 - version: "1.3.2" changes: - - description: "Fix non-matching grok patterns in access log pipeline for 302 errors" + - description: Fix non-matching grok patterns in access log pipeline for 302 errors. type: bugfix link: https://github.com/elastic/integrations/pull/9243 - version: "1.3.1" diff --git a/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json b/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json index ff4a32343c7..f962cab04f3 100644 --- a/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/apache_tomcat/data_stream/access/_dev/test/pipeline/test-access.log-expected.json @@ -113,6 +113,7 @@ "kind": "event", "module": "apache_tomcat", "original": "81.2.69.144 - admin [02/Mar/2023:18:58:17 +0530] \"POST /host-manager/images/asf-logo.svg HTTP/1.1\" 302 - 81.2.69.145 + 400 \"http://localhost:8080/host-manager/html\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36\" X-Forwarded-For=\"127.0.0.1, 127.0.0.2\"", + "outcome": "success", "type": [ "access" ] diff --git a/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml b/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml index 002f9fa5065..980af1bcd1f 100644 --- a/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/apache_tomcat/data_stream/access/elasticsearch/ingest_pipeline/default.yml @@ -97,11 +97,11 @@ processors: - set: field: event.outcome value: success - if: ctx.http?.response?.status_code != null && ctx.http.response.status_code >= 200 && ctx.http.response.status_code < 300 + if: ctx.http?.response?.status_code != null && ctx.http.response.status_code < 400 - set: field: event.outcome value: failure - if: ctx.http?.response?.status_code != null && ctx.http.response.status_code >= 400 && ctx.http.response.status_code < 600 + if: ctx.http?.response?.status_code != null && ctx.http.response.status_code >= 400 - remove: if: ctx.destination?.bytes == '-' field: destination.bytes diff --git a/packages/apache_tomcat/manifest.yml b/packages/apache_tomcat/manifest.yml index 25b10f12efe..9e90d41224a 100644 --- a/packages/apache_tomcat/manifest.yml +++ b/packages/apache_tomcat/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: apache_tomcat title: Apache Tomcat -version: "1.3.2" +version: "1.3.3" description: Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent. categories: ["web", "observability"] type: integration From cddf031d0f54d4fbe728872c40127fafaf924fbb Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 13 Mar 2024 15:14:38 +1030 Subject: [PATCH 27/34] carbon_black_cloud: fix handling of network direction (#9340) --- packages/carbon_black_cloud/changelog.yml | 5 + .../data_stream/alert/sample_event.json | 2 +- .../sample_event.json | 2 +- .../data_stream/audit/sample_event.json | 2 +- .../test/pipeline/test-endpoint-event.log | 3 +- .../test-endpoint-event.log-expected.json | 127 +++++++++++++++++- .../elasticsearch/ingest_pipeline/default.yml | 51 +++++-- .../data_stream/endpoint_event/fields/ecs.yml | 4 + packages/carbon_black_cloud/docs/README.md | 5 +- packages/carbon_black_cloud/manifest.yml | 2 +- 10 files changed, 178 insertions(+), 25 deletions(-) diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index aebcfbd8781..de8b216a440 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.21.1" + changes: + - description: Fix handling of network direction. + type: bugfix + link: https://github.com/elastic/integrations/pull/9340 - version: "1.21.0" changes: - description: Introduced data stream specific SQS queues. diff --git a/packages/carbon_black_cloud/data_stream/alert/sample_event.json b/packages/carbon_black_cloud/data_stream/alert/sample_event.json index 3f1c2b77f5f..5e563c6284e 100644 --- a/packages/carbon_black_cloud/data_stream/alert/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/alert/sample_event.json @@ -99,4 +99,4 @@ "user": { "name": "test34@demo.com" } -} +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json index f3b6563ed21..c32a955c97f 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/sample_event.json @@ -73,4 +73,4 @@ }, "severity": "CRITICAL" } -} +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/data_stream/audit/sample_event.json b/packages/carbon_black_cloud/data_stream/audit/sample_event.json index 852fe377add..23b9ae866cf 100644 --- a/packages/carbon_black_cloud/data_stream/audit/sample_event.json +++ b/packages/carbon_black_cloud/data_stream/audit/sample_event.json @@ -59,4 +59,4 @@ "forwarded", "carbon_black_cloud-audit" ] -} +} \ No newline at end of file diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log index 619b1a6694a..eec0e1a52bd 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log @@ -11,5 +11,6 @@ {"type":"endpoint.event.filemod","process_guid":"XXXXXXXX-003d902d-00000694-00000000-1d7540221dedd62","parent_guid":"XXXXXXXX-003d902d-00000280-00000000-1d74d6bb1e536c7","backend_timestamp":"2022-02-10 11:52:50 +0000 UTC","org_key":"XXXXXXXX","device_id":"11","device_name":"DESKTOP-011","device_external_ip":"67.43.156.13","device_os":"WINDOWS","device_group":"","action":"ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE","schema":1,"device_timestamp":"2022-02-10 11:51:35.4434036 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":1684,"parent_pid":640,"process_publisher":[{"name":"Microsoft Corporation","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED"}],"process_path":"c:\\windowsazure\\guestagent_2.7.41491.1010_2021-05-11_233023\\guestagent\\windowsazureguestagent.exe","parent_path":"c:\\windows\\system32\\services.exe","process_hash":["03dd698da2671383c9b4f868c9931879","44a1975b2197484bb22a0eb673e67e7ee9ec20265e9f6347f5e06b6447ac82c5"],"parent_hash":["fae441a6ec7fd8f55a404797a25c8910","70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4"],"process_cmdline":"C:\\WindowsAzure\\GuestAgent_2.7.41491.1010_2021-05-11_233023\\GuestAgent\\WindowsAzureGuestAgent.exe","parent_cmdline":"C:\\windows\\system32\\services.exe","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","filemod_hash":["",""],"filemod_name":"c:\\windowsazure\\logs\\aggregatestatus\\aggregatestatus_20220210114710865.json"} {"type":"endpoint.event.filemod","process_guid":"XXXXXXXX-003dd2d5-00000a24-00000000-1d81e7447aed7aa","parent_guid":"XXXXXXXX-003dd2d5-00000ce4-00000000-1d7d6729f74b35a","backend_timestamp":"2022-02-10 11:50:50 +0000 UTC","org_key":"XXXXXXXX","device_id":"13","device_name":"DESKTOP-012","device_external_ip":"67.43.156.14","device_os":"WINDOWS","device_group":"","action":"ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE","schema":1,"device_timestamp":"2022-02-10 11:49:37.5392491 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":2596,"parent_pid":3300,"process_publisher":[{"name":"Carbon Black, Inc.","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED"}],"process_path":"c:\\program files\\confer\\scanner\\scanhost.exe","parent_path":"c:\\program files\\confer\\repmgr.exe","process_hash":["cc18cc5d6af91226548e9049d0ea87ca","8d6ce40a49b5469a7c77aa9806be32b7d50f8f3ab8a89541750aaa0ae74b7c32"],"parent_hash":["472829d6813a5a85e3017db7d1c0d67e","903ae6b93c722f8862cc774068f284ba0d6daa823499212f1048db98255fb395"],"process_cmdline":"\"C:\\Program Files\\Confer\\scanner\\scanhost.exe\"","parent_cmdline":"\"C:\\Program Files\\Confer\\RepMgr.exe\"","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","filemod_hash":["",""],"filemod_name":"c:\\programdata\\carbonblack\\logs\\scanhost.log"} {"type":"endpoint.event.netconn","process_guid":"XXXXXXXX-003dd2d5-00000344-00000000-1d81e74160752cc","parent_guid":"XXXXXXXX-003dd2d5-00000ce4-00000000-1d7d6729f74b35a","backend_timestamp":"2022-02-10 11:50:50 +0000 UTC","org_key":"XXXXXXXX","device_id":"12","device_name":"DESKTOP-013","device_external_ip":"67.43.156.14","device_os":"WINDOWS","device_group":"","action":"ACTION_CONNECTION_CREATE","schema":1,"device_timestamp":"2022-02-10 11:48:14.2785426 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":836,"parent_pid":3300,"process_publisher":[{"name":"Carbon Black, Inc.","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED"}],"process_path":"c:\\program files\\confer\\scanner\\scanhost.exe","parent_path":"c:\\program files\\confer\\repmgr.exe","process_hash":["cc18cc5d6af91226548e9049d0ea87ca","8d6ce40a49b5469a7c77aa9806be32b7d50f8f3ab8a89541750aaa0ae74b7c32"],"parent_hash":["472829d6813a5a85e3017db7d1c0d67e","903ae6b93c722f8862cc774068f284ba0d6daa823499212f1048db98255fb395"],"process_cmdline":"\"C:\\Program Files\\Confer\\scanner\\scanhost.exe\"","parent_cmdline":"\"C:\\Program Files\\Confer\\RepMgr.exe\"","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","remote_port":49707,"remote_ip":"127.0.0.1","local_port":62909,"local_ip":"127.0.0.1","netconn_domain":"","netconn_inbound":false,"netconn_protocol":"PROTO_TCP"} -{"type":"endpoint.event.netconn","process_guid":"XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7","parent_guid":"XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4","backend_timestamp":"2022-02-10 11:49:36 +0000 UTC","org_key":"XXXXXXXX","device_id":"14","device_name":"DESKTOP-014","device_external_ip":"67.43.156.12","device_os":"WINDOWS","device_group":"","action":"ACTION_CONNECTION_LISTEN","schema":1,"device_timestamp":"2022-02-10 11:45:02.8882089 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":9000,"parent_pid":720,"process_publisher":[{"name":"Stellar Cyber Inc","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED"}],"process_path":"c:\\program files\\aella\\aella_conf_win_srv\\aella_conf_win_srv.exe","parent_path":"c:\\windows\\system32\\services.exe","process_hash":["6174da1a2dd7594456bbb3ae50ac5587","2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515"],"parent_hash":["d8e577bf078c45954f4531885478d5a9","dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674"],"process_cmdline":"\"C:\\Program Files\\Aella\\aella_conf_win_srv\\aella_conf_win_srv.exe\"","parent_cmdline":"C:\\WINDOWS\\system32\\services.exe","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","remote_port":0,"remote_ip":"127.0.0.1","local_port":9716,"local_ip":"127.0.0.1","netconn_domain":"","netconn_inbound":false,"netconn_protocol":"PROTO_TCP"} +{"type":"endpoint.event.netconn","process_guid":"XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7","parent_guid":"XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4","backend_timestamp":"2022-02-10 11:49:36 +0000 UTC","org_key":"XXXXXXXX","device_id":"14","device_name":"DESKTOP-014","device_external_ip":"67.43.156.12","device_os":"WINDOWS","device_group":"","action":"ACTION_CONNECTION_LISTEN","schema":1,"device_timestamp":"2022-02-10 11:45:02.8882089 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":9000,"parent_pid":720,"process_publisher":[{"name":"Stellar Cyber Inc","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED"}],"process_path":"c:\\program files\\aella\\aella_conf_win_srv\\aella_conf_win_srv.exe","parent_path":"c:\\windows\\system32\\services.exe","process_hash":["6174da1a2dd7594456bbb3ae50ac5587","2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515"],"parent_hash":["d8e577bf078c45954f4531885478d5a9","dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674"],"process_cmdline":"\"C:\\Program Files\\Aella\\aella_conf_win_srv\\aella_conf_win_srv.exe\"","parent_cmdline":"C:\\WINDOWS\\system32\\services.exe","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","remote_port":9001,"remote_ip":"67.43.156.14","local_port":9716,"local_ip":"127.0.0.1","netconn_domain":"","netconn_inbound":false,"netconn_protocol":"PROTO_TCP"} +{"type":"endpoint.event.netconn","process_guid":"XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7","parent_guid":"XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4","backend_timestamp":"2022-02-10 11:49:36 +0000 UTC","org_key":"XXXXXXXX","device_id":"14","device_name":"DESKTOP-014","device_external_ip":"67.43.156.12","device_os":"WINDOWS","device_group":"","action":"ACTION_CONNECTION_LISTEN","schema":1,"device_timestamp":"2022-02-10 11:45:02.8882089 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":9000,"parent_pid":720,"process_publisher":[{"name":"Stellar Cyber Inc","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED"}],"process_path":"c:\\program files\\aella\\aella_conf_win_srv\\aella_conf_win_srv.exe","parent_path":"c:\\windows\\system32\\services.exe","process_hash":["6174da1a2dd7594456bbb3ae50ac5587","2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515"],"parent_hash":["d8e577bf078c45954f4531885478d5a9","dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674"],"process_cmdline":"\"C:\\Program Files\\Aella\\aella_conf_win_srv\\aella_conf_win_srv.exe\"","parent_cmdline":"C:\\WINDOWS\\system32\\services.exe","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","remote_port":9001,"remote_ip":"67.43.156.14","local_port":9716,"local_ip":"127.0.0.1","netconn_domain":"","netconn_inbound":true,"netconn_protocol":"PROTO_TCP"} {"type":"endpoint.event.scriptload","process_guid":"XXXXXXXX-004e050d-000011f8-00000000-1d81e740ff3ff32","parent_guid":"XXXXXXXX-004e050d-00001a48-00000000-1d81e206b2e4f49","backend_timestamp":"2022-02-10 11:48:51 +0000 UTC","org_key":"XXXXXXXX","device_id":"15","device_name":"DESKTOP-015","device_external_ip":"89.160.20.156","device_os":"WINDOWS","device_group":"","action":"ACTION_LOAD_SCRIPT","schema":1,"device_timestamp":"2022-02-10 11:48:05.2725926 +0000 UTC","process_terminated":false,"process_reputation":"REP_RESOLVING","parent_reputation":"REP_RESOLVING","process_pid":4600,"parent_pid":6728,"process_publisher":[{"name":"Microsoft Windows","state":"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED | FILE_SIGNATURE_STATE_OS | FILE_SIGNATURE_STATE_CATALOG_SIGNED"}],"process_path":"c:\\windows\\system32\\cscript.exe","parent_path":"c:\\program files\\microsoft monitoring agent\\agent\\monitoringhost.exe","process_hash":["24590bf74bbbbfd7d7ac070f4e3c44fd","ae37fd1b642e797b36b9ffcec8a6e986732d011681061800c6b74426c28a9d03"],"parent_hash":["2d287989c6f60fa434a345b79b919755","f66196626700ae0728c0269febf2c194f9b73c49dfe7f4fa869d3b96334e5d89"],"process_cmdline":"\"C:\\WINDOWS\\system32\\cscript.exe\" /nologo \"MonitorKnowledgeDiscovery.vbs\"","parent_cmdline":"\"C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\MonitoringHost.exe\" -Embedding","process_username":"NT AUTHORITY\\SYSTEM","sensor_action":"ACTION_ALLOW","event_origin":"EDR","scriptload_count":1,"scriptload_reputation":"REP_RESOLVING","scriptload_effective_reputation":"REP_NOT_LISTED","scriptload_publisher":[{"state":"FILE_SIGNATURE_STATE_NOT_SIGNED"}]} diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index 93373b5e118..8cb599060e8 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -1361,6 +1361,10 @@ "ip": "127.0.0.1", "port": 62909 }, + "destination": { + "ip": "127.0.0.1", + "port": 49707 + }, "ecs": { "version": "8.11.0" }, @@ -1423,7 +1427,7 @@ }, "source": { "ip": "127.0.0.1", - "port": 49707 + "port": 62909 }, "tags": [ "preserve_original_event" @@ -1469,12 +1473,16 @@ "ip": "127.0.0.1", "port": 9716 }, + "destination": { + "ip": "67.43.156.14", + "port": 9001 + }, "ecs": { "version": "8.11.0" }, "event": { "action": "ACTION_CONNECTION_LISTEN", - "original": "{\"type\":\"endpoint.event.netconn\",\"process_guid\":\"XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7\",\"parent_guid\":\"XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4\",\"backend_timestamp\":\"2022-02-10 11:49:36 +0000 UTC\",\"org_key\":\"XXXXXXXX\",\"device_id\":\"14\",\"device_name\":\"DESKTOP-014\",\"device_external_ip\":\"67.43.156.12\",\"device_os\":\"WINDOWS\",\"device_group\":\"\",\"action\":\"ACTION_CONNECTION_LISTEN\",\"schema\":1,\"device_timestamp\":\"2022-02-10 11:45:02.8882089 +0000 UTC\",\"process_terminated\":false,\"process_reputation\":\"REP_RESOLVING\",\"parent_reputation\":\"REP_RESOLVING\",\"process_pid\":9000,\"parent_pid\":720,\"process_publisher\":[{\"name\":\"Stellar Cyber Inc\",\"state\":\"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED\"}],\"process_path\":\"c:\\\\program files\\\\aella\\\\aella_conf_win_srv\\\\aella_conf_win_srv.exe\",\"parent_path\":\"c:\\\\windows\\\\system32\\\\services.exe\",\"process_hash\":[\"6174da1a2dd7594456bbb3ae50ac5587\",\"2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515\"],\"parent_hash\":[\"d8e577bf078c45954f4531885478d5a9\",\"dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674\"],\"process_cmdline\":\"\\\"C:\\\\Program Files\\\\Aella\\\\aella_conf_win_srv\\\\aella_conf_win_srv.exe\\\"\",\"parent_cmdline\":\"C:\\\\WINDOWS\\\\system32\\\\services.exe\",\"process_username\":\"NT AUTHORITY\\\\SYSTEM\",\"sensor_action\":\"ACTION_ALLOW\",\"event_origin\":\"EDR\",\"remote_port\":0,\"remote_ip\":\"127.0.0.1\",\"local_port\":9716,\"local_ip\":\"127.0.0.1\",\"netconn_domain\":\"\",\"netconn_inbound\":false,\"netconn_protocol\":\"PROTO_TCP\"}" + "original": "{\"type\":\"endpoint.event.netconn\",\"process_guid\":\"XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7\",\"parent_guid\":\"XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4\",\"backend_timestamp\":\"2022-02-10 11:49:36 +0000 UTC\",\"org_key\":\"XXXXXXXX\",\"device_id\":\"14\",\"device_name\":\"DESKTOP-014\",\"device_external_ip\":\"67.43.156.12\",\"device_os\":\"WINDOWS\",\"device_group\":\"\",\"action\":\"ACTION_CONNECTION_LISTEN\",\"schema\":1,\"device_timestamp\":\"2022-02-10 11:45:02.8882089 +0000 UTC\",\"process_terminated\":false,\"process_reputation\":\"REP_RESOLVING\",\"parent_reputation\":\"REP_RESOLVING\",\"process_pid\":9000,\"parent_pid\":720,\"process_publisher\":[{\"name\":\"Stellar Cyber Inc\",\"state\":\"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED\"}],\"process_path\":\"c:\\\\program files\\\\aella\\\\aella_conf_win_srv\\\\aella_conf_win_srv.exe\",\"parent_path\":\"c:\\\\windows\\\\system32\\\\services.exe\",\"process_hash\":[\"6174da1a2dd7594456bbb3ae50ac5587\",\"2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515\"],\"parent_hash\":[\"d8e577bf078c45954f4531885478d5a9\",\"dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674\"],\"process_cmdline\":\"\\\"C:\\\\Program Files\\\\Aella\\\\aella_conf_win_srv\\\\aella_conf_win_srv.exe\\\"\",\"parent_cmdline\":\"C:\\\\WINDOWS\\\\system32\\\\services.exe\",\"process_username\":\"NT AUTHORITY\\\\SYSTEM\",\"sensor_action\":\"ACTION_ALLOW\",\"event_origin\":\"EDR\",\"remote_port\":9001,\"remote_ip\":\"67.43.156.14\",\"local_port\":9716,\"local_ip\":\"127.0.0.1\",\"netconn_domain\":\"\",\"netconn_inbound\":false,\"netconn_protocol\":\"PROTO_TCP\"}" }, "host": { "hostname": "DESKTOP-014", @@ -1531,7 +1539,120 @@ }, "source": { "ip": "127.0.0.1", - "port": 0 + "port": 9716 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "carbon_black_cloud": { + "endpoint_event": { + "backend": { + "timestamp": "2022-02-10 11:49:36 +0000 UTC" + }, + "device": { + "external_ip": "67.43.156.12", + "os": "WINDOWS", + "timestamp": "2022-02-10 11:45:02.8882089 +0000 UTC" + }, + "event_origin": "EDR", + "organization_key": "XXXXXXXX", + "process": { + "parent": { + "reputation": "REP_RESOLVING" + }, + "publisher": [ + { + "name": "Stellar Cyber Inc", + "state": [ + "FILE_SIGNATURE_STATE_SIGNED", + "FILE_SIGNATURE_STATE_VERIFIED", + "FILE_SIGNATURE_STATE_TRUSTED" + ] + } + ], + "reputation": "REP_RESOLVING", + "terminated": false, + "username": "NT AUTHORITY\\SYSTEM" + }, + "schema": 1, + "sensor_action": "ACTION_ALLOW", + "type": "endpoint.event.netconn" + } + }, + "client": { + "ip": "127.0.0.1", + "port": 9716 + }, + "destination": { + "ip": "127.0.0.1", + "port": 9716 + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "ACTION_CONNECTION_LISTEN", + "original": "{\"type\":\"endpoint.event.netconn\",\"process_guid\":\"XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7\",\"parent_guid\":\"XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4\",\"backend_timestamp\":\"2022-02-10 11:49:36 +0000 UTC\",\"org_key\":\"XXXXXXXX\",\"device_id\":\"14\",\"device_name\":\"DESKTOP-014\",\"device_external_ip\":\"67.43.156.12\",\"device_os\":\"WINDOWS\",\"device_group\":\"\",\"action\":\"ACTION_CONNECTION_LISTEN\",\"schema\":1,\"device_timestamp\":\"2022-02-10 11:45:02.8882089 +0000 UTC\",\"process_terminated\":false,\"process_reputation\":\"REP_RESOLVING\",\"parent_reputation\":\"REP_RESOLVING\",\"process_pid\":9000,\"parent_pid\":720,\"process_publisher\":[{\"name\":\"Stellar Cyber Inc\",\"state\":\"FILE_SIGNATURE_STATE_SIGNED | FILE_SIGNATURE_STATE_VERIFIED | FILE_SIGNATURE_STATE_TRUSTED\"}],\"process_path\":\"c:\\\\program files\\\\aella\\\\aella_conf_win_srv\\\\aella_conf_win_srv.exe\",\"parent_path\":\"c:\\\\windows\\\\system32\\\\services.exe\",\"process_hash\":[\"6174da1a2dd7594456bbb3ae50ac5587\",\"2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515\"],\"parent_hash\":[\"d8e577bf078c45954f4531885478d5a9\",\"dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674\"],\"process_cmdline\":\"\\\"C:\\\\Program Files\\\\Aella\\\\aella_conf_win_srv\\\\aella_conf_win_srv.exe\\\"\",\"parent_cmdline\":\"C:\\\\WINDOWS\\\\system32\\\\services.exe\",\"process_username\":\"NT AUTHORITY\\\\SYSTEM\",\"sensor_action\":\"ACTION_ALLOW\",\"event_origin\":\"EDR\",\"remote_port\":9001,\"remote_ip\":\"67.43.156.14\",\"local_port\":9716,\"local_ip\":\"127.0.0.1\",\"netconn_domain\":\"\",\"netconn_inbound\":true,\"netconn_protocol\":\"PROTO_TCP\"}" + }, + "host": { + "hostname": "DESKTOP-014", + "id": "14", + "ip": [ + "67.43.156.12" + ], + "name": "DESKTOP-014", + "os": { + "type": "windows" + } + }, + "network": { + "direction": "inbound", + "transport": "tcp" + }, + "process": { + "command_line": "\"C:\\Program Files\\Aella\\aella_conf_win_srv\\aella_conf_win_srv.exe\"", + "entity_id": "XXXXXXXX-00442a47-00002328-00000000-1d81e73a30955e7", + "executable": "c:\\program files\\aella\\aella_conf_win_srv\\aella_conf_win_srv.exe", + "hash": { + "md5": "6174da1a2dd7594456bbb3ae50ac5587", + "sha256": "2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515" + }, + "parent": { + "command_line": "C:\\WINDOWS\\system32\\services.exe", + "entity_id": "XXXXXXXX-00442a47-000002d0-00000000-1d807560b2edfc4", + "executable": "c:\\windows\\system32\\services.exe", + "hash": { + "md5": "d8e577bf078c45954f4531885478d5a9", + "sha256": "dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674" + }, + "pid": 720 + }, + "pid": 9000 + }, + "related": { + "hash": [ + "2ad7d1a17ee2dd897a5a45515e5ae46f8b6b61d3f67c90c1fa0c7910f06d0515", + "6174da1a2dd7594456bbb3ae50ac5587", + "d8e577bf078c45954f4531885478d5a9", + "dfbea9e8c316d9bc118b454b0c722cd674c30d0a256340200e2c3a7480cba674" + ], + "hosts": [ + "DESKTOP-014" + ], + "ip": [ + "67.43.156.14", + "127.0.0.1", + "67.43.156.12" + ], + "user": [ + "NT AUTHORITY\\SYSTEM" + ] + }, + "source": { + "ip": "67.43.156.14", + "port": 9001 }, "tags": [ "preserve_original_event" diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml index d1dea8dee9b..614856d5f96 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml @@ -62,7 +62,6 @@ processors: if: ctx.json?.netconn_inbound == false - convert: field: json.remote_port - target_field: source.port type: long ignore_missing: true on_failure: @@ -73,7 +72,6 @@ processors: value: '{{{_ingest.on_failure_message}}}' - convert: field: json.remote_ip - target_field: source.ip type: ip ignore_missing: true on_failure: @@ -82,19 +80,8 @@ processors: - append: field: error.message value: '{{{_ingest.on_failure_message}}}' - - append: - field: related.ip - value: '{{{source.ip}}}' - if: ctx.source?.ip != null - allow_duplicates: false - ignore_failure: true - - rename: - field: json.netconn_domain - target_field: source.address - ignore_missing: true - convert: field: json.local_port - target_field: client.port type: long ignore_missing: true on_failure: @@ -105,7 +92,6 @@ processors: value: '{{{_ingest.on_failure_message}}}' - convert: field: json.local_ip - target_field: client.ip type: ip ignore_missing: true on_failure: @@ -114,6 +100,43 @@ processors: - append: field: error.message value: '{{{_ingest.on_failure_message}}}' + - script: + lang: painless + source: | + // These allocations may be futile, but will be cleaned up in the postamble. + if (ctx.client == null) { + ctx.client = new HashMap(); + } + if (ctx.source == null) { + ctx.source = new HashMap(); + } + if (ctx.destination == null) { + ctx.destination = new HashMap(); + } + // Nulls inserted into the document will be cleaned up in the postamble. + ctx.client.ip = ctx.json.local_ip; + ctx.client.port = ctx.json.local_port; + if (ctx.json?.netconn_inbound == true) { + ctx.destination.ip = ctx.json?.local_ip; + ctx.destination.port = ctx.json?.local_port; + ctx.source.ip = ctx.json?.remote_ip; + ctx.source.port = ctx.json?.remote_port; + } else { + ctx.source.ip = ctx.json?.local_ip; + ctx.source.port = ctx.json?.local_port; + ctx.destination.ip = ctx.json?.remote_ip; + ctx.destination.port = ctx.json?.remote_port; + } + - append: + field: related.ip + value: '{{{source.ip}}}' + if: ctx.source?.ip != null + allow_duplicates: false + ignore_failure: true + - rename: + field: json.netconn_domain + target_field: source.address + ignore_missing: true - append: field: related.ip value: '{{{client.ip}}}' diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/fields/ecs.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/fields/ecs.yml index 0dfa0f183b7..fa3c12ea3f5 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/fields/ecs.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/fields/ecs.yml @@ -2,6 +2,10 @@ name: client.ip - external: ecs name: client.port +- external: ecs + name: destination.ip +- external: ecs + name: destination.port - external: ecs name: dll.hash.md5 - external: ecs diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index 9a458d7825f..0da8d4ee34f 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -135,7 +135,6 @@ An example event for `audit` looks as following: "carbon_black_cloud-audit" ] } - ``` **Exported fields** @@ -302,7 +301,6 @@ An example event for `alert` looks as following: "name": "test34@demo.com" } } - ``` **Exported fields** @@ -608,6 +606,8 @@ An example event for `endpoint_event` looks as following: | data_stream.dataset | Data stream dataset. | constant_keyword | | data_stream.namespace | Data stream namespace. | constant_keyword | | data_stream.type | Data stream type. | constant_keyword | +| destination.ip | IP address of the destination (IPv4 or IPv6). | ip | +| destination.port | Port of the destination. | long | | dll.hash.md5 | MD5 hash. | keyword | | dll.hash.sha256 | SHA256 hash. | keyword | | dll.path | Full file path of the library. | keyword | @@ -978,7 +978,6 @@ An example event for `asset_vulnerability_summary` looks as following: "severity": "CRITICAL" } } - ``` **Exported fields** diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index 8a9b5778546..b633affc53d 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.21.0" +version: "1.21.1" description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration categories: From 269e7d375f006e4b63a243bf2f9e9a750329ba7e Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:26:00 +1030 Subject: [PATCH 28/34] microsoft_defender_endpoint: fix handling of empty array fields (#9338) When the evidence field in the input is a zero length array some processors fail due to direct access of subfields. It appears that sometimes this field is sent as an array rather than an object when empty, rather than as a null. So remove all empty arrays and objects at the beginning of the pipeline. --- .../microsoft_defender_endpoint/changelog.yml | 5 ++ .../_dev/test/pipeline/test-defenderatp.log | 1 + .../test-defenderatp.log-expected.json | 74 +++++++++++++++++++ .../elasticsearch/ingest_pipeline/default.yml | 17 ++++- .../data_stream/log/sample_event.json | 2 +- .../docs/README.md | 1 - .../microsoft_defender_endpoint/manifest.yml | 2 +- 7 files changed, 97 insertions(+), 5 deletions(-) diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index bd06bc05037..353ce8aa731 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.24.1" + changes: + - description: Fix handling of empty arrays. + type: bugfix + link: https://github.com/elastic/integrations/pull/9338 - version: "2.24.0" changes: - description: Set sensitive values as secret. diff --git a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log index c673f5b73aa..c03b3507a96 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log +++ b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log @@ -2,4 +2,5 @@ {"id":"da637291048912199236_1126926584","incidentId":11,"investigationId":7,"assignedTo":null,"severity":"Medium","status":"New","classification":null,"determination":null,"investigationState":"TerminatedByUser","detectionSource":"WindowsDefenderAtp","category":"DefenseEvasion","threatFamilyName":null,"title":"Suspicious process injection observed","description":"A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server.","alertCreationTime":"2020-06-30T09:08:11.1084877Z","firstEventTime":"2020-06-30T09:04:56.8490679Z","lastEventTime":"2020-06-30T09:45:39.5484377Z","lastUpdateTime":"2020-06-30T15:29:44.7733333Z","resolvedTime":null,"machineId":"543bc5a964f417c11f6277d5bf9489f0d","computerDnsName":"testserver4","rbacGroupName":null,"aadTenantId":"123543-d66c-4c7e-9e30-40034eb7c6f3","relatedUser":{"userName":"administrator1","domainName":"TestServer4"},"comments":[],"evidence":{"entityType":"Process","sha1":"b6d237154f2e528f0b503b58b025862d66b02b73","sha256":"a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77","fileName":"notepad.exe","filePath":"C:\\Windows\\System32","processId":4104,"processCommandLine":"\"notepad.exe\"","processCreationTime":"2020-06-30T09:45:38.9784654Z","parentProcessId":6012,"parentProcessCreationTime":"2020-06-30T09:04:51.487396Z","ipAddress":null,"url":null,"accountName":null,"domainName":null,"userSid":null,"aadUserId":null,"userPrincipalName":null}} {"id":"da637291048912199236_1126926584","incidentId":11,"investigationId":7,"assignedTo":null,"severity":"Medium","status":"New","classification":null,"determination":null,"investigationState":"TerminatedByUser","detectionSource":"WindowsDefenderAtp","category":"DefenseEvasion","threatFamilyName":null,"title":"Suspicious process injection observed","description":"A process abnormally injected code into another process, As a result, unexpected code may be running in the target process memory. Injection is often used to hide malicious code execution within a trusted process. \nAs a result, the target process may exhibit abnormal behaviors such as opening a listening port or connecting to a command and control server.","alertCreationTime":"2020-06-30T09:08:11.1084877Z","firstEventTime":"2020-06-30T09:04:56.8490679Z","lastEventTime":"2020-06-30T09:45:39.5484377Z","lastUpdateTime":"2020-06-30T15:29:44.7733333Z","resolvedTime":null,"machineId":"53425a964f417c11f6277d5bf9489f0d","computerDnsName":"testserver4","rbacGroupName":null,"aadTenantId":"43521344-d66c-4c7e-9e30-40034eb7c6f3","relatedUser":{"userName":"administrator1","domainName":"TestServer4"},"comments":[],"evidence":{"entityType":"User","sha1":null,"sha256":null,"fileName":null,"filePath":null,"processId":null,"processCommandLine":null,"processCreationTime":null,"parentProcessId":null,"parentProcessCreationTime":null,"ipAddress":null,"url":null,"accountName":"administrator1","domainName":"TestServer4","userSid":"S-1-5-21-46152456-1367606905-4031241297-500","aadUserId":null,"userPrincipalName":null}} {"id":"da637291063515066999_-2102938302","incidentId":12,"investigationId":9,"assignedTo":"Automation","severity":"Informational","status":"Resolved","classification":null,"determination":null,"investigationState":"Benign","detectionSource":"WindowsDefenderAv","category":"Malware","threatFamilyName":null,"title":"'Mountsi' malware was detected","description":"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection.","alertCreationTime":"2020-06-30T09:32:31.4579225Z","firstEventTime":"2020-06-30T09:31:22.5729558Z","lastEventTime":"2020-06-30T09:46:15.0876676Z","lastUpdateTime":"2020-06-30T11:13:12.9Z","resolvedTime":"2020-06-30T11:13:12.2680434Z","machineId":"t4563234bc5a964f417c11f6277d5bf9489f0d","computerDnsName":"TESTSERVER4","rbacGroupName":null,"aadTenantId":"1234543-d66c-4c7e-9e30-40034eb7c6f3","relatedUser":null,"comments":[],"evidence":{"entityType":"File","sha1":"ffb1670c6c6a9c5b4c5cea8b6b8e68d62e7ff281","sha256":"fd46705c4f67a8ef16e76259ca6d6253241e51a1f8952223145f92aa1907d356","fileName":"amsistream-1D89ECED25A52AB98B76FF619B7BA07A","filePath":null,"processId":null,"processCommandLine":null,"processCreationTime":null,"parentProcessId":null,"parentProcessCreationTime":null,"ipAddress":null,"url":null,"accountName":null,"domainName":null,"userSid":null,"aadUserId":null,"userPrincipalName":null}} +{"id":"da637291063515066999_-2102938302","incidentId":12,"investigationId":9,"assignedTo":"Automation","severity":"Informational","status":"Resolved","classification":null,"determination":null,"investigationState":"Benign","detectionSource":"WindowsDefenderAv","category":"Malware","threatFamilyName":null,"title":"'Mountsi' malware was detected","description":"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection.","alertCreationTime":"2020-06-30T09:32:31.4579225Z","firstEventTime":"2020-06-30T09:31:22.5729558Z","lastEventTime":"2020-06-30T09:46:15.0876676Z","lastUpdateTime":"2020-06-30T11:13:12.9Z","resolvedTime":"2020-06-30T11:13:12.2680434Z","machineId":"t4563234bc5a964f417c11f6277d5bf9489f0d","computerDnsName":"TESTSERVER4","rbacGroupName":null,"aadTenantId":"1234543-d66c-4c7e-9e30-40034eb7c6f3","relatedUser":null,"comments":[],"evidence":[]} {"value":[]} diff --git a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json index d6773ff07b5..9de673dfa02 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json @@ -357,6 +357,80 @@ } } }, + { + "cloud": { + "account": { + "id": "1234543-d66c-4c7e-9e30-40034eb7c6f3" + }, + "instance": { + "id": "t4563234bc5a964f417c11f6277d5bf9489f0d" + }, + "provider": "azure" + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "action": "Malware", + "category": [ + "host", + "malware" + ], + "created": "2020-06-30T09:32:31.4579225Z", + "duration": 892514711800, + "end": "2020-06-30T09:46:15.0876676Z", + "id": "da637291063515066999_-2102938302", + "kind": "alert", + "original": "{\"id\":\"da637291063515066999_-2102938302\",\"incidentId\":12,\"investigationId\":9,\"assignedTo\":\"Automation\",\"severity\":\"Informational\",\"status\":\"Resolved\",\"classification\":null,\"determination\":null,\"investigationState\":\"Benign\",\"detectionSource\":\"WindowsDefenderAv\",\"category\":\"Malware\",\"threatFamilyName\":null,\"title\":\"'Mountsi' malware was detected\",\"description\":\"Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\\n\\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection.\",\"alertCreationTime\":\"2020-06-30T09:32:31.4579225Z\",\"firstEventTime\":\"2020-06-30T09:31:22.5729558Z\",\"lastEventTime\":\"2020-06-30T09:46:15.0876676Z\",\"lastUpdateTime\":\"2020-06-30T11:13:12.9Z\",\"resolvedTime\":\"2020-06-30T11:13:12.2680434Z\",\"machineId\":\"t4563234bc5a964f417c11f6277d5bf9489f0d\",\"computerDnsName\":\"TESTSERVER4\",\"rbacGroupName\":null,\"aadTenantId\":\"1234543-d66c-4c7e-9e30-40034eb7c6f3\",\"relatedUser\":null,\"comments\":[],\"evidence\":[]}", + "provider": "defender_endpoint", + "severity": 1, + "start": "2020-06-30T09:31:22.5729558Z", + "timezone": "UTC", + "type": [ + "end" + ] + }, + "host": { + "hostname": "TESTSERVER4", + "name": "testserver4" + }, + "message": "'Mountsi' malware was detected", + "microsoft": { + "defender_endpoint": { + "assignedTo": "Automation", + "incidentId": "12", + "investigationId": "9", + "investigationState": "Benign", + "lastUpdateTime": "2020-06-30T11:13:12.9Z", + "resolvedTime": "2020-06-30T11:13:12.2680434Z", + "status": "Resolved" + } + }, + "observer": { + "name": "WindowsDefenderAv", + "product": "Defender for Endpoint", + "vendor": "Microsoft" + }, + "related": { + "hosts": [ + "testserver4" + ] + }, + "rule": { + "description": "Malware and unwanted software are undesirable applications that perform annoying, disruptive, or harmful actions on affected machines. Some of these undesirable applications can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyber attacks.\n\nThis detection might indicate that the malware was stopped from delivering its payload. However, it is prudent to check the machine for signs of infection." + }, + "tags": [ + "preserve_original_event" + ], + "threat": { + "framework": "MITRE ATT&CK", + "technique": { + "name": [ + "Malware" + ] + } + } + }, null ] } \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a4c7a96e59e..2ab006cc813 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -34,7 +34,7 @@ processors: - "-" - "N/A" source: | - if (!ctx['json'].empty) { + if (!ctx.json.empty) { ctx.json.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); } - script: @@ -47,9 +47,22 @@ processors: - "-" - "N/A" source: | - if (!ctx.json['evidence'].empty) { + boolean drop(Object o) { + if (o == null || o == "") { + return true; + } else if (o instanceof Map) { + ((Map) o).values().removeIf(v -> drop(v)); + return (((Map) o).size() == 0); + } else if (o instanceof List) { + ((List) o).removeIf(v -> drop(v)); + return (((List) o).length == 0); + } + return false; + } + if (!ctx.json.evidence.empty) { ctx.json.evidence.entrySet().removeIf(entry -> params.values.contains(entry.getValue())); } + drop(ctx); - set: field: cloud.provider value: azure diff --git a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json index 5850c1f0c80..03136a3f89e 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/sample_event.json @@ -108,4 +108,4 @@ "id": "S-1-5-21-11111607-1111760036-109187956-75141", "name": "temp123" } -} +} \ No newline at end of file diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index 3be14539d9e..2ea1439dd51 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -157,7 +157,6 @@ An example event for `log` looks as following: "name": "temp123" } } - ``` **Exported fields** diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 2204beaa4a9..9e0ec4a0af0 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: "2.24.0" +version: "2.24.1" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "security" From 253307afeb13cca89ebb06409bf48ee12c517e8b Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:28:03 +1030 Subject: [PATCH 29/34] trendmicro: use CEF name as event.action if no action is specified (#9292) --- packages/trendmicro/changelog.yml | 5 +++++ .../test/pipeline/test-trendmicro.json-expected.json | 3 +++ .../elasticsearch/ingest_pipeline/default.yml | 10 ++++++++++ packages/trendmicro/manifest.yml | 2 +- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/packages/trendmicro/changelog.yml b/packages/trendmicro/changelog.yml index 184879b1dbf..d657b146340 100644 --- a/packages/trendmicro/changelog.yml +++ b/packages/trendmicro/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Use CEF name as `event.action` if no action is specified. + type: enhancement + link: https://github.com/elastic/integrations/pull/9292 - version: "2.0.0" changes: - description: Breaking changes for improved ECS mappings, new dashboards and compatibility with Deep Security v20. diff --git a/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json b/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json index 6541c281aaa..902768d3b53 100644 --- a/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json +++ b/packages/trendmicro/data_stream/deep_security/_dev/test/pipeline/test-trendmicro.json-expected.json @@ -6,6 +6,7 @@ "version": "8.11.0" }, "event": { + "action": "integrity-monitoring-rule-updated", "code": "482", "kind": "event", "original": "<190>2021-10-06T01:29:43-07:00 192.168.1.20 CEF:0|Trend Micro|Deep Security Manager|12.0.327|482|Integrity Monitoring Rule Updated|3|src=192.168.1.20 suser=System target=1011144 - Microsoft Windows - AutoRun registries modified (ATT&CK T1547.001) msg=Description Omitted TrendMicroDsTenant=Primary TrendMicroDsTenantId=0", @@ -74,6 +75,7 @@ "version": "8.11.0" }, "event": { + "action": "alert-started", "code": "190", "kind": "event", "original": "<190>2021-10-06T01:34:40-07:00 192.168.1.20 CEF:0|Trend Micro|Deep Security Manager|12.0.327|190|Alert Started|3|src=192.168.1.20 suser=System msg=Alert: Memory Critical Threshold Exceeded\\nSubject: 192.168.1.20\\nSeverity: Critical TrendMicroDsTenant=Primary TrendMicroDsTenantId=0", @@ -139,6 +141,7 @@ "version": "8.11.0" }, "event": { + "action": "agent-appliance-error", "code": "740", "kind": "event", "original": "<190>2021-10-09T01:54:56-07:00 192.168.1.20 CEF:0|Trend Micro|Deep Security Manager|12.0.327|740|Agent/Appliance Error|8|src=192.168.1.20 suser=System target=SMC-NewAPP (192.168.1.61) msg=The Agent/Appliance reported one or more warnings or errors. Details are found in the Agent/Appliance events listed below. TrendMicroDsTenant=Primary TrendMicroDsTenantId=0", diff --git a/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml b/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml index 477d709a23c..9c4fd8ba613 100644 --- a/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml @@ -30,6 +30,16 @@ processors: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - set: + field: event.action + tag: set_default_event_action_from_event_name + copy_from: cef.name + ignore_empty_value: true + - gsub: + field: event.action + pattern: '[^a-zA-Z0-0]' + replacement: ' ' + if: ctx.event?.action != null - rename: field: cef.device.product tag: rename_cef_device_product diff --git a/packages/trendmicro/manifest.yml b/packages/trendmicro/manifest.yml index 0bc2b768b3e..7d877d9d873 100644 --- a/packages/trendmicro/manifest.yml +++ b/packages/trendmicro/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: trendmicro title: Trend Micro Deep Security -version: "2.0.0" +version: "2.1.0" description: Collect logs from Trend Micro Deep Security with Elastic Agent. type: integration categories: From 143d85dda29dd05e3791add6ff5388bea529bb15 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:37:52 +1030 Subject: [PATCH 30/34] qualys_vmdr: expand documents to map each vulnerability per host (#9293) --- .../_dev/deploy/docker/files/config.yml | 68 +- packages/qualys_vmdr/changelog.yml | 5 + .../pipeline/test-asset-host-detection.log | 12 +- ...est-asset-host-detection.log-expected.json | 346 +++--- .../_dev/test/system/test-default-config.yml | 2 +- .../agent/stream/input.yml.hbs | 8 +- .../elasticsearch/ingest_pipeline/default.yml | 999 ++++++++---------- .../asset_host_detection/fields/fields.yml | 4 +- .../asset_host_detection/sample_event.json | 86 +- .../knowledge_base/sample_event.json | 12 +- packages/qualys_vmdr/docs/README.md | 160 +-- packages/qualys_vmdr/manifest.yml | 2 +- 12 files changed, 847 insertions(+), 857 deletions(-) diff --git a/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml b/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml index 48ea839101a..64e02b27cc6 100644 --- a/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml +++ b/packages/qualys_vmdr/_dev/deploy/docker/files/config.yml @@ -40,22 +40,70 @@ rules: 2023-06-28T09:58:12Z - 91681 + 5555555555 + 197595 + Confirmed + 3 + 0 + + Active + 2021-02-05T04:50:45Z + 2024-03-08T20:15:41Z + 35 + + + + + + + 5393 + 2024-03-08T20:15:41Z + 2024-03-08T20:15:41Z + 2022-12-14T06:52:57Z + 0 + 0 + 0 + 2024-03-08T20:15:41Z + + + 6666666666 + 197597 Confirmed 5 0 - - - + Active - 2023-06-28T06:04:26Z - 2023-07-03T06:23:47Z - 11 - 2023-07-03T06:23:47Z - 2023-07-03T06:25:17Z + 2021-02-05T04:50:45Z + 2024-03-08T20:15:41Z + 95 + + + + + + + + + + + + 5393 + 2024-03-08T20:15:41Z + 2024-03-08T20:15:41Z + 2022-12-14T06:52:57Z 0 0 - 2023-07-03T06:25:17Z + 0 + 2024-03-08T20:15:41Z diff --git a/packages/qualys_vmdr/changelog.yml b/packages/qualys_vmdr/changelog.yml index e0e2b5534fe..4971c977726 100644 --- a/packages/qualys_vmdr/changelog.yml +++ b/packages/qualys_vmdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.0.0" + changes: + - description: Expand documents to map each vulnerability per host. + type: enhancement + link: https://github.com/elastic/integrations/pull/9293 - version: "1.1.0" changes: - description: Set sensitive values as secret. diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log b/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log index e95b4711ea2..f738c4e6b3c 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log @@ -1,7 +1,7 @@ -{"NETBIOS": "EXCHB10","NETWORK_ID": 0,"IPV6":"0.0.0.0","OS_CPE":"xyz","EC2_INSTANCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_SERVICE": "EC2","CLOUD_PROVIDER": "AWS","QG_HOSTID": "44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA": {"EC2": {"ATTRIBUTE": [{"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}]}, "GOOGLE": {"ATTRIBUTE": [{"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}]}, "AZURE": {"ATTRIBUTE": [{"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}]}},"CLOUD_PROVIDER_TAGS": {"CLOUD_TAG": [{"NAME": "Name","VALUE": "allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z"}]}, "IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596","COLOR":"#FFFFF","BACKGROUND_COLOR":"#FFFFF"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"DETECTION": [{"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","LAST_FIXED_DATETIME":"2023-05-22T02:09:49Z","FIRST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","LAST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","TIMES_REOPENED":"2","SERVICE":"service1","AFFECT_RUNNING_KERNEL":"kernel1","AFFECT_RUNNING_SERVICE":"service1","AFFECT_EXPLOITABLE_CONFIG":"config1","ASSET_CVE":"cve3","STATUS": "New","FQDN":"exchb10.exchb10.local","INSTANCE":"instance1","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}]}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} -{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": {"TAG_ID": "19429855","NAME": "Linux"}},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"DETECTION": [{"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}]}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} -{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"DETECTION": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} -{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": {"TAG_ID": "19429855","NAME": "Linux"}},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"DETECTION": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} +{"NETBIOS": "EXCHB10","NETWORK_ID": 0,"IPV6":"0.0.0.0","OS_CPE":"xyz","EC2_INSTANCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_SERVICE": "EC2","CLOUD_PROVIDER": "AWS","QG_HOSTID": "44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA": {"EC2": {"ATTRIBUTE": [{"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}]}, "GOOGLE": {"ATTRIBUTE": [{"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}]}, "AZURE": {"ATTRIBUTE": [{"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}]}},"CLOUD_PROVIDER_TAGS": {"CLOUD_TAG": [{"NAME": "Name","VALUE": "allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z"}]}, "IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596","COLOR":"#FFFFF","BACKGROUND_COLOR":"#FFFFF"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","LAST_FIXED_DATETIME":"2023-05-22T02:09:49Z","FIRST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","LAST_REOPENED_DATETIME":"2023-05-22T02:09:49Z","TIMES_REOPENED":"2","SERVICE":"service1","AFFECT_RUNNING_KERNEL":"kernel1","AFFECT_RUNNING_SERVICE":"service1","AFFECT_EXPLOITABLE_CONFIG":"config1","ASSET_CVE":"cve3","STATUS": "New","FQDN":"exchb10.exchb10.local","INSTANCE":"instance1","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} +{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": {"TAG_ID": "19429855","NAME": "Linux"}},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} +{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} +{"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": {"TAG_ID": "19429855","NAME": "Linux"}},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} {"NETBIOS": "EXCHB10","IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031", "LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822", "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} -{"ASSET_ID":"27703780","DETECTION_LIST":{"DETECTION":{"FIRST_FOUND_DATETIME":"2023-05-30T11:49:24Z","IS_DISABLED":"0","LAST_FOUND_DATETIME":"2023-06-17T12:47:54Z","LAST_PROCESSED_DATETIME":"2023-06-17T13:20:12Z","QID":"70028","RESULTS":"User Name\t(none)\nDomain\t(none)\nAuthentication Scheme\tNULL session\nSecurity\tUser-based\nSMBv1 Signing\tDisabled\nDiscovery Method\tUnable to log in using credentials provided by user, fallback to NULL session\nCIFS Signing\tdefault","SEVERITY":"1","TIMES_FOUND":"38","TYPE":"Info"}},"DNS":"win-d24ck5nn676.ldap.local","DNS_DATA":{"DOMAIN":"ldap.local","FQDN":"win-d24ck5nn676.ldap.local","HOSTNAME":"win-d24ck5nn676"},"ID":"11701931","IP":"10.50.2.122","LAST_PC_SCANNED_DATE":"2023-06-18T04:00:17Z","LAST_SCAN_DATETIME":"2023-06-17T13:20:12Z","LAST_VM_SCANNED_DATE":"2023-06-17T12:47:54Z","LAST_VM_SCANNED_DURATION":"1806","NETBIOS":"WIN-D24CK5NN676","OS":"Windows 2016","TAGS":{"TAG":{"NAME":"Windows","TAG_ID":"19429857"}},"TRACKING_METHOD":"IP"} -{"NETBIOS": "EXCHB10","NETWORK_ID": 0,"EC2_INSTANCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_SERVICE": "EC2","CLOUD_PROVIDER": "AWS","QG_HOSTID": "44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA": {"EC2": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}},"GOOGLE": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}},"AZURE": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}}},"CLOUD_PROVIDER_TAGS": {"CLOUD_TAG": {"NAME": "Name","VALUE": "allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z"}}, "IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"DETECTION": [{"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}]}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} +{"ASSET_ID":"27703780","DETECTION_LIST":{"FIRST_FOUND_DATETIME":"2023-05-30T11:49:24Z","IS_DISABLED":"0","LAST_FOUND_DATETIME":"2023-06-17T12:47:54Z","LAST_PROCESSED_DATETIME":"2023-06-17T13:20:12Z","QID":"70028","RESULTS":"User Name\t(none)\nDomain\t(none)\nAuthentication Scheme\tNULL session\nSecurity\tUser-based\nSMBv1 Signing\tDisabled\nDiscovery Method\tUnable to log in using credentials provided by user, fallback to NULL session\nCIFS Signing\tdefault","SEVERITY":"1","TIMES_FOUND":"38","TYPE":"Info"},"DNS":"win-d24ck5nn676.ldap.local","DNS_DATA":{"DOMAIN":"ldap.local","FQDN":"win-d24ck5nn676.ldap.local","HOSTNAME":"win-d24ck5nn676"},"ID":"11701931","IP":"10.50.2.122","LAST_PC_SCANNED_DATE":"2023-06-18T04:00:17Z","LAST_SCAN_DATETIME":"2023-06-17T13:20:12Z","LAST_VM_SCANNED_DATE":"2023-06-17T12:47:54Z","LAST_VM_SCANNED_DURATION":"1806","NETBIOS":"WIN-D24CK5NN676","OS":"Windows 2016","TAGS":{"TAG":{"NAME":"Windows","TAG_ID":"19429857"}},"TRACKING_METHOD":"IP"} +{"NETBIOS": "EXCHB10","NETWORK_ID": 0,"EC2_INSTANCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_RESOURCE_ID": "i-07f91cxxx3axxxb3f","CLOUD_SERVICE": "EC2","CLOUD_PROVIDER": "AWS","QG_HOSTID": "44e2cf13-xxxx-48b9-xxxx-de489547754d","METADATA": {"EC2": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}},"GOOGLE": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}},"AZURE": {"ATTRIBUTE": {"NAME": "firstDiscovered","LAST_STATUS": "Success","VALUE": "1683517315000","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z","LAST_ERROR_DATE": "2023-05-22T02:09:49Z","LAST_ERROR": "404 - Not Found"}}},"CLOUD_PROVIDER_TAGS": {"CLOUD_TAG": {"NAME": "Name","VALUE": "allocator-dnt-frozen-i3en-2xl-v1-a","LAST_SUCCESS_DATE": "2023-06-22T12:44:21Z"}}, "IP": "81.2.69.192","ID": "11700976","LAST_PC_SCANNED_DATE": "2023-05-31T11:30:20Z","ASSET_ID": "27858031","TAGS": {"TAG": [{"NAME": "Sales","TAG_ID": "19427596"},{"TAG_ID": "19429855","NAME": "Linux"}]},"LAST_VM_SCANNED_DATE": "2023-05-31T12:34:44Z","LAST_VM_SCANNED_DURATION": "1822","DNS": "abc10.fdgshb10.local","DNS_DATA": {"DOMAIN": "abc10.local","FQDN": "abc10.fdgshb10.local","HOSTNAME": "abc10"},"LAST_SCAN_DATETIME": "2023-05-31T12:55:28Z","LAST_VM_AUTH_SCANNED_DURATION": "1822","DETECTION_LIST": {"LAST_UPDATE_DATETIME": "2023-05-30T07:48:14Z","STATUS": "New","FIRST_FOUND_DATETIME": "2023-05-30T07:46:15Z","QID": "11827","SSL": "0","IS_IGNORED": "0","PORT": "443","SEVERITY": "2","LAST_FOUND_DATETIME": "2023-05-30T07:46:15Z","TYPE": "Confirmed","QDS": {"#text": "50","severity": "MEDIUM"},"QDS_FACTORS": {"QDS_FACTOR": [{"#text": "Easy_Exploit,No_Patch","name": "RTI"},{"#text": "5.0","name": "CVSS"}]},"LAST_PROCESSED_DATETIME": "2023-05-30T07:48:14Z","PROTOCOL": "tcp","TIMES_FOUND": "1","IS_DISABLED": "1","RESULTS": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.","LAST_TEST_DATETIME": "2023-05-30T07:46:15Z"}, "OS": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607","TRACKING_METHOD": "IP","LAST_VM_AUTH_SCANNED_DATE": "2023-05-31T12:34:44Z"} diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log-expected.json b/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log-expected.json index af39fe6e98f..d2f51d936c7 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log-expected.json +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/pipeline/test-asset-host-detection.log-expected.json @@ -75,61 +75,6 @@ "scanned_duration": 1822 } }, - "list": [ - { - "affect": { - "exploitable_config": "config1", - "running": { - "kernel": "kernel1", - "service": "service1" - } - }, - "asset_cve": "cve3", - "first": { - "found_datetime": "2023-05-30T07:46:15.000Z", - "reopened_datetime": "2023-05-22T02:09:49.000Z" - }, - "fqdn": "exchb10.exchb10.local", - "instance": "instance1", - "is_disabled": true, - "is_ignored": false, - "last": { - "fixed_datetime": "2023-05-22T02:09:49.000Z", - "found_datetime": "2023-05-30T07:46:15.000Z", - "processed_datetime": "2023-05-30T07:48:14.000Z", - "reopened_datetime": "2023-05-22T02:09:49.000Z", - "test_datetime": "2023-05-30T07:46:15.000Z", - "update_datetime": "2023-05-30T07:48:14.000Z" - }, - "port": 443, - "protocol": "tcp", - "qds": { - "severity": "MEDIUM", - "text": "50" - }, - "qds_factors": [ - { - "name": "RTI", - "text": "Easy_Exploit,No_Patch" - }, - { - "name": "CVSS", - "text": "5.0" - } - ], - "qid": "11827", - "results": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.", - "service": "service1", - "severity": 2, - "ssl": "0", - "status": "New", - "times": { - "found": 1, - "reopened": 2 - }, - "type": "Confirmed" - } - ], "metadata": { "azure": { "attribute": [ @@ -199,7 +144,60 @@ "name": "Linux" } ], - "tracking_method": "IP" + "tracking_method": "IP", + "vulnerability": { + "affect": { + "exploitable_config": "config1", + "running": { + "kernel": "kernel1", + "service": "service1" + } + }, + "asset_cve": "cve3", + "first": { + "found_datetime": "2023-05-30T07:46:15.000Z", + "reopened_datetime": "2023-05-22T02:09:49.000Z" + }, + "fqdn": "exchb10.exchb10.local", + "instance": "instance1", + "is_disabled": true, + "is_ignored": false, + "last": { + "fixed_datetime": "2023-05-22T02:09:49.000Z", + "found_datetime": "2023-05-30T07:46:15.000Z", + "processed_datetime": "2023-05-30T07:48:14.000Z", + "reopened_datetime": "2023-05-22T02:09:49.000Z", + "test_datetime": "2023-05-30T07:46:15.000Z", + "update_datetime": "2023-05-30T07:48:14.000Z" + }, + "port": 443, + "protocol": "tcp", + "qds": { + "severity": "MEDIUM", + "text": "50" + }, + "qds_factors": [ + { + "name": "RTI", + "text": "Easy_Exploit,No_Patch" + }, + { + "name": "CVSS", + "text": "5.0" + } + ], + "qid": "11827", + "results": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.", + "service": "service1", + "severity": 2, + "ssl": "0", + "status": "New", + "times": { + "found": 1, + "reopened": 2 + }, + "type": "Confirmed" + } } }, "related": { @@ -268,45 +266,6 @@ "scanned_duration": 1822 } }, - "list": [ - { - "first": { - "found_datetime": "2023-05-30T07:46:15.000Z" - }, - "is_ignored": false, - "last": { - "found_datetime": "2023-05-30T07:46:15.000Z", - "processed_datetime": "2023-05-30T07:48:14.000Z", - "test_datetime": "2023-05-30T07:46:15.000Z", - "update_datetime": "2023-05-30T07:48:14.000Z" - }, - "port": 443, - "protocol": "tcp", - "qds": { - "severity": "MEDIUM", - "text": "50" - }, - "qds_factors": [ - { - "name": "RTI", - "text": "Easy_Exploit,No_Patch" - }, - { - "name": "CVSS", - "text": "5.0" - } - ], - "qid": "11827", - "results": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.", - "severity": 2, - "ssl": "0", - "status": "New", - "times": { - "found": 1 - }, - "type": "Confirmed" - } - ], "netbios": "EXCHB10", "os": { "value": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607" @@ -315,7 +274,44 @@ "id": "19429855", "name": "Linux" }, - "tracking_method": "IP" + "tracking_method": "IP", + "vulnerability": { + "first": { + "found_datetime": "2023-05-30T07:46:15.000Z" + }, + "is_ignored": false, + "last": { + "found_datetime": "2023-05-30T07:46:15.000Z", + "processed_datetime": "2023-05-30T07:48:14.000Z", + "test_datetime": "2023-05-30T07:46:15.000Z", + "update_datetime": "2023-05-30T07:48:14.000Z" + }, + "port": 443, + "protocol": "tcp", + "qds": { + "severity": "MEDIUM", + "text": "50" + }, + "qds_factors": [ + { + "name": "RTI", + "text": "Easy_Exploit,No_Patch" + }, + { + "name": "CVSS", + "text": "5.0" + } + ], + "qid": "11827", + "results": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.", + "severity": 2, + "ssl": "0", + "status": "New", + "times": { + "found": 1 + }, + "type": "Confirmed" + } } }, "related": { @@ -381,7 +377,22 @@ "scanned_duration": 1822 } }, - "list": { + "netbios": "EXCHB10", + "os": { + "value": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607" + }, + "tags": [ + { + "id": "19427596", + "name": "Sales" + }, + { + "id": "19429855", + "name": "Linux" + } + ], + "tracking_method": "IP", + "vulnerability": { "first": { "found_datetime": "2023-05-30T07:46:15.000Z" }, @@ -418,22 +429,7 @@ "found": 1 }, "type": "Confirmed" - }, - "netbios": "EXCHB10", - "os": { - "value": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607" - }, - "tags": [ - { - "id": "19427596", - "name": "Sales" - }, - { - "id": "19429855", - "name": "Linux" - } - ], - "tracking_method": "IP" + } } }, "related": { @@ -499,7 +495,16 @@ "scanned_duration": 1822 } }, - "list": { + "netbios": "EXCHB10", + "os": { + "value": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607" + }, + "tags": { + "id": "19429855", + "name": "Linux" + }, + "tracking_method": "IP", + "vulnerability": { "first": { "found_datetime": "2023-05-30T07:46:15.000Z" }, @@ -536,16 +541,7 @@ "found": 1 }, "type": "Confirmed" - }, - "netbios": "EXCHB10", - "os": { - "value": "Windows Server 2016 Standard Evaluation 64 bit Edition AD Version 1607" - }, - "tags": { - "id": "19429855", - "name": "Linux" - }, - "tracking_method": "IP" + } } }, "related": { @@ -677,7 +673,16 @@ "scanned_duration": 1806 } }, - "list": { + "netbios": "WIN-D24CK5NN676", + "os": { + "value": "Windows 2016" + }, + "tags": { + "id": "19429857", + "name": "Windows" + }, + "tracking_method": "IP", + "vulnerability": { "first": { "found_datetime": "2023-05-30T11:49:24.000Z" }, @@ -693,16 +698,7 @@ "found": 38 }, "type": "Info" - }, - "netbios": "WIN-D24CK5NN676", - "os": { - "value": "Windows 2016" - }, - "tags": { - "id": "19429857", - "name": "Windows" - }, - "tracking_method": "IP" + } } }, "related": { @@ -792,46 +788,6 @@ "scanned_duration": 1822 } }, - "list": [ - { - "first": { - "found_datetime": "2023-05-30T07:46:15.000Z" - }, - "is_disabled": true, - "is_ignored": false, - "last": { - "found_datetime": "2023-05-30T07:46:15.000Z", - "processed_datetime": "2023-05-30T07:48:14.000Z", - "test_datetime": "2023-05-30T07:46:15.000Z", - "update_datetime": "2023-05-30T07:48:14.000Z" - }, - "port": 443, - "protocol": "tcp", - "qds": { - "severity": "MEDIUM", - "text": "50" - }, - "qds_factors": [ - { - "name": "RTI", - "text": "Easy_Exploit,No_Patch" - }, - { - "name": "CVSS", - "text": "5.0" - } - ], - "qid": "11827", - "results": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.", - "severity": 2, - "ssl": "0", - "status": "New", - "times": { - "found": 1 - }, - "type": "Confirmed" - } - ], "metadata": { "azure": { "attribute": { @@ -892,7 +848,45 @@ "name": "Linux" } ], - "tracking_method": "IP" + "tracking_method": "IP", + "vulnerability": { + "first": { + "found_datetime": "2023-05-30T07:46:15.000Z" + }, + "is_disabled": true, + "is_ignored": false, + "last": { + "found_datetime": "2023-05-30T07:46:15.000Z", + "processed_datetime": "2023-05-30T07:48:14.000Z", + "test_datetime": "2023-05-30T07:46:15.000Z", + "update_datetime": "2023-05-30T07:48:14.000Z" + }, + "port": 443, + "protocol": "tcp", + "qds": { + "severity": "MEDIUM", + "text": "50" + }, + "qds_factors": [ + { + "name": "RTI", + "text": "Easy_Exploit,No_Patch" + }, + { + "name": "CVSS", + "text": "5.0" + } + ], + "qid": "11827", + "results": "X-Content-Type-Options HTTP Header missing on port 443.\n\nGET / HTTP/1.0\nHost: 81.2.69.192\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0\n\n\n\nHTTP/1.1 200 OK\nContent-Type: text/html\nLast-Modified: Fri, 29 Mar 2019 10:51:17 GMT\nAccept-Ranges: bytes\nETag: "135e2b561de6d41:0"\nServer: Microsoft-IIS/10.0\nX-Powered-By: ASP.NET\nDate: Tue, 30 May 2023 05:56:00 GMT\nConnection: keep-alive\nContent-Length: 703\n\nStrict-Transport-Security HTTP Header missing on port 443.", + "severity": 2, + "ssl": "0", + "status": "New", + "times": { + "found": 1 + }, + "type": "Confirmed" + } } }, "related": { diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/system/test-default-config.yml b/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/system/test-default-config.yml index 2e80cc9d5a0..f24e7929eba 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/system/test-default-config.yml +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/_dev/test/system/test-default-config.yml @@ -8,4 +8,4 @@ data_stream: url: http://{{Hostname}}:{{Port}} preserve_duplicate_custom_fields: true assert: - hit_count: 1 + hit_count: 2 diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/agent/stream/input.yml.hbs b/packages/qualys_vmdr/data_stream/asset_host_detection/agent/stream/input.yml.hbs index b93606f3126..63f16d44cc0 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/agent/stream/input.yml.hbs +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/agent/stream/input.yml.hbs @@ -36,9 +36,11 @@ program: | "Authorization": ["Basic "+string(base64(state.user+":"+state.password))], } }).do_request().as(resp, bytes(resp.Body).decode_xml('qualys_api_2_0').as(body, { - "events": body.doc.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.HOST_LIST.HOST.map(e, { - "message": e.encode_json(), - }), + "events": body.doc.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.HOST_LIST.HOST.map(h, + h.DETECTION_LIST.DETECTION.map(v, { + "message": h.with({"DETECTION_LIST": v}).encode_json(), + }) + ).flatten(), "url": ( has(body.doc.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.WARNING) && has(body.doc.HOST_LIST_VM_DETECTION_OUTPUT.RESPONSE.WARNING.URL) ? diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml b/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml index aca46365244..b17dad52824 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml @@ -780,496 +780,402 @@ processors: lang: painless tag: script_to_set_IS_DISABLED description: Script to set IS_DISABLED for 0 and 1 values. - if: ctx.json?.DETECTION_LIST?.DETECTION instanceof List + if: ctx.json?.DETECTION_LIST != null source: >- - for (def obj : ctx.json.DETECTION_LIST.DETECTION) { - if (obj.containsKey("IS_DISABLED") && obj.get("IS_DISABLED").equals('0')) { - obj.remove("IS_DISABLED"); - obj.put("IS_DISABLED", false); - } else if (obj.containsKey("IS_DISABLED") && obj.get("IS_DISABLED").equals('1')) { - obj.remove("IS_DISABLED"); - obj.put("IS_DISABLED", true); - } + def obj = ctx.json.DETECTION_LIST; + if (obj.containsKey("IS_DISABLED") && obj.get("IS_DISABLED").equals('0')) { + obj.remove("IS_DISABLED"); + obj.put("IS_DISABLED", false); + } else if (obj.containsKey("IS_DISABLED") && obj.get("IS_DISABLED").equals('1')) { + obj.remove("IS_DISABLED"); + obj.put("IS_DISABLED", true); } - script: lang: painless tag: script_to_set_IS_IGNORED description: Script to set IS_IGNORED for 0 and 1 values. - if: ctx.json?.DETECTION_LIST?.DETECTION instanceof List + if: ctx.json?.DETECTION_LIST != null source: >- - for (def obj : ctx.json.DETECTION_LIST.DETECTION) { - if (obj.containsKey("IS_IGNORED") && obj.get("IS_IGNORED").equals('0')) { - obj.remove("IS_IGNORED"); - obj.put("IS_IGNORED", false); - } else if (obj.containsKey("IS_IGNORED") && obj.get("IS_IGNORED").equals('1')) { - obj.remove("IS_IGNORED"); - obj.put("IS_IGNORED", true); - } + def obj = ctx.json.DETECTION_LIST; + if (obj.containsKey("IS_IGNORED") && obj.get("IS_IGNORED").equals('0')) { + obj.remove("IS_IGNORED"); + obj.put("IS_IGNORED", false); + } else if (obj.containsKey("IS_IGNORED") && obj.get("IS_IGNORED").equals('1')) { + obj.remove("IS_IGNORED"); + obj.put("IS_IGNORED", true); } - rename: - field: json.DETECTION_LIST.DETECTION - tag: rename_DETECTION_LIST_DETECTION - target_field: qualys_vmdr.asset_host_detection.list + field: json.DETECTION_LIST + tag: rename_DETECTION_LIST + target_field: qualys_vmdr.asset_host_detection.vulnerability + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.UNIQUE_VULN_ID != null + field: qualys_vmdr.asset_host_detection.vulnerability.UNIQUE_VULN_ID + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_UNIQUE_VULN_ID + target_field: qualys_vmdr.asset_host_detection.vulnerability.unique_vuln_id + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.PROTOCOL != null + field: qualys_vmdr.asset_host_detection.vulnerability.PROTOCOL + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_PROTOCOL_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.protocol + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.FQDN != null + field: qualys_vmdr.asset_host_detection.vulnerability.FQDN + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_FQDN_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.fqdn + ignore_missing: true + - append: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.fqdn != null + field: related.hosts + tag: append_qualys_vmdr_asset_host_detection_vulnerability_fqdn_into_related_hosts_1 + value: '{{{qualys_vmdr.asset_host_detection.vulnerability.fqdn}}}' + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.INSTANCE != null + field: qualys_vmdr.asset_host_detection.vulnerability.INSTANCE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_INSTANCE_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.instance + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.SERVICE != null + field: qualys_vmdr.asset_host_detection.vulnerability.SERVICE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_SERVICE_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.service + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.AFFECT_RUNNING_KERNEL != null + field: qualys_vmdr.asset_host_detection.vulnerability.AFFECT_RUNNING_KERNEL + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_AFFECT_RUNNING_KERNEL_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.affect.running.kernel + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.AFFECT_RUNNING_SERVICE != null + field: qualys_vmdr.asset_host_detection.vulnerability.AFFECT_RUNNING_SERVICE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_AFFECT_RUNNING_SERVICE_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.affect.running.service + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.AFFECT_EXPLOITABLE_CONFIG != null + field: qualys_vmdr.asset_host_detection.vulnerability.AFFECT_EXPLOITABLE_CONFIG + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_AFFECT_EXPLOITABLE_CONFIG_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.affect.exploitable_config + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.ASSET_CVE != null + field: qualys_vmdr.asset_host_detection.vulnerability.ASSET_CVE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_ASSET_CVE_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.asset_cve + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.QID != null + field: qualys_vmdr.asset_host_detection.vulnerability.QID + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_QID_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qid + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.RESULTS != null + field: qualys_vmdr.asset_host_detection.vulnerability.RESULTS + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_RESULTS_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.results + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.STATUS != null + field: qualys_vmdr.asset_host_detection.vulnerability.STATUS + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_STATUS_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.status + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.TYPE != null + field: qualys_vmdr.asset_host_detection.vulnerability.TYPE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_TYPE_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.type + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.QDS != null + field: qualys_vmdr.asset_host_detection.vulnerability.QDS + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_QDS_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null + field: qualys_vmdr.asset_host_detection.vulnerability.qds.#text + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_qds_#text_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds.text + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.SSL != null + field: qualys_vmdr.asset_host_detection.vulnerability.SSL + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_SSL_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.ssl + ignore_missing: true + - date: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.FIRST_FOUND_DATETIME != null + field: qualys_vmdr.asset_host_detection.vulnerability.FIRST_FOUND_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_FIRST_FOUND_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.first.found_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.FIRST_REOPENED_DATETIME != null + field: qualys_vmdr.asset_host_detection.vulnerability.FIRST_REOPENED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_FIRST_REOPENED_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.first.reopened_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.LAST_FOUND_DATETIME != null + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_FOUND_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_FOUND_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.found_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_REOPENED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_REOPENED_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.reopened_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_PROCESSED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_PROCESSED_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.processed_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.LAST_TEST_DATETIME != null + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_TEST_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_TEST_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.test_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.LAST_UPDATE_DATETIME != null + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_UPDATE_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_UPDATE_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.update_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.LAST_FIXED_DATETIME != null + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_FIXED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_FIXED_DATETIME_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.fixed_datetime + formats: + - ISO8601 + ignore_failure: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.SEVERITY != null + field: qualys_vmdr.asset_host_detection.vulnerability.SEVERITY + target_field: qualys_vmdr.asset_host_detection.vulnerability.severity + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_SEVERITY_to_long_1 + type: long + ignore_missing: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.IS_IGNORED != null + field: qualys_vmdr.asset_host_detection.vulnerability.IS_IGNORED + target_field: qualys_vmdr.asset_host_detection.vulnerability.is_ignored + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_IS_IGNORED_to_boolean + type: boolean + ignore_missing: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.IS_DISABLED != null + field: qualys_vmdr.asset_host_detection.vulnerability.IS_DISABLED + target_field: qualys_vmdr.asset_host_detection.vulnerability.is_disabled + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_IS_DISABLED_to_boolean + type: boolean + ignore_missing: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.TIMES_FOUND != null + field: qualys_vmdr.asset_host_detection.vulnerability.TIMES_FOUND + target_field: qualys_vmdr.asset_host_detection.vulnerability.times.found + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_TIMES_FOUND_to_long_1 + type: long + ignore_missing: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.TIMES_REOPENED != null + field: qualys_vmdr.asset_host_detection.vulnerability.TIMES_REOPENED + target_field: qualys_vmdr.asset_host_detection.vulnerability.times.reopened + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_TIMES_REOPENED_to_long_1 + type: long + ignore_missing: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.PORT != null + field: qualys_vmdr.asset_host_detection.vulnerability.PORT + target_field: qualys_vmdr.asset_host_detection.vulnerability.port + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_PORT_to_long_1 + type: long + ignore_missing: true + on_failure: + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.QDS_FACTORS?.QDS_FACTOR != null + field: qualys_vmdr.asset_host_detection.vulnerability.QDS_FACTORS.QDS_FACTOR + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_QDS_FACTORS_QDS_FACTOR_1 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors ignore_missing: true - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_PROTOCOL - processor: - rename: - field: _ingest._value.PROTOCOL - tag: rename_qualys_vmdr_asset_host_detection_list_PROTOCOL_1 - target_field: _ingest._value.protocol - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_FQDN - processor: - rename: - field: _ingest._value.FQDN - tag: rename_qualys_vmdr_asset_host_detection_list_FQDN_1 - target_field: _ingest._value.fqdn - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_FQDN - processor: - append: - field: related.hosts - tag: append_qualys_vmdr_asset_host_detection_list_fqdn_into_related_hosts_1 - value: '{{{_ingest._value.fqdn}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_INSTANCE - processor: - rename: - field: _ingest._value.INSTANCE - tag: rename_qualys_vmdr_asset_host_detection_list_INSTANCE_1 - target_field: _ingest._value.instance - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_SERVICE - processor: - rename: - field: _ingest._value.SERVICE - tag: rename_qualys_vmdr_asset_host_detection_list_SERVICE_1 - target_field: _ingest._value.service - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_AFFECT_RUNNING_KERNEL - processor: - rename: - field: _ingest._value.AFFECT_RUNNING_KERNEL - tag: rename_qualys_vmdr_asset_host_detection_list_AFFECT_RUNNING_KERNEL_1 - target_field: _ingest._value.affect.running.kernel - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_AFFECT_RUNNING_SERVICE - processor: - rename: - field: _ingest._value.AFFECT_RUNNING_SERVICE - tag: rename_qualys_vmdr_asset_host_detection_list_AFFECT_RUNNING_SERVICE_1 - target_field: _ingest._value.affect.running.service - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_AFFECT_EXPLOITABLE_CONFIG - processor: - rename: - field: _ingest._value.AFFECT_EXPLOITABLE_CONFIG - tag: rename_qualys_vmdr_asset_host_detection_list_AFFECT_EXPLOITABLE_CONFIG_1 - target_field: _ingest._value.affect.exploitable_config - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_ASSET_CVE - processor: - rename: - field: _ingest._value.ASSET_CVE - tag: rename_qualys_vmdr_asset_host_detection_list_ASSET_CVE_1 - target_field: _ingest._value.asset_cve - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_QID - processor: - rename: - field: _ingest._value.QID - tag: rename_qualys_vmdr_asset_host_detection_list_QID_1 - target_field: _ingest._value.qid - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_RESULTS - processor: - rename: - field: _ingest._value.RESULTS - tag: rename_qualys_vmdr_asset_host_detection_list_RESULTS_1 - target_field: _ingest._value.results - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_STATUS - processor: - rename: - field: _ingest._value.STATUS - tag: rename_qualys_vmdr_asset_host_detection_list_STATUS_1 - target_field: _ingest._value.status - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_TYPE - processor: - rename: - field: _ingest._value.TYPE - tag: rename_qualys_vmdr_asset_host_detection_list_TYPE_1 - target_field: _ingest._value.type - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_QDS - processor: - rename: - field: _ingest._value.QDS - tag: rename_qualys_vmdr_asset_host_detection_list_QDS_1 - target_field: _ingest._value.qds - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_qds_#text - processor: - rename: - field: _ingest._value.qds.#text - tag: rename_qualys_vmdr_asset_host_detection_list_qds_#text_1 - target_field: _ingest._value.qds.text - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_SSL - processor: - rename: - field: _ingest._value.SSL - tag: rename_qualys_vmdr_asset_host_detection_list_SSL_1 - target_field: _ingest._value.ssl - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_FIRST_FOUND_DATETIME - processor: - date: - field: _ingest._value.FIRST_FOUND_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_FIRST_FOUND_DATETIME_1 - target_field: _ingest._value.first.found_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_FIRST_REOPENED_DATETIME - processor: - date: - field: _ingest._value.FIRST_REOPENED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_FIRST_REOPENED_DATETIME_1 - target_field: _ingest._value.first.reopened_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_LAST_FOUND_DATETIME - processor: - date: - field: _ingest._value.LAST_FOUND_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_FOUND_DATETIME_1 - target_field: _ingest._value.last.found_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_LAST_REOPENED_DATETIME - processor: - date: - field: _ingest._value.LAST_REOPENED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_REOPENED_DATETIME_1 - target_field: _ingest._value.last.reopened_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_LAST_PROCESSED_DATETIME - processor: - date: - field: _ingest._value.LAST_PROCESSED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_PROCESSED_DATETIME_1 - target_field: _ingest._value.last.processed_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_LAST_TEST_DATETIME - processor: - date: - field: _ingest._value.LAST_TEST_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_TEST_DATETIME_1 - target_field: _ingest._value.last.test_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_LAST_UPDATE_DATETIME - processor: - date: - field: _ingest._value.LAST_UPDATE_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_UPDATE_DATETIME_1 - target_field: _ingest._value.last.update_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_date_LAST_FIXED_DATETIME - processor: - date: - field: _ingest._value.LAST_FIXED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_FIXED_DATETIME_1 - target_field: _ingest._value.last.fixed_datetime - formats: - - ISO8601 - ignore_failure: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_CONVERT_SEVERITY - processor: - convert: - field: _ingest._value.SEVERITY - target_field: _ingest._value.severity - tag: convert_qualys_vmdr_asset_host_detection_list_SEVERITY_to_long_1 - type: long - ignore_missing: true - on_failure: - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_convert_IS_IGNORED - processor: - convert: - field: _ingest._value.IS_IGNORED - target_field: _ingest._value.is_ignored - tag: convert_qualys_vmdr_asset_host_detection_list_IS_IGNORED_to_boolean - type: boolean - ignore_missing: true - on_failure: - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_convert_IS_DISABLED - processor: - convert: - field: _ingest._value.IS_DISABLED - target_field: _ingest._value.is_disabled - tag: convert_qualys_vmdr_asset_host_detection_list_IS_DISABLED_to_boolean - type: boolean - ignore_missing: true - on_failure: - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_convert_TIMES_FOUND - processor: - convert: - field: _ingest._value.TIMES_FOUND - target_field: _ingest._value.times.found - tag: convert_qualys_vmdr_asset_host_detection_list_TIMES_FOUND_to_long_1 - type: long - ignore_missing: true - on_failure: - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_convert_TIMES_REOPENED - processor: - convert: - field: _ingest._value.TIMES_REOPENED - target_field: _ingest._value.times.reopened - tag: convert_qualys_vmdr_asset_host_detection_list_TIMES_REOPENED_to_long_1 - type: long - ignore_missing: true - on_failure: - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_convert_PORT - processor: - convert: - field: _ingest._value.PORT - target_field: _ingest._value.port - tag: convert_qualys_vmdr_asset_host_detection_list_PORT_to_long_1 - type: long - ignore_missing: true - on_failure: - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_QDS_FACTOR - processor: - rename: - field: _ingest._value.QDS_FACTORS.QDS_FACTOR - tag: rename_qualys_vmdr_asset_host_detection_list_QDS_FACTORS_QDS_FACTOR_1 - target_field: _ingest._value.qds_factors - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_inside_foreach - processor: - foreach: - field: _ingest._value.qds_factors - ignore_missing: true - tag: foreach_nested - processor: - rename: - field: _ingest._value.#text - tag: rename_qualys_vmdr_asset_host_detection_list_qds_factors_#text_1 - target_field: _ingest._value.text - ignore_missing: true - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_rename_qds_factors_#text + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.qds_factors != null + field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors + ignore_missing: true + tag: foreach_nested processor: rename: - field: _ingest._value.qds_factors.#text - tag: rename_qualys_vmdr_asset_host_detection_list_qds_factors_#text_2 - target_field: _ingest._value.qds_factors.text + field: _ingest._value.#text + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_qds_factors_#text_1 + target_field: _ingest._value.text ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.QDS_FACTORS.QDS_FACTOR - tag: rename_qualys_vmdr_asset_host_detection_list_QDS_FACTORS_QDS_FACTOR_2 - target_field: qualys_vmdr.asset_host_detection.list.qds_factors + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.qds_factors != null + field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors.#text + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_qds_factors_#text_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors.text + ignore_missing: true + - rename: + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.QDS_FACTORS?.QDS_FACTOR != null + field: qualys_vmdr.asset_host_detection.vulnerability.QDS_FACTORS.QDS_FACTOR + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_QDS_FACTORS_QDS_FACTOR_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.qds_factors.#text - tag: rename_qualys_vmdr_asset_host_detection_list_qds_factors_#text_3 - target_field: qualys_vmdr.asset_host_detection.list.qds_factors.text + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.qds_factors != null + field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors.#text + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_qds_factors_#text_3 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors.text ignore_missing: true - foreach: - field: qualys_vmdr.asset_host_detection.list.qds_factors - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.qds_factors instanceof List + field: qualys_vmdr.asset_host_detection.vulnerability.qds_factors + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.qds_factors instanceof List tag: foreach_rename_#text processor: rename: field: _ingest._value.#text - tag: rename_qualys_vmdr_asset_host_detection_list_qds_factors_#text_4 + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_qds_factors_#text_4 target_field: _ingest._value.text ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.QDS - tag: rename_qualys_vmdr_asset_host_detection_list_QDS_2 - target_field: qualys_vmdr.asset_host_detection.list.qds + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.QDS != null + field: qualys_vmdr.asset_host_detection.vulnerability.QDS + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_QDS_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.qds.#text - tag: rename_qualys_vmdr_asset_host_detection_list_qds_#text_2 - target_field: qualys_vmdr.asset_host_detection.list.qds.text + if: ctx.qualys_vmdr?.asset_host_detection?.vulnerability?.qds != null + field: qualys_vmdr.asset_host_detection.vulnerability.qds.#text + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_qds_#text_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qds.text ignore_missing: true - convert: - field: qualys_vmdr.asset_host_detection.list.PORT - target_field: qualys_vmdr.asset_host_detection.list.port - tag: convert_qualys_vmdr_asset_host_detection_list_PORT_to_long_2 + field: qualys_vmdr.asset_host_detection.vulnerability.PORT + target_field: qualys_vmdr.asset_host_detection.vulnerability.port + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_PORT_to_long_2 type: long ignore_missing: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.PORT != '' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.PORT != '' on_failure: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: - field: qualys_vmdr.asset_host_detection.list.TIMES_FOUND - target_field: qualys_vmdr.asset_host_detection.list.times.found - tag: convert_qualys_vmdr_asset_host_detection_list_TIMES_FOUND_to_long_2 + field: qualys_vmdr.asset_host_detection.vulnerability.TIMES_FOUND + target_field: qualys_vmdr.asset_host_detection.vulnerability.times.found + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_TIMES_FOUND_to_long_2 type: long ignore_missing: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.TIMES_FOUND != '' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.TIMES_FOUND != '' on_failure: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: - field: qualys_vmdr.asset_host_detection.list.TIMES_REOPENED - target_field: qualys_vmdr.asset_host_detection.list.times.reopened - tag: convert_qualys_vmdr_asset_host_detection_list_TIMES_REOPENED_to_long_2 + field: qualys_vmdr.asset_host_detection.vulnerability.TIMES_REOPENED + target_field: qualys_vmdr.asset_host_detection.vulnerability.times.reopened + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_TIMES_REOPENED_to_long_2 type: long ignore_missing: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.TIMES_REOPENED != '' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.TIMES_REOPENED != '' on_failure: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: - field: qualys_vmdr.asset_host_detection.list.SEVERITY - target_field: qualys_vmdr.asset_host_detection.list.severity - tag: convert_qualys_vmdr_asset_host_detection_list_SEVERITY_to_long_2 + field: qualys_vmdr.asset_host_detection.vulnerability.SEVERITY + target_field: qualys_vmdr.asset_host_detection.vulnerability.severity + tag: convert_qualys_vmdr_asset_host_detection_vulnerability_SEVERITY_to_long_2 type: long ignore_missing: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.SEVERITY != '' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.SEVERITY != '' on_failure: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.LAST_UPDATE_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_UPDATE_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_UPDATE_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.LAST_UPDATE_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.last.update_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_UPDATE_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_UPDATE_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_UPDATE_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.LAST_UPDATE_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.update_datetime formats: - ISO8601 on_failure: @@ -1277,10 +1183,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.LAST_FIXED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_FIXED_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_FIXED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.LAST_FIXED_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.last.fixed_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_FIXED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_FIXED_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_FIXED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.LAST_FIXED_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.fixed_datetime formats: - ISO8601 on_failure: @@ -1288,10 +1194,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.LAST_TEST_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_TEST_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_TEST_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.LAST_TEST_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.last.test_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_TEST_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_TEST_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_TEST_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.LAST_TEST_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.test_datetime formats: - ISO8601 on_failure: @@ -1299,10 +1205,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.LAST_PROCESSED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_PROCESSED_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_PROCESSED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.LAST_PROCESSED_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.last.processed_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_PROCESSED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_PROCESSED_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_PROCESSED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.LAST_PROCESSED_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.processed_datetime formats: - ISO8601 on_failure: @@ -1310,10 +1216,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.LAST_FOUND_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_FOUND_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_FOUND_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.LAST_FOUND_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.last.found_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_FOUND_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_FOUND_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_FOUND_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.LAST_FOUND_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.found_datetime formats: - ISO8601 on_failure: @@ -1321,10 +1227,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.LAST_REOPENED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_LAST_REOPENED_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_REOPENED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.LAST_REOPENED_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.last.reopened_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.LAST_REOPENED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_LAST_REOPENED_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.LAST_REOPENED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.LAST_REOPENED_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.last.reopened_datetime formats: - ISO8601 on_failure: @@ -1332,10 +1238,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.FIRST_FOUND_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_FIRST_FOUND_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.FIRST_FOUND_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.FIRST_FOUND_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.first.found_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.FIRST_FOUND_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_FIRST_FOUND_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.FIRST_FOUND_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.FIRST_FOUND_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.first.found_datetime formats: - ISO8601 on_failure: @@ -1343,10 +1249,10 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: - field: qualys_vmdr.asset_host_detection.list.FIRST_REOPENED_DATETIME - tag: date_qualys_vmdr_asset_host_detection_list_FIRST_REOPENED_DATETIME_2 - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.FIRST_REOPENED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.list.FIRST_REOPENED_DATETIME != '' - target_field: qualys_vmdr.asset_host_detection.list.first.reopened_datetime + field: qualys_vmdr.asset_host_detection.vulnerability.FIRST_REOPENED_DATETIME + tag: date_qualys_vmdr_asset_host_detection_vulnerability_FIRST_REOPENED_DATETIME_2 + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.FIRST_REOPENED_DATETIME != null && ctx.qualys_vmdr.asset_host_detection.vulnerability.FIRST_REOPENED_DATETIME != '' + target_field: qualys_vmdr.asset_host_detection.vulnerability.first.reopened_datetime formats: - ISO8601 on_failure: @@ -1354,161 +1260,138 @@ processors: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - rename: - field: qualys_vmdr.asset_host_detection.list.SSL - tag: rename_qualys_vmdr_asset_host_detection_list_SSL_2 - target_field: qualys_vmdr.asset_host_detection.list.ssl + field: qualys_vmdr.asset_host_detection.vulnerability.SSL + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_SSL_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.ssl ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.TYPE - tag: rename_qualys_vmdr_asset_host_detection_list_TYPE_2 - target_field: qualys_vmdr.asset_host_detection.list.type + field: qualys_vmdr.asset_host_detection.vulnerability.TYPE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_TYPE_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.type ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.STATUS - tag: rename_qualys_vmdr_asset_host_detection_list_STATUS_2 - target_field: qualys_vmdr.asset_host_detection.list.status + field: qualys_vmdr.asset_host_detection.vulnerability.STATUS + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_STATUS_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.status ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.RESULTS - tag: rename_qualys_vmdr_asset_host_detection_list_RESULTS_2 - target_field: qualys_vmdr.asset_host_detection.list.results + field: qualys_vmdr.asset_host_detection.vulnerability.RESULTS + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_RESULTS_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.results ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.QID - tag: rename_qualys_vmdr_asset_host_detection_list_QID_2 - target_field: qualys_vmdr.asset_host_detection.list.qid + field: qualys_vmdr.asset_host_detection.vulnerability.QID + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_QID_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.qid ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.PROTOCOL - tag: rename_qualys_vmdr_asset_host_detection_list_PROTOCOL_2 - target_field: qualys_vmdr.asset_host_detection.list.protocol + field: qualys_vmdr.asset_host_detection.vulnerability.PROTOCOL + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_PROTOCOL_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.protocol ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.FQDN - tag: rename_qualys_vmdr_asset_host_detection_list_FQDN_2 - target_field: qualys_vmdr.asset_host_detection.list.fqdn + field: qualys_vmdr.asset_host_detection.vulnerability.FQDN + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_FQDN_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.fqdn ignore_missing: true - append: field: related.hosts - tag: append_qualys_vmdr_asset_host_detection_list_fqdn_into_related_hosts_2 - value: '{{{qualys_vmdr.asset_host_detection.list.fqdn}}}' + tag: append_qualys_vmdr_asset_host_detection_vulnerability_fqdn_into_related_hosts_2 + value: '{{{qualys_vmdr.asset_host_detection.vulnerability.fqdn}}}' allow_duplicates: false - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.fqdn != null + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.fqdn != null - rename: - field: qualys_vmdr.asset_host_detection.list.INSTANCE - tag: rename_qualys_vmdr_asset_host_detection_list_INSTANCE_2 - target_field: qualys_vmdr.asset_host_detection.list.instance + field: qualys_vmdr.asset_host_detection.vulnerability.INSTANCE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_INSTANCE_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.instance ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.SERVICE - tag: rename_qualys_vmdr_asset_host_detection_list_SERVICE_2 - target_field: qualys_vmdr.asset_host_detection.list.service + field: qualys_vmdr.asset_host_detection.vulnerability.SERVICE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_SERVICE_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.service ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.AFFECT_RUNNING_KERNEL - tag: rename_qualys_vmdr_asset_host_detection_list_AFFECT_RUNNING_KERNEL_2 - target_field: qualys_vmdr.asset_host_detection.list.affect.running.kernel + field: qualys_vmdr.asset_host_detection.vulnerability.AFFECT_RUNNING_KERNEL + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_AFFECT_RUNNING_KERNEL_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.affect.running.kernel ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.AFFECT_RUNNING_SERVICE - tag: rename_qualys_vmdr_asset_host_detection_list_AFFECT_RUNNING_SERVICE_2 - target_field: qualys_vmdr.asset_host_detection.list.affect.running.service + field: qualys_vmdr.asset_host_detection.vulnerability.AFFECT_RUNNING_SERVICE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_AFFECT_RUNNING_SERVICE_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.affect.running.service ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.AFFECT_EXPLOITABLE_CONFIG - tag: rename_qualys_vmdr_asset_host_detection_list_AFFECT_EXPLOITABLE_CONFIG_2 - target_field: qualys_vmdr.asset_host_detection.list.affect.exploitable_config + field: qualys_vmdr.asset_host_detection.vulnerability.AFFECT_EXPLOITABLE_CONFIG + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_AFFECT_EXPLOITABLE_CONFIG_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.affect.exploitable_config ignore_missing: true - rename: - field: qualys_vmdr.asset_host_detection.list.ASSET_CVE - tag: rename_qualys_vmdr_asset_host_detection_list_ASSET_CVE_2 - target_field: qualys_vmdr.asset_host_detection.list.asset_cve + field: qualys_vmdr.asset_host_detection.vulnerability.ASSET_CVE + tag: rename_qualys_vmdr_asset_host_detection_vulnerability_ASSET_CVE_2 + target_field: qualys_vmdr.asset_host_detection.vulnerability.asset_cve ignore_missing: true - set: - field: qualys_vmdr.asset_host_detection.list.IS_DISABLED - tag: set_qualys_vmdr_asset_host_detection_list_IS_DISABLED_true + field: qualys_vmdr.asset_host_detection.vulnerability.IS_DISABLED + tag: set_qualys_vmdr_asset_host_detection_vulnerability_IS_DISABLED_true value: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_DISABLED == '1' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_DISABLED == '1' - set: - field: qualys_vmdr.asset_host_detection.list.IS_DISABLED - tag: set_qualys_vmdr_asset_host_detection_list_IS_DISABLED_false + field: qualys_vmdr.asset_host_detection.vulnerability.IS_DISABLED + tag: set_qualys_vmdr_asset_host_detection_vulnerability_IS_DISABLED_false value: false - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_DISABLED == '0' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_DISABLED == '0' - convert: - field: qualys_vmdr.asset_host_detection.list.IS_DISABLED + field: qualys_vmdr.asset_host_detection.vulnerability.IS_DISABLED tag: convert_IS_DISABLED_to_boolean - target_field: qualys_vmdr.asset_host_detection.list.is_disabled + target_field: qualys_vmdr.asset_host_detection.vulnerability.is_disabled type: boolean ignore_missing: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_DISABLED != '' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_DISABLED != '' on_failure: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - set: - field: qualys_vmdr.asset_host_detection.list.IS_IGNORED - tag: set_qualys_vmdr_asset_host_detection_list_IS_IGNORED_true + field: qualys_vmdr.asset_host_detection.vulnerability.IS_IGNORED + tag: set_qualys_vmdr_asset_host_detection_vulnerability_IS_IGNORED_true value: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_IGNORED == '1' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_IGNORED == '1' - set: - field: qualys_vmdr.asset_host_detection.list.IS_IGNORED - tag: set_qualys_vmdr_asset_host_detection_list_IS_IGNORED_false + field: qualys_vmdr.asset_host_detection.vulnerability.IS_IGNORED + tag: set_qualys_vmdr_asset_host_detection_vulnerability_IS_IGNORED_false value: false - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_IGNORED == '0' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_IGNORED == '0' - convert: - field: qualys_vmdr.asset_host_detection.list.IS_IGNORED + field: qualys_vmdr.asset_host_detection.vulnerability.IS_IGNORED tag: convert_IS_IGNORED_to_boolean - target_field: qualys_vmdr.asset_host_detection.list.is_ignored + target_field: qualys_vmdr.asset_host_detection.vulnerability.is_ignored type: boolean ignore_missing: true - if: (!(ctx.qualys_vmdr?.asset_host_detection?.list instanceof List)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_IGNORED != '' + if: (!(ctx.qualys_vmdr?.asset_host_detection?.vulnerability != null)) && ctx.qualys_vmdr?.asset_host_detection?.list?.IS_IGNORED != '' on_failure: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - foreach: - field: qualys_vmdr.asset_host_detection.list - if: ctx.qualys_vmdr?.asset_host_detection?.list instanceof List - tag: foreach_remove_ingest_value_fields - processor: - remove: - field: - - _ingest._value.LAST_UPDATE_DATETIME - - _ingest._value.LAST_FIXED_DATETIME - - _ingest._value.LAST_TEST_DATETIME - - _ingest._value.LAST_PROCESSED_DATETIME - - _ingest._value.FIRST_FOUND_DATETIME - - _ingest._value.FIRST_REOPENED_DATETIME - - _ingest._value.LAST_FOUND_DATETIME - - _ingest._value.LAST_REOPENED_DATETIME - - _ingest._value.SEVERITY - - _ingest._value.TIMES_FOUND - - _ingest._value.TIMES_REOPENED - - _ingest._value.PORT - - _ingest._value.QDS_FACTORS - - _ingest._value.IS_DISABLED - - _ingest._value.IS_IGNORED - tag: remove_qualys_vmdr_asset_host_detection_list_fields - ignore_missing: true - remove: tag: remove_json field: - json - message - - qualys_vmdr.asset_host_detection.list.FIRST_FOUND_DATETIME - - qualys_vmdr.asset_host_detection.list.FIRST_REOPENED_DATETIME - - qualys_vmdr.asset_host_detection.list.IS_DISABLED - - qualys_vmdr.asset_host_detection.list.LAST_FOUND_DATETIME - - qualys_vmdr.asset_host_detection.list.LAST_REOPENED_DATETIME - - qualys_vmdr.asset_host_detection.list.LAST_PROCESSED_DATETIME - - qualys_vmdr.asset_host_detection.list.LAST_TEST_DATETIME - - qualys_vmdr.asset_host_detection.list.LAST_UPDATE_DATETIME - - qualys_vmdr.asset_host_detection.list.LAST_FIXED_DATETIME - - qualys_vmdr.asset_host_detection.list.PORT - - qualys_vmdr.asset_host_detection.list.SEVERITY - - qualys_vmdr.asset_host_detection.list.TIMES_FOUND - - qualys_vmdr.asset_host_detection.list.TIMES_REOPENED - - qualys_vmdr.asset_host_detection.list.IS_IGNORED + - qualys_vmdr.asset_host_detection.vulnerability.FIRST_FOUND_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.FIRST_REOPENED_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.IS_DISABLED + - qualys_vmdr.asset_host_detection.vulnerability.LAST_FOUND_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.LAST_REOPENED_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.LAST_PROCESSED_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.LAST_TEST_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.LAST_UPDATE_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.LAST_FIXED_DATETIME + - qualys_vmdr.asset_host_detection.vulnerability.PORT + - qualys_vmdr.asset_host_detection.vulnerability.QDS_FACTORS + - qualys_vmdr.asset_host_detection.vulnerability.SEVERITY + - qualys_vmdr.asset_host_detection.vulnerability.TIMES_FOUND + - qualys_vmdr.asset_host_detection.vulnerability.TIMES_REOPENED + - qualys_vmdr.asset_host_detection.vulnerability.IS_IGNORED - qualys_vmdr.asset_host_detection.cloud.provider.tags.cloud_tag.LAST_SUCCESS_DATE - qualys_vmdr.asset_host_detection.metadata.ec2.attribute.LAST_ERROR_DATE - qualys_vmdr.asset_host_detection.metadata.ec2.attribute.LAST_SUCCESS_DATE diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/fields/fields.yml b/packages/qualys_vmdr/data_stream/asset_host_detection/fields/fields.yml index cffc1054343..3f06756a3f4 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/fields/fields.yml +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/fields/fields.yml @@ -70,7 +70,7 @@ type: date - name: scanned_duration type: long - - name: list + - name: vulnerability type: group fields: - name: affect @@ -156,6 +156,8 @@ type: long - name: type type: keyword + - name: unique_vuln_id + type: keyword - name: metadata type: group fields: diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/sample_event.json b/packages/qualys_vmdr/data_stream/asset_host_detection/sample_event.json index 70e16c7ac84..af0c7da8c11 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/sample_event.json +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/sample_event.json @@ -1,11 +1,11 @@ { - "@timestamp": "2023-10-25T08:52:23.474Z", + "@timestamp": "2024-03-11T21:06:28.277Z", "agent": { - "ephemeral_id": "8365cc1b-0570-46a3-986b-eb86f03344d2", - "id": "50e7e437-d3fc-4872-8bd1-0da718796b4a", + "ephemeral_id": "798665d1-a592-4f07-8517-f7bdcdbda09f", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.9.0" + "version": "8.12.1" }, "data_stream": { "dataset": "qualys_vmdr.asset_host_detection", @@ -16,9 +16,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "50e7e437-d3fc-4872-8bd1-0da718796b4a", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "snapshot": false, - "version": "8.9.0" + "version": "8.12.1" }, "event": { "agent_id_status": "verified", @@ -26,7 +26,7 @@ "host" ], "dataset": "qualys_vmdr.asset_host_detection", - "ingested": "2023-10-25T08:52:26Z", + "ingested": "2024-03-11T21:06:40Z", "kind": "alert", "type": [ "info" @@ -53,30 +53,58 @@ "scanned_duration": 1113 } }, - "list": [ - { - "first": { - "found_datetime": "2023-06-28T06:04:26.000Z" + "tracking_method": "IP", + "vulnerability": { + "affect": { + "running": { + "kernel": "0" + } + }, + "first": { + "found_datetime": "2021-02-05T04:50:45.000Z" + }, + "is_disabled": false, + "is_ignored": false, + "last": { + "fixed_datetime": "2022-12-14T06:52:57.000Z", + "found_datetime": "2024-03-08T20:15:41.000Z", + "processed_datetime": "2024-03-08T20:15:41.000Z", + "test_datetime": "2024-03-08T20:15:41.000Z", + "update_datetime": "2024-03-08T20:15:41.000Z" + }, + "qds": { + "severity": "LOW", + "text": "35" + }, + "qds_factors": [ + { + "name": "CVSS", + "text": "7.7" }, - "is_disabled": false, - "is_ignored": false, - "last": { - "found_datetime": "2023-07-03T06:23:47.000Z", - "processed_datetime": "2023-07-03T06:25:17.000Z", - "test_datetime": "2023-07-03T06:23:47.000Z", - "update_datetime": "2023-07-03T06:25:17.000Z" + { + "name": "CVSS_version", + "text": "v3.x" }, - "qid": "91681", - "severity": 5, - "ssl": "0", - "status": "Active", - "times": { - "found": 11 + { + "name": "epss", + "text": "0.00232" }, - "type": "Confirmed" - } - ], - "tracking_method": "IP" + { + "name": "CVSS_vector", + "text": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" + } + ], + "qid": "197595", + "results": "Package Installed Version Required Version\nlinux-cloud-tools-4.4.0 1074-aws_4.4.0-1074.84 1092\nlinux-aws-tools-4.4.0 1074_4.4.0-1074.84 1092\nlinux-aws-headers-4.4.0 1074_4.15.0-1126.135 1092\nlinux-tools-4.4.0 1074-aws_4.4.0-1074.84 1092\nlinux-aws-cloud-tools-4.4.0 1074_4.4.0-1074.84 1092", + "severity": 3, + "ssl": "0", + "status": "Active", + "times": { + "found": 5393 + }, + "type": "Confirmed", + "unique_vuln_id": "5555555555" + } } }, "related": { @@ -92,4 +120,4 @@ "forwarded", "qualys_vmdr-asset_host_detection" ] -} +} \ No newline at end of file diff --git a/packages/qualys_vmdr/data_stream/knowledge_base/sample_event.json b/packages/qualys_vmdr/data_stream/knowledge_base/sample_event.json index 1cdc5452356..90300cbd054 100644 --- a/packages/qualys_vmdr/data_stream/knowledge_base/sample_event.json +++ b/packages/qualys_vmdr/data_stream/knowledge_base/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2023-06-29T12:20:46.000Z", "agent": { - "ephemeral_id": "d0eb176e-bad7-47fa-9547-c1854ad7ca2d", - "id": "98ba96f5-b452-4fc7-8f5a-3d37a634ce61", + "ephemeral_id": "59f8cd8a-60d4-4773-a9bb-4603e5bbfb75", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.9.0" + "version": "8.12.1" }, "data_stream": { "dataset": "qualys_vmdr.knowledge_base", @@ -16,9 +16,9 @@ "version": "8.11.0" }, "elastic_agent": { - "id": "98ba96f5-b452-4fc7-8f5a-3d37a634ce61", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "snapshot": false, - "version": "8.9.0" + "version": "8.12.1" }, "event": { "agent_id_status": "verified", @@ -27,7 +27,7 @@ ], "dataset": "qualys_vmdr.knowledge_base", "id": "11830", - "ingested": "2023-11-14T21:17:15Z", + "ingested": "2024-03-11T21:08:19Z", "kind": "alert", "type": [ "info" diff --git a/packages/qualys_vmdr/docs/README.md b/packages/qualys_vmdr/docs/README.md index 3641fc3cbcd..614e4428d4b 100644 --- a/packages/qualys_vmdr/docs/README.md +++ b/packages/qualys_vmdr/docs/README.md @@ -88,13 +88,13 @@ An example event for `asset_host_detection` looks as following: ```json { - "@timestamp": "2023-10-25T08:52:23.474Z", + "@timestamp": "2024-03-11T21:06:28.277Z", "agent": { - "ephemeral_id": "8365cc1b-0570-46a3-986b-eb86f03344d2", - "id": "50e7e437-d3fc-4872-8bd1-0da718796b4a", + "ephemeral_id": "798665d1-a592-4f07-8517-f7bdcdbda09f", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.9.0" + "version": "8.12.1" }, "data_stream": { "dataset": "qualys_vmdr.asset_host_detection", @@ -105,9 +105,9 @@ An example event for `asset_host_detection` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "50e7e437-d3fc-4872-8bd1-0da718796b4a", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "snapshot": false, - "version": "8.9.0" + "version": "8.12.1" }, "event": { "agent_id_status": "verified", @@ -115,7 +115,7 @@ An example event for `asset_host_detection` looks as following: "host" ], "dataset": "qualys_vmdr.asset_host_detection", - "ingested": "2023-10-25T08:52:26Z", + "ingested": "2024-03-11T21:06:40Z", "kind": "alert", "type": [ "info" @@ -142,30 +142,58 @@ An example event for `asset_host_detection` looks as following: "scanned_duration": 1113 } }, - "list": [ - { - "first": { - "found_datetime": "2023-06-28T06:04:26.000Z" + "tracking_method": "IP", + "vulnerability": { + "affect": { + "running": { + "kernel": "0" + } + }, + "first": { + "found_datetime": "2021-02-05T04:50:45.000Z" + }, + "is_disabled": false, + "is_ignored": false, + "last": { + "fixed_datetime": "2022-12-14T06:52:57.000Z", + "found_datetime": "2024-03-08T20:15:41.000Z", + "processed_datetime": "2024-03-08T20:15:41.000Z", + "test_datetime": "2024-03-08T20:15:41.000Z", + "update_datetime": "2024-03-08T20:15:41.000Z" + }, + "qds": { + "severity": "LOW", + "text": "35" + }, + "qds_factors": [ + { + "name": "CVSS", + "text": "7.7" }, - "is_disabled": false, - "is_ignored": false, - "last": { - "found_datetime": "2023-07-03T06:23:47.000Z", - "processed_datetime": "2023-07-03T06:25:17.000Z", - "test_datetime": "2023-07-03T06:23:47.000Z", - "update_datetime": "2023-07-03T06:25:17.000Z" + { + "name": "CVSS_version", + "text": "v3.x" }, - "qid": "91681", - "severity": 5, - "ssl": "0", - "status": "Active", - "times": { - "found": 11 + { + "name": "epss", + "text": "0.00232" }, - "type": "Confirmed" - } - ], - "tracking_method": "IP" + { + "name": "CVSS_vector", + "text": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" + } + ], + "qid": "197595", + "results": "Package Installed Version Required Version\nlinux-cloud-tools-4.4.0 1074-aws_4.4.0-1074.84 1092\nlinux-aws-tools-4.4.0 1074_4.4.0-1074.84 1092\nlinux-aws-headers-4.4.0 1074_4.15.0-1126.135 1092\nlinux-tools-4.4.0 1074-aws_4.4.0-1074.84 1092\nlinux-aws-cloud-tools-4.4.0 1074_4.4.0-1074.84 1092", + "severity": 3, + "ssl": "0", + "status": "Active", + "times": { + "found": 5393 + }, + "type": "Confirmed", + "unique_vuln_id": "5555555555" + } } }, "related": { @@ -182,7 +210,6 @@ An example event for `asset_host_detection` looks as following: "qualys_vmdr-asset_host_detection" ] } - ``` **Exported fields** @@ -218,37 +245,6 @@ An example event for `asset_host_detection` looks as following: | qualys_vmdr.asset_host_detection.last.vm.auth.scanned_duration | | long | | qualys_vmdr.asset_host_detection.last.vm.scanned_date | | date | | qualys_vmdr.asset_host_detection.last.vm.scanned_duration | | long | -| qualys_vmdr.asset_host_detection.list.affect.exploitable_config | | keyword | -| qualys_vmdr.asset_host_detection.list.affect.running.kernel | | keyword | -| qualys_vmdr.asset_host_detection.list.affect.running.service | | keyword | -| qualys_vmdr.asset_host_detection.list.asset_cve | | keyword | -| qualys_vmdr.asset_host_detection.list.first.found_datetime | | date | -| qualys_vmdr.asset_host_detection.list.first.reopened_datetime | | date | -| qualys_vmdr.asset_host_detection.list.fqdn | | keyword | -| qualys_vmdr.asset_host_detection.list.instance | | keyword | -| qualys_vmdr.asset_host_detection.list.is_disabled | | boolean | -| qualys_vmdr.asset_host_detection.list.is_ignored | | boolean | -| qualys_vmdr.asset_host_detection.list.last.fixed_datetime | | date | -| qualys_vmdr.asset_host_detection.list.last.found_datetime | | date | -| qualys_vmdr.asset_host_detection.list.last.processed_datetime | | date | -| qualys_vmdr.asset_host_detection.list.last.reopened_datetime | | date | -| qualys_vmdr.asset_host_detection.list.last.test_datetime | | date | -| qualys_vmdr.asset_host_detection.list.last.update_datetime | | date | -| qualys_vmdr.asset_host_detection.list.port | | long | -| qualys_vmdr.asset_host_detection.list.protocol | | keyword | -| qualys_vmdr.asset_host_detection.list.qds.severity | | keyword | -| qualys_vmdr.asset_host_detection.list.qds.text | | keyword | -| qualys_vmdr.asset_host_detection.list.qds_factors.name | | keyword | -| qualys_vmdr.asset_host_detection.list.qds_factors.text | | keyword | -| qualys_vmdr.asset_host_detection.list.qid | | keyword | -| qualys_vmdr.asset_host_detection.list.results | | keyword | -| qualys_vmdr.asset_host_detection.list.service | | keyword | -| qualys_vmdr.asset_host_detection.list.severity | | long | -| qualys_vmdr.asset_host_detection.list.ssl | | keyword | -| qualys_vmdr.asset_host_detection.list.status | | keyword | -| qualys_vmdr.asset_host_detection.list.times.found | | long | -| qualys_vmdr.asset_host_detection.list.times.reopened | | long | -| qualys_vmdr.asset_host_detection.list.type | | keyword | | qualys_vmdr.asset_host_detection.metadata.azure.attribute.last.error.date | | date | | qualys_vmdr.asset_host_detection.metadata.azure.attribute.last.error.value | | keyword | | qualys_vmdr.asset_host_detection.metadata.azure.attribute.last.status | | keyword | @@ -277,6 +273,38 @@ An example event for `asset_host_detection` looks as following: | qualys_vmdr.asset_host_detection.tags.id | | keyword | | qualys_vmdr.asset_host_detection.tags.name | | keyword | | qualys_vmdr.asset_host_detection.tracking_method | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.affect.exploitable_config | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.affect.running.kernel | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.affect.running.service | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.asset_cve | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.first.found_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.first.reopened_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.fqdn | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.instance | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.is_disabled | | boolean | +| qualys_vmdr.asset_host_detection.vulnerability.is_ignored | | boolean | +| qualys_vmdr.asset_host_detection.vulnerability.last.fixed_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.last.found_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.last.processed_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.last.reopened_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.last.test_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.last.update_datetime | | date | +| qualys_vmdr.asset_host_detection.vulnerability.port | | long | +| qualys_vmdr.asset_host_detection.vulnerability.protocol | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.qds.severity | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.qds.text | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.qds_factors.name | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.qds_factors.text | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.qid | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.results | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.service | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.severity | | long | +| qualys_vmdr.asset_host_detection.vulnerability.ssl | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.status | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.times.found | | long | +| qualys_vmdr.asset_host_detection.vulnerability.times.reopened | | long | +| qualys_vmdr.asset_host_detection.vulnerability.type | | keyword | +| qualys_vmdr.asset_host_detection.vulnerability.unique_vuln_id | | keyword | | tags | User defined tags. | keyword | @@ -292,11 +320,11 @@ An example event for `knowledge_base` looks as following: { "@timestamp": "2023-06-29T12:20:46.000Z", "agent": { - "ephemeral_id": "d0eb176e-bad7-47fa-9547-c1854ad7ca2d", - "id": "98ba96f5-b452-4fc7-8f5a-3d37a634ce61", + "ephemeral_id": "59f8cd8a-60d4-4773-a9bb-4603e5bbfb75", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.9.0" + "version": "8.12.1" }, "data_stream": { "dataset": "qualys_vmdr.knowledge_base", @@ -307,9 +335,9 @@ An example event for `knowledge_base` looks as following: "version": "8.11.0" }, "elastic_agent": { - "id": "98ba96f5-b452-4fc7-8f5a-3d37a634ce61", + "id": "b7f7fd67-e199-4daf-b640-92e89c091cc6", "snapshot": false, - "version": "8.9.0" + "version": "8.12.1" }, "event": { "agent_id_status": "verified", @@ -318,7 +346,7 @@ An example event for `knowledge_base` looks as following: ], "dataset": "qualys_vmdr.knowledge_base", "id": "11830", - "ingested": "2023-11-14T21:17:15Z", + "ingested": "2024-03-11T21:08:19Z", "kind": "alert", "type": [ "info" diff --git a/packages/qualys_vmdr/manifest.yml b/packages/qualys_vmdr/manifest.yml index 5230bea6799..f7e0cded9d0 100644 --- a/packages/qualys_vmdr/manifest.yml +++ b/packages/qualys_vmdr/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: qualys_vmdr title: Qualys VMDR -version: "1.1.0" +version: "2.0.0" description: Collect data from Qualys VMDR platform with Elastic Agent. type: integration categories: From ffd6a5cd0f35d8a1258676002fc956dea2499917 Mon Sep 17 00:00:00 2001 From: Richa Talwar <102972658+ritalwar@users.noreply.github.com> Date: Wed, 13 Mar 2024 15:06:55 +0530 Subject: [PATCH 31/34] =?UTF-8?q?Re-enable=20secrets=20for=20packages=20di?= =?UTF-8?q?sabled=20due=20to=20Kibana=20versions=20below=20=E2=80=A6=20(#9?= =?UTF-8?q?321)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Re-enable secrets for packages disabled due to Kibana versions below 8.10 errors. --- packages/activemq/changelog.yml | 5 +++++ packages/activemq/manifest.yml | 6 +++--- packages/apache_tomcat/changelog.yml | 5 +++++ packages/apache_tomcat/manifest.yml | 6 +++--- packages/azure_app_service/changelog.yml | 5 +++++ packages/azure_app_service/manifest.yml | 8 ++++---- packages/azure_billing/changelog.yml | 5 +++++ packages/azure_billing/manifest.yml | 6 +++--- packages/azure_functions/changelog.yml | 5 +++++ .../data_stream/functionapplogs/manifest.yml | 4 ++-- packages/azure_functions/data_stream/metrics/manifest.yml | 2 +- packages/azure_functions/manifest.yml | 4 ++-- packages/cassandra/changelog.yml | 5 +++++ packages/cassandra/manifest.yml | 6 +++--- packages/ceph/changelog.yml | 5 +++++ packages/ceph/manifest.yml | 6 +++--- packages/citrix_adc/changelog.yml | 5 +++++ packages/citrix_adc/manifest.yml | 6 +++--- packages/cockroachdb/changelog.yml | 5 +++++ packages/cockroachdb/data_stream/status/manifest.yml | 2 +- packages/cockroachdb/manifest.yml | 4 ++-- packages/golang/changelog.yml | 5 +++++ packages/golang/manifest.yml | 6 +++--- packages/kafka/changelog.yml | 5 +++++ packages/kafka/data_stream/consumergroup/manifest.yml | 2 +- packages/kafka/data_stream/partition/manifest.yml | 2 +- packages/kafka/manifest.yml | 6 +++--- packages/kafka_log/changelog.yml | 5 +++++ packages/kafka_log/data_stream/generic/manifest.yml | 4 ++-- packages/kafka_log/manifest.yml | 4 ++-- packages/mysql/changelog.yml | 5 +++++ packages/mysql/manifest.yml | 6 +++--- packages/nginx/changelog.yml | 5 +++++ packages/nginx/manifest.yml | 8 ++++---- packages/oracle_weblogic/changelog.yml | 5 +++++ packages/oracle_weblogic/manifest.yml | 6 +++--- packages/postgresql/changelog.yml | 5 +++++ packages/postgresql/manifest.yml | 6 +++--- packages/prometheus/changelog.yml | 5 +++++ packages/prometheus/data_stream/collector/manifest.yml | 2 +- packages/prometheus/manifest.yml | 4 ++-- packages/prometheus_input/changelog.yml | 5 +++++ packages/prometheus_input/manifest.yml | 6 +++--- packages/rabbitmq/changelog.yml | 5 +++++ packages/rabbitmq/manifest.yml | 6 +++--- packages/salesforce/changelog.yml | 5 +++++ packages/salesforce/manifest.yml | 8 ++++---- packages/spring_boot/changelog.yml | 5 +++++ packages/spring_boot/manifest.yml | 6 +++--- packages/websphere_application_server/changelog.yml | 5 +++++ packages/websphere_application_server/manifest.yml | 6 +++--- 51 files changed, 184 insertions(+), 74 deletions(-) diff --git a/packages/activemq/changelog.yml b/packages/activemq/changelog.yml index 60efb32b5c6..2bf16da04dd 100644 --- a/packages/activemq/changelog.yml +++ b/packages/activemq/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.2.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.1.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index 979c7652c8a..5e7321a28eb 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -1,6 +1,6 @@ name: activemq title: ActiveMQ -version: "1.1.1" +version: "1.2.0" description: Collect logs and metrics from ActiveMQ instances with Elastic Agent. type: integration icons: @@ -14,7 +14,7 @@ categories: - observability conditions: kibana: - version: ^8.8.0 + version: ^8.12.0 elastic: subscription: basic screenshots: @@ -79,7 +79,7 @@ policy_templates: multi: false required: true show_user: true - secret: false + secret: true description: Password for authentication of ActiveMQ instance. default: admin - name: ssl diff --git a/packages/apache_tomcat/changelog.yml b/packages/apache_tomcat/changelog.yml index c405f70d37e..9bbc5974ce4 100644 --- a/packages/apache_tomcat/changelog.yml +++ b/packages/apache_tomcat/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.3.3" changes: - description: Fix event.outcome for redirection status_codes 3xx. diff --git a/packages/apache_tomcat/manifest.yml b/packages/apache_tomcat/manifest.yml index 9e90d41224a..82cc5038332 100644 --- a/packages/apache_tomcat/manifest.yml +++ b/packages/apache_tomcat/manifest.yml @@ -1,13 +1,13 @@ format_version: "3.0.2" name: apache_tomcat title: Apache Tomcat -version: "1.3.3" +version: "1.4.0" description: Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent. categories: ["web", "observability"] type: integration conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" policy_templates: - name: Apache Tomcat title: Apache Tomcat @@ -33,7 +33,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: false diff --git a/packages/azure_app_service/changelog.yml b/packages/azure_app_service/changelog.yml index 2b020212123..2b76dedefc8 100644 --- a/packages/azure_app_service/changelog.yml +++ b/packages/azure_app_service/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.3.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 0.2.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/azure_app_service/manifest.yml b/packages/azure_app_service/manifest.yml index 8b22b6b0f4d..1f49215a2c1 100644 --- a/packages/azure_app_service/manifest.yml +++ b/packages/azure_app_service/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: azure_app_service title: "Azure App Service" -version: "0.2.1" +version: "0.3.0" source: license: "Elastic-2.0" description: "Collect logs and metrics from Azure App Service with Elastic Agent." @@ -11,7 +11,7 @@ categories: - cloud conditions: kibana: - version: "^8.7.1" + version: "^8.12.0" elastic: subscription: "basic" vars: @@ -33,7 +33,7 @@ vars: - name: connection_string type: password title: Connection String - secret: false + secret: true multi: false required: true show_user: true @@ -50,7 +50,7 @@ vars: - name: storage_account_key type: password title: Storage Account Key - secret: false + secret: true multi: false required: true show_user: true diff --git a/packages/azure_billing/changelog.yml b/packages/azure_billing/changelog.yml index c9c31756437..ad93c772206 100644 --- a/packages/azure_billing/changelog.yml +++ b/packages/azure_billing/changelog.yml @@ -1,3 +1,8 @@ +- version: 1.5.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.4.2 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/azure_billing/manifest.yml b/packages/azure_billing/manifest.yml index 476026344cb..04fd60f7678 100644 --- a/packages/azure_billing/manifest.yml +++ b/packages/azure_billing/manifest.yml @@ -1,6 +1,6 @@ name: azure_billing title: Azure Billing Metrics -version: "1.4.2" +version: "1.5.0" description: Collect billing metrics with Elastic Agent. type: integration icons: @@ -19,7 +19,7 @@ categories: - azure conditions: kibana: - version: "^8.3.0" + version: "^8.12.0" elastic: subscription: "basic" vars: @@ -33,7 +33,7 @@ vars: - name: client_secret type: password title: Client Secret - secret: false + secret: true description: The secret key of the App Registration. multi: false required: true diff --git a/packages/azure_functions/changelog.yml b/packages/azure_functions/changelog.yml index cc8e3731fad..905389c11a8 100644 --- a/packages/azure_functions/changelog.yml +++ b/packages/azure_functions/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.4.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 0.3.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/azure_functions/data_stream/functionapplogs/manifest.yml b/packages/azure_functions/data_stream/functionapplogs/manifest.yml index 0c4d933367c..58644692675 100644 --- a/packages/azure_functions/data_stream/functionapplogs/manifest.yml +++ b/packages/azure_functions/data_stream/functionapplogs/manifest.yml @@ -25,7 +25,7 @@ streams: - name: connection_string type: password title: Connection String - secret: false + secret: true multi: false required: true show_user: true @@ -42,7 +42,7 @@ streams: - name: storage_account_key type: password title: Storage Account Key - secret: false + secret: true multi: false required: true show_user: true diff --git a/packages/azure_functions/data_stream/metrics/manifest.yml b/packages/azure_functions/data_stream/metrics/manifest.yml index cb893b60a36..3a924c18ed0 100644 --- a/packages/azure_functions/data_stream/metrics/manifest.yml +++ b/packages/azure_functions/data_stream/metrics/manifest.yml @@ -16,7 +16,7 @@ streams: - name: client_secret type: password title: Client Secret - secret: false + secret: true multi: false required: true show_user: true diff --git a/packages/azure_functions/manifest.yml b/packages/azure_functions/manifest.yml index c9136c64a96..2907f4891b4 100644 --- a/packages/azure_functions/manifest.yml +++ b/packages/azure_functions/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: azure_functions title: "Azure Functions" -version: "0.3.1" +version: "0.4.0" source: license: "Elastic-2.0" description: "Get metrics and logs from Azure Functions" @@ -11,7 +11,7 @@ categories: - cloud conditions: kibana: - version: "^8.8.1" + version: "^8.12.0" elastic: subscription: "basic" vars: diff --git a/packages/cassandra/changelog.yml b/packages/cassandra/changelog.yml index 635798580fd..1a9cd24e4ce 100644 --- a/packages/cassandra/changelog.yml +++ b/packages/cassandra/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.12.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.11.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/cassandra/manifest.yml b/packages/cassandra/manifest.yml index 5b42c604683..85ed8ee24e4 100644 --- a/packages/cassandra/manifest.yml +++ b/packages/cassandra/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: cassandra title: Cassandra -version: "1.11.1" +version: "1.12.0" description: This Elastic integration collects logs and metrics from cassandra. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -61,7 +61,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: false diff --git a/packages/ceph/changelog.yml b/packages/ceph/changelog.yml index b360624f4d6..4a15c084182 100644 --- a/packages/ceph/changelog.yml +++ b/packages/ceph/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.3.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/ceph/manifest.yml b/packages/ceph/manifest.yml index a1019491bbe..a58d2e85285 100644 --- a/packages/ceph/manifest.yml +++ b/packages/ceph/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: ceph title: Ceph -version: "1.3.1" +version: "1.4.0" description: This Elastic integration collects metrics from Ceph instance. type: integration categories: @@ -9,7 +9,7 @@ categories: - os_system conditions: kibana: - version: ^8.7.1 + version: ^8.12.0 elastic: subscription: basic screenshots: @@ -63,7 +63,7 @@ policy_templates: - name: api_secret type: password title: API Secret Key - secret: false + secret: true show_user: true required: true default: 52dffd92-a103-4a10-bfce-5b60f48f764e diff --git a/packages/citrix_adc/changelog.yml b/packages/citrix_adc/changelog.yml index 58e8ec93da6..411330c90ba 100644 --- a/packages/citrix_adc/changelog.yml +++ b/packages/citrix_adc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.3.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/citrix_adc/manifest.yml b/packages/citrix_adc/manifest.yml index 39ab8da96e7..9f775cdfcc1 100644 --- a/packages/citrix_adc/manifest.yml +++ b/packages/citrix_adc/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: citrix_adc title: Citrix ADC -version: "1.3.1" +version: "1.4.0" description: This Elastic integration collects metrics from Citrix ADC product. type: integration categories: @@ -9,7 +9,7 @@ categories: - network conditions: kibana: - version: ^8.7.1 + version: ^8.12.0 elastic: subscription: basic icons: @@ -76,7 +76,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true show_user: true required: false default: nsroot diff --git a/packages/cockroachdb/changelog.yml b/packages/cockroachdb/changelog.yml index c3312cc5334..56e878dbebf 100644 --- a/packages/cockroachdb/changelog.yml +++ b/packages/cockroachdb/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.9.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.8.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/cockroachdb/data_stream/status/manifest.yml b/packages/cockroachdb/data_stream/status/manifest.yml index 4e17b479694..b3aa554c9c4 100644 --- a/packages/cockroachdb/data_stream/status/manifest.yml +++ b/packages/cockroachdb/data_stream/status/manifest.yml @@ -54,7 +54,7 @@ streams: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: true diff --git a/packages/cockroachdb/manifest.yml b/packages/cockroachdb/manifest.yml index 452ab488bb4..a6860eba91b 100644 --- a/packages/cockroachdb/manifest.yml +++ b/packages/cockroachdb/manifest.yml @@ -1,6 +1,6 @@ name: cockroachdb title: CockroachDB Metrics -version: "1.8.1" +version: "1.9.0" description: Collect metrics from CockroachDB servers with Elastic Agent. type: integration icons: @@ -19,7 +19,7 @@ categories: - datastore conditions: kibana: - version: "^8.9.0" + version: "^8.12.1" elastic: subscription: basic vars: diff --git a/packages/golang/changelog.yml b/packages/golang/changelog.yml index 742f0e4c8dd..14b1959035d 100644 --- a/packages/golang/changelog.yml +++ b/packages/golang/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.3.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/golang/manifest.yml b/packages/golang/manifest.yml index e2d25765b51..34bc26790e6 100644 --- a/packages/golang/manifest.yml +++ b/packages/golang/manifest.yml @@ -1,14 +1,14 @@ format_version: "3.0.2" name: golang title: Golang -version: "1.3.1" +version: "1.4.0" description: This Elastic integration collects metrics from Golang applications. type: integration categories: - observability conditions: kibana: - version: ^8.7.1 + version: ^8.12.0 elastic: subscription: basic screenshots: @@ -64,7 +64,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true show_user: false required: false description: Enter password of Golang application. diff --git a/packages/kafka/changelog.yml b/packages/kafka/changelog.yml index 03694915687..14b41a8e6c3 100644 --- a/packages/kafka/changelog.yml +++ b/packages/kafka/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.13.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.12.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/kafka/data_stream/consumergroup/manifest.yml b/packages/kafka/data_stream/consumergroup/manifest.yml index c52b4a388fd..7ef20f36209 100644 --- a/packages/kafka/data_stream/consumergroup/manifest.yml +++ b/packages/kafka/data_stream/consumergroup/manifest.yml @@ -15,7 +15,7 @@ streams: title: SASL username - name: password type: password - secret: false + secret: true title: SASL password - name: mechanism type: text diff --git a/packages/kafka/data_stream/partition/manifest.yml b/packages/kafka/data_stream/partition/manifest.yml index 901b976bfb3..62f6052253f 100644 --- a/packages/kafka/data_stream/partition/manifest.yml +++ b/packages/kafka/data_stream/partition/manifest.yml @@ -16,7 +16,7 @@ streams: - name: password type: password title: SASL password - secret: false + secret: true - name: mechanism type: text title: SASL mechanism diff --git a/packages/kafka/manifest.yml b/packages/kafka/manifest.yml index 1b293ba7dc4..48c9b000d17 100644 --- a/packages/kafka/manifest.yml +++ b/packages/kafka/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: kafka title: Kafka -version: "1.12.1" +version: "1.13.0" description: Collect logs and metrics from Kafka servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -68,7 +68,7 @@ policy_templates: - name: ssl.key_passphrase type: password title: SSL Key Passphrase - secret: false + secret: true show_user: true - name: ssl.verification_mode type: text diff --git a/packages/kafka_log/changelog.yml b/packages/kafka_log/changelog.yml index 84976d7a41a..8bba1522e3e 100644 --- a/packages/kafka_log/changelog.yml +++ b/packages/kafka_log/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.6.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.5.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/kafka_log/data_stream/generic/manifest.yml b/packages/kafka_log/data_stream/generic/manifest.yml index eab470ebbc1..a544b4efa59 100644 --- a/packages/kafka_log/data_stream/generic/manifest.yml +++ b/packages/kafka_log/data_stream/generic/manifest.yml @@ -85,7 +85,7 @@ streams: - name: password type: password title: Password - secret: false + secret: true description: Password used for SASL authentication. required: false show_user: true @@ -118,7 +118,7 @@ streams: - name: kerberos_password type: password title: Kerberos Password - secret: false + secret: true description: If you configured password for Auth Type, you have to provide a password for the selected principal. required: false show_user: false diff --git a/packages/kafka_log/manifest.yml b/packages/kafka_log/manifest.yml index f4b3d2bc40c..b128b072eed 100644 --- a/packages/kafka_log/manifest.yml +++ b/packages/kafka_log/manifest.yml @@ -3,10 +3,10 @@ name: kafka_log title: Custom Kafka Logs description: Collect data from kafka topic with Elastic Agent. type: integration -version: "1.5.1" +version: "1.6.0" conditions: kibana: - version: "^7.16.0 || ^8.0.0" + version: "^8.12.0" elastic: subscription: basic categories: diff --git a/packages/mysql/changelog.yml b/packages/mysql/changelog.yml index 888a068f645..a7f3b630e99 100644 --- a/packages/mysql/changelog.yml +++ b/packages/mysql/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.19.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.18.2 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/mysql/manifest.yml b/packages/mysql/manifest.yml index 37e56a9555a..e77e975c1e2 100644 --- a/packages/mysql/manifest.yml +++ b/packages/mysql/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: mysql title: MySQL -version: "1.18.2" +version: "1.19.0" description: Collect logs and metrics from MySQL servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.2" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -53,7 +53,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true default: test owner: github: elastic/obs-infraobs-integrations diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index 7e77c7f2392..8352e20b32a 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.20.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.19.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index f54ad2a4ef6..4935ef5e13f 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: nginx title: Nginx -version: "1.19.1" +version: "1.20.0" description: Collect logs and metrics from Nginx HTTP servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -65,12 +65,12 @@ policy_templates: type: password title: Splunk REST API Password show_user: true - secret: false + secret: true required: false - name: token type: password title: Splunk Authorization Token - secret: false + secret: true description: | Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." or "Splunk 192fd3e...". Cannot be used with username diff --git a/packages/oracle_weblogic/changelog.yml b/packages/oracle_weblogic/changelog.yml index 73343c1466f..ef7e1eebdd8 100644 --- a/packages/oracle_weblogic/changelog.yml +++ b/packages/oracle_weblogic/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.4.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/oracle_weblogic/manifest.yml b/packages/oracle_weblogic/manifest.yml index 157886926c9..16b377d0e16 100644 --- a/packages/oracle_weblogic/manifest.yml +++ b/packages/oracle_weblogic/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: oracle_weblogic title: Oracle WebLogic -version: "1.4.1" +version: "1.5.0" description: Collect logs and metrics from Oracle WebLogic with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -54,7 +54,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: false diff --git a/packages/postgresql/changelog.yml b/packages/postgresql/changelog.yml index 89ff8123d28..41d7330be15 100644 --- a/packages/postgresql/changelog.yml +++ b/packages/postgresql/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.18.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/postgresql/manifest.yml b/packages/postgresql/manifest.yml index d16b88ddd46..a5631260bf7 100644 --- a/packages/postgresql/manifest.yml +++ b/packages/postgresql/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: postgresql title: PostgreSQL -version: "1.18.1" +version: "1.19.0" description: Collect logs and metrics from PostgreSQL servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -56,7 +56,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true owner: github: elastic/obs-infraobs-integrations type: elastic diff --git a/packages/prometheus/changelog.yml b/packages/prometheus/changelog.yml index 32741cd68d5..bd8b3ed2fc8 100644 --- a/packages/prometheus/changelog.yml +++ b/packages/prometheus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.15.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.14.2" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/prometheus/data_stream/collector/manifest.yml b/packages/prometheus/data_stream/collector/manifest.yml index 4fcb192db8a..00521e90033 100644 --- a/packages/prometheus/data_stream/collector/manifest.yml +++ b/packages/prometheus/data_stream/collector/manifest.yml @@ -94,7 +94,7 @@ streams: default: user - name: password type: password - secret: false + secret: true title: 'HTTP config options: Password' description: The password to use for basic authentication. multi: false diff --git a/packages/prometheus/manifest.yml b/packages/prometheus/manifest.yml index 90dc57cefe7..6dc8f3396db 100644 --- a/packages/prometheus/manifest.yml +++ b/packages/prometheus/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.10.0 name: prometheus title: Prometheus -version: 1.14.2 +version: 1.15.0 description: Collect metrics from Prometheus servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - monitoring - containers conditions: - kibana.version: "^8.9.0" + kibana.version: "^8.12.1" screenshots: - src: /img/prometheus-server-overview.png title: Metricbeat Prometheus Overview diff --git a/packages/prometheus_input/changelog.yml b/packages/prometheus_input/changelog.yml index fd580cb7325..712a7c71cda 100644 --- a/packages/prometheus_input/changelog.yml +++ b/packages/prometheus_input/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.4.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 0.3.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/prometheus_input/manifest.yml b/packages/prometheus_input/manifest.yml index 138a7c669b1..240f0b6ff94 100644 --- a/packages/prometheus_input/manifest.yml +++ b/packages/prometheus_input/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: prometheus_input title: "Prometheus Input" -version: "0.3.1" +version: "0.4.0" description: "Collects metrics from Prometheus exporter." type: input categories: @@ -10,7 +10,7 @@ categories: - custom conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: "basic" icons: @@ -84,7 +84,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: true diff --git a/packages/rabbitmq/changelog.yml b/packages/rabbitmq/changelog.yml index ae863e464e7..691a1388cd4 100644 --- a/packages/rabbitmq/changelog.yml +++ b/packages/rabbitmq/changelog.yml @@ -1,3 +1,8 @@ +- version: 1.13.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.12.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/rabbitmq/manifest.yml b/packages/rabbitmq/manifest.yml index 6865c20c838..cdce65aa859 100644 --- a/packages/rabbitmq/manifest.yml +++ b/packages/rabbitmq/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: rabbitmq title: RabbitMQ Logs and Metrics -version: "1.12.1" +version: "1.13.0" description: Collect and parse logs from RabbitMQ servers with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.8.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -60,7 +60,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: false diff --git a/packages/salesforce/changelog.yml b/packages/salesforce/changelog.yml index f95f80c0abe..d4db8651bb0 100644 --- a/packages/salesforce/changelog.yml +++ b/packages/salesforce/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.14.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "0.13.1" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/salesforce/manifest.yml b/packages/salesforce/manifest.yml index 6641d7e2a94..d6bc8cc066d 100644 --- a/packages/salesforce/manifest.yml +++ b/packages/salesforce/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: salesforce title: Salesforce -version: "0.13.1" +version: "0.14.0" description: Collect logs from Salesforce with Elastic Agent. type: integration categories: @@ -10,7 +10,7 @@ conditions: elastic: subscription: basic kibana: - version: ^8.7.1 + version: ^8.12.0 screenshots: - src: /img/salesforce-login.png title: Salesforce Login Dashboard @@ -53,7 +53,7 @@ vars: title: Client Secret description: OAuth 2.0 client secret. required: true - secret: false + secret: true show_user: true default: client_secret - name: username @@ -66,7 +66,7 @@ vars: - name: password type: password title: Password - secret: false + secret: true description: The password used as part of the authentication flow. required: true show_user: true diff --git a/packages/spring_boot/changelog.yml b/packages/spring_boot/changelog.yml index 09b231a201e..abc00c5b4a2 100644 --- a/packages/spring_boot/changelog.yml +++ b/packages/spring_boot/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: "1.3.2" changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/spring_boot/manifest.yml b/packages/spring_boot/manifest.yml index c1799c4ca53..c0641f41ec6 100644 --- a/packages/spring_boot/manifest.yml +++ b/packages/spring_boot/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: spring_boot title: Spring Boot -version: "1.3.2" +version: "1.4.0" description: This Elastic integration collects logs and metrics from Spring Boot integration. type: integration categories: @@ -9,7 +9,7 @@ categories: - java_observability conditions: kibana: - version: ^8.9.0 + version: ^8.12.0 elastic: subscription: basic screenshots: @@ -88,7 +88,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: false diff --git a/packages/websphere_application_server/changelog.yml b/packages/websphere_application_server/changelog.yml index 11b281aad5f..26131b7df3d 100644 --- a/packages/websphere_application_server/changelog.yml +++ b/packages/websphere_application_server/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.3.0 + changes: + - description: Enable secrets for sensitive fields. For more details, refer https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-secret-values + type: enhancement + link: https://github.com/elastic/integrations/pull/9321 - version: 1.2.1 changes: - description: Disable secrets for older stack versions due to errors. diff --git a/packages/websphere_application_server/manifest.yml b/packages/websphere_application_server/manifest.yml index 88ee7950ff6..cd1cc3ec1c4 100644 --- a/packages/websphere_application_server/manifest.yml +++ b/packages/websphere_application_server/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: websphere_application_server title: WebSphere Application Server -version: "1.2.1" +version: "1.3.0" description: Collects metrics from IBM WebSphere Application Server with Elastic Agent. type: integration categories: @@ -9,7 +9,7 @@ categories: - observability conditions: kibana: - version: "^8.3.0" + version: "^8.12.0" elastic: subscription: basic screenshots: @@ -65,7 +65,7 @@ policy_templates: - name: password type: password title: Password - secret: false + secret: true multi: false required: false show_user: false From 0537229bd5a80c97112b366211a8903a26e4fa99 Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 13 Mar 2024 21:43:27 +1030 Subject: [PATCH 32/34] infoblox_nios: remove incorrect client.domain mapping from dns logs (#9351) --- packages/infoblox_nios/changelog.yml | 9 +++++++-- .../_dev/test/pipeline/test-dns.log-expected.json | 12 ------------ .../elasticsearch/ingest_pipeline/pipeline_dns.yml | 12 +++--------- .../infoblox_nios/data_stream/log/fields/ecs.yml | 2 -- .../infoblox_nios/data_stream/log/sample_event.json | 2 +- packages/infoblox_nios/docs/README.md | 2 -- packages/infoblox_nios/manifest.yml | 2 +- 7 files changed, 12 insertions(+), 29 deletions(-) diff --git a/packages/infoblox_nios/changelog.yml b/packages/infoblox_nios/changelog.yml index 2f85f3eafba..ec6315d5258 100644 --- a/packages/infoblox_nios/changelog.yml +++ b/packages/infoblox_nios/changelog.yml @@ -1,12 +1,17 @@ # newer versions go on top +- version: "1.20.3" + changes: + - description: Remove incorrect `client.domain` mapping from dns logs. + type: bugfix + link: https://github.com/elastic/integrations/pull/9351 - version: "1.20.2" changes: - - description: Clean up null handling, formatting + - description: Clean up null handling, formatting. type: bugfix link: https://github.com/elastic/integrations/pull/9180 - version: "1.20.1" changes: - - description: Changed owners + - description: Changed owners. type: enhancement link: https://github.com/elastic/integrations/pull/8943 - version: "1.20.0" diff --git a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index de5ff858d0c..4a618b73d31 100644 --- a/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/infoblox_nios/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -389,7 +389,6 @@ { "@timestamp": "2024-03-09T23:59:59.000Z", "client": { - "domain": "config.nos-avg.cz", "ip": "192.168.0.1", "port": 59735 }, @@ -423,7 +422,6 @@ }, "related": { "hosts": [ - "config.nos-avg.cz", "infoblox.localdomain" ], "ip": [ @@ -437,7 +435,6 @@ { "@timestamp": "2024-03-09T23:59:59.000Z", "client": { - "domain": "config.nos-avg.cz", "ip": "192.168.0.1", "port": 59735 }, @@ -928,7 +925,6 @@ { "@timestamp": "2024-03-11T23:51:31.000Z", "client": { - "domain": "test.com", "ip": "192.168.0.1", "port": 57027 }, @@ -984,7 +980,6 @@ { "@timestamp": "2024-03-11T23:51:31.000Z", "client": { - "domain": "test.com", "ip": "192.168.0.1", "port": 57027 }, @@ -1288,7 +1283,6 @@ { "@timestamp": "2024-04-14T16:16:05.000Z", "client": { - "domain": "ocsp.digicert.com", "ip": "192.168.1.90", "port": 64727 }, @@ -1356,7 +1350,6 @@ { "@timestamp": "2024-04-14T16:16:05.000Z", "client": { - "domain": "ocsp.digicert.com", "ip": "192.168.1.90", "port": 64727 }, @@ -1392,9 +1385,6 @@ "pid": 2588 }, "related": { - "hosts": [ - "ocsp.digicert.com" - ], "ip": [ "192.168.1.90", "10.50.1.227" @@ -2451,7 +2441,6 @@ "name": "Bredband2 AB" } }, - "domain": "abugtera.tun.p2.42", "geo": { "city_name": "Linköping", "continent_name": "Europe", @@ -2527,7 +2516,6 @@ { "@timestamp": "2024-11-27T11:53:09.000Z", "client": { - "domain": "version.bind", "ip": "10.4.71.204", "port": 40026 }, diff --git a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml index 182b0193c7f..d24aeafb017 100644 --- a/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml +++ b/packages/infoblox_nios/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml @@ -8,11 +8,11 @@ processors: - "^transfer of '%{DATA:dns.question.name}/%{DATA:dns.question.class}' from %{IP:client.ip}#%{NUMBER:client.port:long}:? %{GREEDYDATA:infoblox_nios.log.dns.message}$" - "^validating %{DATA:dns.question.name}/%{WORD:dns.question.type}: %{GREEDYDATA:infoblox_nios.log.dns.message}$" - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} updating zone '%{DATA:dns.question.name}/%{DATA:dns.question.class}': %{GREEDYDATA:infoblox_nios.log.dns.message}$" - - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA:client.domain}\\): %{VIEW}?query failed %{GREEDYDATA:infoblox_nios.log.dns.message}$" + - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA}\\): %{VIEW}?query failed %{GREEDYDATA:infoblox_nios.log.dns.message}$" - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA:infoblox_nios.log.dns.before_query}\\): rewriting query name %{DATA} to '%{DATA:infoblox_nios.log.dns.after_query}', type %{DATA:dns.question.type}$" - - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA:client.domain}\\): %{VIEW}?query: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} %{DATA:infoblox_nios.log.dns.header_flags} \\(%{IP:server.ip}\\)$" + - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA}\\): %{VIEW}?query: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} %{DATA:infoblox_nios.log.dns.header_flags} \\(%{IP:server.ip}\\)$" - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} %{DATA:network.transport}: %{VIEW}?query: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} response: %{DATA:dns.response_code} %{DATA:infoblox_nios.log.dns.header_flags}$" - - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA:client.domain}\\): transfer of '%{DATA:dns.question.name}/%{DATA:dns.question.class}': %{GREEDYDATA:infoblox_nios.log.dns.message}$" + - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{CLIENT} \\(%{DATA}\\): transfer of '%{DATA:dns.question.name}/%{DATA:dns.question.class}': %{GREEDYDATA:infoblox_nios.log.dns.message}$" - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*CEF:0\\|Infoblox\\|NIOS\\|%{GREEDYDATA:infoblox_nios.log.dns.version}\\|RPZ-%{DATA:dns.answers.type}\\|%{DATA:infoblox_nios.log.dns.answers_policy}\\|\\d+\\|app=DNS dst=%{IP:server.ip} src=%{IP:client.ip} spt=%{NUMBER:client.port:long} view=%{DATA:infoblox_nios.log.dns.view_name} qtype=%{WORD:dns.question.type} msg=%{GREEDYDATA:infoblox_nios.log.dns.message}$" - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{GREEDYDATA:_tmp.timestamp} %{CLIENT} %{DATA:network.transport}: %{VIEW}?query: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} response: %{DATA:dns.response_code} %{DATA:infoblox_nios.log.dns.header_flags} %{GREEDYDATA:repeat_message}$" - "^(%{NOTSPACE:infoblox_nios.log.dns.category}:)?\\s*%{GREEDYDATA:_tmp.timestamp} %{CLIENT} %{DATA:network.transport}: %{VIEW}?query: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} response: %{DATA:dns.response_code} %{DATA:infoblox_nios.log.dns.header_flags}$" @@ -198,12 +198,6 @@ processors: if: ctx.server?.ip != null allow_duplicates: false ignore_failure: true - - append: - field: related.hosts - value: '{{{client.domain}}}' - if: ctx.client?.domain != null - allow_duplicates: false - ignore_failure: true - foreach: field: dns.answers.name if: ctx.dns?.answers?.name != null diff --git a/packages/infoblox_nios/data_stream/log/fields/ecs.yml b/packages/infoblox_nios/data_stream/log/fields/ecs.yml index a791189c471..58ddc8313d0 100644 --- a/packages/infoblox_nios/data_stream/log/fields/ecs.yml +++ b/packages/infoblox_nios/data_stream/log/fields/ecs.yml @@ -1,5 +1,3 @@ -- external: ecs - name: client.domain - external: ecs name: client.geo.city_name - external: ecs diff --git a/packages/infoblox_nios/data_stream/log/sample_event.json b/packages/infoblox_nios/data_stream/log/sample_event.json index aff57adf68e..4af8cbf9265 100644 --- a/packages/infoblox_nios/data_stream/log/sample_event.json +++ b/packages/infoblox_nios/data_stream/log/sample_event.json @@ -76,4 +76,4 @@ "user": { "name": "user" } -} +} \ No newline at end of file diff --git a/packages/infoblox_nios/docs/README.md b/packages/infoblox_nios/docs/README.md index eb79adcffb6..b509f8846b7 100644 --- a/packages/infoblox_nios/docs/README.md +++ b/packages/infoblox_nios/docs/README.md @@ -231,7 +231,6 @@ An example event for `log` looks as following: "name": "user" } } - ``` **Exported fields** @@ -242,7 +241,6 @@ An example event for `log` looks as following: | client.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | client.as.organization.name | Organization name. | keyword | | client.as.organization.name.text | Multi-field of `client.as.organization.name`. | match_only_text | -| client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.geo.city_name | City name. | keyword | | client.geo.continent_name | Name of the continent. | keyword | | client.geo.country_iso_code | Country ISO code. | keyword | diff --git a/packages/infoblox_nios/manifest.yml b/packages/infoblox_nios/manifest.yml index 6392bb06e64..479ae475d18 100644 --- a/packages/infoblox_nios/manifest.yml +++ b/packages/infoblox_nios/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: infoblox_nios title: Infoblox NIOS -version: "1.20.2" +version: "1.20.3" description: Collect logs from Infoblox NIOS with Elastic Agent. type: integration categories: From d47b93ac5b530579f2bcad02c8cbe9e754574000 Mon Sep 17 00:00:00 2001 From: Karen Metts <35154725+karenzone@users.noreply.github.com> Date: Wed, 13 Mar 2024 09:39:05 -0400 Subject: [PATCH 33/34] [Logstash] Add docs link to monitoring with agent topic in LSR (#9183) Add link from Logstash integration docs to "Monitoring Logstash with Agent" topic in the Logstash Reference (LSR) for additional context. --- links_table.yml | 1 + packages/logstash/_dev/build/docs/README.md | 4 +++- packages/logstash/changelog.yml | 5 +++++ packages/logstash/docs/README.md | 4 +++- packages/logstash/manifest.yml | 2 +- 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/links_table.yml b/links_table.yml index 919d6eb5b58..423a2637f58 100644 --- a/links_table.yml +++ b/links_table.yml @@ -13,6 +13,7 @@ links: filebeat-input-filestream-parsers: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-filestream.html#_parsers fleet-overview: https://www.elastic.co/guide/en/fleet/current/fleet-overview.html getting-started-observability: https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html + logstash-monitoring-ea: https://www.elastic.co/guide/en/logstash/current/monitoring-with-ea.html kibana-introduction: https://www.elastic.co/guide/en/kibana/current/introduction.html kibana-security-settings: https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html kibana-logging-configuration: https://www.elastic.co/guide/en/kibana/current/logging-configuration.html diff --git a/packages/logstash/_dev/build/docs/README.md b/packages/logstash/_dev/build/docs/README.md index 7b28ed0020c..2ca14b916f7 100644 --- a/packages/logstash/_dev/build/docs/README.md +++ b/packages/logstash/_dev/build/docs/README.md @@ -1,6 +1,8 @@ # Logstash -The `logstash` package collects metrics and logs of Logstash. +This integration collects logs and metrics from Logstash instances. + +You can find additional information about monitoring Logstash with the Logstash integration in the **Logstash Reference**: {{ url "logstash-monitoring-ea" "Monitoring Logstash with Elastic Agent" }}. ## Compatibility diff --git a/packages/logstash/changelog.yml b/packages/logstash/changelog.yml index e46311596fe..fe89261f499 100644 --- a/packages/logstash/changelog.yml +++ b/packages/logstash/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.2" + changes: + - description: Add link to Logstash monitoring docs + type: enhancement + link: https://github.com/elastic/integrations/pull/9183 - version: "2.4.1" changes: - description: Add missing host.ip field mapping diff --git a/packages/logstash/docs/README.md b/packages/logstash/docs/README.md index 661dbd7d549..b968d8ad0e1 100644 --- a/packages/logstash/docs/README.md +++ b/packages/logstash/docs/README.md @@ -1,6 +1,8 @@ # Logstash -The `logstash` package collects metrics and logs of Logstash. +This integration collects logs and metrics from Logstash instances. + +You can find additional information about monitoring Logstash with the Logstash integration in the **Logstash Reference**: [Monitoring Logstash with Elastic Agent](https://www.elastic.co/guide/en/logstash/current/monitoring-with-ea.html). ## Compatibility diff --git a/packages/logstash/manifest.yml b/packages/logstash/manifest.yml index 8f6d39b5de3..555df48d34c 100644 --- a/packages/logstash/manifest.yml +++ b/packages/logstash/manifest.yml @@ -1,6 +1,6 @@ name: logstash title: Logstash -version: 2.4.1 +version: 2.4.2 description: Collect logs and metrics from Logstash with Elastic Agent. type: integration icons: From 0461976c59a84f1b20b0aad675899c46de093f1c Mon Sep 17 00:00:00 2001 From: Tetiana Kravchenko Date: Wed, 13 Mar 2024 20:31:02 +0100 Subject: [PATCH 34/34] [kubernetes] Migrate to format_version v3 (#9356) * Migrate to format_version v3 Signed-off-by: Tetiana Kravchenko * Update changelog.yml --------- Signed-off-by: Tetiana Kravchenko --- packages/kubernetes/changelog.yml | 5 + .../data_stream/apiserver/fields/fields.yml | 1 + .../data_stream/container_logs/manifest.yml | 5 +- ...-0a672d50-bcb1-11ec-b64f-7dd6e8e82013.json | 846 +- ...-21694370-bcb2-11ec-b64f-7dd6e8e82013.json | 1992 ++--- ...-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013.json | 944 +-- ...-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013.json | 3180 ++++---- ...-5be46210-bcb1-11ec-b64f-7dd6e8e82013.json | 1772 ++-- ...-5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json | 4885 +++++------ ...-85879010-bcb1-11ec-b64f-7dd6e8e82013.json | 1734 ++-- ...-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013.json | 1752 ++-- ...-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013.json | 4311 +++++----- ...-bf9389f0-0c14-11ed-b760-5d1bccb47f56.json | 6190 +++++++------- ...-d3bd9650-0c14-11ed-b760-5d1bccb47f56.json | 1428 ++-- ...-dd081350-bcb1-11ec-b64f-7dd6e8e82013.json | 1038 +-- ...-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c.json | 6387 +++++++-------- ...-f5ab5510-9c94-11e9-94fd-c91206cd5249.json | 7115 +++++++++-------- ...-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013.json | 595 +- ...-adc7d0c0-d1fc-11ec-8c69-8bbb7ca8f9ee.json | 61 - ...-ee55101a-9f62-44da-b64c-ffa1eb5abad8.json | 89 - packages/kubernetes/manifest.yml | 8 +- 21 files changed, 22227 insertions(+), 22111 deletions(-) delete mode 100644 packages/kubernetes/kibana/search/kubernetes-adc7d0c0-d1fc-11ec-8c69-8bbb7ca8f9ee.json delete mode 100644 packages/kubernetes/kibana/search/kubernetes-ee55101a-9f62-44da-b64c-ffa1eb5abad8.json diff --git a/packages/kubernetes/changelog.yml b/packages/kubernetes/changelog.yml index add18e737b5..51e2ab9e747 100644 --- a/packages/kubernetes/changelog.yml +++ b/packages/kubernetes/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 1.58.0 + changes: + - description: Migrate to format_version v3. + type: enhancement + link: https://github.com/elastic/integrations/pull/9356 - version: 1.57.0 changes: - description: Container logs preserve original content based on pod annotations. diff --git a/packages/kubernetes/data_stream/apiserver/fields/fields.yml b/packages/kubernetes/data_stream/apiserver/fields/fields.yml index e296a5dee3e..df079d7f505 100644 --- a/packages/kubernetes/data_stream/apiserver/fields/fields.yml +++ b/packages/kubernetes/data_stream/apiserver/fields/fields.yml @@ -170,6 +170,7 @@ description: Request duration, number of operations - name: duration.us.bucket.* type: object + object_type: long description: Request duration, histogram buckets - name: current.count type: long diff --git a/packages/kubernetes/data_stream/container_logs/manifest.yml b/packages/kubernetes/data_stream/container_logs/manifest.yml index d6f4a339f0c..70ed504bfe6 100644 --- a/packages/kubernetes/data_stream/container_logs/manifest.yml +++ b/packages/kubernetes/data_stream/container_logs/manifest.yml @@ -78,5 +78,6 @@ streams: type: yaml default: "" # Ensures agents have permissions to write data to `logs-*-*` -elasticsearch.dynamic_dataset: true -elasticsearch.dynamic_namespace: true +elasticsearch: + dynamic_dataset: true + dynamic_namespace: true diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013.json index 6a70dac1919..7b1560d2e94 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,441 +1,449 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"adf38acd-ecc8-48b2-b7f3-d6dfd024e46b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"adf38acd-ecc8-48b2-b7f3-d6dfd024e46b\",\"enhancements\":{}}},\"3e873627-001d-47c7-91a8-995014b0ef90\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"3e873627-001d-47c7-91a8-995014b0ef90\",\"enhancements\":{}}},\"f4b8cf46-4644-4713-872d-dccc4aeb1e44\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.cronjob.name\",\"title\":\"CronJob Name\",\"id\":\"f4b8cf46-4644-4713-872d-dccc4aeb1e44\",\"enhancements\":{}}}}" - }, - "description": "Metrics about Cronjobs", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0MywyXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "twoLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"adf38acd-ecc8-48b2-b7f3-d6dfd024e46b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"adf38acd-ecc8-48b2-b7f3-d6dfd024e46b\",\"enhancements\":{}}},\"3e873627-001d-47c7-91a8-995014b0ef90\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"3e873627-001d-47c7-91a8-995014b0ef90\",\"enhancements\":{}}},\"f4b8cf46-4644-4713-872d-dccc4aeb1e44\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.cronjob.name\",\"title\":\"CronJob Name\",\"id\":\"f4b8cf46-4644-4713-872d-dccc4aeb1e44\",\"enhancements\":{}}}}" + }, + "description": "Metrics about Cronjobs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 7, + "i": "85ecbb8b-9606-4c19-a108-385f825ad7aa", + "w": 32, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 7, - "i": "85ecbb8b-9606-4c19-a108-385f825ad7aa", - "w": 32, - "x": 0, - "y": 0 - }, - "panelIndex": "85ecbb8b-9606-4c19-a108-385f825ad7aa", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.10.2" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-50909abf-3224-4a23-9b48-e80ea170fa2c", - "type": "index-pattern" + "panelIndex": "85ecbb8b-9606-4c19-a108-385f825ad7aa", + "title": "Kubernetes Dashboards [Metrics Kubernetes]", + "type": "visualization", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-50909abf-3224-4a23-9b48-e80ea170fa2c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d5426f2b-4d1b-4499-ad29-0851bdce599b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "50909abf-3224-4a23-9b48-e80ea170fa2c": { + "columnOrder": [ + "2dbcdfac-a084-43ef-9a51-4dc44305f10c", + "ce290fde-639d-45c5-b54b-49fd6b876437" + ], + "columns": { + "2dbcdfac-a084-43ef-9a51-4dc44305f10c": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.cronjob.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "d5426f2b-4d1b-4499-ad29-0851bdce599b", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "50909abf-3224-4a23-9b48-e80ea170fa2c": { - "columnOrder": [ - "2dbcdfac-a084-43ef-9a51-4dc44305f10c", - "ce290fde-639d-45c5-b54b-49fd6b876437" - ], - "columns": { - "2dbcdfac-a084-43ef-9a51-4dc44305f10c": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.cronjob.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.cronjob.name" - }, - "ce290fde-639d-45c5-b54b-49fd6b876437": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.cronjob.active.count\": *" - }, - "isBucketed": false, - "label": "Active CronJobs", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.cronjob.active.count" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "d5426f2b-4d1b-4499-ad29-0851bdce599b", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_cronjob" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_cronjob" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "2dbcdfac-a084-43ef-9a51-4dc44305f10c", - "collapseFn": "sum", - "layerId": "50909abf-3224-4a23-9b48-e80ea170fa2c", - "layerType": "data", - "metricAccessor": "ce290fde-639d-45c5-b54b-49fd6b876437" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.cronjob.name" }, - "title": "Active CronJobs [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "ce290fde-639d-45c5-b54b-49fd6b876437": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.cronjob.active.count\": *" + }, + "isBucketed": false, + "label": "Active CronJobs", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.cronjob.active.count" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "37b56399-4cec-4d72-9e9e-e87cbe2d581f", - "w": 16, - "x": 32, - "y": 0 + "indexpattern": { + "layers": {} }, - "panelIndex": "37b56399-4cec-4d72-9e9e-e87cbe2d581f", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "d5426f2b-4d1b-4499-ad29-0851bdce599b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_cronjob" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_cronjob" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "2dbcdfac-a084-43ef-9a51-4dc44305f10c", + "collapseFn": "sum", + "layerId": "50909abf-3224-4a23-9b48-e80ea170fa2c", + "layerType": "data", + "metricAccessor": "ce290fde-639d-45c5-b54b-49fd6b876437" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-7711169c-3a7b-4071-98d0-3644aa1dde0b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "204eb33a-97ff-4d38-bee0-d93387164ab1", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "7711169c-3a7b-4071-98d0-3644aa1dde0b": { - "columnOrder": [ - "0ef9858e-46db-48c0-ae7c-4da231c9744b", - "8782d440-1d9a-4826-888b-07cda7c4668a", - "e8b720ef-3fec-4c63-8a7a-b64900c938a1", - "118dfa8c-388e-430c-860f-ce84cf88ac39" - ], - "columns": { - "0ef9858e-46db-48c0-ae7c-4da231c9744b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "CronJob ", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "118dfa8c-388e-430c-860f-ce84cf88ac39", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.cronjob.name" - }, - "118dfa8c-388e-430c-860f-ce84cf88ac39": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Epoch Time until Next Schedule(sec)", - "operationType": "median", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.cronjob.next_schedule.sec" - }, - "8782d440-1d9a-4826-888b-07cda7c4668a": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Epoch Time since Creation(sec)", - "operationType": "last_value", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.cronjob.created.sec" - }, - "e8b720ef-3fec-4c63-8a7a-b64900c938a1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Epoch Time since Last Schedule(sec)", - "operationType": "last_value", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.cronjob.last_schedule.sec" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Active CronJobs [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "37b56399-4cec-4d72-9e9e-e87cbe2d581f", + "w": 16, + "x": 32, + "y": 0 + }, + "panelIndex": "37b56399-4cec-4d72-9e9e-e87cbe2d581f", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-7711169c-3a7b-4071-98d0-3644aa1dde0b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "204eb33a-97ff-4d38-bee0-d93387164ab1", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "7711169c-3a7b-4071-98d0-3644aa1dde0b": { + "columnOrder": [ + "0ef9858e-46db-48c0-ae7c-4da231c9744b", + "8782d440-1d9a-4826-888b-07cda7c4668a", + "e8b720ef-3fec-4c63-8a7a-b64900c938a1", + "118dfa8c-388e-430c-860f-ce84cf88ac39" + ], + "columns": { + "0ef9858e-46db-48c0-ae7c-4da231c9744b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "CronJob ", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "118dfa8c-388e-430c-860f-ce84cf88ac39", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "204eb33a-97ff-4d38-bee0-d93387164ab1", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_cronjob" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_cronjob" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "0ef9858e-46db-48c0-ae7c-4da231c9744b", - "isTransposed": false - }, - { - "columnId": "8782d440-1d9a-4826-888b-07cda7c4668a", - "isTransposed": false - }, - { - "columnId": "e8b720ef-3fec-4c63-8a7a-b64900c938a1", - "isTransposed": false - }, - { - "columnId": "118dfa8c-388e-430c-860f-ce84cf88ac39", - "isTransposed": false - } - ], - "layerId": "7711169c-3a7b-4071-98d0-3644aa1dde0b", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.cronjob.name" + }, + "118dfa8c-388e-430c-860f-ce84cf88ac39": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Epoch Time until Next Schedule(sec)", + "operationType": "median", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } } + }, + "scale": "ratio", + "sourceField": "kubernetes.cronjob.next_schedule.sec" + }, + "8782d440-1d9a-4826-888b-07cda7c4668a": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Epoch Time since Creation(sec)", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.cronjob.created.sec" }, - "title": "CronJobs Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "e8b720ef-3fec-4c63-8a7a-b64900c938a1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Epoch Time since Last Schedule(sec)", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.cronjob.last_schedule.sec" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "204eb33a-97ff-4d38-bee0-d93387164ab1", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_cronjob" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10", - "w": 48, - "x": 0, - "y": 7 - }, - "panelIndex": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10", - "title": "CronJobs Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.10.2" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Cronjobs", - "version": 1 - }, - "coreMigrationVersion": "8.8.0", - "created_at": "2023-11-02T11:54:35.308Z", - "id": "kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013", - "managed": false, - "references": [ - { - "id": "metrics-*", - "name": "37b56399-4cec-4d72-9e9e-e87cbe2d581f:indexpattern-datasource-layer-50909abf-3224-4a23-9b48-e80ea170fa2c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "37b56399-4cec-4d72-9e9e-e87cbe2d581f:d5426f2b-4d1b-4499-ad29-0851bdce599b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10:indexpattern-datasource-layer-7711169c-3a7b-4071-98d0-3644aa1dde0b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10:204eb33a-97ff-4d38-bee0-d93387164ab1", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_adf38acd-ecc8-48b2-b7f3-d6dfd024e46b:optionsListDataView", - "type": "index-pattern" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_cronjob" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "0ef9858e-46db-48c0-ae7c-4da231c9744b", + "isTransposed": false + }, + { + "columnId": "8782d440-1d9a-4826-888b-07cda7c4668a", + "isTransposed": false + }, + { + "columnId": "e8b720ef-3fec-4c63-8a7a-b64900c938a1", + "isTransposed": false + }, + { + "columnId": "118dfa8c-388e-430c-860f-ce84cf88ac39", + "isTransposed": false + } + ], + "layerId": "7711169c-3a7b-4071-98d0-3644aa1dde0b", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "CronJobs Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "metrics-*", - "name": "controlGroup_3e873627-001d-47c7-91a8-995014b0ef90:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 14, + "i": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10", + "w": 48, + "x": 0, + "y": 7 }, - { - "id": "metrics-*", - "name": "controlGroup_f4b8cf46-4644-4713-872d-dccc4aeb1e44:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10", + "title": "CronJobs Informations [Metrics Kubernetes]", + "type": "lens", + "version": "8.10.2" + } ], - "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "timeRestore": false, + "title": "[Metrics Kubernetes] Cronjobs", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "37b56399-4cec-4d72-9e9e-e87cbe2d581f:indexpattern-datasource-layer-50909abf-3224-4a23-9b48-e80ea170fa2c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "37b56399-4cec-4d72-9e9e-e87cbe2d581f:d5426f2b-4d1b-4499-ad29-0851bdce599b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10:indexpattern-datasource-layer-7711169c-3a7b-4071-98d0-3644aa1dde0b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "10f9719c-1b46-4561-b8cf-f3cd3ee69c10:204eb33a-97ff-4d38-bee0-d93387164ab1", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_adf38acd-ecc8-48b2-b7f3-d6dfd024e46b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_3e873627-001d-47c7-91a8-995014b0ef90:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_f4b8cf46-4644-4713-872d-dccc4aeb1e44:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013.json index 8d60beea3da..a9c7c65f888 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013.json @@ -1,1040 +1,1048 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"5f6614ff-57c0-400e-8350-47e86ad5c77f\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"5f6614ff-57c0-400e-8350-47e86ad5c77f\",\"enhancements\":{}}},\"6faac538-d3fd-4f77-85cc-3b7171c7144c\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"6faac538-d3fd-4f77-85cc-3b7171c7144c\",\"enhancements\":{}}},\"82c41492-acf8-4b51-bba9-ec54c99fb1ba\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.statefulset.name\",\"title\":\"StatefulSet Name\",\"id\":\"82c41492-acf8-4b51-bba9-ec54c99fb1ba\",\"enhancements\":{}}}}" - }, - "description": "Metrics about StatefulSets", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0NCwyXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "twoLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"5f6614ff-57c0-400e-8350-47e86ad5c77f\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"5f6614ff-57c0-400e-8350-47e86ad5c77f\",\"enhancements\":{}}},\"6faac538-d3fd-4f77-85cc-3b7171c7144c\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"6faac538-d3fd-4f77-85cc-3b7171c7144c\",\"enhancements\":{}}},\"82c41492-acf8-4b51-bba9-ec54c99fb1ba\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.statefulset.name\",\"title\":\"StatefulSet Name\",\"id\":\"82c41492-acf8-4b51-bba9-ec54c99fb1ba\",\"enhancements\":{}}}}" + }, + "description": "Metrics about StatefulSets", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56), [Kubernetes Proxy](#/view/kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 4, + "i": "f1e8f8c6-d644-4b1d-a7bc-fe631c232a57", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56), [Kubernetes Proxy](#/view/kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58)", - "openLinksInNewTab": false + "panelIndex": "f1e8f8c6-d644-4b1d-a7bc-fe631c232a57", + "title": "Kubernetes Dashboards [Metrics Kubernetes]", + "type": "visualization", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-1e1f286b-da16-49ab-8ad6-cef60c577ce5", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "988215de-1bb2-4dd7-91a4-a07d3d436b89", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "1e1f286b-da16-49ab-8ad6-cef60c577ce5": { + "columnOrder": [ + "ccb9ef58-565b-4ffe-bb2e-60819199ccfc", + "615a6b08-bc26-4d84-8c18-7a9936cabbfb" + ], + "columns": { + "615a6b08-bc26-4d84-8c18-7a9936cabbfb": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.statefulset.replicas.observed\": *" + }, + "isBucketed": false, + "label": "Replicas Observed ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.replicas.observed" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "f1e8f8c6-d644-4b1d-a7bc-fe631c232a57", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "f1e8f8c6-d644-4b1d-a7bc-fe631c232a57", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.10.2" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-1e1f286b-da16-49ab-8ad6-cef60c577ce5", - "type": "index-pattern" + "ccb9ef58-565b-4ffe-bb2e-60819199ccfc": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.statefulset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "988215de-1bb2-4dd7-91a4-a07d3d436b89", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "1e1f286b-da16-49ab-8ad6-cef60c577ce5": { - "columnOrder": [ - "ccb9ef58-565b-4ffe-bb2e-60819199ccfc", - "615a6b08-bc26-4d84-8c18-7a9936cabbfb" - ], - "columns": { - "615a6b08-bc26-4d84-8c18-7a9936cabbfb": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.statefulset.replicas.observed\": *" - }, - "isBucketed": false, - "label": "Replicas Observed ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.replicas.observed" - }, - "ccb9ef58-565b-4ffe-bb2e-60819199ccfc": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.statefulset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.statefulset.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "988215de-1bb2-4dd7-91a4-a07d3d436b89", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_statefulset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_statefulset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "ccb9ef58-565b-4ffe-bb2e-60819199ccfc", - "collapseFn": "sum", - "layerId": "1e1f286b-da16-49ab-8ad6-cef60c577ce5", - "layerType": "data", - "metricAccessor": "615a6b08-bc26-4d84-8c18-7a9936cabbfb" - } - }, - "title": "StatefulSet Replicas Observed [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.statefulset.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "d8265dae-829d-434f-a826-cc6062edfd3a", - "w": 9, - "x": 0, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "d8265dae-829d-434f-a826-cc6062edfd3a", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "988215de-1bb2-4dd7-91a4-a07d3d436b89", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_statefulset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_statefulset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "ccb9ef58-565b-4ffe-bb2e-60819199ccfc", + "collapseFn": "sum", + "layerId": "1e1f286b-da16-49ab-8ad6-cef60c577ce5", + "layerType": "data", + "metricAccessor": "615a6b08-bc26-4d84-8c18-7a9936cabbfb" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-37f25d48-9b81-419c-8a8b-e5daea0230d0", - "type": "index-pattern" + "title": "StatefulSet Replicas Observed [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "d8265dae-829d-434f-a826-cc6062edfd3a", + "w": 9, + "x": 0, + "y": 4 + }, + "panelIndex": "d8265dae-829d-434f-a826-cc6062edfd3a", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-37f25d48-9b81-419c-8a8b-e5daea0230d0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3fbf4162-1133-4eee-ad35-334b047efd3d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "37f25d48-9b81-419c-8a8b-e5daea0230d0": { + "columnOrder": [ + "6ff73cdb-7c0e-4edc-8fd4-8ff784a137c1", + "7711a519-3a8d-4474-9efb-622dd7d57cdd" + ], + "columns": { + "6ff73cdb-7c0e-4edc-8fd4-8ff784a137c1": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.statefulset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "3fbf4162-1133-4eee-ad35-334b047efd3d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "37f25d48-9b81-419c-8a8b-e5daea0230d0": { - "columnOrder": [ - "6ff73cdb-7c0e-4edc-8fd4-8ff784a137c1", - "7711a519-3a8d-4474-9efb-622dd7d57cdd" - ], - "columns": { - "6ff73cdb-7c0e-4edc-8fd4-8ff784a137c1": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.statefulset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.statefulset.name" - }, - "7711a519-3a8d-4474-9efb-622dd7d57cdd": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.statefulset.replicas.desired\": *" - }, - "isBucketed": false, - "label": "Replicas Desired", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.replicas.desired" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "3fbf4162-1133-4eee-ad35-334b047efd3d", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_statefulset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_statefulset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "6ff73cdb-7c0e-4edc-8fd4-8ff784a137c1", - "collapseFn": "sum", - "layerId": "37f25d48-9b81-419c-8a8b-e5daea0230d0", - "layerType": "data", - "metricAccessor": "7711a519-3a8d-4474-9efb-622dd7d57cdd" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.statefulset.name" }, - "title": "StatefulSet Replicas Desired [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "7711a519-3a8d-4474-9efb-622dd7d57cdd": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.statefulset.replicas.desired\": *" + }, + "isBucketed": false, + "label": "Replicas Desired", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.replicas.desired" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "21039d12-cc17-4089-9d8f-3c62018c8f1c", - "w": 10, - "x": 9, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "21039d12-cc17-4089-9d8f-3c62018c8f1c", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "3fbf4162-1133-4eee-ad35-334b047efd3d", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_statefulset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_statefulset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "6ff73cdb-7c0e-4edc-8fd4-8ff784a137c1", + "collapseFn": "sum", + "layerId": "37f25d48-9b81-419c-8a8b-e5daea0230d0", + "layerType": "data", + "metricAccessor": "7711a519-3a8d-4474-9efb-622dd7d57cdd" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-c5fc4b20-ec0c-46c3-aaf8-96970b768d34", - "type": "index-pattern" + "title": "StatefulSet Replicas Desired [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "21039d12-cc17-4089-9d8f-3c62018c8f1c", + "w": 10, + "x": 9, + "y": 4 + }, + "panelIndex": "21039d12-cc17-4089-9d8f-3c62018c8f1c", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-c5fc4b20-ec0c-46c3-aaf8-96970b768d34", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "778d517a-5fab-4174-8f76-966de3e4452a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "c5fc4b20-ec0c-46c3-aaf8-96970b768d34": { + "columnOrder": [ + "b58f63d6-4d40-4b42-a746-9f5f96efdcae", + "d50dac83-e42b-4ef8-9048-d2c8a737334b" + ], + "columns": { + "b58f63d6-4d40-4b42-a746-9f5f96efdcae": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.statefulset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "778d517a-5fab-4174-8f76-966de3e4452a", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "c5fc4b20-ec0c-46c3-aaf8-96970b768d34": { - "columnOrder": [ - "b58f63d6-4d40-4b42-a746-9f5f96efdcae", - "d50dac83-e42b-4ef8-9048-d2c8a737334b" - ], - "columns": { - "b58f63d6-4d40-4b42-a746-9f5f96efdcae": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.statefulset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.statefulset.name" - }, - "d50dac83-e42b-4ef8-9048-d2c8a737334b": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.statefulset.replicas.ready\": *" - }, - "isBucketed": false, - "label": "Replicas Ready ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.replicas.ready" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "778d517a-5fab-4174-8f76-966de3e4452a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_statefulset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_statefulset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "b58f63d6-4d40-4b42-a746-9f5f96efdcae", - "collapseFn": "sum", - "layerId": "c5fc4b20-ec0c-46c3-aaf8-96970b768d34", - "layerType": "data", - "metricAccessor": "d50dac83-e42b-4ef8-9048-d2c8a737334b" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.statefulset.name" }, - "title": "StatefulSet Replicas Ready [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "d50dac83-e42b-4ef8-9048-d2c8a737334b": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.statefulset.replicas.ready\": *" + }, + "isBucketed": false, + "label": "Replicas Ready ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.replicas.ready" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "dd7df777-8dae-4374-96ee-461be82fbde4", - "w": 10, - "x": 19, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "dd7df777-8dae-4374-96ee-461be82fbde4", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "778d517a-5fab-4174-8f76-966de3e4452a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_statefulset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_statefulset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "b58f63d6-4d40-4b42-a746-9f5f96efdcae", + "collapseFn": "sum", + "layerId": "c5fc4b20-ec0c-46c3-aaf8-96970b768d34", + "layerType": "data", + "metricAccessor": "d50dac83-e42b-4ef8-9048-d2c8a737334b" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-1b5bdc61-0d5f-42da-ab97-2fe6f73775d5", - "type": "index-pattern" + "title": "StatefulSet Replicas Ready [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "dd7df777-8dae-4374-96ee-461be82fbde4", + "w": 10, + "x": 19, + "y": 4 + }, + "panelIndex": "dd7df777-8dae-4374-96ee-461be82fbde4", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-1b5bdc61-0d5f-42da-ab97-2fe6f73775d5", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "0ae72fd9-5dfe-480d-9fbc-ca97c60c1955", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "1b5bdc61-0d5f-42da-ab97-2fe6f73775d5": { + "columnOrder": [ + "66f7c724-56a4-45d4-b5fa-029ce4d4468b", + "a6a97e4d-1e79-4822-a8ea-84d06e89038b" + ], + "columns": { + "66f7c724-56a4-45d4-b5fa-029ce4d4468b": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.statefulset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "0ae72fd9-5dfe-480d-9fbc-ca97c60c1955", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "1b5bdc61-0d5f-42da-ab97-2fe6f73775d5": { - "columnOrder": [ - "66f7c724-56a4-45d4-b5fa-029ce4d4468b", - "a6a97e4d-1e79-4822-a8ea-84d06e89038b" - ], - "columns": { - "66f7c724-56a4-45d4-b5fa-029ce4d4468b": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.statefulset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.statefulset.name" - }, - "a6a97e4d-1e79-4822-a8ea-84d06e89038b": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.statefulset.generation.observed\": *" - }, - "isBucketed": false, - "label": "Generation Observed", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.generation.observed" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "0ae72fd9-5dfe-480d-9fbc-ca97c60c1955", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_statefulset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_statefulset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "66f7c724-56a4-45d4-b5fa-029ce4d4468b", - "collapseFn": "sum", - "layerId": "1b5bdc61-0d5f-42da-ab97-2fe6f73775d5", - "layerType": "data", - "metricAccessor": "a6a97e4d-1e79-4822-a8ea-84d06e89038b" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.statefulset.name" }, - "title": "StatefulSet Generation Observed [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "a6a97e4d-1e79-4822-a8ea-84d06e89038b": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.statefulset.generation.observed\": *" + }, + "isBucketed": false, + "label": "Generation Observed", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.generation.observed" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "3e6790d6-de88-47de-8c3e-d8aa2c89c538", - "w": 10, - "x": 29, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "3e6790d6-de88-47de-8c3e-d8aa2c89c538", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "0ae72fd9-5dfe-480d-9fbc-ca97c60c1955", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_statefulset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_statefulset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "66f7c724-56a4-45d4-b5fa-029ce4d4468b", + "collapseFn": "sum", + "layerId": "1b5bdc61-0d5f-42da-ab97-2fe6f73775d5", + "layerType": "data", + "metricAccessor": "a6a97e4d-1e79-4822-a8ea-84d06e89038b" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-7f72a30a-3591-492d-83d7-2fd9d40e5ef6", - "type": "index-pattern" + "title": "StatefulSet Generation Observed [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "3e6790d6-de88-47de-8c3e-d8aa2c89c538", + "w": 10, + "x": 29, + "y": 4 + }, + "panelIndex": "3e6790d6-de88-47de-8c3e-d8aa2c89c538", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-7f72a30a-3591-492d-83d7-2fd9d40e5ef6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "84dd109c-0824-4ccf-948b-8bad46f6203a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "7f72a30a-3591-492d-83d7-2fd9d40e5ef6": { + "columnOrder": [ + "ee9e9b2d-2218-4267-9cd8-7ebed0ac6f87", + "c0c872cb-98c7-4070-861e-56fa930708a1" + ], + "columns": { + "c0c872cb-98c7-4070-861e-56fa930708a1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.statefulset.generation.desired\": *" + }, + "isBucketed": false, + "label": "Generation Desired ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.generation.desired" + }, + "ee9e9b2d-2218-4267-9cd8-7ebed0ac6f87": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.statefulset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "84dd109c-0824-4ccf-948b-8bad46f6203a", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "7f72a30a-3591-492d-83d7-2fd9d40e5ef6": { - "columnOrder": [ - "ee9e9b2d-2218-4267-9cd8-7ebed0ac6f87", - "c0c872cb-98c7-4070-861e-56fa930708a1" - ], - "columns": { - "c0c872cb-98c7-4070-861e-56fa930708a1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.statefulset.generation.desired\": *" - }, - "isBucketed": false, - "label": "Generation Desired ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.generation.desired" - }, - "ee9e9b2d-2218-4267-9cd8-7ebed0ac6f87": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.statefulset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.statefulset.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "84dd109c-0824-4ccf-948b-8bad46f6203a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_statefulset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_statefulset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "ee9e9b2d-2218-4267-9cd8-7ebed0ac6f87", - "collapseFn": "sum", - "layerId": "7f72a30a-3591-492d-83d7-2fd9d40e5ef6", - "layerType": "data", - "metricAccessor": "c0c872cb-98c7-4070-861e-56fa930708a1" - } - }, - "title": "StatefulSet Generation Desired [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.statefulset.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3", - "w": 9, - "x": 39, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "84dd109c-0824-4ccf-948b-8bad46f6203a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_statefulset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_statefulset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "ee9e9b2d-2218-4267-9cd8-7ebed0ac6f87", + "collapseFn": "sum", + "layerId": "7f72a30a-3591-492d-83d7-2fd9d40e5ef6", + "layerType": "data", + "metricAccessor": "c0c872cb-98c7-4070-861e-56fa930708a1" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-0b03a29a-8bd6-485d-b34c-5682853a3ec6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "33ac762e-904d-4a44-a943-e76d147b5770", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "0b03a29a-8bd6-485d-b34c-5682853a3ec6": { - "columnOrder": [ - "c7aa47ec-c87d-47ac-a318-a00b90b32b5d", - "0c8870bf-3e60-4949-9715-6b7a762034b4", - "6d1c5b5e-1686-44e9-8d96-cf72f5c3b519" - ], - "columns": { - "0c8870bf-3e60-4949-9715-6b7a762034b4": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.statefulset.replicas.desired: *" - }, - "isBucketed": false, - "label": "Replicas Desired", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.replicas.desired" - }, - "6d1c5b5e-1686-44e9-8d96-cf72f5c3b519": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.statefulset.replicas.ready: *" - }, - "isBucketed": false, - "label": "Replicas ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.statefulset.replicas.ready" - }, - "c7aa47ec-c87d-47ac-a318-a00b90b32b5d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "StatefulSet Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0c8870bf-3e60-4949-9715-6b7a762034b4", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "kubernetes.statefulset.name" - } - }, - "incompleteColumns": {} - } - } - } + "title": "StatefulSet Generation Desired [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3", + "w": 9, + "x": 39, + "y": 4 + }, + "panelIndex": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-0b03a29a-8bd6-485d-b34c-5682853a3ec6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "33ac762e-904d-4a44-a943-e76d147b5770", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0b03a29a-8bd6-485d-b34c-5682853a3ec6": { + "columnOrder": [ + "c7aa47ec-c87d-47ac-a318-a00b90b32b5d", + "0c8870bf-3e60-4949-9715-6b7a762034b4", + "6d1c5b5e-1686-44e9-8d96-cf72f5c3b519" + ], + "columns": { + "0c8870bf-3e60-4949-9715-6b7a762034b4": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.statefulset.replicas.desired: *" + }, + "isBucketed": false, + "label": "Replicas Desired", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.replicas.desired" + }, + "6d1c5b5e-1686-44e9-8d96-cf72f5c3b519": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.statefulset.replicas.ready: *" + }, + "isBucketed": false, + "label": "Replicas ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.statefulset.replicas.ready" + }, + "c7aa47ec-c87d-47ac-a318-a00b90b32b5d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "StatefulSet Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0c8870bf-3e60-4949-9715-6b7a762034b4", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "33ac762e-904d-4a44-a943-e76d147b5770", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_statefulset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_statefulset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "accessors": [ - "0c8870bf-3e60-4949-9715-6b7a762034b4", - "6d1c5b5e-1686-44e9-8d96-cf72f5c3b519" - ], - "layerId": "0b03a29a-8bd6-485d-b34c-5682853a3ec6", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "c7aa47ec-c87d-47ac-a318-a00b90b32b5d" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide" - } - }, - "title": "Replicas per StatefulSet [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsXY" + "size": 20 + }, + "scale": "ordinal", + "sourceField": "kubernetes.statefulset.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "33ac762e-904d-4a44-a943-e76d147b5770", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_statefulset" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "f482071f-d956-4817-90b5-82a74d8aa841", - "w": 48, - "x": 0, - "y": 11 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_statefulset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "0c8870bf-3e60-4949-9715-6b7a762034b4", + "6d1c5b5e-1686-44e9-8d96-cf72f5c3b519" + ], + "layerId": "0b03a29a-8bd6-485d-b34c-5682853a3ec6", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "c7aa47ec-c87d-47ac-a318-a00b90b32b5d" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "f482071f-d956-4817-90b5-82a74d8aa841", - "title": "Replicas per StatefulSet [Metrics Kubernetes]", - "type": "lens", - "version": "8.10.2" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] StatefulSets", - "version": 1 - }, - "coreMigrationVersion": "8.8.0", - "created_at": "2023-10-31T12:40:45.524Z", - "id": "kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013", - "managed": false, - "references": [ - { - "id": "metrics-*", - "name": "d8265dae-829d-434f-a826-cc6062edfd3a:indexpattern-datasource-layer-1e1f286b-da16-49ab-8ad6-cef60c577ce5", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "d8265dae-829d-434f-a826-cc6062edfd3a:988215de-1bb2-4dd7-91a4-a07d3d436b89", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "21039d12-cc17-4089-9d8f-3c62018c8f1c:indexpattern-datasource-layer-37f25d48-9b81-419c-8a8b-e5daea0230d0", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "21039d12-cc17-4089-9d8f-3c62018c8f1c:3fbf4162-1133-4eee-ad35-334b047efd3d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "dd7df777-8dae-4374-96ee-461be82fbde4:indexpattern-datasource-layer-c5fc4b20-ec0c-46c3-aaf8-96970b768d34", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "dd7df777-8dae-4374-96ee-461be82fbde4:778d517a-5fab-4174-8f76-966de3e4452a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3e6790d6-de88-47de-8c3e-d8aa2c89c538:indexpattern-datasource-layer-1b5bdc61-0d5f-42da-ab97-2fe6f73775d5", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3e6790d6-de88-47de-8c3e-d8aa2c89c538:0ae72fd9-5dfe-480d-9fbc-ca97c60c1955", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3:indexpattern-datasource-layer-7f72a30a-3591-492d-83d7-2fd9d40e5ef6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3:84dd109c-0824-4ccf-948b-8bad46f6203a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f482071f-d956-4817-90b5-82a74d8aa841:indexpattern-datasource-layer-0b03a29a-8bd6-485d-b34c-5682853a3ec6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f482071f-d956-4817-90b5-82a74d8aa841:33ac762e-904d-4a44-a943-e76d147b5770", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_5f6614ff-57c0-400e-8350-47e86ad5c77f:optionsListDataView", - "type": "index-pattern" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "Replicas per StatefulSet [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "metrics-*", - "name": "controlGroup_6faac538-d3fd-4f77-85cc-3b7171c7144c:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 14, + "i": "f482071f-d956-4817-90b5-82a74d8aa841", + "w": 48, + "x": 0, + "y": 11 }, - { - "id": "metrics-*", - "name": "controlGroup_82c41492-acf8-4b51-bba9-ec54c99fb1ba:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "f482071f-d956-4817-90b5-82a74d8aa841", + "title": "Replicas per StatefulSet [Metrics Kubernetes]", + "type": "lens", + "version": "8.10.2" + } ], - "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "timeRestore": false, + "title": "[Metrics Kubernetes] StatefulSets", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "d8265dae-829d-434f-a826-cc6062edfd3a:indexpattern-datasource-layer-1e1f286b-da16-49ab-8ad6-cef60c577ce5", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d8265dae-829d-434f-a826-cc6062edfd3a:988215de-1bb2-4dd7-91a4-a07d3d436b89", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "21039d12-cc17-4089-9d8f-3c62018c8f1c:indexpattern-datasource-layer-37f25d48-9b81-419c-8a8b-e5daea0230d0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "21039d12-cc17-4089-9d8f-3c62018c8f1c:3fbf4162-1133-4eee-ad35-334b047efd3d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "dd7df777-8dae-4374-96ee-461be82fbde4:indexpattern-datasource-layer-c5fc4b20-ec0c-46c3-aaf8-96970b768d34", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "dd7df777-8dae-4374-96ee-461be82fbde4:778d517a-5fab-4174-8f76-966de3e4452a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3e6790d6-de88-47de-8c3e-d8aa2c89c538:indexpattern-datasource-layer-1b5bdc61-0d5f-42da-ab97-2fe6f73775d5", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3e6790d6-de88-47de-8c3e-d8aa2c89c538:0ae72fd9-5dfe-480d-9fbc-ca97c60c1955", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3:indexpattern-datasource-layer-7f72a30a-3591-492d-83d7-2fd9d40e5ef6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "34f2d226-f9e4-47f7-87d6-e3f5fb1db6d3:84dd109c-0824-4ccf-948b-8bad46f6203a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f482071f-d956-4817-90b5-82a74d8aa841:indexpattern-datasource-layer-0b03a29a-8bd6-485d-b34c-5682853a3ec6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f482071f-d956-4817-90b5-82a74d8aa841:33ac762e-904d-4a44-a943-e76d147b5770", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_5f6614ff-57c0-400e-8350-47e86ad5c77f:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_6faac538-d3fd-4f77-85cc-3b7171c7144c:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_82c41492-acf8-4b51-bba9-ec54c99fb1ba:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013.json index 1f74effa077..d578f97bfdc 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013.json @@ -1,490 +1,500 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"c9e17236-d41d-4748-8eb7-54c93d5a1478\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"c9e17236-d41d-4748-8eb7-54c93d5a1478\",\"enhancements\":{}}},\"049e831a-2716-4c4b-a037-b2b45789842a\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"049e831a-2716-4c4b-a037-b2b45789842a\",\"selectedOptions\":[],\"enhancements\":{}}},\"60ec5f9c-087d-48e6-98ab-488952a7b186\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.volume.name\",\"title\":\"Volume Name\",\"id\":\"60ec5f9c-087d-48e6-98ab-488952a7b186\",\"enhancements\":{}}}}" + "id": "kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0NSwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "twoLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"c9e17236-d41d-4748-8eb7-54c93d5a1478\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"c9e17236-d41d-4748-8eb7-54c93d5a1478\",\"enhancements\":{}}},\"049e831a-2716-4c4b-a037-b2b45789842a\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"049e831a-2716-4c4b-a037-b2b45789842a\",\"selectedOptions\":[],\"enhancements\":{}}},\"60ec5f9c-087d-48e6-98ab-488952a7b186\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.volume.name\",\"title\":\"Volume Name\",\"id\":\"60ec5f9c-087d-48e6-98ab-488952a7b186\",\"enhancements\":{}}}}" + }, + "description": "Metrics about Volumes", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "8353083b-3ad8-4814-b22f-bc7314e751d1", + "w": 48, + "x": 0, + "y": 0 }, - "description": "Metrics about Volumes", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "panelIndex": "8353083b-3ad8-4814-b22f-bc7314e751d1", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 17, + "i": "0f641488-aa6d-4409-9789-5967590635d5", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "panelIndex": "0f641488-aa6d-4409-9789-5967590635d5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e2cc978e-4d26-4a84-8c40-20a4af3abf83", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0": { + "columnOrder": [ + "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", + "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", + "227c4795-30a7-48dc-990a-11fe7b4bca3c", + "a551fe3f-2761-4cfe-8b47-ed8f6d9c9540", + "a52b3682-8595-4cff-89b2-590cd5c3e6c2" + ], + "columns": { + "227c4795-30a7-48dc-990a-11fe7b4bca3c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Fs Capacity bytes", + "operationType": "average", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 1 + } } + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.capacity.bytes" }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "8353083b-3ad8-4814-b22f-bc7314e751d1", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "8353083b-3ad8-4814-b22f-bc7314e751d1", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e2cc978e-4d26-4a84-8c40-20a4af3abf83", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0": { - "columnOrder": [ - "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", - "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", - "227c4795-30a7-48dc-990a-11fe7b4bca3c", - "a551fe3f-2761-4cfe-8b47-ed8f6d9c9540", - "a52b3682-8595-4cff-89b2-590cd5c3e6c2" - ], - "columns": { - "227c4795-30a7-48dc-990a-11fe7b4bca3c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Fs Capacity bytes", - "operationType": "average", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 1 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.capacity.bytes" - }, - "3d17c7ea-eb86-4234-9e24-9b304fc6da9b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Volume", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.volume.name" - }, - "6f2b317a-fff1-4e00-81df-b3d9c05f8f54": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Fs Available bytes", - "operationType": "average", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 1 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.available.bytes" - }, - "a52b3682-8595-4cff-89b2-590cd5c3e6c2": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.volume.fs.used.pct: *" - }, - "isBucketed": false, - "label": "Fs Usage Pct", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "percent", - "params": { - "decimals": 3 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.used.pct" - }, - "a551fe3f-2761-4cfe-8b47-ed8f6d9c9540": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Fs Used bytes", - "operationType": "average", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 1 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.used.bytes" - } - }, - "incompleteColumns": {} - } - } - } + "3d17c7ea-eb86-4234-9e24-9b304fc6da9b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Volume", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "e2cc978e-4d26-4a84-8c40-20a4af3abf83", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.volume" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.volume" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", - "isTransposed": false - }, - { - "columnId": "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", - "isTransposed": false - }, - { - "columnId": "227c4795-30a7-48dc-990a-11fe7b4bca3c", - "isTransposed": false - }, - { - "columnId": "a551fe3f-2761-4cfe-8b47-ed8f6d9c9540", - "isTransposed": false - }, - { - "columnId": "a52b3682-8595-4cff-89b2-590cd5c3e6c2", - "isTransposed": false - } - ], - "layerId": "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.volume.name" + }, + "6f2b317a-fff1-4e00-81df-b3d9c05f8f54": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Fs Available bytes", + "operationType": "average", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 1 + } + } + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.available.bytes" + }, + "a52b3682-8595-4cff-89b2-590cd5c3e6c2": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.volume.fs.used.pct: *" + }, + "isBucketed": false, + "label": "Fs Usage Pct", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 3 + } } + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.used.pct" }, - "title": "Filesystem Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "a551fe3f-2761-4cfe-8b47-ed8f6d9c9540": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Fs Used bytes", + "operationType": "average", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 1 + } + } + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.used.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "e2cc978e-4d26-4a84-8c40-20a4af3abf83", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.volume" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 17, - "i": "0f641488-aa6d-4409-9789-5967590635d5", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "0f641488-aa6d-4409-9789-5967590635d5", - "title": "Filesystem Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.volume" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", + "isTransposed": false + }, + { + "columnId": "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", + "isTransposed": false + }, + { + "columnId": "227c4795-30a7-48dc-990a-11fe7b4bca3c", + "isTransposed": false + }, + { + "columnId": "a551fe3f-2761-4cfe-8b47-ed8f6d9c9540", + "isTransposed": false + }, + { + "columnId": "a52b3682-8595-4cff-89b2-590cd5c3e6c2", + "isTransposed": false + } + ], + "layerId": "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", - "type": "index-pattern" + "title": "Filesystem Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Filesystem Informations [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 17, + "i": "eec01fb6-ac46-4573-b231-4394ac7090c0", + "w": 48, + "x": 0, + "y": 21 + }, + "panelIndex": "eec01fb6-ac46-4573-b231-4394ac7090c0", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "aa3d3e9c-a555-4b69-9dc2-7f1ff0e641ff", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0": { + "columnOrder": [ + "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", + "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", + "1e1cd98f-fe72-473f-86ab-e79a621f8527", + "b5cfcf26-889f-4514-a8b6-57f68267cfd2" + ], + "columns": { + "1e1cd98f-fe72-473f-86ab-e79a621f8527": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Free Inodes", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.inodes.free" + }, + "3d17c7ea-eb86-4234-9e24-9b304fc6da9b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Volume", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "aa3d3e9c-a555-4b69-9dc2-7f1ff0e641ff", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0": { - "columnOrder": [ - "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", - "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", - "1e1cd98f-fe72-473f-86ab-e79a621f8527", - "b5cfcf26-889f-4514-a8b6-57f68267cfd2" - ], - "columns": { - "1e1cd98f-fe72-473f-86ab-e79a621f8527": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Free Inodes", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.inodes.free" - }, - "3d17c7ea-eb86-4234-9e24-9b304fc6da9b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Volume", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.volume.name" - }, - "6f2b317a-fff1-4e00-81df-b3d9c05f8f54": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Number of Inodes", - "operationType": "last_value", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.inodes.count" - }, - "b5cfcf26-889f-4514-a8b6-57f68267cfd2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Used Inodes", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.volume.fs.inodes.used" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "aa3d3e9c-a555-4b69-9dc2-7f1ff0e641ff", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.volume" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.volume" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.volume.name" + }, + "6f2b317a-fff1-4e00-81df-b3d9c05f8f54": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Number of Inodes", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "visualization": { - "columns": [ - { - "columnId": "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", - "isTransposed": false - }, - { - "columnId": "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", - "isTransposed": false - }, - { - "columnId": "1e1cd98f-fe72-473f-86ab-e79a621f8527", - "isTransposed": false - }, - { - "columnId": "b5cfcf26-889f-4514-a8b6-57f68267cfd2", - "isTransposed": false - } - ], - "layerId": "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.inodes.count" }, - "title": "Filesystem Inodes Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "b5cfcf26-889f-4514-a8b6-57f68267cfd2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Used Inodes", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.volume.fs.inodes.used" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "aa3d3e9c-a555-4b69-9dc2-7f1ff0e641ff", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.volume" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 17, - "i": "eec01fb6-ac46-4573-b231-4394ac7090c0", - "w": 48, - "x": 0, - "y": 21 - }, - "panelIndex": "eec01fb6-ac46-4573-b231-4394ac7090c0", - "title": "Filesystem Inodes Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Volumes", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T14:19:35.010Z", - "id": "kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "0f641488-aa6d-4409-9789-5967590635d5:indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "0f641488-aa6d-4409-9789-5967590635d5:e2cc978e-4d26-4a84-8c40-20a4af3abf83", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "eec01fb6-ac46-4573-b231-4394ac7090c0:indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "eec01fb6-ac46-4573-b231-4394ac7090c0:aa3d3e9c-a555-4b69-9dc2-7f1ff0e641ff", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_c9e17236-d41d-4748-8eb7-54c93d5a1478:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_049e831a-2716-4c4b-a037-b2b45789842a:optionsListDataView", - "type": "index-pattern" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.volume" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "3d17c7ea-eb86-4234-9e24-9b304fc6da9b", + "isTransposed": false + }, + { + "columnId": "6f2b317a-fff1-4e00-81df-b3d9c05f8f54", + "isTransposed": false + }, + { + "columnId": "1e1cd98f-fe72-473f-86ab-e79a621f8527", + "isTransposed": false + }, + { + "columnId": "b5cfcf26-889f-4514-a8b6-57f68267cfd2", + "isTransposed": false + } + ], + "layerId": "ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "Filesystem Inodes Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_60ec5f9c-087d-48e6-98ab-488952a7b186:optionsListDataView", - "type": "index-pattern" - } + "title": "Filesystem Inodes Informations [Metrics Kubernetes]" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] Volumes", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "0f641488-aa6d-4409-9789-5967590635d5:indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "0f641488-aa6d-4409-9789-5967590635d5:e2cc978e-4d26-4a84-8c40-20a4af3abf83", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "eec01fb6-ac46-4573-b231-4394ac7090c0:indexpattern-datasource-layer-ba7fdd7b-69d9-48d5-ac00-c5602e16ccd0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "eec01fb6-ac46-4573-b231-4394ac7090c0:aa3d3e9c-a555-4b69-9dc2-7f1ff0e641ff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_c9e17236-d41d-4748-8eb7-54c93d5a1478:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_049e831a-2716-4c4b-a037-b2b45789842a:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_60ec5f9c-087d-48e6-98ab-488952a7b186:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013.json index 03af84bd555..ae59fa0ad42 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,1647 +1,1663 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"7c68c5e5-70ee-4a8d-88d5-dcd8c6dbd6d2\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"7c68c5e5-70ee-4a8d-88d5-dcd8c6dbd6d2\",\"selectedOptions\":[],\"enhancements\":{}}},\"c08d3539-51f7-4256-861b-c3c323edfb86\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"c08d3539-51f7-4256-861b-c3c323edfb86\",\"selectedOptions\":[],\"enhancements\":{}}},\"4a85f45a-ea4c-4514-a71c-b15979915ce3\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.pod.name\",\"title\":\"Pod Name\",\"id\":\"4a85f45a-ea4c-4514-a71c-b15979915ce3\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0NiwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "twoLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"7c68c5e5-70ee-4a8d-88d5-dcd8c6dbd6d2\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"7c68c5e5-70ee-4a8d-88d5-dcd8c6dbd6d2\",\"selectedOptions\":[],\"enhancements\":{}}},\"c08d3539-51f7-4256-861b-c3c323edfb86\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"c08d3539-51f7-4256-861b-c3c323edfb86\",\"selectedOptions\":[],\"enhancements\":{}}},\"4a85f45a-ea4c-4514-a71c-b15979915ce3\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.pod.name\",\"title\":\"Pod Name\",\"id\":\"4a85f45a-ea4c-4514-a71c-b15979915ce3\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Metrics about Pods", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "72efb777-3b17-42a9-91c5-b17ee964ce28", + "w": 48, + "x": 0, + "y": 0 }, - "description": "Metrics about Pods", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "panelIndex": "72efb777-3b17-42a9-91c5-b17ee964ce28", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "0a10c73f-959b-40e1-b1a2-609c3fd59914", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false + "panelIndex": "0a10c73f-959b-40e1-b1a2-609c3fd59914", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-307ec163-d913-4ce0-8e9b-6dfc777def59", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f30047fb-d7fd-4873-9150-6e16c369fcc8", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "307ec163-d913-4ce0-8e9b-6dfc777def59": { + "columnOrder": [ + "8c03fc54-6e2d-49ff-b294-bb80ae6a1a8e", + "7b682fd2-3fd6-4834-8067-a546ab543764", + "e9919412-9d5f-4db8-96bf-ab35a7b11c87", + "b1ecf062-bf74-4458-9598-2c7018cdae3d" + ], + "columns": { + "7b682fd2-3fd6-4834-8067-a546ab543764": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.status.phase: *" + }, + "isBucketed": false, + "label": "Phase", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.status.phase" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "72efb777-3b17-42a9-91c5-b17ee964ce28", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "72efb777-3b17-42a9-91c5-b17ee964ce28", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-307ec163-d913-4ce0-8e9b-6dfc777def59", - "type": "index-pattern" + "8c03fc54-6e2d-49ff-b294-bb80ae6a1a8e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Pod", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "f30047fb-d7fd-4873-9150-6e16c369fcc8", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "307ec163-d913-4ce0-8e9b-6dfc777def59": { - "columnOrder": [ - "8c03fc54-6e2d-49ff-b294-bb80ae6a1a8e", - "7b682fd2-3fd6-4834-8067-a546ab543764", - "e9919412-9d5f-4db8-96bf-ab35a7b11c87", - "b1ecf062-bf74-4458-9598-2c7018cdae3d" - ], - "columns": { - "7b682fd2-3fd6-4834-8067-a546ab543764": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.status.phase: *" - }, - "isBucketed": false, - "label": "Phase", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.status.phase" - }, - "8c03fc54-6e2d-49ff-b294-bb80ae6a1a8e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Pod", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 1000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - }, - "b1ecf062-bf74-4458-9598-2c7018cdae3d": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.status.scheduled: *" - }, - "isBucketed": false, - "label": "Scheduled", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.status.scheduled" - }, - "e9919412-9d5f-4db8-96bf-ab35a7b11c87": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.status.ready: *" - }, - "isBucketed": false, - "label": "Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.status.ready" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "f30047fb-d7fd-4873-9150-6e16c369fcc8", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "collapseFn": "", - "columnId": "8c03fc54-6e2d-49ff-b294-bb80ae6a1a8e", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "7b682fd2-3fd6-4834-8067-a546ab543764", - "hidden": false, - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "e9919412-9d5f-4db8-96bf-ab35a7b11c87", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "b1ecf062-bf74-4458-9598-2c7018cdae3d", - "isTransposed": false - } - ], - "headerRowHeight": "single", - "headerRowHeightLines": 1, - "layerId": "307ec163-d913-4ce0-8e9b-6dfc777def59", - "layerType": "data", - "paging": { - "enabled": true, - "size": 10 - }, - "sorting": { - "direction": "none" - } - } + "size": 1000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" }, - "title": "Status per Pod [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "b1ecf062-bf74-4458-9598-2c7018cdae3d": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.status.scheduled: *" + }, + "isBucketed": false, + "label": "Scheduled", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.status.scheduled" + }, + "e9919412-9d5f-4db8-96bf-ab35a7b11c87": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.status.ready: *" + }, + "isBucketed": false, + "label": "Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.status.ready" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "f30047fb-d7fd-4873-9150-6e16c369fcc8", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_pod" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "0a10c73f-959b-40e1-b1a2-609c3fd59914", - "w": 48, - "x": 0, - "y": 4 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "collapseFn": "", + "columnId": "8c03fc54-6e2d-49ff-b294-bb80ae6a1a8e", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "7b682fd2-3fd6-4834-8067-a546ab543764", + "hidden": false, + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "e9919412-9d5f-4db8-96bf-ab35a7b11c87", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "b1ecf062-bf74-4458-9598-2c7018cdae3d", + "isTransposed": false + } + ], + "headerRowHeight": "single", + "headerRowHeightLines": 1, + "layerId": "307ec163-d913-4ce0-8e9b-6dfc777def59", + "layerType": "data", + "paging": { + "enabled": true, + "size": 10 }, - "panelIndex": "0a10c73f-959b-40e1-b1a2-609c3fd59914", - "title": "Status per Pod [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "sorting": { + "direction": "none" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "9486d409-e044-43b7-a175-e25695e38cc4", - "type": "index-pattern" + "title": "Status per Pod [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Status per Pod [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "8775bc75-d36c-4e37-94e4-ca63300d9dd3", + "w": 24, + "x": 0, + "y": 19 + }, + "panelIndex": "8775bc75-d36c-4e37-94e4-ca63300d9dd3", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9486d409-e044-43b7-a175-e25695e38cc4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "CPU Usage", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 2 + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "CPU Usage", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.cpu.usage.node.pct" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.cpu.usage.node.pct" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9486d409-e044-43b7-a175-e25695e38cc4", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9486d409-e044-43b7-a175-e25695e38cc4", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "8775bc75-d36c-4e37-94e4-ca63300d9dd3", - "w": 24, - "x": 0, - "y": 19 + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "8775bc75-d36c-4e37-94e4-ca63300d9dd3", - "title": "CPU Usage as Pct of the Total Node CPU [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "61027d7f-6398-4aec-b154-897b913481e4", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU Usage as Pct of the Total Node CPU [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "8e7901b2-cfc3-433d-9dcb-4af30c649efb", + "w": 24, + "x": 24, + "y": 19 + }, + "panelIndex": "8e7901b2-cfc3-433d-9dcb-4af30c649efb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "61027d7f-6398-4aec-b154-897b913481e4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "CPU Usage", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 2 + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "CPU Usage", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.cpu.usage.limit.pct" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.cpu.usage.limit.pct" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "61027d7f-6398-4aec-b154-897b913481e4", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "61027d7f-6398-4aec-b154-897b913481e4", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "gridData": { - "h": 15, - "i": "8e7901b2-cfc3-433d-9dcb-4af30c649efb", - "w": 24, - "x": 24, - "y": 19 + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "8e7901b2-cfc3-433d-9dcb-4af30c649efb", - "title": "CPU Usage as Pct of the Defined Pod Limit [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "ace482cc-b33b-47c1-89b1-a710fe45195e", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU Usage as Pct of the Defined Pod Limit [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "98677dcb-ab94-47e8-94ca-326470ee2380", + "w": 24, + "x": 0, + "y": 34 + }, + "panelIndex": "98677dcb-ab94-47e8-94ca-326470ee2380", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ace482cc-b33b-47c1-89b1-a710fe45195e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "Memory Usage", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 2 + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "Memory Usage", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.memory.usage.node.pct" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.memory.usage.node.pct" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ace482cc-b33b-47c1-89b1-a710fe45195e", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ace482cc-b33b-47c1-89b1-a710fe45195e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "98677dcb-ab94-47e8-94ca-326470ee2380", - "w": 24, - "x": 0, - "y": 34 + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "98677dcb-ab94-47e8-94ca-326470ee2380", - "title": "Memory Usage as Pct of the Total Node Memory [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "81de779f-3d8f-4f90-9a93-08ecf5d96939", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Memory Usage as Pct of the Total Node Memory [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "5575d413-c4a4-4e34-8605-54f82e5e05b3", + "w": 24, + "x": 24, + "y": 34 + }, + "panelIndex": "5575d413-c4a4-4e34-8605-54f82e5e05b3", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "81de779f-3d8f-4f90-9a93-08ecf5d96939", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "Memory Usage", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 2 + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "Memory Usage", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.memory.usage.limit.pct" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.memory.usage.limit.pct" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "81de779f-3d8f-4f90-9a93-08ecf5d96939", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "81de779f-3d8f-4f90-9a93-08ecf5d96939", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 15, - "i": "5575d413-c4a4-4e34-8605-54f82e5e05b3", - "w": 24, - "x": 24, - "y": 34 + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "5575d413-c4a4-4e34-8605-54f82e5e05b3", - "title": "Memory Usage as Pct of the Defined Pod Limit [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" + }, + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "9d74e7d3-0a1c-4c8b-8635-1577d74797f7", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Memory Usage as Pct of the Defined Pod Limit [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "435eeb17-c28a-4bde-9c43-b85d8e463c03", + "w": 24, + "x": 0, + "y": 49 + }, + "panelIndex": "435eeb17-c28a-4bde-9c43-b85d8e463c03", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9d74e7d3-0a1c-4c8b-8635-1577d74797f7", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "Memory Usage", + "operationType": "average", + "params": { + "emptyAsNull": true, + "format": { + "id": "percent", + "params": { + "decimals": 2 + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "Memory Usage", - "operationType": "average", - "params": { - "emptyAsNull": true, - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.memory.working_set.limit.pct" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.memory.working_set.limit.pct" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9d74e7d3-0a1c-4c8b-8635-1577d74797f7", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9d74e7d3-0a1c-4c8b-8635-1577d74797f7", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "435eeb17-c28a-4bde-9c43-b85d8e463c03", - "w": 24, - "x": 0, - "y": 49 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "435eeb17-c28a-4bde-9c43-b85d8e463c03", - "title": "Working Set Memory Usage as Pct of the Defined Pod Limit [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" + }, + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Working Set Memory Usage as Pct of the Defined Pod Limit [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "7a1ccd34-5b1c-445b-8f1f-00d792c49104", + "w": 24, + "x": 24, + "y": 49 + }, + "panelIndex": "7a1ccd34-5b1c-445b-8f1f-00d792c49104", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "710b0f49-b955-4cb8-826e-e51b3e6e7271", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "Network Usage", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "710b0f49-b955-4cb8-826e-e51b3e6e7271", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "Network Usage", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.network.tx.bytes" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.network.tx.bytes" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "710b0f49-b955-4cb8-826e-e51b3e6e7271", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "710b0f49-b955-4cb8-826e-e51b3e6e7271", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "7a1ccd34-5b1c-445b-8f1f-00d792c49104", - "w": 24, - "x": 24, - "y": 49 + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "7a1ccd34-5b1c-445b-8f1f-00d792c49104", - "title": "Network Outgoing Bytes per Pod [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Network Outgoing Bytes per Pod [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "72b97d6f-17f7-44b0-87a9-e272981c7565", + "w": 24, + "x": 0, + "y": 64 + }, + "panelIndex": "72b97d6f-17f7-44b0-87a9-e272981c7565", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "31f6a38e-250d-4a00-9f2a-af9c53aff800", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { + "columnOrder": [ + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "columns": { + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.node.pct: *" + }, + "isBucketed": false, + "label": "Network Usage", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "31f6a38e-250d-4a00-9f2a-af9c53aff800", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a": { - "columnOrder": [ - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0", - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "columns": { - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.node.pct: *" - }, - "isBucketed": false, - "label": "Network Usage", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.network.rx.bytes" - }, - "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderBy": { - "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.network.rx.bytes" + }, + "a83bd360-6bed-4bab-ac6c-82b8e473c2b0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderBy": { + "columnId": "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "31f6a38e-250d-4a00-9f2a-af9c53aff800", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" - ], - "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", - "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "31f6a38e-250d-4a00-9f2a-af9c53aff800", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 15, - "i": "72b97d6f-17f7-44b0-87a9-e272981c7565", - "w": 24, - "x": 0, - "y": 64 + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "72b97d6f-17f7-44b0-87a9-e272981c7565", - "title": "Network Incoming Bytes per Pod [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Pods", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-05-11T17:29:51.931Z", - "id": "kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "0a10c73f-959b-40e1-b1a2-609c3fd59914:indexpattern-datasource-layer-307ec163-d913-4ce0-8e9b-6dfc777def59", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "0a10c73f-959b-40e1-b1a2-609c3fd59914:f30047fb-d7fd-4873-9150-6e16c369fcc8", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "8775bc75-d36c-4e37-94e4-ca63300d9dd3:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "8775bc75-d36c-4e37-94e4-ca63300d9dd3:9486d409-e044-43b7-a175-e25695e38cc4", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "8e7901b2-cfc3-433d-9dcb-4af30c649efb:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "8e7901b2-cfc3-433d-9dcb-4af30c649efb:61027d7f-6398-4aec-b154-897b913481e4", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "98677dcb-ab94-47e8-94ca-326470ee2380:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "98677dcb-ab94-47e8-94ca-326470ee2380:ace482cc-b33b-47c1-89b1-a710fe45195e", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5575d413-c4a4-4e34-8605-54f82e5e05b3:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5575d413-c4a4-4e34-8605-54f82e5e05b3:81de779f-3d8f-4f90-9a93-08ecf5d96939", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "435eeb17-c28a-4bde-9c43-b85d8e463c03:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "435eeb17-c28a-4bde-9c43-b85d8e463c03:9d74e7d3-0a1c-4c8b-8635-1577d74797f7", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "7a1ccd34-5b1c-445b-8f1f-00d792c49104:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "7a1ccd34-5b1c-445b-8f1f-00d792c49104:710b0f49-b955-4cb8-826e-e51b3e6e7271", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "72b97d6f-17f7-44b0-87a9-e272981c7565:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "72b97d6f-17f7-44b0-87a9-e272981c7565:31f6a38e-250d-4a00-9f2a-af9c53aff800", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_7c68c5e5-70ee-4a8d-88d5-dcd8c6dbd6d2:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_c08d3539-51f7-4256-861b-c3c323edfb86:optionsListDataView", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "86e6d540-5fd3-483e-b1a1-b575a0a5ca9c" + ], + "layerId": "921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "ce13a463-7e39-46f6-8d0f-14c1f9e9a0d9", + "xAccessor": "a83bd360-6bed-4bab-ac6c-82b8e473c2b0" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" + }, + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_4a85f45a-ea4c-4514-a71c-b15979915ce3:optionsListDataView", - "type": "index-pattern" - } + "title": "Network Incoming Bytes per Pod [Metrics Kubernetes]" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] Pods", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "0a10c73f-959b-40e1-b1a2-609c3fd59914:indexpattern-datasource-layer-307ec163-d913-4ce0-8e9b-6dfc777def59", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "0a10c73f-959b-40e1-b1a2-609c3fd59914:f30047fb-d7fd-4873-9150-6e16c369fcc8", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "8775bc75-d36c-4e37-94e4-ca63300d9dd3:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "8775bc75-d36c-4e37-94e4-ca63300d9dd3:9486d409-e044-43b7-a175-e25695e38cc4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "8e7901b2-cfc3-433d-9dcb-4af30c649efb:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "8e7901b2-cfc3-433d-9dcb-4af30c649efb:61027d7f-6398-4aec-b154-897b913481e4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "98677dcb-ab94-47e8-94ca-326470ee2380:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "98677dcb-ab94-47e8-94ca-326470ee2380:ace482cc-b33b-47c1-89b1-a710fe45195e", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5575d413-c4a4-4e34-8605-54f82e5e05b3:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5575d413-c4a4-4e34-8605-54f82e5e05b3:81de779f-3d8f-4f90-9a93-08ecf5d96939", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "435eeb17-c28a-4bde-9c43-b85d8e463c03:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "435eeb17-c28a-4bde-9c43-b85d8e463c03:9d74e7d3-0a1c-4c8b-8635-1577d74797f7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "7a1ccd34-5b1c-445b-8f1f-00d792c49104:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "7a1ccd34-5b1c-445b-8f1f-00d792c49104:710b0f49-b955-4cb8-826e-e51b3e6e7271", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "72b97d6f-17f7-44b0-87a9-e272981c7565:indexpattern-datasource-layer-921ae90c-bc32-4ce1-b4d0-bcaec7eb339a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "72b97d6f-17f7-44b0-87a9-e272981c7565:31f6a38e-250d-4a00-9f2a-af9c53aff800", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_7c68c5e5-70ee-4a8d-88d5-dcd8c6dbd6d2:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_c08d3539-51f7-4256-861b-c3c323edfb86:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_4a85f45a-ea4c-4514-a71c-b15979915ce3:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013.json index da9ab17a533..ae09de03a49 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,926 +1,934 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"01b10632-f741-4099-981d-f1008020884b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"01b10632-f741-4099-981d-f1008020884b\",\"selectedOptions\":[],\"enhancements\":{}}},\"e2a1ee45-5917-4945-a7fd-f4ee281b8d6d\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"e2a1ee45-5917-4945-a7fd-f4ee281b8d6d\",\"selectedOptions\":[],\"enhancements\":{}}},\"9e437628-d460-4697-9427-616333ef6947\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.deployment.name\",\"title\":\"Deployment Name\",\"id\":\"9e437628-d460-4697-9427-616333ef6947\",\"selectedOptions\":[],\"enhancements\":{}}}}" - }, - "description": "Metrics about Deployments", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0NywyXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "twoLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"01b10632-f741-4099-981d-f1008020884b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"01b10632-f741-4099-981d-f1008020884b\",\"selectedOptions\":[],\"enhancements\":{}}},\"e2a1ee45-5917-4945-a7fd-f4ee281b8d6d\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"e2a1ee45-5917-4945-a7fd-f4ee281b8d6d\",\"selectedOptions\":[],\"enhancements\":{}}},\"9e437628-d460-4697-9427-616333ef6947\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.deployment.name\",\"title\":\"Deployment Name\",\"id\":\"9e437628-d460-4697-9427-616333ef6947\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Metrics about Deployments", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 4, + "i": "58edcf0e-d21a-4dea-8b29-e5a8d9d4d738", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "58edcf0e-d21a-4dea-8b29-e5a8d9d4d738", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "58edcf0e-d21a-4dea-8b29-e5a8d9d4d738", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.10.2" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-f89abbc1-82fb-4d41-a11a-cf433264e823", - "type": "index-pattern" + "panelIndex": "58edcf0e-d21a-4dea-8b29-e5a8d9d4d738", + "title": "Kubernetes Dashboards [Metrics Kubernetes]", + "type": "visualization", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-f89abbc1-82fb-4d41-a11a-cf433264e823", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "611773bb-5ff9-4f08-ad80-de730b3bb8da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f89abbc1-82fb-4d41-a11a-cf433264e823": { + "columnOrder": [ + "97c9bb01-da79-4cd4-b196-0842bbb528b9", + "f96be551-98dc-415f-9179-6d589e1d226d" + ], + "columns": { + "97c9bb01-da79-4cd4-b196-0842bbb528b9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.deployment.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "611773bb-5ff9-4f08-ad80-de730b3bb8da", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "f89abbc1-82fb-4d41-a11a-cf433264e823": { - "columnOrder": [ - "97c9bb01-da79-4cd4-b196-0842bbb528b9", - "f96be551-98dc-415f-9179-6d589e1d226d" - ], - "columns": { - "97c9bb01-da79-4cd4-b196-0842bbb528b9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.deployment.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.deployment.name" - }, - "f96be551-98dc-415f-9179-6d589e1d226d": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.deployment.replicas.desired\": *" - }, - "isBucketed": false, - "label": "Replicas Desired", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.desired" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "611773bb-5ff9-4f08-ad80-de730b3bb8da", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_deployment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_deployment" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "97c9bb01-da79-4cd4-b196-0842bbb528b9", - "collapseFn": "sum", - "layerId": "f89abbc1-82fb-4d41-a11a-cf433264e823", - "layerType": "data", - "metricAccessor": "f96be551-98dc-415f-9179-6d589e1d226d" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.deployment.name" }, - "title": "Deployment Replicas Desired [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "f96be551-98dc-415f-9179-6d589e1d226d": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.deployment.replicas.desired\": *" + }, + "isBucketed": false, + "label": "Replicas Desired", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.desired" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "c2551403-dc87-4486-bcac-0b949508082e", - "w": 12, - "x": 0, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "c2551403-dc87-4486-bcac-0b949508082e", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "611773bb-5ff9-4f08-ad80-de730b3bb8da", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_deployment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_deployment" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "97c9bb01-da79-4cd4-b196-0842bbb528b9", + "collapseFn": "sum", + "layerId": "f89abbc1-82fb-4d41-a11a-cf433264e823", + "layerType": "data", + "metricAccessor": "f96be551-98dc-415f-9179-6d589e1d226d" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-0f3d63e6-e7d7-45d7-acc1-13be66847b70", - "type": "index-pattern" + "title": "Deployment Replicas Desired [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "c2551403-dc87-4486-bcac-0b949508082e", + "w": 12, + "x": 0, + "y": 4 + }, + "panelIndex": "c2551403-dc87-4486-bcac-0b949508082e", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-0f3d63e6-e7d7-45d7-acc1-13be66847b70", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "899d30db-ab00-4a6f-9323-d4232f23735e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0f3d63e6-e7d7-45d7-acc1-13be66847b70": { + "columnOrder": [ + "0e87c556-3850-42b1-83ea-f1117f30b514", + "68619d2a-8ca3-4fab-a401-b6afe82f0b34" + ], + "columns": { + "0e87c556-3850-42b1-83ea-f1117f30b514": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.deployment.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "899d30db-ab00-4a6f-9323-d4232f23735e", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "0f3d63e6-e7d7-45d7-acc1-13be66847b70": { - "columnOrder": [ - "0e87c556-3850-42b1-83ea-f1117f30b514", - "68619d2a-8ca3-4fab-a401-b6afe82f0b34" - ], - "columns": { - "0e87c556-3850-42b1-83ea-f1117f30b514": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.deployment.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.deployment.name" - }, - "68619d2a-8ca3-4fab-a401-b6afe82f0b34": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.deployment.replicas.available\": *" - }, - "isBucketed": false, - "label": "Replicas Available ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.available" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "899d30db-ab00-4a6f-9323-d4232f23735e", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_deployment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_deployment" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "0e87c556-3850-42b1-83ea-f1117f30b514", - "collapseFn": "sum", - "layerId": "0f3d63e6-e7d7-45d7-acc1-13be66847b70", - "layerType": "data", - "metricAccessor": "68619d2a-8ca3-4fab-a401-b6afe82f0b34" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.deployment.name" }, - "title": "Deployment Replicas Available [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "68619d2a-8ca3-4fab-a401-b6afe82f0b34": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.deployment.replicas.available\": *" + }, + "isBucketed": false, + "label": "Replicas Available ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.available" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "51e54a67-b167-49a2-95e6-e758a953a7e8", - "w": 12, - "x": 12, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "51e54a67-b167-49a2-95e6-e758a953a7e8", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "899d30db-ab00-4a6f-9323-d4232f23735e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_deployment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_deployment" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "0e87c556-3850-42b1-83ea-f1117f30b514", + "collapseFn": "sum", + "layerId": "0f3d63e6-e7d7-45d7-acc1-13be66847b70", + "layerType": "data", + "metricAccessor": "68619d2a-8ca3-4fab-a401-b6afe82f0b34" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6", - "type": "index-pattern" + "title": "Deployment Replicas Available [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "51e54a67-b167-49a2-95e6-e758a953a7e8", + "w": 12, + "x": 12, + "y": 4 + }, + "panelIndex": "51e54a67-b167-49a2-95e6-e758a953a7e8", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "78f09db9-67c3-40f1-93c7-9ba2b8ca8299", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6": { + "columnOrder": [ + "7f1db361-8082-4f8d-985b-21e2a73c7073", + "f1c1c36b-5bdc-4755-bd47-e24fcfd58c22" + ], + "columns": { + "7f1db361-8082-4f8d-985b-21e2a73c7073": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.deployment.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "78f09db9-67c3-40f1-93c7-9ba2b8ca8299", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6": { - "columnOrder": [ - "7f1db361-8082-4f8d-985b-21e2a73c7073", - "f1c1c36b-5bdc-4755-bd47-e24fcfd58c22" - ], - "columns": { - "7f1db361-8082-4f8d-985b-21e2a73c7073": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.deployment.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.deployment.name" - }, - "f1c1c36b-5bdc-4755-bd47-e24fcfd58c22": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.deployment.replicas.unavailable\": *" - }, - "isBucketed": false, - "label": "Replicas Unavailable ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.unavailable" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "78f09db9-67c3-40f1-93c7-9ba2b8ca8299", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_deployment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_deployment" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "7f1db361-8082-4f8d-985b-21e2a73c7073", - "collapseFn": "sum", - "layerId": "0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6", - "layerType": "data", - "metricAccessor": "f1c1c36b-5bdc-4755-bd47-e24fcfd58c22" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.deployment.name" }, - "title": "Deployment Replicas Unavailable [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "f1c1c36b-5bdc-4755-bd47-e24fcfd58c22": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.deployment.replicas.unavailable\": *" + }, + "isBucketed": false, + "label": "Replicas Unavailable ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.unavailable" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "934fbda9-c201-4539-bb6d-95c416b9d392", - "w": 12, - "x": 24, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "934fbda9-c201-4539-bb6d-95c416b9d392", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "78f09db9-67c3-40f1-93c7-9ba2b8ca8299", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_deployment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_deployment" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "7f1db361-8082-4f8d-985b-21e2a73c7073", + "collapseFn": "sum", + "layerId": "0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6", + "layerType": "data", + "metricAccessor": "f1c1c36b-5bdc-4755-bd47-e24fcfd58c22" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-006a132f-0e92-4aa2-818e-bc6aef899777", - "type": "index-pattern" + "title": "Deployment Replicas Unavailable [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "934fbda9-c201-4539-bb6d-95c416b9d392", + "w": 12, + "x": 24, + "y": 4 + }, + "panelIndex": "934fbda9-c201-4539-bb6d-95c416b9d392", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-006a132f-0e92-4aa2-818e-bc6aef899777", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ae122104-dfc0-48a6-b40c-94109bc57cbf", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "006a132f-0e92-4aa2-818e-bc6aef899777": { + "columnOrder": [ + "5136cbeb-0565-4aa8-afe0-c951c8454d1f", + "b3213d52-30f4-4255-b372-fe7d0d1a0919" + ], + "columns": { + "5136cbeb-0565-4aa8-afe0-c951c8454d1f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.deployment.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "ae122104-dfc0-48a6-b40c-94109bc57cbf", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "006a132f-0e92-4aa2-818e-bc6aef899777": { - "columnOrder": [ - "5136cbeb-0565-4aa8-afe0-c951c8454d1f", - "b3213d52-30f4-4255-b372-fe7d0d1a0919" - ], - "columns": { - "5136cbeb-0565-4aa8-afe0-c951c8454d1f": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.deployment.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.deployment.name" - }, - "b3213d52-30f4-4255-b372-fe7d0d1a0919": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.deployment.replicas.updated\": *" - }, - "isBucketed": false, - "label": "Replicas Updated", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.updated" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "ae122104-dfc0-48a6-b40c-94109bc57cbf", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_deployment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_deployment" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "5136cbeb-0565-4aa8-afe0-c951c8454d1f", - "collapseFn": "sum", - "layerId": "006a132f-0e92-4aa2-818e-bc6aef899777", - "layerType": "data", - "metricAccessor": "b3213d52-30f4-4255-b372-fe7d0d1a0919" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.deployment.name" }, - "title": "Deployment Replicas Updated [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "b3213d52-30f4-4255-b372-fe7d0d1a0919": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.deployment.replicas.updated\": *" + }, + "isBucketed": false, + "label": "Replicas Updated", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.updated" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6", - "w": 12, - "x": 36, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "ae122104-dfc0-48a6-b40c-94109bc57cbf", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_deployment" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_deployment" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "5136cbeb-0565-4aa8-afe0-c951c8454d1f", + "collapseFn": "sum", + "layerId": "006a132f-0e92-4aa2-818e-bc6aef899777", + "layerType": "data", + "metricAccessor": "b3213d52-30f4-4255-b372-fe7d0d1a0919" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "ce8436e0-8192-447a-b427-103026d8aa4b", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31": { - "columnOrder": [ - "28ea2553-630d-4917-b778-52da2d5bba86", - "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625", - "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4", - "9b5ed643-7572-4d3b-a9af-6265b3a5a515" - ], - "columns": { - "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.deployment.replicas.unavailable: *" - }, - "isBucketed": false, - "label": "Replicas Unavailable", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.unavailable" - }, - "28ea2553-630d-4917-b778-52da2d5bba86": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Deployment Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "kubernetes.deployment.name" - }, - "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.deployment.replicas.available: *" - }, - "isBucketed": false, - "label": "Replicas Available", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.available" - }, - "9b5ed643-7572-4d3b-a9af-6265b3a5a515": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Replicas Desired", - "operationType": "median", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.deployment.replicas.desired" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Deployment Replicas Updated [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6", + "w": 12, + "x": 36, + "y": 4 + }, + "panelIndex": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ce8436e0-8192-447a-b427-103026d8aa4b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31": { + "columnOrder": [ + "28ea2553-630d-4917-b778-52da2d5bba86", + "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625", + "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4", + "9b5ed643-7572-4d3b-a9af-6265b3a5a515" + ], + "columns": { + "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.deployment.replicas.unavailable: *" + }, + "isBucketed": false, + "label": "Replicas Unavailable", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.unavailable" + }, + "28ea2553-630d-4917-b778-52da2d5bba86": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Deployment Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "ce8436e0-8192-447a-b427-103026d8aa4b", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_deployment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_deployment" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625", - "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4", - "9b5ed643-7572-4d3b-a9af-6265b3a5a515" - ], - "layerId": "2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "28ea2553-630d-4917-b778-52da2d5bba86", - "yConfig": [ - { - "color": "#f00e0e", - "forAccessor": "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4" - }, - { - "color": "#6092c0", - "forAccessor": "9b5ed643-7572-4d3b-a9af-6265b3a5a515" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "kubernetes.deployment.name" + }, + "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.deployment.replicas.available: *" + }, + "isBucketed": false, + "label": "Replicas Available", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.available" }, - "title": "Replicas per Deployment [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsXY" + "9b5ed643-7572-4d3b-a9af-6265b3a5a515": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Replicas Desired", + "operationType": "median", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.deployment.replicas.desired" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "ce8436e0-8192-447a-b427-103026d8aa4b", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_deployment" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_deployment" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 17, - "i": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f", - "w": 48, - "x": 0, - "y": 11 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f", - "title": "Replicas per Deployment [Metrics Kubernetes]", - "type": "lens", - "version": "8.10.2" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Deployments", - "version": 1 - }, - "coreMigrationVersion": "8.8.0", - "created_at": "2023-10-31T12:44:00.635Z", - "id": "kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013", - "managed": false, - "references": [ - { - "id": "metrics-*", - "name": "c2551403-dc87-4486-bcac-0b949508082e:indexpattern-datasource-layer-f89abbc1-82fb-4d41-a11a-cf433264e823", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c2551403-dc87-4486-bcac-0b949508082e:611773bb-5ff9-4f08-ad80-de730b3bb8da", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "51e54a67-b167-49a2-95e6-e758a953a7e8:indexpattern-datasource-layer-0f3d63e6-e7d7-45d7-acc1-13be66847b70", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "51e54a67-b167-49a2-95e6-e758a953a7e8:899d30db-ab00-4a6f-9323-d4232f23735e", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "934fbda9-c201-4539-bb6d-95c416b9d392:indexpattern-datasource-layer-0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "934fbda9-c201-4539-bb6d-95c416b9d392:78f09db9-67c3-40f1-93c7-9ba2b8ca8299", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6:indexpattern-datasource-layer-006a132f-0e92-4aa2-818e-bc6aef899777", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6:ae122104-dfc0-48a6-b40c-94109bc57cbf", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f:indexpattern-datasource-layer-2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f:ce8436e0-8192-447a-b427-103026d8aa4b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_01b10632-f741-4099-981d-f1008020884b:optionsListDataView", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "77f5c6a8-9fb9-4bdd-bf9e-80fc5bd19625", + "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4", + "9b5ed643-7572-4d3b-a9af-6265b3a5a515" + ], + "layerId": "2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "28ea2553-630d-4917-b778-52da2d5bba86", + "yConfig": [ + { + "color": "#f00e0e", + "forAccessor": "0bcf546f-2a52-48e7-8c4e-3a908be9d6c4" + }, + { + "color": "#6092c0", + "forAccessor": "9b5ed643-7572-4d3b-a9af-6265b3a5a515" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide" + } + }, + "title": "Replicas per Deployment [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "metrics-*", - "name": "controlGroup_e2a1ee45-5917-4945-a7fd-f4ee281b8d6d:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 17, + "i": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f", + "w": 48, + "x": 0, + "y": 11 }, - { - "id": "metrics-*", - "name": "controlGroup_9e437628-d460-4697-9427-616333ef6947:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f", + "title": "Replicas per Deployment [Metrics Kubernetes]", + "type": "lens", + "version": "8.10.2" + } ], - "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "timeRestore": false, + "title": "[Metrics Kubernetes] Deployments", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "c2551403-dc87-4486-bcac-0b949508082e:indexpattern-datasource-layer-f89abbc1-82fb-4d41-a11a-cf433264e823", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c2551403-dc87-4486-bcac-0b949508082e:611773bb-5ff9-4f08-ad80-de730b3bb8da", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "51e54a67-b167-49a2-95e6-e758a953a7e8:indexpattern-datasource-layer-0f3d63e6-e7d7-45d7-acc1-13be66847b70", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "51e54a67-b167-49a2-95e6-e758a953a7e8:899d30db-ab00-4a6f-9323-d4232f23735e", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "934fbda9-c201-4539-bb6d-95c416b9d392:indexpattern-datasource-layer-0a77b34d-ac0b-448e-9d8e-af8dbe4cebd6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "934fbda9-c201-4539-bb6d-95c416b9d392:78f09db9-67c3-40f1-93c7-9ba2b8ca8299", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6:indexpattern-datasource-layer-006a132f-0e92-4aa2-818e-bc6aef899777", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "20bd8473-2d2a-4d6c-84f7-20dbd9e724c6:ae122104-dfc0-48a6-b40c-94109bc57cbf", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f:indexpattern-datasource-layer-2ef0145f-ac0f-4dd6-9db2-6ea531a0bc31", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "119cd3f7-baa7-4a1d-8e02-a4ae95c98d1f:ce8436e0-8192-447a-b427-103026d8aa4b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_01b10632-f741-4099-981d-f1008020884b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_e2a1ee45-5917-4945-a7fd-f4ee281b8d6d:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_9e437628-d460-4697-9427-616333ef6947:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json b/packages/kubernetes/kibana/dashboard/kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json index 369476df582..27e10234f6d 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58.json @@ -1,2514 +1,2533 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"f53d0d21-4502-4dce-8004-017a92104040\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.name\",\"title\":\"Host\",\"id\":\"f53d0d21-4502-4dce-8004-017a92104040\",\"selectedOptions\":[],\"enhancements\":{},\"singleSelect\":false}},\"df56c430-83b1-436e-8b9c-fb027aaa29ca\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster\",\"singleSelect\":true,\"id\":\"df56c430-83b1-436e-8b9c-fb027aaa29ca\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0OCwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "oneLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"f53d0d21-4502-4dce-8004-017a92104040\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.name\",\"title\":\"Host\",\"id\":\"f53d0d21-4502-4dce-8004-017a92104040\",\"selectedOptions\":[],\"enhancements\":{},\"singleSelect\":false}},\"df56c430-83b1-436e-8b9c-fb027aaa29ca\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster\",\"singleSelect\":true,\"id\":\"df56c430-83b1-436e-8b9c-fb027aaa29ca\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Kubernetes Proxy metrics", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.proxy" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.proxy" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", + "w": 48, + "x": 0, + "y": 0 }, - "description": "Kubernetes Proxy metrics", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "panelIndex": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "### Proxy\n\nThis dashboard collects data from [kube proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy) endpoint. Its purpose is to give an overview of what is happening inside it and detect problems that might be happening.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", + "w": 48, + "x": 0, + "y": 4 + }, + "panelIndex": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(203,228,249,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Rules", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.proxy" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.proxy" - } - } + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" } - ], - "query": { - "language": "kuery", - "query": "" + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" } - } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "title": "Proxy" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "f74e1a86-4370-4f65-a3b8-d92c9f25ff42", + "w": 24, + "x": 0, + "y": 7 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "f74e1a86-4370-4f65-a3b8-d92c9f25ff42", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-5de1942f-e0a5-4ed8-86c0-972d57d62085", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "5de1942f-e0a5-4ed8-86c0-972d57d62085": { + "columnOrder": [ + "f80bbb4a-6177-4118-9483-7f58928032d4", + "8cb92e23-1df9-41ca-8061-ad76616f76c7", + "a436f8a7-433c-4b20-b115-717f4da445cb", + "a436f8a7-433c-4b20-b115-717f4da445cbX2", + "a436f8a7-433c-4b20-b115-717f4da445cbX1", + "a436f8a7-433c-4b20-b115-717f4da445cbX0" + ], + "columns": { + "8cb92e23-1df9-41ca-8061-ad76616f76c7": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "### Proxy\n\nThis dashboard collects data from [kube proxy](https://kubernetes.io/docs/concepts/overview/components/#kube-proxy) endpoint. Its purpose is to give an overview of what is happening inside it and detect problems that might be happening.", - "openLinksInNewTab": false + "a436f8a7-433c-4b20-b115-717f4da445cb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Latency", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2, + "suffix": "s" + } + }, + "formula": "last_value(kubernetes.proxy.sync.networkprogramming.duration.us.sum)/(pick_max(last_value(kubernetes.proxy.sync.networkprogramming.duration.us.count),1))/1000000", + "isFormulaBroken": false + }, + "references": [ + "a436f8a7-433c-4b20-b115-717f4da445cbX2" + ], + "scale": "ratio" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "a436f8a7-433c-4b20-b115-717f4da445cbX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.sync.networkprogramming.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of Latency", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.sync.networkprogramming.duration.us.sum" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(203,228,249,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Rules", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "a436f8a7-433c-4b20-b115-717f4da445cbX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.sync.networkprogramming.duration.us.count: *" + }, + "isBucketed": false, + "label": "Part of Latency", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.sync.networkprogramming.duration.us.count" }, - "title": "", - "type": "metrics", - "uiState": {} - } - }, - "gridData": { - "h": 3, - "i": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", - "title": "Proxy", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-5de1942f-e0a5-4ed8-86c0-972d57d62085", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "5de1942f-e0a5-4ed8-86c0-972d57d62085": { - "columnOrder": [ - "f80bbb4a-6177-4118-9483-7f58928032d4", - "8cb92e23-1df9-41ca-8061-ad76616f76c7", - "a436f8a7-433c-4b20-b115-717f4da445cb", - "a436f8a7-433c-4b20-b115-717f4da445cbX2", - "a436f8a7-433c-4b20-b115-717f4da445cbX1", - "a436f8a7-433c-4b20-b115-717f4da445cbX0" - ], - "columns": { - "8cb92e23-1df9-41ca-8061-ad76616f76c7": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "a436f8a7-433c-4b20-b115-717f4da445cb": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Latency", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2, - "suffix": "s" - } - }, - "formula": "last_value(kubernetes.proxy.sync.networkprogramming.duration.us.sum)/(pick_max(last_value(kubernetes.proxy.sync.networkprogramming.duration.us.count),1))/1000000", - "isFormulaBroken": false - }, - "references": [ - "a436f8a7-433c-4b20-b115-717f4da445cbX2" - ], - "scale": "ratio" - }, - "a436f8a7-433c-4b20-b115-717f4da445cbX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.sync.networkprogramming.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of Latency", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.sync.networkprogramming.duration.us.sum" - }, - "a436f8a7-433c-4b20-b115-717f4da445cbX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.sync.networkprogramming.duration.us.count: *" - }, - "isBucketed": false, - "label": "Part of Latency", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.sync.networkprogramming.duration.us.count" - }, - "a436f8a7-433c-4b20-b115-717f4da445cbX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Latency", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "a436f8a7-433c-4b20-b115-717f4da445cbX0", - { - "args": [ - "a436f8a7-433c-4b20-b115-717f4da445cbX1", - 1 - ], - "location": { - "max": 152, - "min": 70 - }, - "name": "pick_max", - "text": "pick_max(last_value(kubernetes.proxy.sync.networkprogramming.duration.us.count),1)", - "type": "function" - } - ], - "name": "divide", - "type": "function" - }, - 1000000 - ], - "location": { - "max": 161, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.proxy.sync.networkprogramming.duration.us.sum)/(pick_max(last_value(kubernetes.proxy.sync.networkprogramming.duration.us.count),1))/1000000", - "type": "function" - } - }, - "references": [ - "a436f8a7-433c-4b20-b115-717f4da445cbX0", - "a436f8a7-433c-4b20-b115-717f4da445cbX1" - ], - "scale": "ratio" - }, - "f80bbb4a-6177-4118-9483-7f58928032d4": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ + "a436f8a7-433c-4b20-b115-717f4da445cbX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Latency", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "a436f8a7-433c-4b20-b115-717f4da445cbX0", { - "accessors": [ - "a436f8a7-433c-4b20-b115-717f4da445cb" - ], - "layerId": "5de1942f-e0a5-4ed8-86c0-972d57d62085", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f80bbb4a-6177-4118-9483-7f58928032d4", - "xAccessor": "8cb92e23-1df9-41ca-8061-ad76616f76c7" + "args": [ + "a436f8a7-433c-4b20-b115-717f4da445cbX1", + 1 + ], + "location": { + "max": 152, + "min": 70 + }, + "name": "pick_max", + "text": "pick_max(last_value(kubernetes.proxy.sync.networkprogramming.duration.us.count),1)", + "type": "function" } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false + ], + "name": "divide", + "type": "function" }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" + 1000000 + ], + "location": { + "max": 161, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.proxy.sync.networkprogramming.duration.us.sum)/(pick_max(last_value(kubernetes.proxy.sync.networkprogramming.duration.us.count),1))/1000000", + "type": "function" } + }, + "references": [ + "a436f8a7-433c-4b20-b115-717f4da445cbX0", + "a436f8a7-433c-4b20-b115-717f4da445cbX1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "f74e1a86-4370-4f65-a3b8-d92c9f25ff42", - "w": 24, - "x": 0, - "y": 7 - }, - "panelIndex": "f74e1a86-4370-4f65-a3b8-d92c9f25ff42", - "title": "Average network programming latency", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-0b5eadf5-2a9c-49a2-b862-d317822adfd8", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "0b5eadf5-2a9c-49a2-b862-d317822adfd8": { - "columnOrder": [ - "9ce45236-05a8-478a-a1e1-85ccd013786c", - "c159c217-ff39-456c-ae61-593bb727a2df", - "9203a269-fdcb-4598-859d-d73f8c9734e0", - "9203a269-fdcb-4598-859d-d73f8c9734e0X0", - "9203a269-fdcb-4598-859d-d73f8c9734e0X2", - "9203a269-fdcb-4598-859d-d73f8c9734e0X1" - ], - "columns": { - "9203a269-fdcb-4598-859d-d73f8c9734e0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Average latency", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2, - "suffix": "s" - } - }, - "formula": "last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", - "isFormulaBroken": false - }, - "references": [ - "9203a269-fdcb-4598-859d-d73f8c9734e0X2" - ], - "scale": "ratio" - }, - "9203a269-fdcb-4598-859d-d73f8c9734e0X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.sync.rules.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.sync.rules.duration.us.sum" - }, - "9203a269-fdcb-4598-859d-d73f8c9734e0X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.sync.rules.duration.us.count: *" - }, - "isBucketed": false, - "label": "Part of last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.sync.rules.duration.us.count" - }, - "9203a269-fdcb-4598-859d-d73f8c9734e0X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "9203a269-fdcb-4598-859d-d73f8c9734e0X0", - "9203a269-fdcb-4598-859d-d73f8c9734e0X1" - ], - "name": "divide", - "type": "function" - }, - 1000000 - ], - "location": { - "max": 231, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", - "type": "function" - } - }, - "references": [ - "9203a269-fdcb-4598-859d-d73f8c9734e0X0", - "9203a269-fdcb-4598-859d-d73f8c9734e0X1" - ], - "scale": "ratio" - }, - "9ce45236-05a8-478a-a1e1-85ccd013786c": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "c159c217-ff39-456c-ae61-593bb727a2df": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "f80bbb4a-6177-4118-9483-7f58928032d4": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "9203a269-fdcb-4598-859d-d73f8c9734e0" - ], - "layerId": "0b5eadf5-2a9c-49a2-b862-d317822adfd8", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "9ce45236-05a8-478a-a1e1-85ccd013786c", - "xAccessor": "c159c217-ff39-456c-ae61-593bb727a2df" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "34de2f11-faf2-49e8-aada-98c2cd5eb266", - "w": 24, - "x": 24, - "y": 7 + "layers": [ + { + "accessors": [ + "a436f8a7-433c-4b20-b115-717f4da445cb" + ], + "layerId": "5de1942f-e0a5-4ed8-86c0-972d57d62085", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f80bbb4a-6177-4118-9483-7f58928032d4", + "xAccessor": "8cb92e23-1df9-41ca-8061-ad76616f76c7" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "34de2f11-faf2-49e8-aada-98c2cd5eb266", - "title": "Average SyncProxyRules latency ", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average network programming latency" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "34de2f11-faf2-49e8-aada-98c2cd5eb266", + "w": 24, + "x": 24, + "y": 7 + }, + "panelIndex": "34de2f11-faf2-49e8-aada-98c2cd5eb266", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-0b5eadf5-2a9c-49a2-b862-d317822adfd8", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0b5eadf5-2a9c-49a2-b862-d317822adfd8": { + "columnOrder": [ + "9ce45236-05a8-478a-a1e1-85ccd013786c", + "c159c217-ff39-456c-ae61-593bb727a2df", + "9203a269-fdcb-4598-859d-d73f8c9734e0", + "9203a269-fdcb-4598-859d-d73f8c9734e0X0", + "9203a269-fdcb-4598-859d-d73f8c9734e0X2", + "9203a269-fdcb-4598-859d-d73f8c9734e0X1" + ], + "columns": { + "9203a269-fdcb-4598-859d-d73f8c9734e0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Average latency", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2, + "suffix": "s" + } + }, + "formula": "last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", + "isFormulaBroken": false + }, + "references": [ + "9203a269-fdcb-4598-859d-d73f8c9734e0X2" + ], + "scale": "ratio" + }, + "9203a269-fdcb-4598-859d-d73f8c9734e0X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.sync.rules.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.sync.rules.duration.us.sum" + }, + "9203a269-fdcb-4598-859d-d73f8c9734e0X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.sync.rules.duration.us.count: *" + }, + "isBucketed": false, + "label": "Part of last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.sync.rules.duration.us.count" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(239,249,218,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Process", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ + "9203a269-fdcb-4598-859d-d73f8c9734e0X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "args": [ + "9203a269-fdcb-4598-859d-d73f8c9734e0X0", + "9203a269-fdcb-4598-859d-d73f8c9734e0X1" + ], + "name": "divide", + "type": "function" + }, + 1000000 + ], + "location": { + "max": 231, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.proxy.sync.rules.duration.us.sum, kql='kubernetes.proxy.sync.rules.duration.us.sum: *')/last_value(kubernetes.proxy.sync.rules.duration.us.count, kql='kubernetes.proxy.sync.rules.duration.us.count: *')/1000000", + "type": "function" + } + }, + "references": [ + "9203a269-fdcb-4598-859d-d73f8c9734e0X0", + "9203a269-fdcb-4598-859d-d73f8c9734e0X1" + ], + "scale": "ratio" + }, + "9ce45236-05a8-478a-a1e1-85ccd013786c": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" }, - "title": "", - "type": "metrics", - "uiState": {} + "c159c217-ff39-456c-ae61-593bb727a2df": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "c3fee68f-01c6-49da-a759-2900b1cd15bf", - "w": 48, - "x": 0, - "y": 21 + "layers": [ + { + "accessors": [ + "9203a269-fdcb-4598-859d-d73f8c9734e0" + ], + "layerId": "0b5eadf5-2a9c-49a2-b862-d317822adfd8", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "9ce45236-05a8-478a-a1e1-85ccd013786c", + "xAccessor": "c159c217-ff39-456c-ae61-593bb727a2df" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "c3fee68f-01c6-49da-a759-2900b1cd15bf", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "169f9d33-cf55-422e-906e-f4eecb26a362", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807": { - "columnOrder": [ - "6cbab896-ee42-4dad-8831-12f53cda0d6d", - "910bd079-4852-48bd-9d7a-e5eb940f0838", - "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "96c80749-da61-425a-b637-878d33e410fd", - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX2", - "96c80749-da61-425a-b637-878d33e410fdX1", - "910bd079-4852-48bd-9d7a-e5eb940f0838X0", - "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" - ], - "columns": { - "6cbab896-ee42-4dad-8831-12f53cda0d6d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "910bd079-4852-48bd-9d7a-e5eb940f0838": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resident memory", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "formula": "last_value(kubernetes.proxy.process.memory.resident.bytes, kql='kubernetes.proxy.process.memory.resident.bytes: *')", - "isFormulaBroken": false - }, - "references": [ - "910bd079-4852-48bd-9d7a-e5eb940f0838X0" - ], - "scale": "ratio" - }, - "910bd079-4852-48bd-9d7a-e5eb940f0838X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.process.memory.resident.bytes: *" - }, - "isBucketed": false, - "label": "Part of Resident memory", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.process.memory.resident.bytes" - }, - "96c80749-da61-425a-b637-878d33e410fd": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open file descriptors usage", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 1 - } - }, - "formula": "last_value(kubernetes.proxy.process.fds.open.count)/last_value(kubernetes.proxy.process.fds.max.count)*100", - "isFormulaBroken": false - }, - "references": [ - "96c80749-da61-425a-b637-878d33e410fdX2" - ], - "scale": "ratio" - }, - "96c80749-da61-425a-b637-878d33e410fdX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.process.fds.open.count: *" - }, - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.process.fds.open.count" - }, - "96c80749-da61-425a-b637-878d33e410fdX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.process.fds.max.count: *" - }, - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.process.fds.max.count" - }, - "96c80749-da61-425a-b637-878d33e410fdX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX1" - ], - "name": "divide", - "type": "function" - }, - 100 - ], - "location": { - "max": 106, - "min": 0 - }, - "name": "multiply", - "text": "last_value(kubernetes.proxy.process.fds.open.count)/last_value(kubernetes.proxy.process.fds.max.count)*100", - "type": "function" - } - }, - "references": [ - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX1" - ], - "scale": "ratio" - }, - "ee812faf-6f3c-4cc2-ad9a-27136340ef39": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Virtual memory", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "formula": "last_value(kubernetes.proxy.process.memory.virtual.bytes, kql='kubernetes.proxy.process.memory.virtual.bytes: *')", - "isFormulaBroken": false - }, - "references": [ - "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" - ], - "scale": "ratio" - }, - "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.process.memory.virtual.bytes: *" - }, - "isBucketed": false, - "label": "Part of Virtual memory", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.process.memory.virtual.bytes" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average SyncProxyRules latency " + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "c3fee68f-01c6-49da-a759-2900b1cd15bf", + "w": 48, + "x": 0, + "y": 21 + }, + "panelIndex": "c3fee68f-01c6-49da-a759-2900b1cd15bf", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(239,249,218,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Process", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "af47c34c-961a-463c-9d66-ffedcc2eef12", + "w": 24, + "x": 0, + "y": 24 + }, + "panelIndex": "af47c34c-961a-463c-9d66-ffedcc2eef12", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "169f9d33-cf55-422e-906e-f4eecb26a362", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807": { + "columnOrder": [ + "6cbab896-ee42-4dad-8831-12f53cda0d6d", + "910bd079-4852-48bd-9d7a-e5eb940f0838", + "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "96c80749-da61-425a-b637-878d33e410fd", + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX2", + "96c80749-da61-425a-b637-878d33e410fdX1", + "910bd079-4852-48bd-9d7a-e5eb940f0838X0", + "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" + ], + "columns": { + "6cbab896-ee42-4dad-8831-12f53cda0d6d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "169f9d33-cf55-422e-906e-f4eecb26a362", - "key": "kubernetes.proxy.process.fds.open.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.proxy.process.fds.open.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "6cbab896-ee42-4dad-8831-12f53cda0d6d" - }, - { - "alignment": "center", - "columnId": "910bd079-4852-48bd-9d7a-e5eb940f0838" - }, - { - "alignment": "center", - "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "isTransposed": false - }, - { - "alignment": "center", - "colorMode": "text", - "columnId": "96c80749-da61-425a-b637-878d33e410fd", - "isTransposed": false, - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#54B399", - "stop": 0 - }, - { - "color": "#D6BF57", - "stop": 60 - }, - { - "color": "#E7664C", - "stop": 90 - } - ], - "continuity": "above", - "name": "custom", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "steps": 5, - "stops": [ - { - "color": "#54B399", - "stop": 60 - }, - { - "color": "#D6BF57", - "stop": 90 - }, - { - "color": "#E7664C", - "stop": 91 - } - ] - }, - "type": "palette" - } - } - ], - "layerId": "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "layerType": "data" - } + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "af47c34c-961a-463c-9d66-ffedcc2eef12", - "w": 24, - "x": 0, - "y": 24 - }, - "panelIndex": "af47c34c-961a-463c-9d66-ffedcc2eef12", - "title": "Proxy process data ", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "77da5988-3f03-4e8f-b1e4-39a94d8bec07": { - "columnOrder": [ - "7e1756d9-af1b-4204-a8d4-8c57987216f0", - "d523e6d2-50f3-4b45-8815-8259df43850c", - "cf481e4f-b568-4306-8da9-5e3d516ccbea", - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" - ], - "columns": { - "7e1756d9-af1b-4204-a8d4-8c57987216f0": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "cf481e4f-b568-4306-8da9-5e3d516ccbea": { - "dataType": "number", - "isBucketed": false, - "label": "average(kubernetes.proxy.process.memory.resident.bytes)", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 1 - } - }, - "formula": "average(kubernetes.proxy.process.memory.resident.bytes)", - "isFormulaBroken": false - }, - "references": [ - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" - ], - "scale": "ratio" - }, - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of average(kubernetes.proxy.process.memory.resident.bytes)", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.process.memory.resident.bytes" - }, - "d523e6d2-50f3-4b45-8815-8259df43850c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "910bd079-4852-48bd-9d7a-e5eb940f0838": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resident memory", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "formula": "last_value(kubernetes.proxy.process.memory.resident.bytes, kql='kubernetes.proxy.process.memory.resident.bytes: *')", + "isFormulaBroken": false + }, + "references": [ + "910bd079-4852-48bd-9d7a-e5eb940f0838X0" + ], + "scale": "ratio" + }, + "910bd079-4852-48bd-9d7a-e5eb940f0838X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.process.memory.resident.bytes: *" + }, + "isBucketed": false, + "label": "Part of Resident memory", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.process.memory.resident.bytes" + }, + "96c80749-da61-425a-b637-878d33e410fd": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open file descriptors usage", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 1 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.3, - "layers": [ - { - "accessors": [ - "cf481e4f-b568-4306-8da9-5e3d516ccbea" - ], - "layerId": "77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "7e1756d9-af1b-4204-a8d4-8c57987216f0", - "xAccessor": "d523e6d2-50f3-4b45-8815-8259df43850c", - "yConfig": [] - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false + "formula": "last_value(kubernetes.proxy.process.fds.open.count)/last_value(kubernetes.proxy.process.fds.max.count)*100", + "isFormulaBroken": false + }, + "references": [ + "96c80749-da61-425a-b637-878d33e410fdX2" + ], + "scale": "ratio" + }, + "96c80749-da61-425a-b637-878d33e410fdX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.process.fds.open.count: *" + }, + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.process.fds.open.count" + }, + "96c80749-da61-425a-b637-878d33e410fdX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.process.fds.max.count: *" + }, + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.process.fds.max.count" + }, + "96c80749-da61-425a-b637-878d33e410fdX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX1" + ], + "name": "divide", + "type": "function" }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yTitle": "" + 100 + ], + "location": { + "max": 106, + "min": 0 + }, + "name": "multiply", + "text": "last_value(kubernetes.proxy.process.fds.open.count)/last_value(kubernetes.proxy.process.fds.max.count)*100", + "type": "function" } + }, + "references": [ + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 21, - "i": "303702e1-ba33-49f2-b337-4cc7d7305606", - "w": 24, - "x": 24, - "y": 24 - }, - "panelIndex": "303702e1-ba33-49f2-b337-4cc7d7305606", - "title": "Average resident memory ", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "type": "index-pattern" - } + "ee812faf-6f3c-4cc2-ad9a-27136340ef39": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Virtual memory", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + }, + "formula": "last_value(kubernetes.proxy.process.memory.virtual.bytes, kql='kubernetes.proxy.process.memory.virtual.bytes: *')", + "isFormulaBroken": false + }, + "references": [ + "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" + ], + "scale": "ratio" + }, + "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.process.memory.virtual.bytes: *" + }, + "isBucketed": false, + "label": "Part of Virtual memory", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.process.memory.virtual.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "169f9d33-cf55-422e-906e-f4eecb26a362", + "key": "kubernetes.proxy.process.fds.open.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.proxy.process.fds.open.count" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "6cbab896-ee42-4dad-8831-12f53cda0d6d" + }, + { + "alignment": "center", + "columnId": "910bd079-4852-48bd-9d7a-e5eb940f0838" + }, + { + "alignment": "center", + "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "isTransposed": false + }, + { + "alignment": "center", + "colorMode": "text", + "columnId": "96c80749-da61-425a-b637-878d33e410fd", + "isTransposed": false, + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#54B399", + "stop": 0 + }, + { + "color": "#D6BF57", + "stop": 60 + }, + { + "color": "#E7664C", + "stop": 90 + } ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332": { - "columnOrder": [ - "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", - "236eb2de-d45f-43f2-83f4-5a1d7355132b", - "301759e0-f73e-4e6d-a7c5-d0938024e989", - "301759e0-f73e-4e6d-a7c5-d0938024e989X1", - "301759e0-f73e-4e6d-a7c5-d0938024e989X0" - ], - "columns": { - "236eb2de-d45f-43f2-83f4-5a1d7355132b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Counter rate", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "s" - } - }, - "formula": "counter_rate(last_value(kubernetes.proxy.process.cpu.sec))", - "isFormulaBroken": false - }, - "references": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989X1" - ], - "scale": "ratio" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.process.cpu.sec: *" - }, - "isBucketed": false, - "label": "Part of Differences in Controller Proxy", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.process.cpu.sec" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Differences in Controller Proxy", - "operationType": "counter_rate", - "references": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "9edf62a7-afd2-4574-9937-34f7ee0c5fcd": { - "dataType": "string", - "isBucketed": true, - "label": "Top 20 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } + "continuity": "above", + "name": "custom", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "steps": 5, + "stops": [ + { + "color": "#54B399", + "stop": 60 + }, + { + "color": "#D6BF57", + "stop": 90 + }, + { + "color": "#E7664C", + "stop": 91 + } + ] + }, + "type": "palette" + } + } + ], + "layerId": "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Proxy process data " + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 21, + "i": "303702e1-ba33-49f2-b337-4cc7d7305606", + "w": 24, + "x": 24, + "y": 24 + }, + "panelIndex": "303702e1-ba33-49f2-b337-4cc7d7305606", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "77da5988-3f03-4e8f-b1e4-39a94d8bec07": { + "columnOrder": [ + "7e1756d9-af1b-4204-a8d4-8c57987216f0", + "d523e6d2-50f3-4b45-8815-8259df43850c", + "cf481e4f-b568-4306-8da9-5e3d516ccbea", + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" + ], + "columns": { + "7e1756d9-af1b-4204-a8d4-8c57987216f0": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.3, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "hideEndzones": false, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989" - ], - "layerId": "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", - "xAccessor": "236eb2de-d45f-43f2-83f4-5a1d7355132b", - "yConfig": [ - { - "axisMode": "left", - "color": "#d6bf57", - "forAccessor": "301759e0-f73e-4e6d-a7c5-d0938024e989" - } - ] - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "area", - "showCurrentTimeMarker": false, - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "1604f0de-edd6-456e-8670-ab9b33988abb", - "w": 24, - "x": 0, - "y": 33 - }, - "panelIndex": "1604f0de-edd6-456e-8670-ab9b33988abb", - "title": "CPU usage increase over time", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "cf481e4f-b568-4306-8da9-5e3d516ccbea": { + "dataType": "number", + "isBucketed": false, + "label": "average(kubernetes.proxy.process.memory.resident.bytes)", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 1 + } + }, + "formula": "average(kubernetes.proxy.process.memory.resident.bytes)", + "isFormulaBroken": false + }, + "references": [ + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" + ], + "scale": "ratio" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(249,235,223,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "HTTP Requests", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of average(kubernetes.proxy.process.memory.resident.bytes)", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.process.memory.resident.bytes" }, - "title": "", - "type": "metrics", - "uiState": {} + "d523e6d2-50f3-4b45-8815-8259df43850c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "f8313a9d-ab58-448e-b183-75f914caf53f", - "w": 48, - "x": 0, - "y": 45 + "fillOpacity": 0.3, + "layers": [ + { + "accessors": [ + "cf481e4f-b568-4306-8da9-5e3d516ccbea" + ], + "layerId": "77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "7e1756d9-af1b-4204-a8d4-8c57987216f0", + "xAccessor": "d523e6d2-50f3-4b45-8815-8259df43850c", + "yConfig": [] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "f8313a9d-ab58-448e-b183-75f914caf53f", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average resident memory " + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 12, + "i": "1604f0de-edd6-456e-8670-ab9b33988abb", + "w": 24, + "x": 0, + "y": 33 + }, + "panelIndex": "1604f0de-edd6-456e-8670-ab9b33988abb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332": { + "columnOrder": [ + "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", + "236eb2de-d45f-43f2-83f4-5a1d7355132b", + "301759e0-f73e-4e6d-a7c5-d0938024e989", + "301759e0-f73e-4e6d-a7c5-d0938024e989X1", + "301759e0-f73e-4e6d-a7c5-d0938024e989X0" + ], + "columns": { + "236eb2de-d45f-43f2-83f4-5a1d7355132b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**NOTE**: The default period to fetch the metrics used in **Requests counter rate , Client error responses counter rate** and **Server error responses counter rate** visualization is **10s**. The timestamps from the visualizations were chosen according to that. Otherwise, they might be inaccurate. Adjust them by clicking on the **settings wheel** on the top right of the visualization and go to the **right side menu**. After that, write the custom period value on **Horizontal axis \u003e @timestamp \u003e Minimum interval**.", - "openLinksInNewTab": false + "301759e0-f73e-4e6d-a7c5-d0938024e989": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Counter rate", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "s" + } + }, + "formula": "counter_rate(last_value(kubernetes.proxy.process.cpu.sec))", + "isFormulaBroken": false + }, + "references": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989X1" + ], + "scale": "ratio" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.process.cpu.sec: *" + }, + "isBucketed": false, + "label": "Part of Differences in Controller Proxy", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.process.cpu.sec" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Differences in Controller Proxy", + "operationType": "counter_rate", + "references": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989X0" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "markdown", - "uiState": {} + "9edf62a7-afd2-4574-9937-34f7ee0c5fcd": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 20 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fillOpacity": 0.3, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "hideEndzones": false, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 4, - "i": "6a11dafa-5cd1-49e7-9806-15110738093d", - "w": 48, - "x": 0, - "y": 48 + "layers": [ + { + "accessors": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989" + ], + "layerId": "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", + "xAccessor": "236eb2de-d45f-43f2-83f4-5a1d7355132b", + "yConfig": [ + { + "axisMode": "left", + "color": "#d6bf57", + "forAccessor": "301759e0-f73e-4e6d-a7c5-d0938024e989" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "6a11dafa-5cd1-49e7-9806-15110738093d", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "area", + "showCurrentTimeMarker": false, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9": { - "columnOrder": [ - "35a11916-4ca3-421b-9df2-521f52f21fbb", - "ed3c7efa-0467-4a57-8d06-0f4775906cc5", - "43097f7a-e478-47bc-81c1-7541bd899d46", - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1", - "43097f7a-e478-47bc-81c1-7541bd899d46X2" - ], - "columns": { - "35a11916-4ca3-421b-9df2-521f52f21fbb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.proxy.verb" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.proxy.host" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Average latency s", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0, - "suffix": "s" - } - }, - "formula": "last_value(kubernetes.proxy.client.request.duration.us.sum)/last_value(kubernetes.proxy.client.request.duration.us.count)/1000", - "isFormulaBroken": false - }, - "references": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X2" - ], - "scale": "ratio" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.client.request.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of Average latency s", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.duration.us.sum" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.client.request.duration.us.count: *" - }, - "isBucketed": false, - "label": "Part of Average latency s", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.duration.us.count" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Average latency s", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1" - ], - "name": "divide", - "type": "function" - }, - 1000 - ], - "location": { - "max": 126, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.proxy.client.request.duration.us.sum)/last_value(kubernetes.proxy.client.request.duration.us.count)/1000", - "type": "function" - } - }, - "references": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1" - ], - "scale": "ratio" - }, - "ed3c7efa-0467-4a57-8d06-0f4775906cc5": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU usage increase over time" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "f8313a9d-ab58-448e-b183-75f914caf53f", + "w": 48, + "x": 0, + "y": 45 + }, + "panelIndex": "f8313a9d-ab58-448e-b183-75f914caf53f", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(249,235,223,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "HTTP Requests", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "6a11dafa-5cd1-49e7-9806-15110738093d", + "w": 48, + "x": 0, + "y": 48 + }, + "panelIndex": "6a11dafa-5cd1-49e7-9806-15110738093d", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**NOTE**: The default period to fetch the metrics used in **Requests counter rate , Client error responses counter rate** and **Server error responses counter rate** visualization is **10s**. The timestamps from the visualizations were chosen according to that. Otherwise, they might be inaccurate. Adjust them by clicking on the **settings wheel** on the top right of the visualization and go to the **right side menu**. After that, write the custom period value on **Horizontal axis > @timestamp > Minimum interval**.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "1bd24fa1-319e-4cae-9d45-d821b06a8034", + "w": 24, + "x": 0, + "y": 52 + }, + "panelIndex": "1bd24fa1-319e-4cae-9d45-d821b06a8034", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9": { + "columnOrder": [ + "35a11916-4ca3-421b-9df2-521f52f21fbb", + "ed3c7efa-0467-4a57-8d06-0f4775906cc5", + "43097f7a-e478-47bc-81c1-7541bd899d46", + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1", + "43097f7a-e478-47bc-81c1-7541bd899d46X2" + ], + "columns": { + "35a11916-4ca3-421b-9df2-521f52f21fbb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "43097f7a-e478-47bc-81c1-7541bd899d46" - ], - "layerId": "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "35a11916-4ca3-421b-9df2-521f52f21fbb", - "xAccessor": "ed3c7efa-0467-4a57-8d06-0f4775906cc5", - "yConfig": [] - } - ], - "legend": { - "horizontalAlignment": "right", - "isInside": false, - "isVisible": true, - "legendSize": "xlarge", - "maxLines": 1, - "position": "right", - "shouldTruncate": false, - "verticalAlignment": "bottom" + "secondaryFields": [ + "kubernetes.proxy.verb" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.proxy.host" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Average latency s", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0, + "suffix": "s" + } + }, + "formula": "last_value(kubernetes.proxy.client.request.duration.us.sum)/last_value(kubernetes.proxy.client.request.duration.us.count)/1000", + "isFormulaBroken": false + }, + "references": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X2" + ], + "scale": "ratio" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.client.request.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of Average latency s", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.duration.us.sum" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.client.request.duration.us.count: *" + }, + "isBucketed": false, + "label": "Part of Average latency s", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.duration.us.count" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Average latency s", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1" + ], + "name": "divide", + "type": "function" }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yTitle": "" + 1000 + ], + "location": { + "max": 126, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.proxy.client.request.duration.us.sum)/last_value(kubernetes.proxy.client.request.duration.us.count)/1000", + "type": "function" } + }, + "references": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "ed3c7efa-0467-4a57-8d06-0f4775906cc5": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "1bd24fa1-319e-4cae-9d45-d821b06a8034", - "w": 24, - "x": 0, - "y": 52 + "layers": [ + { + "accessors": [ + "43097f7a-e478-47bc-81c1-7541bd899d46" + ], + "layerId": "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "35a11916-4ca3-421b-9df2-521f52f21fbb", + "xAccessor": "ed3c7efa-0467-4a57-8d06-0f4775906cc5", + "yConfig": [] + } + ], + "legend": { + "horizontalAlignment": "right", + "isInside": false, + "isVisible": true, + "legendSize": "xlarge", + "maxLines": 1, + "position": "right", + "shouldTruncate": false, + "verticalAlignment": "bottom" }, - "panelIndex": "1bd24fa1-319e-4cae-9d45-d821b06a8034", - "title": "Average request latency", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "7c7c4b67-a2df-427f-abbd-635e5fa73a9c": { - "columnOrder": [ - "d3b90051-0bb2-41e0-9d5d-34ff145dba09", - "8a2e9cea-60fb-4603-a072-9b0e6194344c", - "63268365-bb35-456f-831c-78238984a061", - "63268365-bb35-456f-831c-78238984a061X0", - "63268365-bb35-456f-831c-78238984a061X1" - ], - "columns": { - "63268365-bb35-456f-831c-78238984a061": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "counter_rate(last_value(kubernetes.proxy.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "63268365-bb35-456f-831c-78238984a061X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "63268365-bb35-456f-831c-78238984a061X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.client.request.count: *" - }, - "isBucketed": false, - "label": "Part of Requests", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.count" - }, - "63268365-bb35-456f-831c-78238984a061X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Requests", - "operationType": "counter_rate", - "references": [ - "63268365-bb35-456f-831c-78238984a061X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "8a2e9cea-60fb-4603-a072-9b0e6194344c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "d3b90051-0bb2-41e0-9d5d-34ff145dba09": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "customLabel": false, - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.proxy.code", - "kubernetes.proxy.method" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average request latency" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "91a7ce56-6a49-4b7e-837f-31c184b48c09", + "w": 24, + "x": 24, + "y": 52 + }, + "panelIndex": "91a7ce56-6a49-4b7e-837f-31c184b48c09", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "7c7c4b67-a2df-427f-abbd-635e5fa73a9c": { + "columnOrder": [ + "d3b90051-0bb2-41e0-9d5d-34ff145dba09", + "8a2e9cea-60fb-4603-a072-9b0e6194344c", + "63268365-bb35-456f-831c-78238984a061", + "63268365-bb35-456f-831c-78238984a061X0", + "63268365-bb35-456f-831c-78238984a061X1" + ], + "columns": { + "63268365-bb35-456f-831c-78238984a061": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "63268365-bb35-456f-831c-78238984a061" - ], - "layerId": "7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "d3b90051-0bb2-41e0-9d5d-34ff145dba09", - "xAccessor": "8a2e9cea-60fb-4603-a072-9b0e6194344c" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "formula": "counter_rate(last_value(kubernetes.proxy.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "63268365-bb35-456f-831c-78238984a061X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "63268365-bb35-456f-831c-78238984a061X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.client.request.count: *" + }, + "isBucketed": false, + "label": "Part of Requests", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.count" + }, + "63268365-bb35-456f-831c-78238984a061X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Requests", + "operationType": "counter_rate", + "references": [ + "63268365-bb35-456f-831c-78238984a061X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "8a2e9cea-60fb-4603-a072-9b0e6194344c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d3b90051-0bb2-41e0-9d5d-34ff145dba09": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "customLabel": false, + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "orderBy": { + "type": "custom" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "kubernetes.proxy.code", + "kubernetes.proxy.method" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "91a7ce56-6a49-4b7e-837f-31c184b48c09", - "w": 24, - "x": 24, - "y": 52 + "layers": [ + { + "accessors": [ + "63268365-bb35-456f-831c-78238984a061" + ], + "layerId": "7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "d3b90051-0bb2-41e0-9d5d-34ff145dba09", + "xAccessor": "8a2e9cea-60fb-4603-a072-9b0e6194344c" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "91a7ce56-6a49-4b7e-837f-31c184b48c09", - "title": "Requests counter rate", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-acbb7181-0ff2-4164-9761-8b2c430d6a68", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "acbb7181-0ff2-4164-9761-8b2c430d6a68": { - "columnOrder": [ - "eb84dd5b-79c5-4928-8636-fcc56d70b7fc", - "a42b9c5d-612b-4849-be9e-2405c3ad6e28", - "fea759f8-df7f-4c51-8163-03ed7c9e1a8f", - "eb7e83d0-db8e-4b46-963c-3f2e8f343546", - "2a6c7891-abb8-467d-ba48-e1807a096b9c", - "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX1", - "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX0" - ], - "columns": { - "2a6c7891-abb8-467d-ba48-e1807a096b9c": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "", - "operationType": "differences", - "references": [ - "eb7e83d0-db8e-4b46-963c-3f2e8f343546" - ], - "scale": "ratio" - }, - "a42b9c5d-612b-4849-be9e-2405c3ad6e28": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto", - "sortField": "@timestamp" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "eb7e83d0-db8e-4b46-963c-3f2e8f343546": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of differences(max(kubernetes.proxy.client.request.count))", - "operationType": "max", - "params": { - "emptyAsNull": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.count" - }, - "eb84dd5b-79c5-4928-8636-fcc56d70b7fc": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.proxy.code", - "kubernetes.proxy.method" - ], - "size": 4 - }, - "scale": "ordinal", - "sourceField": "kubernetes.proxy.host" - }, - "fea759f8-df7f-4c51-8163-03ed7c9e1a8f": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "" - }, - "isBucketed": false, - "label": "Client errors", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "counter_rate(last_value(kubernetes.proxy.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "" - }, - "isBucketed": false, - "label": "Part of Client errors", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.count" - }, - "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "" - }, - "isBucketed": false, - "label": "Part of Client errors", - "operationType": "counter_rate", - "references": [ - "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX0" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Requests counter rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "24a2f3ce-a762-4e5f-8794-ff67fc70a41d", + "w": 24, + "x": 0, + "y": 66 + }, + "panelIndex": "24a2f3ce-a762-4e5f-8794-ff67fc70a41d", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-acbb7181-0ff2-4164-9761-8b2c430d6a68", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "acbb7181-0ff2-4164-9761-8b2c430d6a68": { + "columnOrder": [ + "eb84dd5b-79c5-4928-8636-fcc56d70b7fc", + "a42b9c5d-612b-4849-be9e-2405c3ad6e28", + "fea759f8-df7f-4c51-8163-03ed7c9e1a8f", + "eb7e83d0-db8e-4b46-963c-3f2e8f343546", + "2a6c7891-abb8-467d-ba48-e1807a096b9c", + "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX1", + "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX0" + ], + "columns": { + "2a6c7891-abb8-467d-ba48-e1807a096b9c": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "", + "operationType": "differences", + "references": [ + "eb7e83d0-db8e-4b46-963c-3f2e8f343546" + ], + "scale": "ratio" + }, + "a42b9c5d-612b-4849-be9e-2405c3ad6e28": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto", + "sortField": "@timestamp" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "eb7e83d0-db8e-4b46-963c-3f2e8f343546": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of differences(max(kubernetes.proxy.client.request.count))", + "operationType": "max", + "params": { + "emptyAsNull": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.count" + }, + "eb84dd5b-79c5-4928-8636-fcc56d70b7fc": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "947a681d-0eb3-462e-a2cb-5adade5d6c85", - "key": "query", - "negate": false, - "type": "custom" - }, - "query": { - "range": { - "kubernetes.proxy.code": { - "gte": 400, - "lt": 500 - } - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "kubernetes.proxy.code", + "kubernetes.proxy.method" ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 4 + }, + "scale": "ordinal", + "sourceField": "kubernetes.proxy.host" + }, + "fea759f8-df7f-4c51-8163-03ed7c9e1a8f": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "" + }, + "isBucketed": false, + "label": "Client errors", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "fea759f8-df7f-4c51-8163-03ed7c9e1a8f" - ], - "layerId": "acbb7181-0ff2-4164-9761-8b2c430d6a68", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "eb84dd5b-79c5-4928-8636-fcc56d70b7fc", - "xAccessor": "a42b9c5d-612b-4849-be9e-2405c3ad6e28" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "formula": "counter_rate(last_value(kubernetes.proxy.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "" + }, + "isBucketed": false, + "label": "Part of Client errors", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.count" + }, + "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "" + }, + "isBucketed": false, + "label": "Part of Client errors", + "operationType": "counter_rate", + "references": [ + "fea759f8-df7f-4c51-8163-03ed7c9e1a8fX0" + ], + "scale": "ratio", + "timeScale": "s" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "947a681d-0eb3-462e-a2cb-5adade5d6c85", + "key": "query", + "negate": false, + "type": "custom" + }, + "query": { + "range": { + "kubernetes.proxy.code": { + "gte": 400, + "lt": 500 + } + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "24a2f3ce-a762-4e5f-8794-ff67fc70a41d", - "w": 24, - "x": 0, - "y": 66 + "layers": [ + { + "accessors": [ + "fea759f8-df7f-4c51-8163-03ed7c9e1a8f" + ], + "layerId": "acbb7181-0ff2-4164-9761-8b2c430d6a68", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "eb84dd5b-79c5-4928-8636-fcc56d70b7fc", + "xAccessor": "a42b9c5d-612b-4849-be9e-2405c3ad6e28" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "24a2f3ce-a762-4e5f-8794-ff67fc70a41d", - "title": "Client error responses counter rate", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-54af7a75-9eab-4746-b959-378d6bbb7cf6", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "54af7a75-9eab-4746-b959-378d6bbb7cf6": { - "columnOrder": [ - "e05814a2-da30-432b-8fbf-bad34214cc4c", - "2a39c430-b798-486a-8ad6-f91c4fb96fc8", - "ffd0dce8-3168-40cd-9ec3-46d5003d9093", - "e137ff3f-86e1-4be8-9bee-a9f50d5cbec8", - "63166add-64d0-4f67-b9cf-e0a4fee229a4", - "f19c32fc-8086-4c14-a124-747572608ae5", - "b842fba2-3cc2-4d13-8cf9-37b66f21b796", - "ffd0dce8-3168-40cd-9ec3-46d5003d9093X1", - "ffd0dce8-3168-40cd-9ec3-46d5003d9093X0" - ], - "columns": { - "2a39c430-b798-486a-8ad6-f91c4fb96fc8": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "63166add-64d0-4f67-b9cf-e0a4fee229a4": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "", - "operationType": "differences", - "references": [ - "e137ff3f-86e1-4be8-9bee-a9f50d5cbec8" - ], - "scale": "ratio" - }, - "b842fba2-3cc2-4d13-8cf9-37b66f21b796": { - "customLabel": true, - "dataType": "number", - "filter": {}, - "isBucketed": false, - "label": "", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.count" - }, - "e05814a2-da30-432b-8fbf-bad34214cc4c": { - "dataType": "string", - "isBucketed": true, - "label": "Top values", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.proxy.code", - "kubernetes.proxy.method" - ], - "size": 4 - }, - "scale": "ordinal", - "sourceField": "kubernetes.proxy.host" - }, - "e137ff3f-86e1-4be8-9bee-a9f50d5cbec8": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.count" - }, - "f19c32fc-8086-4c14-a124-747572608ae5": { - "customLabel": true, - "dataType": "number", - "filter": {}, - "isBucketed": false, - "label": "", - "operationType": "differences", - "references": [ - "b842fba2-3cc2-4d13-8cf9-37b66f21b796" - ], - "scale": "ratio" - }, - "ffd0dce8-3168-40cd-9ec3-46d5003d9093": { - "customLabel": true, - "dataType": "number", - "filter": {}, - "isBucketed": false, - "label": "Server errors", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - }, - "formula": "counter_rate(last_value(kubernetes.proxy.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "ffd0dce8-3168-40cd-9ec3-46d5003d9093X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "ffd0dce8-3168-40cd-9ec3-46d5003d9093X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.proxy.client.request.count: *" - }, - "isBucketed": false, - "label": "Part of Server errors", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.proxy.client.request.count" - }, - "ffd0dce8-3168-40cd-9ec3-46d5003d9093X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Server errors", - "operationType": "counter_rate", - "references": [ - "ffd0dce8-3168-40cd-9ec3-46d5003d9093X0" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Client error responses counter rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "e3c408a3-6515-4104-b764-888f39fa6185", + "w": 24, + "x": 24, + "y": 66 + }, + "panelIndex": "e3c408a3-6515-4104-b764-888f39fa6185", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-54af7a75-9eab-4746-b959-378d6bbb7cf6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "54af7a75-9eab-4746-b959-378d6bbb7cf6": { + "columnOrder": [ + "e05814a2-da30-432b-8fbf-bad34214cc4c", + "2a39c430-b798-486a-8ad6-f91c4fb96fc8", + "ffd0dce8-3168-40cd-9ec3-46d5003d9093", + "e137ff3f-86e1-4be8-9bee-a9f50d5cbec8", + "63166add-64d0-4f67-b9cf-e0a4fee229a4", + "f19c32fc-8086-4c14-a124-747572608ae5", + "b842fba2-3cc2-4d13-8cf9-37b66f21b796", + "ffd0dce8-3168-40cd-9ec3-46d5003d9093X1", + "ffd0dce8-3168-40cd-9ec3-46d5003d9093X0" + ], + "columns": { + "2a39c430-b798-486a-8ad6-f91c4fb96fc8": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "63166add-64d0-4f67-b9cf-e0a4fee229a4": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "", + "operationType": "differences", + "references": [ + "e137ff3f-86e1-4be8-9bee-a9f50d5cbec8" + ], + "scale": "ratio" + }, + "b842fba2-3cc2-4d13-8cf9-37b66f21b796": { + "customLabel": true, + "dataType": "number", + "filter": {}, + "isBucketed": false, + "label": "", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.count" + }, + "e05814a2-da30-432b-8fbf-bad34214cc4c": { + "dataType": "string", + "isBucketed": true, + "label": "Top values", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "f97a243b-a7a5-4fff-b2c8-7e4231e73f63", - "key": "query", - "negate": false, - "type": "custom" - }, - "query": { - "range": { - "kubernetes.proxy.code": { - "gte": 500 - } - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "kubernetes.proxy.code", + "kubernetes.proxy.method" ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 4 + }, + "scale": "ordinal", + "sourceField": "kubernetes.proxy.host" + }, + "e137ff3f-86e1-4be8-9bee-a9f50d5cbec8": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.count" + }, + "f19c32fc-8086-4c14-a124-747572608ae5": { + "customLabel": true, + "dataType": "number", + "filter": {}, + "isBucketed": false, + "label": "", + "operationType": "differences", + "references": [ + "b842fba2-3cc2-4d13-8cf9-37b66f21b796" + ], + "scale": "ratio" + }, + "ffd0dce8-3168-40cd-9ec3-46d5003d9093": { + "customLabel": true, + "dataType": "number", + "filter": {}, + "isBucketed": false, + "label": "Server errors", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "ffd0dce8-3168-40cd-9ec3-46d5003d9093" - ], - "layerId": "54af7a75-9eab-4746-b959-378d6bbb7cf6", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "e05814a2-da30-432b-8fbf-bad34214cc4c", - "xAccessor": "2a39c430-b798-486a-8ad6-f91c4fb96fc8" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "formula": "counter_rate(last_value(kubernetes.proxy.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "ffd0dce8-3168-40cd-9ec3-46d5003d9093X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "ffd0dce8-3168-40cd-9ec3-46d5003d9093X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.proxy.client.request.count: *" + }, + "isBucketed": false, + "label": "Part of Server errors", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.proxy.client.request.count" + }, + "ffd0dce8-3168-40cd-9ec3-46d5003d9093X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Server errors", + "operationType": "counter_rate", + "references": [ + "ffd0dce8-3168-40cd-9ec3-46d5003d9093X0" + ], + "scale": "ratio", + "timeScale": "s" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "f97a243b-a7a5-4fff-b2c8-7e4231e73f63", + "key": "query", + "negate": false, + "type": "custom" + }, + "query": { + "range": { + "kubernetes.proxy.code": { + "gte": 500 + } + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "e3c408a3-6515-4104-b764-888f39fa6185", - "w": 24, - "x": 24, - "y": 66 + "layers": [ + { + "accessors": [ + "ffd0dce8-3168-40cd-9ec3-46d5003d9093" + ], + "layerId": "54af7a75-9eab-4746-b959-378d6bbb7cf6", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "e05814a2-da30-432b-8fbf-bad34214cc4c", + "xAccessor": "2a39c430-b798-486a-8ad6-f91c4fb96fc8" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "e3c408a3-6515-4104-b764-888f39fa6185", - "title": "Server error responses counter rate", - "type": "lens", - "version": "8.6.0" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Proxy", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T16:15:13.706Z", - "id": "kubernetes-5e649d60-9901-11e9-ba57-b7ab4e2d4b58", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd:metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f74e1a86-4370-4f65-a3b8-d92c9f25ff42:indexpattern-datasource-layer-5de1942f-e0a5-4ed8-86c0-972d57d62085", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "34de2f11-faf2-49e8-aada-98c2cd5eb266:indexpattern-datasource-layer-0b5eadf5-2a9c-49a2-b862-d317822adfd8", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c3fee68f-01c6-49da-a759-2900b1cd15bf:metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "af47c34c-961a-463c-9d66-ffedcc2eef12:indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "af47c34c-961a-463c-9d66-ffedcc2eef12:169f9d33-cf55-422e-906e-f4eecb26a362", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "303702e1-ba33-49f2-b337-4cc7d7305606:indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1604f0de-edd6-456e-8670-ab9b33988abb:indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f8313a9d-ab58-448e-b183-75f914caf53f:metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1bd24fa1-319e-4cae-9d45-d821b06a8034:indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "24a2f3ce-a762-4e5f-8794-ff67fc70a41d:indexpattern-datasource-layer-acbb7181-0ff2-4164-9761-8b2c430d6a68", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e3c408a3-6515-4104-b764-888f39fa6185:indexpattern-datasource-layer-54af7a75-9eab-4746-b959-378d6bbb7cf6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_f53d0d21-4502-4dce-8004-017a92104040:optionsListDataView", - "type": "index-pattern" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_df56c430-83b1-436e-8b9c-fb027aaa29ca:optionsListDataView", - "type": "index-pattern" - } + "title": "Server error responses counter rate" + } ], - "type": "dashboard", - "updated_at": "2023-01-11T16:15:13.706Z", - "version": "WzM1MDAsMV0=" + "timeRestore": false, + "title": "[Metrics Kubernetes] Proxy", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd:metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f74e1a86-4370-4f65-a3b8-d92c9f25ff42:indexpattern-datasource-layer-5de1942f-e0a5-4ed8-86c0-972d57d62085", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "34de2f11-faf2-49e8-aada-98c2cd5eb266:indexpattern-datasource-layer-0b5eadf5-2a9c-49a2-b862-d317822adfd8", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c3fee68f-01c6-49da-a759-2900b1cd15bf:metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "af47c34c-961a-463c-9d66-ffedcc2eef12:indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "af47c34c-961a-463c-9d66-ffedcc2eef12:169f9d33-cf55-422e-906e-f4eecb26a362", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "303702e1-ba33-49f2-b337-4cc7d7305606:indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1604f0de-edd6-456e-8670-ab9b33988abb:indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f8313a9d-ab58-448e-b183-75f914caf53f:metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1bd24fa1-319e-4cae-9d45-d821b06a8034:indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "24a2f3ce-a762-4e5f-8794-ff67fc70a41d:indexpattern-datasource-layer-acbb7181-0ff2-4164-9761-8b2c430d6a68", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e3c408a3-6515-4104-b764-888f39fa6185:indexpattern-datasource-layer-54af7a75-9eab-4746-b959-378d6bbb7cf6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_f53d0d21-4502-4dce-8004-017a92104040:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_df56c430-83b1-436e-8b9c-fb027aaa29ca:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013.json index d066b5bf8c1..fa81a82e6bb 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,904 +1,912 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"0e42fece-4a2f-4b80-a57d-89eeec3d0d29\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"0e42fece-4a2f-4b80-a57d-89eeec3d0d29\",\"enhancements\":{}}},\"cfe75517-e74e-43eb-9566-258234ad92e7\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"cfe75517-e74e-43eb-9566-258234ad92e7\",\"selectedOptions\":[],\"enhancements\":{}}},\"274480d2-d432-486c-bce5-e88caa3d6b7a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.daemonset.name\",\"title\":\"DaemonSet Name\",\"id\":\"274480d2-d432-486c-bce5-e88caa3d6b7a\",\"selectedOptions\":[],\"enhancements\":{}}}}" - }, - "description": "Metrics about DaemonSets", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI0OSwyXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "twoLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"0e42fece-4a2f-4b80-a57d-89eeec3d0d29\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"0e42fece-4a2f-4b80-a57d-89eeec3d0d29\",\"enhancements\":{}}},\"cfe75517-e74e-43eb-9566-258234ad92e7\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"cfe75517-e74e-43eb-9566-258234ad92e7\",\"selectedOptions\":[],\"enhancements\":{}}},\"274480d2-d432-486c-bce5-e88caa3d6b7a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.daemonset.name\",\"title\":\"DaemonSet Name\",\"id\":\"274480d2-d432-486c-bce5-e88caa3d6b7a\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Metrics about DaemonSets", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 4, + "i": "573ec41e-ffc3-4c89-ba35-138bab599f07", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "573ec41e-ffc3-4c89-ba35-138bab599f07", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "573ec41e-ffc3-4c89-ba35-138bab599f07", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.10.2" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-e3bc5ca2-71af-4901-ae1c-82e383f83ae9", - "type": "index-pattern" + "panelIndex": "573ec41e-ffc3-4c89-ba35-138bab599f07", + "title": "Kubernetes Dashboards [Metrics Kubernetes]", + "type": "visualization", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-e3bc5ca2-71af-4901-ae1c-82e383f83ae9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d115572d-c1ae-4402-bd61-7f6aca621b17", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "e3bc5ca2-71af-4901-ae1c-82e383f83ae9": { + "columnOrder": [ + "859d3534-c923-4005-a84a-158f079f7e62", + "e115f6a2-0a07-4712-ab16-e6bce3f17b2c" + ], + "columns": { + "859d3534-c923-4005-a84a-158f079f7e62": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.daemonset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "d115572d-c1ae-4402-bd61-7f6aca621b17", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "e3bc5ca2-71af-4901-ae1c-82e383f83ae9": { - "columnOrder": [ - "859d3534-c923-4005-a84a-158f079f7e62", - "e115f6a2-0a07-4712-ab16-e6bce3f17b2c" - ], - "columns": { - "859d3534-c923-4005-a84a-158f079f7e62": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.daemonset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.daemonset.name" - }, - "e115f6a2-0a07-4712-ab16-e6bce3f17b2c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.daemonset.replicas.desired\": *" - }, - "isBucketed": false, - "label": "Replicas Available ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.desired" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "d115572d-c1ae-4402-bd61-7f6aca621b17", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_daemonset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_daemonset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "859d3534-c923-4005-a84a-158f079f7e62", - "collapseFn": "sum", - "layerId": "e3bc5ca2-71af-4901-ae1c-82e383f83ae9", - "layerType": "data", - "metricAccessor": "e115f6a2-0a07-4712-ab16-e6bce3f17b2c" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.daemonset.name" }, - "title": "DaemonSet Replicas Desired [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "e115f6a2-0a07-4712-ab16-e6bce3f17b2c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.daemonset.replicas.desired\": *" + }, + "isBucketed": false, + "label": "Replicas Available ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.desired" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "74f075ae-ea3e-40aa-a84c-2538a2195f6a", - "w": 12, - "x": 0, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "74f075ae-ea3e-40aa-a84c-2538a2195f6a", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "d115572d-c1ae-4402-bd61-7f6aca621b17", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_daemonset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_daemonset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "859d3534-c923-4005-a84a-158f079f7e62", + "collapseFn": "sum", + "layerId": "e3bc5ca2-71af-4901-ae1c-82e383f83ae9", + "layerType": "data", + "metricAccessor": "e115f6a2-0a07-4712-ab16-e6bce3f17b2c" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-65cba563-57d3-468a-93b9-f22de872b5ff", - "type": "index-pattern" + "title": "DaemonSet Replicas Desired [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "74f075ae-ea3e-40aa-a84c-2538a2195f6a", + "w": 12, + "x": 0, + "y": 4 + }, + "panelIndex": "74f075ae-ea3e-40aa-a84c-2538a2195f6a", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-65cba563-57d3-468a-93b9-f22de872b5ff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9cc3aefb-f6ee-47ca-8e8b-a5e5e9f46a6a", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "65cba563-57d3-468a-93b9-f22de872b5ff": { + "columnOrder": [ + "333417c9-f6ca-4afe-837c-f96891f37780", + "2318a210-3ab1-434b-8c1a-231a81856418" + ], + "columns": { + "2318a210-3ab1-434b-8c1a-231a81856418": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.daemonset.replicas.available\": *" + }, + "isBucketed": false, + "label": "Replicas Available", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.available" + }, + "333417c9-f6ca-4afe-837c-f96891f37780": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.daemonset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "9cc3aefb-f6ee-47ca-8e8b-a5e5e9f46a6a", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "65cba563-57d3-468a-93b9-f22de872b5ff": { - "columnOrder": [ - "333417c9-f6ca-4afe-837c-f96891f37780", - "2318a210-3ab1-434b-8c1a-231a81856418" - ], - "columns": { - "2318a210-3ab1-434b-8c1a-231a81856418": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.daemonset.replicas.available\": *" - }, - "isBucketed": false, - "label": "Replicas Available", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.available" - }, - "333417c9-f6ca-4afe-837c-f96891f37780": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.daemonset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.daemonset.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "9cc3aefb-f6ee-47ca-8e8b-a5e5e9f46a6a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_daemonset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_daemonset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "333417c9-f6ca-4afe-837c-f96891f37780", - "collapseFn": "sum", - "layerId": "65cba563-57d3-468a-93b9-f22de872b5ff", - "layerType": "data", - "metricAccessor": "2318a210-3ab1-434b-8c1a-231a81856418" - } - }, - "title": "DaemonSet Replicas Available [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.daemonset.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "2f904623-cc34-4a48-afce-46fff964dbdf", - "w": 12, - "x": 12, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "2f904623-cc34-4a48-afce-46fff964dbdf", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "9cc3aefb-f6ee-47ca-8e8b-a5e5e9f46a6a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_daemonset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_daemonset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "333417c9-f6ca-4afe-837c-f96891f37780", + "collapseFn": "sum", + "layerId": "65cba563-57d3-468a-93b9-f22de872b5ff", + "layerType": "data", + "metricAccessor": "2318a210-3ab1-434b-8c1a-231a81856418" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-bb896fbb-5e73-4bb9-922d-922562b1e71f", - "type": "index-pattern" + "title": "DaemonSet Replicas Available [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "2f904623-cc34-4a48-afce-46fff964dbdf", + "w": 12, + "x": 12, + "y": 4 + }, + "panelIndex": "2f904623-cc34-4a48-afce-46fff964dbdf", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-bb896fbb-5e73-4bb9-922d-922562b1e71f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1aacb9a8-18b0-46cb-a522-1cfac61e09ef", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "bb896fbb-5e73-4bb9-922d-922562b1e71f": { + "columnOrder": [ + "edebd4ce-012f-4677-ab82-cdb1e495c9b5", + "33e722b3-a080-438a-a3d9-83f6da23009a" + ], + "columns": { + "33e722b3-a080-438a-a3d9-83f6da23009a": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.daemonset.replicas.unavailable\": *" + }, + "isBucketed": false, + "label": "Replicas Unavailable ", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.unavailable" + }, + "edebd4ce-012f-4677-ab82-cdb1e495c9b5": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.daemonset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "1aacb9a8-18b0-46cb-a522-1cfac61e09ef", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "bb896fbb-5e73-4bb9-922d-922562b1e71f": { - "columnOrder": [ - "edebd4ce-012f-4677-ab82-cdb1e495c9b5", - "33e722b3-a080-438a-a3d9-83f6da23009a" - ], - "columns": { - "33e722b3-a080-438a-a3d9-83f6da23009a": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.daemonset.replicas.unavailable\": *" - }, - "isBucketed": false, - "label": "Replicas Unavailable ", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.unavailable" - }, - "edebd4ce-012f-4677-ab82-cdb1e495c9b5": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.daemonset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.daemonset.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "1aacb9a8-18b0-46cb-a522-1cfac61e09ef", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_daemonset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_daemonset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "edebd4ce-012f-4677-ab82-cdb1e495c9b5", - "collapseFn": "sum", - "layerId": "bb896fbb-5e73-4bb9-922d-922562b1e71f", - "layerType": "data", - "metricAccessor": "33e722b3-a080-438a-a3d9-83f6da23009a" - } - }, - "title": "DaemonSet Replicas Unavailable [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.daemonset.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "e39b7173-1acf-4b60-9500-caa97eb5fabb", - "w": 12, - "x": 24, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "e39b7173-1acf-4b60-9500-caa97eb5fabb", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "1aacb9a8-18b0-46cb-a522-1cfac61e09ef", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_daemonset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_daemonset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "edebd4ce-012f-4677-ab82-cdb1e495c9b5", + "collapseFn": "sum", + "layerId": "bb896fbb-5e73-4bb9-922d-922562b1e71f", + "layerType": "data", + "metricAccessor": "33e722b3-a080-438a-a3d9-83f6da23009a" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-54d4cb18-d411-4a9b-a241-8ecc1f2efddd", - "type": "index-pattern" + "title": "DaemonSet Replicas Unavailable [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "e39b7173-1acf-4b60-9500-caa97eb5fabb", + "w": 12, + "x": 24, + "y": 4 + }, + "panelIndex": "e39b7173-1acf-4b60-9500-caa97eb5fabb", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-54d4cb18-d411-4a9b-a241-8ecc1f2efddd", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "29b0a3c9-8a78-4a42-bc09-60671675e57c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "54d4cb18-d411-4a9b-a241-8ecc1f2efddd": { + "columnOrder": [ + "515a5062-e737-46a4-a456-257440ce7eb3", + "71fe8682-2b23-416c-973f-ae5f63658dc3" + ], + "columns": { + "515a5062-e737-46a4-a456-257440ce7eb3": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.daemonset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "29b0a3c9-8a78-4a42-bc09-60671675e57c", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "54d4cb18-d411-4a9b-a241-8ecc1f2efddd": { - "columnOrder": [ - "515a5062-e737-46a4-a456-257440ce7eb3", - "71fe8682-2b23-416c-973f-ae5f63658dc3" - ], - "columns": { - "515a5062-e737-46a4-a456-257440ce7eb3": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.daemonset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.daemonset.name" - }, - "71fe8682-2b23-416c-973f-ae5f63658dc3": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.daemonset.replicas.ready\": *" - }, - "isBucketed": false, - "label": "Replicas Ready", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.ready" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "29b0a3c9-8a78-4a42-bc09-60671675e57c", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_daemonset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_daemonset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "515a5062-e737-46a4-a456-257440ce7eb3", - "collapseFn": "sum", - "layerId": "54d4cb18-d411-4a9b-a241-8ecc1f2efddd", - "layerType": "data", - "metricAccessor": "71fe8682-2b23-416c-973f-ae5f63658dc3" - } + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.daemonset.name" }, - "title": "DaemonSet Replicas Ready [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "71fe8682-2b23-416c-973f-ae5f63658dc3": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.daemonset.replicas.ready\": *" + }, + "isBucketed": false, + "label": "Replicas Ready", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.ready" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "08341473-695b-44de-8faa-8ca14a6031e1", - "w": 12, - "x": 36, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "08341473-695b-44de-8faa-8ca14a6031e1", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "29b0a3c9-8a78-4a42-bc09-60671675e57c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_daemonset" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_daemonset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "515a5062-e737-46a4-a456-257440ce7eb3", + "collapseFn": "sum", + "layerId": "54d4cb18-d411-4a9b-a241-8ecc1f2efddd", + "layerType": "data", + "metricAccessor": "71fe8682-2b23-416c-973f-ae5f63658dc3" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-14c12ba0-f1aa-48ac-98c4-111594e9244c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1ecf2434-25f0-454c-94cd-67a09297f08f", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "14c12ba0-f1aa-48ac-98c4-111594e9244c": { - "columnOrder": [ - "3f5990a9-a37a-429c-879c-8f4361fdb541", - "ad8b1756-1e89-403e-a4be-6bb918a3ae4c", - "34892916-522d-4b2e-b286-a534475b34a1", - "431b1111-09a2-4c06-8a86-c345ea80f6ed" - ], - "columns": { - "34892916-522d-4b2e-b286-a534475b34a1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Replicas Desired", - "operationType": "median", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.desired" - }, - "3f5990a9-a37a-429c-879c-8f4361fdb541": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "DaemonSet Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ad8b1756-1e89-403e-a4be-6bb918a3ae4c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "kubernetes.daemonset.name" - }, - "431b1111-09a2-4c06-8a86-c345ea80f6ed": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.daemonset.replicas.unavailable: *" - }, - "isBucketed": false, - "label": "Replicas Unavailable", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.unavailable" - }, - "ad8b1756-1e89-403e-a4be-6bb918a3ae4c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.daemonset.replicas.available: *" - }, - "isBucketed": false, - "label": "Replicas Available", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.daemonset.replicas.available" - } - }, - "incompleteColumns": {} - } - } - } + "title": "DaemonSet Replicas Ready [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "08341473-695b-44de-8faa-8ca14a6031e1", + "w": 12, + "x": 36, + "y": 4 + }, + "panelIndex": "08341473-695b-44de-8faa-8ca14a6031e1", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-14c12ba0-f1aa-48ac-98c4-111594e9244c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1ecf2434-25f0-454c-94cd-67a09297f08f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "14c12ba0-f1aa-48ac-98c4-111594e9244c": { + "columnOrder": [ + "3f5990a9-a37a-429c-879c-8f4361fdb541", + "ad8b1756-1e89-403e-a4be-6bb918a3ae4c", + "34892916-522d-4b2e-b286-a534475b34a1", + "431b1111-09a2-4c06-8a86-c345ea80f6ed" + ], + "columns": { + "34892916-522d-4b2e-b286-a534475b34a1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Replicas Desired", + "operationType": "median", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.desired" + }, + "3f5990a9-a37a-429c-879c-8f4361fdb541": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "DaemonSet Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ad8b1756-1e89-403e-a4be-6bb918a3ae4c", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1ecf2434-25f0-454c-94cd-67a09297f08f", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_daemonset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_daemonset" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "accessors": [ - "ad8b1756-1e89-403e-a4be-6bb918a3ae4c", - "34892916-522d-4b2e-b286-a534475b34a1", - "431b1111-09a2-4c06-8a86-c345ea80f6ed" - ], - "layerId": "14c12ba0-f1aa-48ac-98c4-111594e9244c", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "xAccessor": "3f5990a9-a37a-429c-879c-8f4361fdb541", - "yConfig": [ - { - "color": "#dd0a50", - "forAccessor": "431b1111-09a2-4c06-8a86-c345ea80f6ed" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide" - } + "size": 20 + }, + "scale": "ordinal", + "sourceField": "kubernetes.daemonset.name" + }, + "431b1111-09a2-4c06-8a86-c345ea80f6ed": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.daemonset.replicas.unavailable: *" + }, + "isBucketed": false, + "label": "Replicas Unavailable", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.unavailable" }, - "title": "Replicas per DaemonSet [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsXY" + "ad8b1756-1e89-403e-a4be-6bb918a3ae4c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.daemonset.replicas.available: *" + }, + "isBucketed": false, + "label": "Replicas Available", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.daemonset.replicas.available" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1ecf2434-25f0-454c-94cd-67a09297f08f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_daemonset" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 16, - "i": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd", - "w": 48, - "x": 0, - "y": 11 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_daemonset" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "ad8b1756-1e89-403e-a4be-6bb918a3ae4c", + "34892916-522d-4b2e-b286-a534475b34a1", + "431b1111-09a2-4c06-8a86-c345ea80f6ed" + ], + "layerId": "14c12ba0-f1aa-48ac-98c4-111594e9244c", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "3f5990a9-a37a-429c-879c-8f4361fdb541", + "yConfig": [ + { + "color": "#dd0a50", + "forAccessor": "431b1111-09a2-4c06-8a86-c345ea80f6ed" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd", - "title": "Replicas per DaemonSet [Metrics Kubernetes]", - "type": "lens", - "version": "8.10.2" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] DaemonSets", - "version": 1 - }, - "coreMigrationVersion": "8.8.0", - "created_at": "2023-10-31T12:42:19.191Z", - "id": "kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013", - "managed": false, - "references": [ - { - "id": "metrics-*", - "name": "74f075ae-ea3e-40aa-a84c-2538a2195f6a:indexpattern-datasource-layer-e3bc5ca2-71af-4901-ae1c-82e383f83ae9", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "74f075ae-ea3e-40aa-a84c-2538a2195f6a:d115572d-c1ae-4402-bd61-7f6aca621b17", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2f904623-cc34-4a48-afce-46fff964dbdf:indexpattern-datasource-layer-65cba563-57d3-468a-93b9-f22de872b5ff", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2f904623-cc34-4a48-afce-46fff964dbdf:9cc3aefb-f6ee-47ca-8e8b-a5e5e9f46a6a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e39b7173-1acf-4b60-9500-caa97eb5fabb:indexpattern-datasource-layer-bb896fbb-5e73-4bb9-922d-922562b1e71f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e39b7173-1acf-4b60-9500-caa97eb5fabb:1aacb9a8-18b0-46cb-a522-1cfac61e09ef", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "08341473-695b-44de-8faa-8ca14a6031e1:indexpattern-datasource-layer-54d4cb18-d411-4a9b-a241-8ecc1f2efddd", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "08341473-695b-44de-8faa-8ca14a6031e1:29b0a3c9-8a78-4a42-bc09-60671675e57c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd:indexpattern-datasource-layer-14c12ba0-f1aa-48ac-98c4-111594e9244c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd:1ecf2434-25f0-454c-94cd-67a09297f08f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_0e42fece-4a2f-4b80-a57d-89eeec3d0d29:optionsListDataView", - "type": "index-pattern" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "Replicas per DaemonSet [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "metrics-*", - "name": "controlGroup_cfe75517-e74e-43eb-9566-258234ad92e7:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 16, + "i": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd", + "w": 48, + "x": 0, + "y": 11 }, - { - "id": "metrics-*", - "name": "controlGroup_274480d2-d432-486c-bce5-e88caa3d6b7a:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd", + "title": "Replicas per DaemonSet [Metrics Kubernetes]", + "type": "lens", + "version": "8.10.2" + } ], - "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "timeRestore": false, + "title": "[Metrics Kubernetes] DaemonSets", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "74f075ae-ea3e-40aa-a84c-2538a2195f6a:indexpattern-datasource-layer-e3bc5ca2-71af-4901-ae1c-82e383f83ae9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "74f075ae-ea3e-40aa-a84c-2538a2195f6a:d115572d-c1ae-4402-bd61-7f6aca621b17", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2f904623-cc34-4a48-afce-46fff964dbdf:indexpattern-datasource-layer-65cba563-57d3-468a-93b9-f22de872b5ff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2f904623-cc34-4a48-afce-46fff964dbdf:9cc3aefb-f6ee-47ca-8e8b-a5e5e9f46a6a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e39b7173-1acf-4b60-9500-caa97eb5fabb:indexpattern-datasource-layer-bb896fbb-5e73-4bb9-922d-922562b1e71f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e39b7173-1acf-4b60-9500-caa97eb5fabb:1aacb9a8-18b0-46cb-a522-1cfac61e09ef", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "08341473-695b-44de-8faa-8ca14a6031e1:indexpattern-datasource-layer-54d4cb18-d411-4a9b-a241-8ecc1f2efddd", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "08341473-695b-44de-8faa-8ca14a6031e1:29b0a3c9-8a78-4a42-bc09-60671675e57c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd:indexpattern-datasource-layer-14c12ba0-f1aa-48ac-98c4-111594e9244c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "aca3d51a-f0ea-4323-8a27-0f8fc1b122cd:1ecf2434-25f0-454c-94cd-67a09297f08f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_0e42fece-4a2f-4b80-a57d-89eeec3d0d29:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_cfe75517-e74e-43eb-9566-258234ad92e7:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_274480d2-d432-486c-bce5-e88caa3d6b7a:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013.json index 061abd60a35..f689e25d101 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,911 +1,919 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"f85be4a4-bc01-41a9-b566-442569777dd4\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"f85be4a4-bc01-41a9-b566-442569777dd4\",\"enhancements\":{}}},\"db907011-1eb3-4ed7-ab48-679727ee08f2\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"db907011-1eb3-4ed7-ab48-679727ee08f2\",\"enhancements\":{}}},\"0a0c6dd9-2a6f-4d7a-b4f7-1231987bc460\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.job.name\",\"title\":\"Job Name\",\"id\":\"0a0c6dd9-2a6f-4d7a-b4f7-1231987bc460\",\"enhancements\":{}}}}" - }, - "description": "Metrics about Jobs", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1MCwyXQ==", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "twoLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"f85be4a4-bc01-41a9-b566-442569777dd4\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"f85be4a4-bc01-41a9-b566-442569777dd4\",\"enhancements\":{}}},\"db907011-1eb3-4ed7-ab48-679727ee08f2\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"db907011-1eb3-4ed7-ab48-679727ee08f2\",\"enhancements\":{}}},\"0a0c6dd9-2a6f-4d7a-b4f7-1231987bc460\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.job.name\",\"title\":\"Job Name\",\"id\":\"0a0c6dd9-2a6f-4d7a-b4f7-1231987bc460\",\"enhancements\":{}}}}" + }, + "description": "Metrics about Jobs", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "gridData": { + "h": 4, + "i": "ce57bb14-ee8a-43ba-bb57-a6f815838500", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false + "panelIndex": "ce57bb14-ee8a-43ba-bb57-a6f815838500", + "title": "Kubernetes Dashboards [Metrics Kubernetes]", + "type": "visualization", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-9b261d2c-645a-4dca-9229-9d8c52e79b9f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e4408339-1fa7-47b3-bac9-d2e7945d989f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "9b261d2c-645a-4dca-9229-9d8c52e79b9f": { + "columnOrder": [ + "d65fee9a-8196-4bcf-b80f-af8eae9974ea", + "3bd09ac0-4718-47e1-abb4-54cbcf502e63" + ], + "columns": { + "3bd09ac0-4718-47e1-abb4-54cbcf502e63": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.job.pods.active\": *" + }, + "isBucketed": false, + "label": "Active", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.job.pods.active" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "ce57bb14-ee8a-43ba-bb57-a6f815838500", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "ce57bb14-ee8a-43ba-bb57-a6f815838500", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.10.2" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-9b261d2c-645a-4dca-9229-9d8c52e79b9f", - "type": "index-pattern" + "d65fee9a-8196-4bcf-b80f-af8eae9974ea": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.job.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "e4408339-1fa7-47b3-bac9-d2e7945d989f", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "9b261d2c-645a-4dca-9229-9d8c52e79b9f": { - "columnOrder": [ - "d65fee9a-8196-4bcf-b80f-af8eae9974ea", - "3bd09ac0-4718-47e1-abb4-54cbcf502e63" - ], - "columns": { - "3bd09ac0-4718-47e1-abb4-54cbcf502e63": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.job.pods.active\": *" - }, - "isBucketed": false, - "label": "Active", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.job.pods.active" - }, - "d65fee9a-8196-4bcf-b80f-af8eae9974ea": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.job.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "e4408339-1fa7-47b3-bac9-d2e7945d989f", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_job" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_job" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "d65fee9a-8196-4bcf-b80f-af8eae9974ea", - "collapseFn": "sum", - "layerId": "9b261d2c-645a-4dca-9229-9d8c52e79b9f", - "layerType": "data", - "metricAccessor": "3bd09ac0-4718-47e1-abb4-54cbcf502e63" - } - }, - "title": "Active Job Pods [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "65805e20-7bb7-43ef-99de-fc56c3de6af2", - "w": 14, - "x": 0, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "65805e20-7bb7-43ef-99de-fc56c3de6af2", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "e4408339-1fa7-47b3-bac9-d2e7945d989f", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_job" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_job" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "d65fee9a-8196-4bcf-b80f-af8eae9974ea", + "collapseFn": "sum", + "layerId": "9b261d2c-645a-4dca-9229-9d8c52e79b9f", + "layerType": "data", + "metricAccessor": "3bd09ac0-4718-47e1-abb4-54cbcf502e63" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-8da4f091-8450-456a-8496-aab42ef0871a", - "type": "index-pattern" + "title": "Active Job Pods [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "65805e20-7bb7-43ef-99de-fc56c3de6af2", + "w": 14, + "x": 0, + "y": 4 + }, + "panelIndex": "65805e20-7bb7-43ef-99de-fc56c3de6af2", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8da4f091-8450-456a-8496-aab42ef0871a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "25697353-2613-4360-89cc-900c9e265a10", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "8da4f091-8450-456a-8496-aab42ef0871a": { + "columnOrder": [ + "a7a7d706-d487-4ea4-ac4e-a52de432b629", + "8747afd9-3e1d-4da8-8f85-e3f526af747e" + ], + "columns": { + "8747afd9-3e1d-4da8-8f85-e3f526af747e": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.job.pods.succeeded\": *" + }, + "isBucketed": false, + "label": "Succeeded", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.job.pods.succeeded" + }, + "a7a7d706-d487-4ea4-ac4e-a52de432b629": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.job.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "25697353-2613-4360-89cc-900c9e265a10", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "8da4f091-8450-456a-8496-aab42ef0871a": { - "columnOrder": [ - "a7a7d706-d487-4ea4-ac4e-a52de432b629", - "8747afd9-3e1d-4da8-8f85-e3f526af747e" - ], - "columns": { - "8747afd9-3e1d-4da8-8f85-e3f526af747e": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.job.pods.succeeded\": *" - }, - "isBucketed": false, - "label": "Succeeded", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.job.pods.succeeded" - }, - "a7a7d706-d487-4ea4-ac4e-a52de432b629": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.job.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "25697353-2613-4360-89cc-900c9e265a10", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_job" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_job" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "a7a7d706-d487-4ea4-ac4e-a52de432b629", - "collapseFn": "sum", - "layerId": "8da4f091-8450-456a-8496-aab42ef0871a", - "layerType": "data", - "metricAccessor": "8747afd9-3e1d-4da8-8f85-e3f526af747e" - } - }, - "title": "Succeeded Job Pods [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "9ecfd540-d36f-4869-836d-3dd704a6561f", - "w": 14, - "x": 17, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "9ecfd540-d36f-4869-836d-3dd704a6561f", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "25697353-2613-4360-89cc-900c9e265a10", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_job" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_job" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "a7a7d706-d487-4ea4-ac4e-a52de432b629", + "collapseFn": "sum", + "layerId": "8da4f091-8450-456a-8496-aab42ef0871a", + "layerType": "data", + "metricAccessor": "8747afd9-3e1d-4da8-8f85-e3f526af747e" + } }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-81a3cd5d-50e5-4e31-b736-000de1673372", - "type": "index-pattern" + "title": "Succeeded Job Pods [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "9ecfd540-d36f-4869-836d-3dd704a6561f", + "w": 14, + "x": 17, + "y": 4 + }, + "panelIndex": "9ecfd540-d36f-4869-836d-3dd704a6561f", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-81a3cd5d-50e5-4e31-b736-000de1673372", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f5e0f998-307f-48b5-8a3d-a8ce10058dbd", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "81a3cd5d-50e5-4e31-b736-000de1673372": { + "columnOrder": [ + "d373cc02-b4ba-4cb3-a0b1-da41564d4a96", + "9fd1fc3c-2013-4d03-9107-b03512a8f7dd" + ], + "columns": { + "9fd1fc3c-2013-4d03-9107-b03512a8f7dd": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "\"kubernetes.job.pods.failed\": *" + }, + "isBucketed": false, + "label": "Failed", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.job.pods.failed" + }, + "d373cc02-b4ba-4cb3-a0b1-da41564d4a96": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.job.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "f5e0f998-307f-48b5-8a3d-a8ce10058dbd", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "81a3cd5d-50e5-4e31-b736-000de1673372": { - "columnOrder": [ - "d373cc02-b4ba-4cb3-a0b1-da41564d4a96", - "9fd1fc3c-2013-4d03-9107-b03512a8f7dd" - ], - "columns": { - "9fd1fc3c-2013-4d03-9107-b03512a8f7dd": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "\"kubernetes.job.pods.failed\": *" - }, - "isBucketed": false, - "label": "Failed", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.job.pods.failed" - }, - "d373cc02-b4ba-4cb3-a0b1-da41564d4a96": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.job.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.name" - } - }, - "ignoreGlobalFilters": false, - "incompleteColumns": {} - } - } - }, - "indexpattern": { - "layers": {} - }, - "textBased": { - "layers": {} - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "field": "data_stream.dataset", - "index": "f5e0f998-307f-48b5-8a3d-a8ce10058dbd", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_job" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_job" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "breakdownByAccessor": "d373cc02-b4ba-4cb3-a0b1-da41564d4a96", - "collapseFn": "sum", - "layerId": "81a3cd5d-50e5-4e31-b736-000de1673372", - "layerType": "data", - "metricAccessor": "9fd1fc3c-2013-4d03-9107-b03512a8f7dd" - } - }, - "title": "Failed Job Pods [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + "secondaryFields": [], + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.name" + } + }, + "ignoreGlobalFilters": false, + "incompleteColumns": {} + } + } }, - "gridData": { - "h": 7, - "i": "c73b7420-ce63-4d11-b25e-387c7c76b9f1", - "w": 14, - "x": 34, - "y": 4 + "indexpattern": { + "layers": {} }, - "panelIndex": "c73b7420-ce63-4d11-b25e-387c7c76b9f1", - "type": "lens", - "version": "8.10.2" + "textBased": { + "layers": {} + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "f5e0f998-307f-48b5-8a3d-a8ce10058dbd", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_job" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_job" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "breakdownByAccessor": "d373cc02-b4ba-4cb3-a0b1-da41564d4a96", + "collapseFn": "sum", + "layerId": "81a3cd5d-50e5-4e31-b736-000de1673372", + "layerType": "data", + "metricAccessor": "9fd1fc3c-2013-4d03-9107-b03512a8f7dd" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-77c778d8-1664-4062-b5ff-7bbc982f49d2", - "type": "index-pattern" + "title": "Failed Job Pods [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true + }, + "gridData": { + "h": 7, + "i": "c73b7420-ce63-4d11-b25e-387c7c76b9f1", + "w": 14, + "x": 34, + "y": 4 + }, + "panelIndex": "c73b7420-ce63-4d11-b25e-387c7c76b9f1", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-77c778d8-1664-4062-b5ff-7bbc982f49d2", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "29baa5ec-91df-42a8-8d21-3c3adaa47202", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "77c778d8-1664-4062-b5ff-7bbc982f49d2": { + "columnOrder": [ + "33f00b6c-023d-4b71-98c5-7c5a56d3b9d8", + "00c2aa45-0e8c-4f29-a478-4b8dbf419472", + "8163b6c0-69e0-4e8f-9c21-6878a2e5e8e1", + "b1e6a372-87f5-44cd-b0c3-132f94a4a860" + ], + "columns": { + "00c2aa45-0e8c-4f29-a478-4b8dbf419472": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Completions Desired", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - { - "id": "metrics-*", - "name": "29baa5ec-91df-42a8-8d21-3c3adaa47202", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "77c778d8-1664-4062-b5ff-7bbc982f49d2": { - "columnOrder": [ - "33f00b6c-023d-4b71-98c5-7c5a56d3b9d8", - "00c2aa45-0e8c-4f29-a478-4b8dbf419472", - "8163b6c0-69e0-4e8f-9c21-6878a2e5e8e1", - "b1e6a372-87f5-44cd-b0c3-132f94a4a860" - ], - "columns": { - "00c2aa45-0e8c-4f29-a478-4b8dbf419472": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Completions Desired", - "operationType": "last_value", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.job.completions.desired" - }, - "33f00b6c-023d-4b71-98c5-7c5a56d3b9d8": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Job Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.name" - }, - "8163b6c0-69e0-4e8f-9c21-6878a2e5e8e1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Parallelism Desired", - "operationType": "last_value", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.job.parallelism.desired" - }, - "b1e6a372-87f5-44cd-b0c3-132f94a4a860": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Completed", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.status.complete" - } - }, - "incompleteColumns": {} - } - } - } + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.job.completions.desired" + }, + "33f00b6c-023d-4b71-98c5-7c5a56d3b9d8": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Job Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "29baa5ec-91df-42a8-8d21-3c3adaa47202", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_job" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_job" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "33f00b6c-023d-4b71-98c5-7c5a56d3b9d8", - "isTransposed": false - }, - { - "columnId": "00c2aa45-0e8c-4f29-a478-4b8dbf419472", - "isTransposed": false - }, - { - "columnId": "8163b6c0-69e0-4e8f-9c21-6878a2e5e8e1", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "b1e6a372-87f5-44cd-b0c3-132f94a4a860", - "isTransposed": false - } - ], - "layerId": "77c778d8-1664-4062-b5ff-7bbc982f49d2", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.name" }, - "title": "Informations per Job [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "8163b6c0-69e0-4e8f-9c21-6878a2e5e8e1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Parallelism Desired", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.job.parallelism.desired" + }, + "b1e6a372-87f5-44cd-b0c3-132f94a4a860": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Completed", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.status.complete" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "29baa5ec-91df-42a8-8d21-3c3adaa47202", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_job" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 17, - "i": "574d76e2-ca20-4c75-9dac-31265a772ba5", - "w": 24, - "x": 0, - "y": 11 - }, - "panelIndex": "574d76e2-ca20-4c75-9dac-31265a772ba5", - "title": "Informations per Job [Metrics Kubernetes]", - "type": "lens", - "version": "8.10.2" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_job" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "33f00b6c-023d-4b71-98c5-7c5a56d3b9d8", + "isTransposed": false + }, + { + "columnId": "00c2aa45-0e8c-4f29-a478-4b8dbf419472", + "isTransposed": false + }, + { + "columnId": "8163b6c0-69e0-4e8f-9c21-6878a2e5e8e1", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "b1e6a372-87f5-44cd-b0c3-132f94a4a860", + "isTransposed": false + } + ], + "layerId": "77c778d8-1664-4062-b5ff-7bbc982f49d2", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-36fb858f-bcf8-4256-9880-37297f1189ce", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "aee28695-ee4d-4930-9118-c4b39cea9c2c", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "36fb858f-bcf8-4256-9880-37297f1189ce": { - "columnOrder": [ - "2566280d-0419-4eaa-97e7-f8a6c76da734", - "70dcbe16-f977-46bb-a8ae-9e0067232d5e", - "6822f9cc-97ef-41b2-bebb-5444626e2a4f" - ], - "columns": { - "2566280d-0419-4eaa-97e7-f8a6c76da734": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Job Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.name" - }, - "6822f9cc-97ef-41b2-bebb-5444626e2a4f": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Owner Kind", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.owner.kind" - }, - "70dcbe16-f977-46bb-a8ae-9e0067232d5e": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Owner Name", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.job.owner.name" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Informations per Job [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "gridData": { + "h": 17, + "i": "574d76e2-ca20-4c75-9dac-31265a772ba5", + "w": 24, + "x": 0, + "y": 11 + }, + "panelIndex": "574d76e2-ca20-4c75-9dac-31265a772ba5", + "title": "Informations per Job [Metrics Kubernetes]", + "type": "lens", + "version": "8.10.2" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-36fb858f-bcf8-4256-9880-37297f1189ce", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "aee28695-ee4d-4930-9118-c4b39cea9c2c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "36fb858f-bcf8-4256-9880-37297f1189ce": { + "columnOrder": [ + "2566280d-0419-4eaa-97e7-f8a6c76da734", + "70dcbe16-f977-46bb-a8ae-9e0067232d5e", + "6822f9cc-97ef-41b2-bebb-5444626e2a4f" + ], + "columns": { + "2566280d-0419-4eaa-97e7-f8a6c76da734": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Job Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "aee28695-ee4d-4930-9118-c4b39cea9c2c", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_job" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_job" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "2566280d-0419-4eaa-97e7-f8a6c76da734", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "70dcbe16-f977-46bb-a8ae-9e0067232d5e", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "6822f9cc-97ef-41b2-bebb-5444626e2a4f", - "isTransposed": false - } - ], - "layerId": "36fb858f-bcf8-4256-9880-37297f1189ce", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.name" + }, + "6822f9cc-97ef-41b2-bebb-5444626e2a4f": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Owner Kind", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.owner.kind" }, - "title": "Job Owner Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "70dcbe16-f977-46bb-a8ae-9e0067232d5e": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Owner Name", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.job.owner.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "aee28695-ee4d-4930-9118-c4b39cea9c2c", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_job" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 17, - "i": "2bb97a71-28ce-428d-99d1-01b1918aebf5", - "w": 24, - "x": 24, - "y": 11 - }, - "panelIndex": "2bb97a71-28ce-428d-99d1-01b1918aebf5", - "title": "Job Owner Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.10.2" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Jobs", - "version": 1 - }, - "coreMigrationVersion": "8.8.0", - "created_at": "2023-10-31T12:43:10.962Z", - "id": "kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013", - "managed": false, - "references": [ - { - "id": "metrics-*", - "name": "65805e20-7bb7-43ef-99de-fc56c3de6af2:indexpattern-datasource-layer-9b261d2c-645a-4dca-9229-9d8c52e79b9f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "65805e20-7bb7-43ef-99de-fc56c3de6af2:e4408339-1fa7-47b3-bac9-d2e7945d989f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "9ecfd540-d36f-4869-836d-3dd704a6561f:indexpattern-datasource-layer-8da4f091-8450-456a-8496-aab42ef0871a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "9ecfd540-d36f-4869-836d-3dd704a6561f:25697353-2613-4360-89cc-900c9e265a10", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c73b7420-ce63-4d11-b25e-387c7c76b9f1:indexpattern-datasource-layer-81a3cd5d-50e5-4e31-b736-000de1673372", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c73b7420-ce63-4d11-b25e-387c7c76b9f1:f5e0f998-307f-48b5-8a3d-a8ce10058dbd", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "574d76e2-ca20-4c75-9dac-31265a772ba5:indexpattern-datasource-layer-77c778d8-1664-4062-b5ff-7bbc982f49d2", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "574d76e2-ca20-4c75-9dac-31265a772ba5:29baa5ec-91df-42a8-8d21-3c3adaa47202", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2bb97a71-28ce-428d-99d1-01b1918aebf5:indexpattern-datasource-layer-36fb858f-bcf8-4256-9880-37297f1189ce", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2bb97a71-28ce-428d-99d1-01b1918aebf5:aee28695-ee4d-4930-9118-c4b39cea9c2c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_f85be4a4-bc01-41a9-b566-442569777dd4:optionsListDataView", - "type": "index-pattern" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_job" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "2566280d-0419-4eaa-97e7-f8a6c76da734", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "70dcbe16-f977-46bb-a8ae-9e0067232d5e", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "6822f9cc-97ef-41b2-bebb-5444626e2a4f", + "isTransposed": false + } + ], + "layerId": "36fb858f-bcf8-4256-9880-37297f1189ce", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "Job Owner Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "metrics-*", - "name": "controlGroup_db907011-1eb3-4ed7-ab48-679727ee08f2:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 17, + "i": "2bb97a71-28ce-428d-99d1-01b1918aebf5", + "w": 24, + "x": 24, + "y": 11 }, - { - "id": "metrics-*", - "name": "controlGroup_0a0c6dd9-2a6f-4d7a-b4f7-1231987bc460:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "2bb97a71-28ce-428d-99d1-01b1918aebf5", + "title": "Job Owner Informations [Metrics Kubernetes]", + "type": "lens", + "version": "8.10.2" + } ], - "type": "dashboard", - "typeMigrationVersion": "8.9.0" + "timeRestore": false, + "title": "[Metrics Kubernetes] Jobs", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "65805e20-7bb7-43ef-99de-fc56c3de6af2:indexpattern-datasource-layer-9b261d2c-645a-4dca-9229-9d8c52e79b9f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "65805e20-7bb7-43ef-99de-fc56c3de6af2:e4408339-1fa7-47b3-bac9-d2e7945d989f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9ecfd540-d36f-4869-836d-3dd704a6561f:indexpattern-datasource-layer-8da4f091-8450-456a-8496-aab42ef0871a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9ecfd540-d36f-4869-836d-3dd704a6561f:25697353-2613-4360-89cc-900c9e265a10", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c73b7420-ce63-4d11-b25e-387c7c76b9f1:indexpattern-datasource-layer-81a3cd5d-50e5-4e31-b736-000de1673372", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c73b7420-ce63-4d11-b25e-387c7c76b9f1:f5e0f998-307f-48b5-8a3d-a8ce10058dbd", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "574d76e2-ca20-4c75-9dac-31265a772ba5:indexpattern-datasource-layer-77c778d8-1664-4062-b5ff-7bbc982f49d2", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "574d76e2-ca20-4c75-9dac-31265a772ba5:29baa5ec-91df-42a8-8d21-3c3adaa47202", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2bb97a71-28ce-428d-99d1-01b1918aebf5:indexpattern-datasource-layer-36fb858f-bcf8-4256-9880-37297f1189ce", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2bb97a71-28ce-428d-99d1-01b1918aebf5:aee28695-ee4d-4930-9118-c4b39cea9c2c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_f85be4a4-bc01-41a9-b566-442569777dd4:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_db907011-1eb3-4ed7-ab48-679727ee08f2:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_0a0c6dd9-2a6f-4d7a-b4f7-1231987bc460:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013.json index b701c197e87..8d406b9414b 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,2221 +1,2238 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"57552b73-992a-46e6-9f21-9e07ca926a83\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"57552b73-992a-46e6-9f21-9e07ca926a83\",\"selectedOptions\":[],\"enhancements\":{}}},\"6c029002-b266-42ef-af36-fdcd73bfadef\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.node.name\",\"title\":\"Node Name\",\"id\":\"6c029002-b266-42ef-af36-fdcd73bfadef\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1MSwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "twoLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"57552b73-992a-46e6-9f21-9e07ca926a83\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"57552b73-992a-46e6-9f21-9e07ca926a83\",\"selectedOptions\":[],\"enhancements\":{}}},\"6c029002-b266-42ef-af36-fdcd73bfadef\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.node.name\",\"title\":\"Node Name\",\"id\":\"6c029002-b266-42ef-af36-fdcd73bfadef\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Metrics about Nodes", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "1d9fa4a6-44fe-489d-be4f-53a2eb02a2d5", + "w": 48, + "x": 0, + "y": 0 }, - "description": "Metrics about Nodes", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "panelIndex": "1d9fa4a6-44fe-489d-be4f-53a2eb02a2d5", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 8, + "i": "c6bb8ec0-dae3-4438-ab76-0bff97321124", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "c6bb8ec0-dae3-4438-ab76-0bff97321124", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-4bf1dfdb-7a60-482d-88d4-130d598ac7bb", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "562d314a-8db1-4d85-9fcd-fe3224749cb2", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "4bf1dfdb-7a60-482d-88d4-130d598ac7bb": { + "columnOrder": [ + "d3f3271d-566f-4fe6-9bf1-69a47d59a2be", + "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64", + "17247592-e6aa-4dba-b20d-b0accaf877dc" + ], + "columns": { + "17247592-e6aa-4dba-b20d-b0accaf877dc": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.node.pod.allocatable.total: *" + }, + "isBucketed": false, + "label": "Total Allocatable Pods", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.node.pod.allocatable.total" }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false + "d3f3271d-566f-4fe6-9bf1-69a47d59a2be": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Node", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" }, - "title": "", - "type": "markdown", - "uiState": {} + "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Allocated Pods", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 4, - "i": "1d9fa4a6-44fe-489d-be4f-53a2eb02a2d5", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "1d9fa4a6-44fe-489d-be4f-53a2eb02a2d5", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0-SNAPSHOT" + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "562d314a-8db1-4d85-9fcd-fe3224749cb2", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.pod", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.pod", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + }, + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "d3f3271d-566f-4fe6-9bf1-69a47d59a2be", + "isTransposed": false + }, + { + "columnId": "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64", + "isTransposed": false + }, + { + "columnId": "17247592-e6aa-4dba-b20d-b0accaf877dc", + "isTransposed": false + } + ], + "layerId": "4bf1dfdb-7a60-482d-88d4-130d598ac7bb", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-4bf1dfdb-7a60-482d-88d4-130d598ac7bb", - "type": "index-pattern" + "title": "Allocated and Allocatable Pods per Node [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Allocated and Allocatable Pods per Node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 8, + "i": "2a2da54b-f923-4b1f-b36c-0b1d283405b9", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "2a2da54b-f923-4b1f-b36c-0b1d283405b9", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-28060f62-4880-4b1c-aef2-fe42f9df0c64", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3a819463-89ca-494a-9d6a-9e600dccf098", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "28060f62-4880-4b1c-aef2-fe42f9df0c64": { + "columnOrder": [ + "6efc3318-f2d7-4e8b-ad3c-138a8cf9522d", + "b0d6d768-94b4-4a60-8703-d4e2f7a04df2", + "7ccec911-2e78-4c28-ade7-94447ebb88b2", + "802c8bea-aecf-4d1b-9b54-84d527d1fc18", + "968ccc98-9aab-42e0-9ae1-bb2767d38edb", + "d9dbaa39-4e9e-41a9-b6ce-dbe76d4e865e", + "f17d0cb7-9045-4bc8-a26a-0777b34a90e6", + "f146f523-db5b-4965-8486-615c98de32f7" + ], + "columns": { + "6efc3318-f2d7-4e8b-ad3c-138a8cf9522d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Node", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "562d314a-8db1-4d85-9fcd-fe3224749cb2", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "4bf1dfdb-7a60-482d-88d4-130d598ac7bb": { - "columnOrder": [ - "d3f3271d-566f-4fe6-9bf1-69a47d59a2be", - "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64", - "17247592-e6aa-4dba-b20d-b0accaf877dc" - ], - "columns": { - "17247592-e6aa-4dba-b20d-b0accaf877dc": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.node.pod.allocatable.total: *" - }, - "isBucketed": false, - "label": "Total Allocatable Pods", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.node.pod.allocatable.total" - }, - "d3f3271d-566f-4fe6-9bf1-69a47d59a2be": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Node", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Allocated Pods", - "operationType": "unique_count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "562d314a-8db1-4d85-9fcd-fe3224749cb2", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.pod", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.pod", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "d3f3271d-566f-4fe6-9bf1-69a47d59a2be", - "isTransposed": false - }, - { - "columnId": "f0a42b6b-873e-41f2-8ce3-e0598cd7ed64", - "isTransposed": false - }, - { - "columnId": "17247592-e6aa-4dba-b20d-b0accaf877dc", - "isTransposed": false - } - ], - "layerId": "4bf1dfdb-7a60-482d-88d4-130d598ac7bb", - "layerType": "data" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" }, - "title": "Allocated and Allocatable Pods per Node [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "c6bb8ec0-dae3-4438-ab76-0bff97321124", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "c6bb8ec0-dae3-4438-ab76-0bff97321124", - "title": "Allocated and Allocatable Pods per Node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "7ccec911-2e78-4c28-ade7-94447ebb88b2": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.labels.kubernetes_io/os: *" + }, + "isBucketed": false, + "label": "Operating System", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.labels.kubernetes_io/os" + }, + "802c8bea-aecf-4d1b-9b54-84d527d1fc18": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.labels.kubernetes_io/hostname: *" + }, + "isBucketed": false, + "label": "Hostname", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.labels.kubernetes_io/hostname" + }, + "968ccc98-9aab-42e0-9ae1-bb2767d38edb": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.node.status.ready: *" + }, + "isBucketed": false, + "label": "Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.status.ready" + }, + "b0d6d768-94b4-4a60-8703-d4e2f7a04df2": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.labels.kubernetes_io/arch: *" + }, + "isBucketed": false, + "label": "Architecture", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.labels.kubernetes_io/arch" + }, + "d9dbaa39-4e9e-41a9-b6ce-dbe76d4e865e": { + "customLabel": true, + "dataType": "boolean", + "filter": { + "language": "kuery", + "query": "kubernetes.node.status.unschedulable: *" + }, + "isBucketed": false, + "label": "Unschedulable", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.node.status.unschedulable" + }, + "f146f523-db5b-4965-8486-615c98de32f7": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.node.status.memory_pressure: *" + }, + "isBucketed": false, + "label": "Memory Pressure", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.status.memory_pressure" + }, + "f17d0cb7-9045-4bc8-a26a-0777b34a90e6": { + "customLabel": true, + "dataType": "string", + "filter": { + "language": "kuery", + "query": "kubernetes.node.status.disk_pressure: *" + }, + "isBucketed": false, + "label": "Disk Pressure", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.status.disk_pressure" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3a819463-89ca-494a-9d6a-9e600dccf098", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.node", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.node", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } + }, + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "6efc3318-f2d7-4e8b-ad3c-138a8cf9522d", + "isTransposed": false + }, + { + "columnId": "b0d6d768-94b4-4a60-8703-d4e2f7a04df2", + "isTransposed": false + }, + { + "columnId": "7ccec911-2e78-4c28-ade7-94447ebb88b2", + "isTransposed": false + }, + { + "columnId": "802c8bea-aecf-4d1b-9b54-84d527d1fc18", + "isTransposed": false + }, + { + "columnId": "968ccc98-9aab-42e0-9ae1-bb2767d38edb", + "isTransposed": false + }, + { + "columnId": "d9dbaa39-4e9e-41a9-b6ce-dbe76d4e865e", + "isTransposed": false + }, + { + "columnId": "f17d0cb7-9045-4bc8-a26a-0777b34a90e6", + "isTransposed": false + }, + { + "columnId": "f146f523-db5b-4965-8486-615c98de32f7", + "isTransposed": false + } + ], + "layerId": "28060f62-4880-4b1c-aef2-fe42f9df0c64", + "layerType": "data" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-28060f62-4880-4b1c-aef2-fe42f9df0c64", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3a819463-89ca-494a-9d6a-9e600dccf098", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "28060f62-4880-4b1c-aef2-fe42f9df0c64": { - "columnOrder": [ - "6efc3318-f2d7-4e8b-ad3c-138a8cf9522d", - "b0d6d768-94b4-4a60-8703-d4e2f7a04df2", - "7ccec911-2e78-4c28-ade7-94447ebb88b2", - "802c8bea-aecf-4d1b-9b54-84d527d1fc18", - "968ccc98-9aab-42e0-9ae1-bb2767d38edb", - "d9dbaa39-4e9e-41a9-b6ce-dbe76d4e865e", - "f17d0cb7-9045-4bc8-a26a-0777b34a90e6", - "f146f523-db5b-4965-8486-615c98de32f7" - ], - "columns": { - "6efc3318-f2d7-4e8b-ad3c-138a8cf9522d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Node", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "7ccec911-2e78-4c28-ade7-94447ebb88b2": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.labels.kubernetes_io/os: *" - }, - "isBucketed": false, - "label": "Operating System", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.labels.kubernetes_io/os" - }, - "802c8bea-aecf-4d1b-9b54-84d527d1fc18": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.labels.kubernetes_io/hostname: *" - }, - "isBucketed": false, - "label": "Hostname", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.labels.kubernetes_io/hostname" - }, - "968ccc98-9aab-42e0-9ae1-bb2767d38edb": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.node.status.ready: *" - }, - "isBucketed": false, - "label": "Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.status.ready" - }, - "b0d6d768-94b4-4a60-8703-d4e2f7a04df2": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.labels.kubernetes_io/arch: *" - }, - "isBucketed": false, - "label": "Architecture", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.labels.kubernetes_io/arch" - }, - "d9dbaa39-4e9e-41a9-b6ce-dbe76d4e865e": { - "customLabel": true, - "dataType": "boolean", - "filter": { - "language": "kuery", - "query": "kubernetes.node.status.unschedulable: *" - }, - "isBucketed": false, - "label": "Unschedulable", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.node.status.unschedulable" - }, - "f146f523-db5b-4965-8486-615c98de32f7": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.node.status.memory_pressure: *" - }, - "isBucketed": false, - "label": "Memory Pressure", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.status.memory_pressure" - }, - "f17d0cb7-9045-4bc8-a26a-0777b34a90e6": { - "customLabel": true, - "dataType": "string", - "filter": { - "language": "kuery", - "query": "kubernetes.node.status.disk_pressure: *" - }, - "isBucketed": false, - "label": "Disk Pressure", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.status.disk_pressure" - } - }, - "incompleteColumns": {} - } - } - } + "title": "Node Informations by Labels [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Node Informations by Labels [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "f11dcb2d-3850-430c-b365-e925473ffe81", + "w": 24, + "x": 0, + "y": 20 + }, + "panelIndex": "f11dcb2d-3850-430c-b365-e925473ffe81", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-f04e39cf-1a10-4841-86e3-53c07cb706df", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "53703bad-9449-489b-84bd-35c1c8a8d710", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f04e39cf-1a10-4841-86e3-53c07cb706df": { + "columnOrder": [ + "cbe72000-6be9-4a2d-aa1a-217370d18882", + "8640f22e-f2dd-42d4-bf83-ce98ee4f75a1", + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5af", + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0", + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1", + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX2" + ], + "columns": { + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5af": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "CPU Usage Pct", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - "filters": [ + "formula": "average(kubernetes.node.cpu.usage.nanocores)/(max(kubernetes.node.cpu.allocatable.cores)*1000000000)", + "isFormulaBroken": false + }, + "references": [ + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX2" + ], + "scale": "ratio" + }, + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of CPU Usage Pct", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.cpu.usage.nanocores" + }, + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of CPU Usage Pct", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.cpu.allocatable.cores" + }, + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of CPU Usage Pct", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0", { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "3a819463-89ca-494a-9d6a-9e600dccf098", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.node", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.node", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } + "args": [ + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1", + 1000000000 + ], + "location": { + "max": 99, + "min": 46 + }, + "name": "multiply", + "text": "max(kubernetes.node.cpu.allocatable.cores)*1000000000", + "type": "function" } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "6efc3318-f2d7-4e8b-ad3c-138a8cf9522d", - "isTransposed": false - }, - { - "columnId": "b0d6d768-94b4-4a60-8703-d4e2f7a04df2", - "isTransposed": false - }, - { - "columnId": "7ccec911-2e78-4c28-ade7-94447ebb88b2", - "isTransposed": false - }, - { - "columnId": "802c8bea-aecf-4d1b-9b54-84d527d1fc18", - "isTransposed": false - }, - { - "columnId": "968ccc98-9aab-42e0-9ae1-bb2767d38edb", - "isTransposed": false - }, - { - "columnId": "d9dbaa39-4e9e-41a9-b6ce-dbe76d4e865e", - "isTransposed": false - }, - { - "columnId": "f17d0cb7-9045-4bc8-a26a-0777b34a90e6", - "isTransposed": false - }, - { - "columnId": "f146f523-db5b-4965-8486-615c98de32f7", - "isTransposed": false - } - ], - "layerId": "28060f62-4880-4b1c-aef2-fe42f9df0c64", - "layerType": "data" + ], + "location": { + "max": 100, + "min": 0 + }, + "name": "divide", + "text": "average(kubernetes.node.cpu.usage.nanocores)/(max(kubernetes.node.cpu.allocatable.cores)*1000000000)", + "type": "function" } + }, + "references": [ + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0", + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1" + ], + "scale": "ratio" }, - "title": "Node Informations by Labels [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 8, - "i": "2a2da54b-f923-4b1f-b36c-0b1d283405b9", - "w": 48, - "x": 0, - "y": 12 - }, - "panelIndex": "2a2da54b-f923-4b1f-b36c-0b1d283405b9", - "title": "Node Informations by Labels [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-f04e39cf-1a10-4841-86e3-53c07cb706df", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "53703bad-9449-489b-84bd-35c1c8a8d710", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "f04e39cf-1a10-4841-86e3-53c07cb706df": { - "columnOrder": [ - "cbe72000-6be9-4a2d-aa1a-217370d18882", - "8640f22e-f2dd-42d4-bf83-ce98ee4f75a1", - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5af", - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0", - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1", - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX2" - ], - "columns": { - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5af": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "CPU Usage Pct", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "average(kubernetes.node.cpu.usage.nanocores)/(max(kubernetes.node.cpu.allocatable.cores)*1000000000)", - "isFormulaBroken": false - }, - "references": [ - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX2" - ], - "scale": "ratio" - }, - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of CPU Usage Pct", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.cpu.usage.nanocores" - }, - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of CPU Usage Pct", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.cpu.allocatable.cores" - }, - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of CPU Usage Pct", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0", - { - "args": [ - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1", - 1000000000 - ], - "location": { - "max": 99, - "min": 46 - }, - "name": "multiply", - "text": "max(kubernetes.node.cpu.allocatable.cores)*1000000000", - "type": "function" - } - ], - "location": { - "max": 100, - "min": 0 - }, - "name": "divide", - "text": "average(kubernetes.node.cpu.usage.nanocores)/(max(kubernetes.node.cpu.allocatable.cores)*1000000000)", - "type": "function" - } - }, - "references": [ - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX0", - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5afX1" - ], - "scale": "ratio" - }, - "8640f22e-f2dd-42d4-bf83-ce98ee4f75a1": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "cbe72000-6be9-4a2d-aa1a-217370d18882": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - } - }, - "incompleteColumns": {} - } - } - } + "8640f22e-f2dd-42d4-bf83-ce98ee4f75a1": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "cbe72000-6be9-4a2d-aa1a-217370d18882": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "53703bad-9449-489b-84bd-35c1c8a8d710", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.node", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.node", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "curveType": "LINEAR", - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5af" - ], - "layerId": "f04e39cf-1a10-4841-86e3-53c07cb706df", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "cbe72000-6be9-4a2d-aa1a-217370d18882", - "xAccessor": "8640f22e-f2dd-42d4-bf83-ce98ee4f75a1" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "showSingleSeries": true - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "53703bad-9449-489b-84bd-35c1c8a8d710", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.node", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.node", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "curveType": "LINEAR", + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 13, - "i": "f11dcb2d-3850-430c-b365-e925473ffe81", - "w": 24, - "x": 0, - "y": 20 + "layers": [ + { + "accessors": [ + "55cd4b2d-4bc2-4f06-97c4-0fc31fcfd5af" + ], + "layerId": "f04e39cf-1a10-4841-86e3-53c07cb706df", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "cbe72000-6be9-4a2d-aa1a-217370d18882", + "xAccessor": "8640f22e-f2dd-42d4-bf83-ce98ee4f75a1" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "showSingleSeries": true }, - "panelIndex": "f11dcb2d-3850-430c-b365-e925473ffe81", - "title": "CPU usage by Node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU usage by Node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "64187c9b-8038-47a3-b7df-6562d740840f", + "w": 24, + "x": 24, + "y": 20 + }, + "panelIndex": "64187c9b-8038-47a3-b7df-6562d740840f", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "89318796-9c5f-41c0-be0f-5545f0012e08", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "98fe7b88-6346-4b74-b00d-dae2a5ce24f3": { + "columnOrder": [ + "3bc424fc-c689-46a6-a701-f2a256b700b1", + "36afcbf0-7ba6-46cb-b9d7-846193cf23a8", + "b8d52304-59e9-4635-80b0-dac037233757", + "b8d52304-59e9-4635-80b0-dac037233757X0", + "b8d52304-59e9-4635-80b0-dac037233757X1", + "b8d52304-59e9-4635-80b0-dac037233757X2" + ], + "columns": { + "36afcbf0-7ba6-46cb-b9d7-846193cf23a8": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "3bc424fc-c689-46a6-a701-f2a256b700b1": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "89318796-9c5f-41c0-be0f-5545f0012e08", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "98fe7b88-6346-4b74-b00d-dae2a5ce24f3": { - "columnOrder": [ - "3bc424fc-c689-46a6-a701-f2a256b700b1", - "36afcbf0-7ba6-46cb-b9d7-846193cf23a8", - "b8d52304-59e9-4635-80b0-dac037233757", - "b8d52304-59e9-4635-80b0-dac037233757X0", - "b8d52304-59e9-4635-80b0-dac037233757X1", - "b8d52304-59e9-4635-80b0-dac037233757X2" - ], - "columns": { - "36afcbf0-7ba6-46cb-b9d7-846193cf23a8": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "3bc424fc-c689-46a6-a701-f2a256b700b1": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "b8d52304-59e9-4635-80b0-dac037233757": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Memory Usage Pct", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "average(kubernetes.node.memory.usage.bytes)/max(kubernetes.node.memory.capacity.bytes)", - "isFormulaBroken": false - }, - "references": [ - "b8d52304-59e9-4635-80b0-dac037233757X2" - ], - "scale": "ratio" - }, - "b8d52304-59e9-4635-80b0-dac037233757X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Memory Usage Pct", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.memory.usage.bytes" - }, - "b8d52304-59e9-4635-80b0-dac037233757X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Memory Usage Pct", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.memory.capacity.bytes" - }, - "b8d52304-59e9-4635-80b0-dac037233757X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Memory Usage Pct", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "b8d52304-59e9-4635-80b0-dac037233757X0", - "b8d52304-59e9-4635-80b0-dac037233757X1" - ], - "location": { - "max": 86, - "min": 0 - }, - "name": "divide", - "text": "average(kubernetes.node.memory.usage.bytes)/max(kubernetes.node.memory.capacity.bytes)", - "type": "function" - } - }, - "references": [ - "b8d52304-59e9-4635-80b0-dac037233757X0", - "b8d52304-59e9-4635-80b0-dac037233757X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "89318796-9c5f-41c0-be0f-5545f0012e08", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.node", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.node", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + }, + "b8d52304-59e9-4635-80b0-dac037233757": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Memory Usage Pct", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "b8d52304-59e9-4635-80b0-dac037233757" - ], - "layerId": "98fe7b88-6346-4b74-b00d-dae2a5ce24f3", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "3bc424fc-c689-46a6-a701-f2a256b700b1", - "xAccessor": "36afcbf0-7ba6-46cb-b9d7-846193cf23a8" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true + "formula": "average(kubernetes.node.memory.usage.bytes)/max(kubernetes.node.memory.capacity.bytes)", + "isFormulaBroken": false + }, + "references": [ + "b8d52304-59e9-4635-80b0-dac037233757X2" + ], + "scale": "ratio" + }, + "b8d52304-59e9-4635-80b0-dac037233757X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Memory Usage Pct", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.memory.usage.bytes" + }, + "b8d52304-59e9-4635-80b0-dac037233757X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Memory Usage Pct", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.memory.capacity.bytes" + }, + "b8d52304-59e9-4635-80b0-dac037233757X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Memory Usage Pct", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "b8d52304-59e9-4635-80b0-dac037233757X0", + "b8d52304-59e9-4635-80b0-dac037233757X1" + ], + "location": { + "max": 86, + "min": 0 + }, + "name": "divide", + "text": "average(kubernetes.node.memory.usage.bytes)/max(kubernetes.node.memory.capacity.bytes)", + "type": "function" } + }, + "references": [ + "b8d52304-59e9-4635-80b0-dac037233757X0", + "b8d52304-59e9-4635-80b0-dac037233757X1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "89318796-9c5f-41c0-be0f-5545f0012e08", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.node", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.node", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "b8d52304-59e9-4635-80b0-dac037233757" + ], + "layerId": "98fe7b88-6346-4b74-b00d-dae2a5ce24f3", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "3bc424fc-c689-46a6-a701-f2a256b700b1", + "xAccessor": "36afcbf0-7ba6-46cb-b9d7-846193cf23a8" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "gridData": { - "h": 13, - "i": "64187c9b-8038-47a3-b7df-6562d740840f", - "w": 24, - "x": 24, - "y": 20 + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "64187c9b-8038-47a3-b7df-6562d740840f", - "title": "Memory usage by Node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Memory usage by Node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "b228c756-7cbd-4982-b61b-c6dbb78c1ced", + "w": 24, + "x": 0, + "y": 33 + }, + "panelIndex": "b228c756-7cbd-4982-b61b-c6dbb78c1ced", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "862adc15-64b5-4dd6-a4e9-9bfc8538633d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "98fe7b88-6346-4b74-b00d-dae2a5ce24f3": { + "columnOrder": [ + "3bc424fc-c689-46a6-a701-f2a256b700b1", + "36afcbf0-7ba6-46cb-b9d7-846193cf23a8", + "b8d52304-59e9-4635-80b0-dac037233757", + "b8d52304-59e9-4635-80b0-dac037233757X0", + "b8d52304-59e9-4635-80b0-dac037233757X1", + "b8d52304-59e9-4635-80b0-dac037233757X2" + ], + "columns": { + "36afcbf0-7ba6-46cb-b9d7-846193cf23a8": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "3bc424fc-c689-46a6-a701-f2a256b700b1": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "862adc15-64b5-4dd6-a4e9-9bfc8538633d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "98fe7b88-6346-4b74-b00d-dae2a5ce24f3": { - "columnOrder": [ - "3bc424fc-c689-46a6-a701-f2a256b700b1", - "36afcbf0-7ba6-46cb-b9d7-846193cf23a8", - "b8d52304-59e9-4635-80b0-dac037233757", - "b8d52304-59e9-4635-80b0-dac037233757X0", - "b8d52304-59e9-4635-80b0-dac037233757X1", - "b8d52304-59e9-4635-80b0-dac037233757X2" - ], - "columns": { - "36afcbf0-7ba6-46cb-b9d7-846193cf23a8": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "3bc424fc-c689-46a6-a701-f2a256b700b1": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "b8d52304-59e9-4635-80b0-dac037233757": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Memory Usage Pct", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "average(kubernetes.node.memory.workingset.bytes)/max(kubernetes.node.memory.allocatable.bytes)", - "isFormulaBroken": false - }, - "references": [ - "b8d52304-59e9-4635-80b0-dac037233757X2" - ], - "scale": "ratio" - }, - "b8d52304-59e9-4635-80b0-dac037233757X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Memory Usage Pct", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.memory.workingset.bytes" - }, - "b8d52304-59e9-4635-80b0-dac037233757X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Memory Usage Pct", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.memory.allocatable.bytes" - }, - "b8d52304-59e9-4635-80b0-dac037233757X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Memory Usage Pct", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "b8d52304-59e9-4635-80b0-dac037233757X0", - "b8d52304-59e9-4635-80b0-dac037233757X1" - ], - "location": { - "max": 94, - "min": 0 - }, - "name": "divide", - "text": "average(kubernetes.node.memory.workingset.bytes)/max(kubernetes.node.memory.allocatable.bytes)", - "type": "function" - } - }, - "references": [ - "b8d52304-59e9-4635-80b0-dac037233757X0", - "b8d52304-59e9-4635-80b0-dac037233757X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "862adc15-64b5-4dd6-a4e9-9bfc8538633d", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.node", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.node", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + }, + "b8d52304-59e9-4635-80b0-dac037233757": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Memory Usage Pct", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "b8d52304-59e9-4635-80b0-dac037233757" - ], - "layerId": "98fe7b88-6346-4b74-b00d-dae2a5ce24f3", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "3bc424fc-c689-46a6-a701-f2a256b700b1", - "xAccessor": "36afcbf0-7ba6-46cb-b9d7-846193cf23a8" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true + "formula": "average(kubernetes.node.memory.workingset.bytes)/max(kubernetes.node.memory.allocatable.bytes)", + "isFormulaBroken": false + }, + "references": [ + "b8d52304-59e9-4635-80b0-dac037233757X2" + ], + "scale": "ratio" + }, + "b8d52304-59e9-4635-80b0-dac037233757X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Memory Usage Pct", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.memory.workingset.bytes" + }, + "b8d52304-59e9-4635-80b0-dac037233757X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Memory Usage Pct", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.memory.allocatable.bytes" + }, + "b8d52304-59e9-4635-80b0-dac037233757X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Memory Usage Pct", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "b8d52304-59e9-4635-80b0-dac037233757X0", + "b8d52304-59e9-4635-80b0-dac037233757X1" + ], + "location": { + "max": 94, + "min": 0 + }, + "name": "divide", + "text": "average(kubernetes.node.memory.workingset.bytes)/max(kubernetes.node.memory.allocatable.bytes)", + "type": "function" } + }, + "references": [ + "b8d52304-59e9-4635-80b0-dac037233757X0", + "b8d52304-59e9-4635-80b0-dac037233757X1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "862adc15-64b5-4dd6-a4e9-9bfc8538633d", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.node", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.node", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "b228c756-7cbd-4982-b61b-c6dbb78c1ced", - "w": 24, - "x": 0, - "y": 33 + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "panelIndex": "b228c756-7cbd-4982-b61b-c6dbb78c1ced", - "title": "Working set Memory usage by Node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "layers": [ + { + "accessors": [ + "b8d52304-59e9-4635-80b0-dac037233757" + ], + "layerId": "98fe7b88-6346-4b74-b00d-dae2a5ce24f3", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "3bc424fc-c689-46a6-a701-f2a256b700b1", + "xAccessor": "36afcbf0-7ba6-46cb-b9d7-846193cf23a8" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" + }, + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a21b3215-31e2-4ab3-b313-8fc7e77bed39", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "bcb17062-e9f5-4da8-a132-7bdbffe8a740": { - "columnOrder": [ - "4d608d6f-472c-433e-88a0-7794bfd9adb9", - "d38a2561-f4cd-4374-93d3-52acc2b50f7b", - "e87c113a-2feb-4cca-8093-1c4f69fc9122", - "4b5bd01c-47a8-4f48-ba67-69396e9add37" - ], - "columns": { - "4b5bd01c-47a8-4f48-ba67-69396e9add37": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of kubernetes.node.network.rx.bytes", - "operationType": "max", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.node.network.rx.bytes" - }, - "4d608d6f-472c-433e-88a0-7794bfd9adb9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "d38a2561-f4cd-4374-93d3-52acc2b50f7b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e87c113a-2feb-4cca-8093-1c4f69fc9122": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Network Incoming Bytes/s", - "operationType": "counter_rate", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - } - }, - "references": [ - "4b5bd01c-47a8-4f48-ba67-69396e9add37" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Working set Memory usage by Node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4", + "w": 24, + "x": 24, + "y": 33 + }, + "panelIndex": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a21b3215-31e2-4ab3-b313-8fc7e77bed39", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "bcb17062-e9f5-4da8-a132-7bdbffe8a740": { + "columnOrder": [ + "4d608d6f-472c-433e-88a0-7794bfd9adb9", + "d38a2561-f4cd-4374-93d3-52acc2b50f7b", + "e87c113a-2feb-4cca-8093-1c4f69fc9122", + "4b5bd01c-47a8-4f48-ba67-69396e9add37" + ], + "columns": { + "4b5bd01c-47a8-4f48-ba67-69396e9add37": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of kubernetes.node.network.rx.bytes", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.node.network.rx.bytes" + }, + "4d608d6f-472c-433e-88a0-7794bfd9adb9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a21b3215-31e2-4ab3-b313-8fc7e77bed39", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.node" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e87c113a-2feb-4cca-8093-1c4f69fc9122" - ], - "layerId": "bcb17062-e9f5-4da8-a132-7bdbffe8a740", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "4d608d6f-472c-433e-88a0-7794bfd9adb9", - "xAccessor": "d38a2561-f4cd-4374-93d3-52acc2b50f7b" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + }, + "d38a2561-f4cd-4374-93d3-52acc2b50f7b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "e87c113a-2feb-4cca-8093-1c4f69fc9122": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Network Incoming Bytes/s", + "operationType": "counter_rate", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "references": [ + "4b5bd01c-47a8-4f48-ba67-69396e9add37" + ], + "scale": "ratio", + "timeScale": "s" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a21b3215-31e2-4ab3-b313-8fc7e77bed39", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.node" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "e87c113a-2feb-4cca-8093-1c4f69fc9122" + ], + "layerId": "bcb17062-e9f5-4da8-a132-7bdbffe8a740", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "4d608d6f-472c-433e-88a0-7794bfd9adb9", + "xAccessor": "d38a2561-f4cd-4374-93d3-52acc2b50f7b" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "gridData": { - "h": 13, - "i": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4", - "w": 24, - "x": 24, - "y": 33 + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4", - "title": "Network in by node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Network in by node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3", + "w": 24, + "x": 0, + "y": 46 + }, + "panelIndex": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "87c6048e-20a6-401c-bf42-72ae034ee2fa", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "bcb17062-e9f5-4da8-a132-7bdbffe8a740": { + "columnOrder": [ + "4d608d6f-472c-433e-88a0-7794bfd9adb9", + "d38a2561-f4cd-4374-93d3-52acc2b50f7b", + "e87c113a-2feb-4cca-8093-1c4f69fc9122", + "4b5bd01c-47a8-4f48-ba67-69396e9add37" + ], + "columns": { + "4b5bd01c-47a8-4f48-ba67-69396e9add37": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of kubernetes.node.network.tx.bytes", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.node.network.tx.bytes" + }, + "4d608d6f-472c-433e-88a0-7794bfd9adb9": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "87c6048e-20a6-401c-bf42-72ae034ee2fa", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "bcb17062-e9f5-4da8-a132-7bdbffe8a740": { - "columnOrder": [ - "4d608d6f-472c-433e-88a0-7794bfd9adb9", - "d38a2561-f4cd-4374-93d3-52acc2b50f7b", - "e87c113a-2feb-4cca-8093-1c4f69fc9122", - "4b5bd01c-47a8-4f48-ba67-69396e9add37" - ], - "columns": { - "4b5bd01c-47a8-4f48-ba67-69396e9add37": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of kubernetes.node.network.tx.bytes", - "operationType": "max", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.node.network.tx.bytes" - }, - "4d608d6f-472c-433e-88a0-7794bfd9adb9": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "d38a2561-f4cd-4374-93d3-52acc2b50f7b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e87c113a-2feb-4cca-8093-1c4f69fc9122": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Network Outgoing Bytes/s", - "operationType": "counter_rate", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - } - }, - "references": [ - "4b5bd01c-47a8-4f48-ba67-69396e9add37" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "87c6048e-20a6-401c-bf42-72ae034ee2fa", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.node" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "e87c113a-2feb-4cca-8093-1c4f69fc9122" - ], - "layerId": "bcb17062-e9f5-4da8-a132-7bdbffe8a740", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "4d608d6f-472c-433e-88a0-7794bfd9adb9", - "xAccessor": "d38a2561-f4cd-4374-93d3-52acc2b50f7b" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + }, + "d38a2561-f4cd-4374-93d3-52acc2b50f7b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "e87c113a-2feb-4cca-8093-1c4f69fc9122": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Network Outgoing Bytes/s", + "operationType": "counter_rate", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + } + }, + "references": [ + "4b5bd01c-47a8-4f48-ba67-69396e9add37" + ], + "scale": "ratio", + "timeScale": "s" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "87c6048e-20a6-401c-bf42-72ae034ee2fa", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.node" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 13, - "i": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3", - "w": 24, - "x": 0, - "y": 46 + "layers": [ + { + "accessors": [ + "e87c113a-2feb-4cca-8093-1c4f69fc9122" + ], + "layerId": "bcb17062-e9f5-4da8-a132-7bdbffe8a740", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "4d608d6f-472c-433e-88a0-7794bfd9adb9", + "xAccessor": "d38a2561-f4cd-4374-93d3-52acc2b50f7b" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3", - "title": "Network out by node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-98ce32f8-426f-43a8-8af5-81cf2f2e44b9", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Network out by node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5", + "w": 24, + "x": 24, + "y": 46 + }, + "panelIndex": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-98ce32f8-426f-43a8-8af5-81cf2f2e44b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3b897101-bd76-444d-859e-60916d19dc02", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "98ce32f8-426f-43a8-8af5-81cf2f2e44b9": { + "columnOrder": [ + "2429802b-e45c-4bc0-8d4c-f66541ea3476", + "65f1d82b-207f-4397-9800-a3100415dc4d", + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524", + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0", + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1", + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X2" + ], + "columns": { + "2429802b-e45c-4bc0-8d4c-f66541ea3476": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "3b897101-bd76-444d-859e-60916d19dc02", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "98ce32f8-426f-43a8-8af5-81cf2f2e44b9": { - "columnOrder": [ - "2429802b-e45c-4bc0-8d4c-f66541ea3476", - "65f1d82b-207f-4397-9800-a3100415dc4d", - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524", - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0", - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1", - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X2" - ], - "columns": { - "2429802b-e45c-4bc0-8d4c-f66541ea3476": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Filesystem Usage Pct", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "average(kubernetes.node.fs.used.bytes)/max(kubernetes.node.fs.capacity.bytes)", - "isFormulaBroken": false - }, - "references": [ - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X2" - ], - "scale": "ratio" - }, - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Filesystem Usage Pct", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.fs.used.bytes" - }, - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Filesystem Usage Pct", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.fs.capacity.bytes" - }, - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Filesystem Usage Pct", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0", - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1" - ], - "location": { - "max": 77, - "min": 0 - }, - "name": "divide", - "text": "average(kubernetes.node.fs.used.bytes)/max(kubernetes.node.fs.capacity.bytes)", - "type": "function" - } - }, - "references": [ - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0", - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1" - ], - "scale": "ratio" - }, - "65f1d82b-207f-4397-9800-a3100415dc4d": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "3b897101-bd76-444d-859e-60916d19dc02", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.node" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + }, + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Filesystem Usage Pct", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "29523c40-c9bf-4f83-b3d5-53b0ee4d5524" - ], - "layerId": "98ce32f8-426f-43a8-8af5-81cf2f2e44b9", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "2429802b-e45c-4bc0-8d4c-f66541ea3476", - "xAccessor": "65f1d82b-207f-4397-9800-a3100415dc4d" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true + "formula": "average(kubernetes.node.fs.used.bytes)/max(kubernetes.node.fs.capacity.bytes)", + "isFormulaBroken": false + }, + "references": [ + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X2" + ], + "scale": "ratio" + }, + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Filesystem Usage Pct", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.fs.used.bytes" + }, + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Filesystem Usage Pct", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.fs.capacity.bytes" + }, + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Filesystem Usage Pct", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0", + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1" + ], + "location": { + "max": 77, + "min": 0 + }, + "name": "divide", + "text": "average(kubernetes.node.fs.used.bytes)/max(kubernetes.node.fs.capacity.bytes)", + "type": "function" } + }, + "references": [ + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X0", + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524X1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "65f1d82b-207f-4397-9800-a3100415dc4d": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "3b897101-bd76-444d-859e-60916d19dc02", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.node" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 13, - "i": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5", - "w": 24, - "x": 24, - "y": 46 + "layers": [ + { + "accessors": [ + "29523c40-c9bf-4f83-b3d5-53b0ee4d5524" + ], + "layerId": "98ce32f8-426f-43a8-8af5-81cf2f2e44b9", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "2429802b-e45c-4bc0-8d4c-f66541ea3476", + "xAccessor": "65f1d82b-207f-4397-9800-a3100415dc4d" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5", - "title": "Filesystem usage by Node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-9d53c3bf-cefd-433d-a404-972717d0bb74", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Filesystem usage by Node [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "5eef3516-509a-414c-b0ad-f6c8af1647bb", + "w": 24, + "x": 0, + "y": 59 + }, + "panelIndex": "5eef3516-509a-414c-b0ad-f6c8af1647bb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-9d53c3bf-cefd-433d-a404-972717d0bb74", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "029a2917-cecd-4656-8c48-2ca1f66fcadd", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "9d53c3bf-cefd-433d-a404-972717d0bb74": { + "columnOrder": [ + "4d4a917d-07fa-4b5b-be50-5d09b7906ff5", + "890b120e-c1de-4501-8e37-336c75255d07", + "f3b6d48f-9098-43bf-b6f7-4a4713f93860", + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0", + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1", + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X2" + ], + "columns": { + "4d4a917d-07fa-4b5b-be50-5d09b7906ff5": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "029a2917-cecd-4656-8c48-2ca1f66fcadd", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "9d53c3bf-cefd-433d-a404-972717d0bb74": { - "columnOrder": [ - "4d4a917d-07fa-4b5b-be50-5d09b7906ff5", - "890b120e-c1de-4501-8e37-336c75255d07", - "f3b6d48f-9098-43bf-b6f7-4a4713f93860", - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0", - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1", - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X2" - ], - "columns": { - "4d4a917d-07fa-4b5b-be50-5d09b7906ff5": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - }, - "890b120e-c1de-4501-8e37-336c75255d07": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "f3b6d48f-9098-43bf-b6f7-4a4713f93860": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Inodes Usage Pct", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "formula": "average(kubernetes.node.fs.inodes.used)/max(kubernetes.node.fs.inodes.count)", - "isFormulaBroken": false - }, - "references": [ - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X2" - ], - "scale": "ratio" - }, - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Inodes Usage Pct", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.fs.inodes.used" - }, - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Inodes Usage Pct", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.node.fs.inodes.count" - }, - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Inodes Usage Pct", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0", - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1" - ], - "location": { - "max": 76, - "min": 0 - }, - "name": "divide", - "text": "average(kubernetes.node.fs.inodes.used)/max(kubernetes.node.fs.inodes.count)", - "type": "function" - } - }, - "references": [ - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0", - "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "029a2917-cecd-4656-8c48-2ca1f66fcadd", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.node" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.node" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + }, + "890b120e-c1de-4501-8e37-336c75255d07": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "f3b6d48f-9098-43bf-b6f7-4a4713f93860": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Inodes Usage Pct", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - "visualization": { - "layers": [ - { - "accessors": [ - "f3b6d48f-9098-43bf-b6f7-4a4713f93860" - ], - "layerId": "9d53c3bf-cefd-433d-a404-972717d0bb74", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "4d4a917d-07fa-4b5b-be50-5d09b7906ff5", - "xAccessor": "890b120e-c1de-4501-8e37-336c75255d07" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": true - } + "formula": "average(kubernetes.node.fs.inodes.used)/max(kubernetes.node.fs.inodes.count)", + "isFormulaBroken": false + }, + "references": [ + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X2" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Inodes Usage Pct", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.fs.inodes.used" + }, + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Inodes Usage Pct", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.node.fs.inodes.count" + }, + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Inodes Usage Pct", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0", + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1" + ], + "location": { + "max": 76, + "min": 0 + }, + "name": "divide", + "text": "average(kubernetes.node.fs.inodes.used)/max(kubernetes.node.fs.inodes.count)", + "type": "function" + } + }, + "references": [ + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X0", + "f3b6d48f-9098-43bf-b6f7-4a4713f93860X1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "029a2917-cecd-4656-8c48-2ca1f66fcadd", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.node" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 13, - "i": "5eef3516-509a-414c-b0ad-f6c8af1647bb", - "w": 24, - "x": 0, - "y": 59 + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.node" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "f3b6d48f-9098-43bf-b6f7-4a4713f93860" + ], + "layerId": "9d53c3bf-cefd-433d-a404-972717d0bb74", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "4d4a917d-07fa-4b5b-be50-5d09b7906ff5", + "xAccessor": "890b120e-c1de-4501-8e37-336c75255d07" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "5eef3516-509a-414c-b0ad-f6c8af1647bb", - "title": "Filesystem Inodes usage by Node [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Nodes", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T13:56:20.011Z", - "id": "kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "c6bb8ec0-dae3-4438-ab76-0bff97321124:indexpattern-datasource-layer-4bf1dfdb-7a60-482d-88d4-130d598ac7bb", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c6bb8ec0-dae3-4438-ab76-0bff97321124:562d314a-8db1-4d85-9fcd-fe3224749cb2", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2a2da54b-f923-4b1f-b36c-0b1d283405b9:indexpattern-datasource-layer-28060f62-4880-4b1c-aef2-fe42f9df0c64", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2a2da54b-f923-4b1f-b36c-0b1d283405b9:3a819463-89ca-494a-9d6a-9e600dccf098", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f11dcb2d-3850-430c-b365-e925473ffe81:indexpattern-datasource-layer-f04e39cf-1a10-4841-86e3-53c07cb706df", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f11dcb2d-3850-430c-b365-e925473ffe81:53703bad-9449-489b-84bd-35c1c8a8d710", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "64187c9b-8038-47a3-b7df-6562d740840f:indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "64187c9b-8038-47a3-b7df-6562d740840f:89318796-9c5f-41c0-be0f-5545f0012e08", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "b228c756-7cbd-4982-b61b-c6dbb78c1ced:indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "b228c756-7cbd-4982-b61b-c6dbb78c1ced:862adc15-64b5-4dd6-a4e9-9bfc8538633d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4:indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4:a21b3215-31e2-4ab3-b313-8fc7e77bed39", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3:indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3:87c6048e-20a6-401c-bf42-72ae034ee2fa", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5:indexpattern-datasource-layer-98ce32f8-426f-43a8-8af5-81cf2f2e44b9", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5:3b897101-bd76-444d-859e-60916d19dc02", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5eef3516-509a-414c-b0ad-f6c8af1647bb:indexpattern-datasource-layer-9d53c3bf-cefd-433d-a404-972717d0bb74", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5eef3516-509a-414c-b0ad-f6c8af1647bb:029a2917-cecd-4656-8c48-2ca1f66fcadd", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_57552b73-992a-46e6-9f21-9e07ca926a83:optionsListDataView", - "type": "index-pattern" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": true + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_6c029002-b266-42ef-af36-fdcd73bfadef:optionsListDataView", - "type": "index-pattern" - } + "title": "Filesystem Inodes usage by Node [Metrics Kubernetes]" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] Nodes", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "c6bb8ec0-dae3-4438-ab76-0bff97321124:indexpattern-datasource-layer-4bf1dfdb-7a60-482d-88d4-130d598ac7bb", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c6bb8ec0-dae3-4438-ab76-0bff97321124:562d314a-8db1-4d85-9fcd-fe3224749cb2", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2a2da54b-f923-4b1f-b36c-0b1d283405b9:indexpattern-datasource-layer-28060f62-4880-4b1c-aef2-fe42f9df0c64", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2a2da54b-f923-4b1f-b36c-0b1d283405b9:3a819463-89ca-494a-9d6a-9e600dccf098", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f11dcb2d-3850-430c-b365-e925473ffe81:indexpattern-datasource-layer-f04e39cf-1a10-4841-86e3-53c07cb706df", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f11dcb2d-3850-430c-b365-e925473ffe81:53703bad-9449-489b-84bd-35c1c8a8d710", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "64187c9b-8038-47a3-b7df-6562d740840f:indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "64187c9b-8038-47a3-b7df-6562d740840f:89318796-9c5f-41c0-be0f-5545f0012e08", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "b228c756-7cbd-4982-b61b-c6dbb78c1ced:indexpattern-datasource-layer-98fe7b88-6346-4b74-b00d-dae2a5ce24f3", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "b228c756-7cbd-4982-b61b-c6dbb78c1ced:862adc15-64b5-4dd6-a4e9-9bfc8538633d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4:indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "93d7f58a-ee13-4ca2-968a-a6c8bcf249a4:a21b3215-31e2-4ab3-b313-8fc7e77bed39", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3:indexpattern-datasource-layer-bcb17062-e9f5-4da8-a132-7bdbffe8a740", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "7c066a0c-0e3d-483d-a4fd-89dd6444d2d3:87c6048e-20a6-401c-bf42-72ae034ee2fa", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5:indexpattern-datasource-layer-98ce32f8-426f-43a8-8af5-81cf2f2e44b9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5c839f9c-a8bc-46e0-bd23-9300c03e6ed5:3b897101-bd76-444d-859e-60916d19dc02", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5eef3516-509a-414c-b0ad-f6c8af1647bb:indexpattern-datasource-layer-9d53c3bf-cefd-433d-a404-972717d0bb74", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5eef3516-509a-414c-b0ad-f6c8af1647bb:029a2917-cecd-4656-8c48-2ca1f66fcadd", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_57552b73-992a-46e6-9f21-9e07ca926a83:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_6c029002-b266-42ef-af36-fdcd73bfadef:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-bf9389f0-0c14-11ed-b760-5d1bccb47f56.json b/packages/kubernetes/kibana/dashboard/kubernetes-bf9389f0-0c14-11ed-b760-5d1bccb47f56.json index c4ecb49574f..a8f632aa1f8 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-bf9389f0-0c14-11ed-b760-5d1bccb47f56.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-bf9389f0-0c14-11ed-b760-5d1bccb47f56.json @@ -1,3187 +1,3209 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"f53d0d21-4502-4dce-8004-017a92104040\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.name\",\"title\":\"Host\",\"id\":\"f53d0d21-4502-4dce-8004-017a92104040\",\"selectedOptions\":[],\"enhancements\":{},\"singleSelect\":false}},\"df56c430-83b1-436e-8b9c-fb027aaa29ca\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster\",\"singleSelect\":true,\"id\":\"df56c430-83b1-436e-8b9c-fb027aaa29ca\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-bf9389f0-0c14-11ed-b760-5d1bccb47f56", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1MiwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "oneLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"f53d0d21-4502-4dce-8004-017a92104040\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.name\",\"title\":\"Host\",\"id\":\"f53d0d21-4502-4dce-8004-017a92104040\",\"selectedOptions\":[],\"enhancements\":{},\"singleSelect\":false}},\"df56c430-83b1-436e-8b9c-fb027aaa29ca\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster\",\"singleSelect\":true,\"id\":\"df56c430-83b1-436e-8b9c-fb027aaa29ca\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Kubernetes Controller Manager metrics", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.controllermanager" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": { + "query": "kubernetes.controllermanager" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 10, + "i": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "### Controller Manager\n\nThis dashboard collects metrics from [kube controller manager](https://kubernetes.io/docs/concepts/overview/components/#kube-controller-manager) endpoint. Its purpose is to give an overview of what is happening inside it through the controller processes metrics and detect problems that might be happening. \n\n**WARNING**: This dataset **requires access** to the kube controller manager endpoint. Refer [here](https://docs.elastic.co/en/integrations/kubernetes#scheduler-and-controllermanager) to learn how to enable it. In some \"As a Service\" Kubernetes implementations, like GKE or AKS, it is **not possible** to access its metrics.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", + "w": 25, + "x": 23, + "y": 0 }, - "description": "Kubernetes Controller Manager metrics", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "panelIndex": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(203,228,249,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Cluster nodes", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "aef813b5-85d5-46c9-a86a-2e273806d488", + "w": 25, + "x": 23, + "y": 3 + }, + "panelIndex": "aef813b5-85d5-46c9-a86a-2e273806d488", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-239b73ac-0fc9-44fd-a7c5-2d0281e6b765", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "239b73ac-0fc9-44fd-a7c5-2d0281e6b765": { + "columnOrder": [ + "310bfe34-31c8-4c52-bff0-60450318be7e", + "28f81466-455c-469d-8c35-b53555ae5e8a", + "363b1795-4ab4-43e8-87a6-fafe691bddf2", + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3", + "6b1f578b-3e83-443b-a2da-b97ecbcd67bb", + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X2", + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1", + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0", + "363b1795-4ab4-43e8-87a6-fafe691bddf2X0", + "6b1f578b-3e83-443b-a2da-b97ecbcd67bbX0" + ], + "columns": { + "28f81466-455c-469d-8c35-b53555ae5e8a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Zone", + "operationType": "terms", + "params": { + "missingBucket": true, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.zone" + }, + "310bfe34-31c8-4c52-bff0-60450318be7e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Cluster", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "orchestrator.cluster.name" + }, + "363b1795-4ab4-43e8-87a6-fafe691bddf2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total nodes", + "operationType": "formula", + "params": { + "formula": "last_value(kubernetes.controllermanager.node.collector.count, kql='kubernetes.controllermanager.node.collector.count: *')", + "isFormulaBroken": false + }, + "references": [ + "363b1795-4ab4-43e8-87a6-fafe691bddf2X0" + ], + "scale": "ratio" + }, + "363b1795-4ab4-43e8-87a6-fafe691bddf2X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.node.collector.count: *" + }, + "isBucketed": false, + "label": "Part of Total nodes", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.node.collector.count" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.controllermanager" + "6b1f578b-3e83-443b-a2da-b97ecbcd67bb": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Node evictions", + "operationType": "formula", + "params": { + "formula": "last_value(kubernetes.controllermanager.node.collector.eviction.count, kql='kubernetes.controllermanager.node.collector.eviction.count: *')", + "isFormulaBroken": false + }, + "references": [ + "6b1f578b-3e83-443b-a2da-b97ecbcd67bbX0" + ], + "scale": "ratio" + }, + "6b1f578b-3e83-443b-a2da-b97ecbcd67bbX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.node.collector.eviction.count: *" + }, + "isBucketed": false, + "label": "Part of Node evictions", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.node.collector.eviction.count" + }, + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unhealthy nodes", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 1 + } }, - "type": "phrase" + "formula": "last_value(kubernetes.controllermanager.node.collector.unhealthy.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')/last_value(kubernetes.controllermanager.node.collector.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')*100", + "isFormulaBroken": false + }, + "references": [ + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X2" + ], + "scale": "ratio" + }, + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.node.collector.unhealthy.count: *" + }, + "isBucketed": false, + "label": "Part of Unhealthy nodes", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.node.collector.unhealthy.count" }, - "query": { - "match_phrase": { - "data_stream.dataset": { - "query": "kubernetes.controllermanager" - } + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.node.collector.unhealthy.count: *" + }, + "isBucketed": false, + "label": "Part of Unhealthy nodes", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.node.collector.count" + }, + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unhealthy nodes", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0", + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1" + ], + "name": "divide", + "type": "function" + }, + 100 + ], + "location": { + "max": 277, + "min": 0 + }, + "name": "multiply", + "text": "last_value(kubernetes.controllermanager.node.collector.unhealthy.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')/last_value(kubernetes.controllermanager.node.collector.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')*100", + "type": "function" } + }, + "references": [ + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0", + "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1" + ], + "scale": "ratio" } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "310bfe34-31c8-4c52-bff0-60450318be7e", + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "28f81466-455c-469d-8c35-b53555ae5e8a", + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "363b1795-4ab4-43e8-87a6-fafe691bddf2", + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "c3ae8ff0-53ae-4da5-9521-b9467df47ed3", + "isTransposed": false + }, + { + "columnId": "6b1f578b-3e83-443b-a2da-b97ecbcd67bb", + "isTransposed": false + } ], + "layerId": "239b73ac-0fc9-44fd-a7c5-2d0281e6b765", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Node collector" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", + "w": 48, + "x": 0, + "y": 10 + }, + "panelIndex": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(205,245,246,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Workqueue", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "2ba53067-d43d-42eb-ac50-2d941977ce95", + "w": 24, + "x": 0, + "y": 13 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "2ba53067-d43d-42eb-ac50-2d941977ce95", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3ed2b7d8-6b77-43b7-8ed3-c52117016d59", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7": { + "columnOrder": [ + "f2d3349e-531e-453c-bac7-fc4c1a47ea86", + "4266ba8e-3786-4162-9140-15f600580db0", + "5b2495ee-2297-4e20-81d3-ac385205cb01", + "5b2495ee-2297-4e20-81d3-ac385205cb01X1", + "5b2495ee-2297-4e20-81d3-ac385205cb01X0" + ], + "columns": { + "4266ba8e-3786-4162-9140-15f600580db0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "### Controller Manager\n\nThis dashboard collects metrics from [kube controller manager](https://kubernetes.io/docs/concepts/overview/components/#kube-controller-manager) endpoint. Its purpose is to give an overview of what is happening inside it through the controller processes metrics and detect problems that might be happening. \n\n**WARNING**: This dataset **requires access** to the kube controller manager endpoint. Refer [here](https://docs.elastic.co/en/integrations/kubernetes#scheduler-and-controllermanager) to learn how to enable it. In some \"As a Service\" Kubernetes implementations, like GKE or AKS, it is **not possible** to access its metrics.", - "openLinksInNewTab": false + "5b2495ee-2297-4e20-81d3-ac385205cb01": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Counter rate", + "operationType": "formula", + "params": { + "formula": "counter_rate(last_value(kubernetes.controllermanager.workqueue.adds.count))", + "isFormulaBroken": false + }, + "references": [ + "5b2495ee-2297-4e20-81d3-ac385205cb01X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 10, - "i": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", - "w": 23, - "x": 0, - "y": 0 - }, - "panelIndex": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "5b2495ee-2297-4e20-81d3-ac385205cb01X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.workqueue.adds.count: *" + }, + "isBucketed": false, + "label": "Part of Counter rate", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.adds.count" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(203,228,249,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Cluster nodes", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "5b2495ee-2297-4e20-81d3-ac385205cb01X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Counter rate", + "operationType": "counter_rate", + "references": [ + "5b2495ee-2297-4e20-81d3-ac385205cb01X0" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "metrics", - "uiState": {} + "f2d3349e-531e-453c-bac7-fc4c1a47ea86": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Workqueues", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.name" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", - "w": 25, - "x": 23, - "y": 0 + "curveType": "LINEAR", + "layers": [ + { + "accessors": [ + "5b2495ee-2297-4e20-81d3-ac385205cb01" + ], + "layerId": "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f2d3349e-531e-453c-bac7-fc4c1a47ea86", + "xAccessor": "4266ba8e-3786-4162-9140-15f600580db0" + } + ], + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "right", + "shouldTruncate": true }, - "panelIndex": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-239b73ac-0fc9-44fd-a7c5-2d0281e6b765", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "239b73ac-0fc9-44fd-a7c5-2d0281e6b765": { - "columnOrder": [ - "310bfe34-31c8-4c52-bff0-60450318be7e", - "28f81466-455c-469d-8c35-b53555ae5e8a", - "363b1795-4ab4-43e8-87a6-fafe691bddf2", - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3", - "6b1f578b-3e83-443b-a2da-b97ecbcd67bb", - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X2", - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1", - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0", - "363b1795-4ab4-43e8-87a6-fafe691bddf2X0", - "6b1f578b-3e83-443b-a2da-b97ecbcd67bbX0" - ], - "columns": { - "28f81466-455c-469d-8c35-b53555ae5e8a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Zone", - "operationType": "terms", - "params": { - "missingBucket": true, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.zone" - }, - "310bfe34-31c8-4c52-bff0-60450318be7e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Cluster", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "orchestrator.cluster.name" - }, - "363b1795-4ab4-43e8-87a6-fafe691bddf2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total nodes", - "operationType": "formula", - "params": { - "formula": "last_value(kubernetes.controllermanager.node.collector.count, kql='kubernetes.controllermanager.node.collector.count: *')", - "isFormulaBroken": false - }, - "references": [ - "363b1795-4ab4-43e8-87a6-fafe691bddf2X0" - ], - "scale": "ratio" - }, - "363b1795-4ab4-43e8-87a6-fafe691bddf2X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.node.collector.count: *" - }, - "isBucketed": false, - "label": "Part of Total nodes", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.node.collector.count" - }, - "6b1f578b-3e83-443b-a2da-b97ecbcd67bb": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Node evictions", - "operationType": "formula", - "params": { - "formula": "last_value(kubernetes.controllermanager.node.collector.eviction.count, kql='kubernetes.controllermanager.node.collector.eviction.count: *')", - "isFormulaBroken": false - }, - "references": [ - "6b1f578b-3e83-443b-a2da-b97ecbcd67bbX0" - ], - "scale": "ratio" - }, - "6b1f578b-3e83-443b-a2da-b97ecbcd67bbX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.node.collector.eviction.count: *" - }, - "isBucketed": false, - "label": "Part of Node evictions", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.node.collector.eviction.count" - }, - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unhealthy nodes", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 1 - } - }, - "formula": "last_value(kubernetes.controllermanager.node.collector.unhealthy.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')/last_value(kubernetes.controllermanager.node.collector.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')*100", - "isFormulaBroken": false - }, - "references": [ - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X2" - ], - "scale": "ratio" - }, - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.node.collector.unhealthy.count: *" - }, - "isBucketed": false, - "label": "Part of Unhealthy nodes", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.node.collector.unhealthy.count" - }, - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.node.collector.unhealthy.count: *" - }, - "isBucketed": false, - "label": "Part of Unhealthy nodes", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.node.collector.count" - }, - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unhealthy nodes", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0", - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1" - ], - "name": "divide", - "type": "function" - }, - 100 - ], - "location": { - "max": 277, - "min": 0 - }, - "name": "multiply", - "text": "last_value(kubernetes.controllermanager.node.collector.unhealthy.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')/last_value(kubernetes.controllermanager.node.collector.count, kql='kubernetes.controllermanager.node.collector.unhealthy.count: *')*100", - "type": "function" - } - }, - "references": [ - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X0", - "c3ae8ff0-53ae-4da5-9521-b9467df47ed3X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Workqueue additions increase rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", + "w": 24, + "x": 24, + "y": 13 + }, + "panelIndex": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "b460c8d2-ab24-41ed-aac8-998febec263b", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "77b347b2-91fa-470f-861d-ada0e175cbc4": { + "columnOrder": [ + "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", + "34f7328b-5fef-43e7-9350-98256b031a79", + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71", + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1", + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" + ], + "columns": { + "34f7328b-5fef-43e7-9350-98256b031a79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "68f1dece-b63b-4a27-9c1f-8068f2f9bedb": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of kubernetes.controllermanager.name + 1 other", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of kubernetes.controllermanager.workqueue.retries.count", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.retries.count" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderBy": { + "type": "custom" }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "310bfe34-31c8-4c52-bff0-60450318be7e", - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "28f81466-455c-469d-8c35-b53555ae5e8a", - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "363b1795-4ab4-43e8-87a6-fafe691bddf2", - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "c3ae8ff0-53ae-4da5-9521-b9467df47ed3", - "isTransposed": false - }, - { - "columnId": "6b1f578b-3e83-443b-a2da-b97ecbcd67bb", - "isTransposed": false - } - ], - "layerId": "239b73ac-0fc9-44fd-a7c5-2d0281e6b765", - "layerType": "data" - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "host.name" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 7, - "i": "aef813b5-85d5-46c9-a86a-2e273806d488", - "w": 25, - "x": 23, - "y": 3 - }, - "panelIndex": "aef813b5-85d5-46c9-a86a-2e273806d488", - "title": "Node collector", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Rate", + "operationType": "formula", + "params": { + "formula": "counter_rate(last_value(kubernetes.controllermanager.workqueue.retries.count))", + "isFormulaBroken": false + }, + "references": [ + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(205,245,246,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Workqueue", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.workqueue.retries.count: *" + }, + "isBucketed": false, + "label": "Part of Rate", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.retries.count" }, - "title": "", - "type": "metrics", - "uiState": {} + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Rate", + "operationType": "counter_rate", + "references": [ + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" + ], + "scale": "ratio", + "timeScale": "s" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "b460c8d2-ab24-41ed-aac8-998febec263b", + "key": "kubernetes.controllermanager.workqueue.retries.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.controllermanager.workqueue.retries.count" } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", - "w": 48, - "x": 0, - "y": 10 + "layers": [ + { + "accessors": [ + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71" + ], + "layerId": "77b347b2-91fa-470f-861d-ada0e175cbc4", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", + "xAccessor": "34f7328b-5fef-43e7-9350-98256b031a79" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true }, - "panelIndex": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Workqueue retries increase rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "3a26dffa-0696-485d-b991-1dbc5092082e", + "w": 24, + "x": 0, + "y": 27 + }, + "panelIndex": "3a26dffa-0696-485d-b991-1dbc5092082e", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "7e0ad24d-199f-4ede-8b71-90152913fa90", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b80230c-9cc8-444f-b092-1fbc4d764992": { + "columnOrder": [ + "e7259e4c-0700-48a5-aeff-993fc075bcab", + "7b8d9b03-439b-4171-8b64-91b8664b4b94", + "725088f8-ac91-4df6-8863-f9abe7ad40cd", + "725088f8-ac91-4df6-8863-f9abe7ad40cdX0", + "725088f8-ac91-4df6-8863-f9abe7ad40cdX1" + ], + "columns": { + "725088f8-ac91-4df6-8863-f9abe7ad40cd": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Depth", + "operationType": "formula", + "params": { + "formula": "differences(average(kubernetes.controllermanager.workqueue.depth.count, kql='kubernetes.controllermanager.workqueue.depth.count: *'))", + "isFormulaBroken": false + }, + "references": [ + "725088f8-ac91-4df6-8863-f9abe7ad40cdX1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "725088f8-ac91-4df6-8863-f9abe7ad40cdX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.workqueue.depth.count: *" + }, + "isBucketed": false, + "label": "Part of Depth", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.depth.count" + }, + "725088f8-ac91-4df6-8863-f9abe7ad40cdX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Depth", + "operationType": "differences", + "references": [ + "725088f8-ac91-4df6-8863-f9abe7ad40cdX0" + ], + "scale": "ratio" + }, + "7b8d9b03-439b-4171-8b64-91b8664b4b94": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e7259e4c-0700-48a5-aeff-993fc075bcab": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Depth", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of kubernetes.controllermanager.workqueue.depth.count", + "operationType": "sum", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.depth.count" }, - { - "id": "metrics-*", - "name": "3ed2b7d8-6b77-43b7-8ed3-c52117016d59", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7": { - "columnOrder": [ - "f2d3349e-531e-453c-bac7-fc4c1a47ea86", - "4266ba8e-3786-4162-9140-15f600580db0", - "5b2495ee-2297-4e20-81d3-ac385205cb01", - "5b2495ee-2297-4e20-81d3-ac385205cb01X1", - "5b2495ee-2297-4e20-81d3-ac385205cb01X0" - ], - "columns": { - "4266ba8e-3786-4162-9140-15f600580db0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "5b2495ee-2297-4e20-81d3-ac385205cb01": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Counter rate", - "operationType": "formula", - "params": { - "formula": "counter_rate(last_value(kubernetes.controllermanager.workqueue.adds.count))", - "isFormulaBroken": false - }, - "references": [ - "5b2495ee-2297-4e20-81d3-ac385205cb01X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "5b2495ee-2297-4e20-81d3-ac385205cb01X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.workqueue.adds.count: *" - }, - "isBucketed": false, - "label": "Part of Counter rate", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.adds.count" - }, - "5b2495ee-2297-4e20-81d3-ac385205cb01X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Counter rate", - "operationType": "counter_rate", - "references": [ - "5b2495ee-2297-4e20-81d3-ac385205cb01X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "f2d3349e-531e-453c-bac7-fc4c1a47ea86": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Workqueues", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "layers": [ - { - "accessors": [ - "5b2495ee-2297-4e20-81d3-ac385205cb01" - ], - "layerId": "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f2d3349e-531e-453c-bac7-fc4c1a47ea86", - "xAccessor": "4266ba8e-3786-4162-9140-15f600580db0" - } - ], - "legend": { - "isVisible": true, - "maxLines": 1, - "position": "right", - "shouldTruncate": true - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "secondaryFields": [ + "host.name" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "7e0ad24d-199f-4ede-8b71-90152913fa90", + "key": "kubernetes.controllermanager.workqueue.depth.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.controllermanager.workqueue.depth.count" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "layers": [ + { + "accessors": [ + "725088f8-ac91-4df6-8863-f9abe7ad40cd" + ], + "collapseFn": "", + "layerId": "2b80230c-9cc8-444f-b092-1fbc4d764992", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "e7259e4c-0700-48a5-aeff-993fc075bcab", + "xAccessor": "7b8d9b03-439b-4171-8b64-91b8664b4b94" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "gridData": { - "h": 14, - "i": "2ba53067-d43d-42eb-ac50-2d941977ce95", - "w": 24, - "x": 0, - "y": 13 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "2ba53067-d43d-42eb-ac50-2d941977ce95", - "title": "Workqueue additions increase rate", - "type": "lens", - "version": "8.6.0" + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Workqueue depth rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", + "w": 24, + "x": 24, + "y": 27 + }, + "panelIndex": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1c580aea-6c0f-4de6-9c30-f6b9a6964b0d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "a2facaed-7c02-4fb6-9126-5512b8ffd26f": { + "columnOrder": [ + "73933c6b-b6da-45c6-a190-c501453f658f", + "3ed7787d-1fbe-487f-a377-9a5e5e6f2571", + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778" + ], + "columns": { + "3ed7787d-1fbe-487f-a377-9a5e5e6f2571": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "73933c6b-b6da-45c6-a190-c501453f658f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of kubernetes.controllermanager.name + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of kubernetes.controllermanager.workqueue.unfinished.sec", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.unfinished.sec" }, - { - "id": "metrics-*", - "name": "b460c8d2-ab24-41ed-aac8-998febec263b", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "77b347b2-91fa-470f-861d-ada0e175cbc4": { - "columnOrder": [ - "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", - "34f7328b-5fef-43e7-9350-98256b031a79", - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71", - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1", - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" - ], - "columns": { - "34f7328b-5fef-43e7-9350-98256b031a79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "68f1dece-b63b-4a27-9c1f-8068f2f9bedb": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of kubernetes.controllermanager.name + 1 other", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of kubernetes.controllermanager.workqueue.retries.count", - "operationType": "max", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.retries.count" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.name" - }, - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Rate", - "operationType": "formula", - "params": { - "formula": "counter_rate(last_value(kubernetes.controllermanager.workqueue.retries.count))", - "isFormulaBroken": false - }, - "references": [ - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.workqueue.retries.count: *" - }, - "isBucketed": false, - "label": "Part of Rate", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.retries.count" - }, - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Rate", - "operationType": "counter_rate", - "references": [ - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "b460c8d2-ab24-41ed-aac8-998febec263b", - "key": "kubernetes.controllermanager.workqueue.retries.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.controllermanager.workqueue.retries.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71" - ], - "layerId": "77b347b2-91fa-470f-861d-ada0e175cbc4", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", - "xAccessor": "34f7328b-5fef-43e7-9350-98256b031a79" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "secondaryFields": [ + "host.name" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778": { + "dataType": "number", + "isBucketed": false, + "label": "Last value of kubernetes.controllermanager.workqueue.unfinished.sec", + "operationType": "last_value", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "s" + } + }, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.workqueue.unfinished.sec" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1c580aea-6c0f-4de6-9c30-f6b9a6964b0d", + "key": "kubernetes.controllermanager.workqueue.unfinished.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.controllermanager.workqueue.unfinished.sec" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778" + ], + "layerId": "a2facaed-7c02-4fb6-9126-5512b8ffd26f", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "73933c6b-b6da-45c6-a190-c501453f658f", + "xAccessor": "3ed7787d-1fbe-487f-a377-9a5e5e6f2571" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true }, - "gridData": { - "h": 14, - "i": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", - "w": 24, - "x": 24, - "y": 13 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", - "title": "Workqueue retries increase rate", - "type": "lens", - "version": "8.6.0" + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Current unfinished work" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "c3fee68f-01c6-49da-a759-2900b1cd15bf", + "w": 48, + "x": 0, + "y": 41 + }, + "panelIndex": "c3fee68f-01c6-49da-a759-2900b1cd15bf", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", - "type": "index-pattern" + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(239,249,218,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Process", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec", + "w": 24, + "x": 0, + "y": 44 + }, + "panelIndex": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "daf730fb-a3b5-400a-acba-cff0c8ba607d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807": { + "columnOrder": [ + "6cbab896-ee42-4dad-8831-12f53cda0d6d", + "910bd079-4852-48bd-9d7a-e5eb940f0838", + "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "96c80749-da61-425a-b637-878d33e410fd", + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX2", + "96c80749-da61-425a-b637-878d33e410fdX1", + "910bd079-4852-48bd-9d7a-e5eb940f0838X0", + "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" + ], + "columns": { + "6cbab896-ee42-4dad-8831-12f53cda0d6d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "7e0ad24d-199f-4ede-8b71-90152913fa90", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "2b80230c-9cc8-444f-b092-1fbc4d764992": { - "columnOrder": [ - "e7259e4c-0700-48a5-aeff-993fc075bcab", - "7b8d9b03-439b-4171-8b64-91b8664b4b94", - "725088f8-ac91-4df6-8863-f9abe7ad40cd", - "725088f8-ac91-4df6-8863-f9abe7ad40cdX0", - "725088f8-ac91-4df6-8863-f9abe7ad40cdX1" - ], - "columns": { - "725088f8-ac91-4df6-8863-f9abe7ad40cd": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Depth", - "operationType": "formula", - "params": { - "formula": "differences(average(kubernetes.controllermanager.workqueue.depth.count, kql='kubernetes.controllermanager.workqueue.depth.count: *'))", - "isFormulaBroken": false - }, - "references": [ - "725088f8-ac91-4df6-8863-f9abe7ad40cdX1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "725088f8-ac91-4df6-8863-f9abe7ad40cdX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.workqueue.depth.count: *" - }, - "isBucketed": false, - "label": "Part of Depth", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.depth.count" - }, - "725088f8-ac91-4df6-8863-f9abe7ad40cdX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Depth", - "operationType": "differences", - "references": [ - "725088f8-ac91-4df6-8863-f9abe7ad40cdX0" - ], - "scale": "ratio" - }, - "7b8d9b03-439b-4171-8b64-91b8664b4b94": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e7259e4c-0700-48a5-aeff-993fc075bcab": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Depth", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of kubernetes.controllermanager.workqueue.depth.count", - "operationType": "sum", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.depth.count" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "7e0ad24d-199f-4ede-8b71-90152913fa90", - "key": "kubernetes.controllermanager.workqueue.depth.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.controllermanager.workqueue.depth.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.name" + }, + "910bd079-4852-48bd-9d7a-e5eb940f0838": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resident memory", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "layers": [ - { - "accessors": [ - "725088f8-ac91-4df6-8863-f9abe7ad40cd" - ], - "collapseFn": "", - "layerId": "2b80230c-9cc8-444f-b092-1fbc4d764992", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "e7259e4c-0700-48a5-aeff-993fc075bcab", - "xAccessor": "7b8d9b03-439b-4171-8b64-91b8664b4b94" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yLeftExtent": { - "mode": "full" + "formula": "last_value(kubernetes.controllermanager.process.memory.resident.bytes)", + "isFormulaBroken": false + }, + "references": [ + "910bd079-4852-48bd-9d7a-e5eb940f0838X0" + ], + "scale": "ratio" + }, + "910bd079-4852-48bd-9d7a-e5eb940f0838X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.process.memory.resident.bytes: *" + }, + "isBucketed": false, + "label": "Part of Resident memory", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.process.memory.resident.bytes" + }, + "96c80749-da61-425a-b637-878d33e410fd": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open file descriptors usage", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 1 + } + }, + "formula": "last_value(kubernetes.controllermanager.process.fds.open.count)/last_value(kubernetes.controllermanager.process.fds.max.count)*100", + "isFormulaBroken": false + }, + "references": [ + "96c80749-da61-425a-b637-878d33e410fdX2" + ], + "scale": "ratio" + }, + "96c80749-da61-425a-b637-878d33e410fdX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.process.fds.open.count: *" + }, + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.process.fds.open.count" + }, + "96c80749-da61-425a-b637-878d33e410fdX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.process.fds.max.count: *" + }, + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.process.fds.max.count" + }, + "96c80749-da61-425a-b637-878d33e410fdX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX1" + ], + "name": "divide", + "type": "function" }, - "yTitle": "" + 100 + ], + "location": { + "max": 130, + "min": 0 + }, + "name": "multiply", + "text": "last_value(kubernetes.controllermanager.process.fds.open.count)/last_value(kubernetes.controllermanager.process.fds.max.count)*100", + "type": "function" } + }, + "references": [ + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "3a26dffa-0696-485d-b991-1dbc5092082e", - "w": 24, - "x": 0, - "y": 27 - }, - "panelIndex": "3a26dffa-0696-485d-b991-1dbc5092082e", - "title": "Workqueue depth rate", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", - "type": "index-pattern" + "ee812faf-6f3c-4cc2-ad9a-27136340ef39": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Virtual memory", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "1c580aea-6c0f-4de6-9c30-f6b9a6964b0d", - "type": "index-pattern" - } + "formula": "last_value(kubernetes.controllermanager.process.memory.virtual.bytes)", + "isFormulaBroken": false + }, + "references": [ + "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" + ], + "scale": "ratio" + }, + "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.process.memory.virtual.bytes: *" + }, + "isBucketed": false, + "label": "Part of Virtual memory", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.process.memory.virtual.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "daf730fb-a3b5-400a-acba-cff0c8ba607d", + "key": "kubernetes.controllermanager.process.fds.open.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.controllermanager.process.fds.open.count" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "6cbab896-ee42-4dad-8831-12f53cda0d6d" + }, + { + "alignment": "center", + "columnId": "910bd079-4852-48bd-9d7a-e5eb940f0838" + }, + { + "alignment": "center", + "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "isTransposed": false + }, + { + "alignment": "center", + "colorMode": "text", + "columnId": "96c80749-da61-425a-b637-878d33e410fd", + "isTransposed": false, + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#54B399", + "stop": 0 + }, + { + "color": "#e6ca49", + "stop": 60 + }, + { + "color": "#E7664C", + "stop": 90 + } ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "a2facaed-7c02-4fb6-9126-5512b8ffd26f": { - "columnOrder": [ - "73933c6b-b6da-45c6-a190-c501453f658f", - "3ed7787d-1fbe-487f-a377-9a5e5e6f2571", - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778" - ], - "columns": { - "3ed7787d-1fbe-487f-a377-9a5e5e6f2571": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "73933c6b-b6da-45c6-a190-c501453f658f": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of kubernetes.controllermanager.name + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of kubernetes.controllermanager.workqueue.unfinished.sec", - "operationType": "max", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.unfinished.sec" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.name" - }, - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778": { - "dataType": "number", - "isBucketed": false, - "label": "Last value of kubernetes.controllermanager.workqueue.unfinished.sec", - "operationType": "last_value", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "s" - } - }, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.workqueue.unfinished.sec" - } - }, - "incompleteColumns": {} - } - } - } + "continuity": "above", + "name": "custom", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "steps": 5, + "stops": [ + { + "color": "#54B399", + "stop": 60 + }, + { + "color": "#e6ca49", + "stop": 90 + }, + { + "color": "#E7664C", + "stop": 91 + } + ] + }, + "type": "palette" + } + } + ], + "layerId": "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Controller manager process data" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 18, + "i": "303702e1-ba33-49f2-b337-4cc7d7305606", + "w": 24, + "x": 24, + "y": 44 + }, + "panelIndex": "303702e1-ba33-49f2-b337-4cc7d7305606", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "236aa40a-181f-4c61-af17-8df4ecba80d3", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "77da5988-3f03-4e8f-b1e4-39a94d8bec07": { + "columnOrder": [ + "7e1756d9-af1b-4204-a8d4-8c57987216f0", + "d523e6d2-50f3-4b45-8815-8259df43850c", + "cf481e4f-b568-4306-8da9-5e3d516ccbea", + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" + ], + "columns": { + "7e1756d9-af1b-4204-a8d4-8c57987216f0": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1c580aea-6c0f-4de6-9c30-f6b9a6964b0d", - "key": "kubernetes.controllermanager.workqueue.unfinished.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.controllermanager.workqueue.unfinished.sec" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778" - ], - "layerId": "a2facaed-7c02-4fb6-9126-5512b8ffd26f", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "73933c6b-b6da-45c6-a190-c501453f658f", - "xAccessor": "3ed7787d-1fbe-487f-a377-9a5e5e6f2571" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "host.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", - "w": 24, - "x": 24, - "y": 27 - }, - "panelIndex": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", - "title": "Current unfinished work", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "cf481e4f-b568-4306-8da9-5e3d516ccbea": { + "dataType": "number", + "isBucketed": false, + "label": "average(kubernetes.controllermanager.process.memory.resident.bytes)", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 1 + } + }, + "formula": "average(kubernetes.controllermanager.process.memory.resident.bytes)", + "isFormulaBroken": false + }, + "references": [ + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" + ], + "scale": "ratio" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(239,249,218,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Process", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of average(kubernetes.controllermanager.process.memory.resident.bytes)", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.process.memory.resident.bytes" }, - "title": "", - "type": "metrics", - "uiState": {} + "d523e6d2-50f3-4b45-8815-8259df43850c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "236aa40a-181f-4c61-af17-8df4ecba80d3", + "key": "kubernetes.controllermanager.process.cpu.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.controllermanager.process.cpu.sec" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "c3fee68f-01c6-49da-a759-2900b1cd15bf", - "w": 48, - "x": 0, - "y": 41 + "fillOpacity": 0.3, + "layers": [ + { + "accessors": [ + "cf481e4f-b568-4306-8da9-5e3d516ccbea" + ], + "layerId": "77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "7e1756d9-af1b-4204-a8d4-8c57987216f0", + "xAccessor": "d523e6d2-50f3-4b45-8815-8259df43850c", + "yConfig": [] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "c3fee68f-01c6-49da-a759-2900b1cd15bf", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average resident memory" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 12, + "i": "1604f0de-edd6-456e-8670-ab9b33988abb", + "w": 24, + "x": 0, + "y": 50 + }, + "panelIndex": "1604f0de-edd6-456e-8670-ab9b33988abb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a781e55e-e2bc-4b36-b197-1b55842aeff7", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332": { + "columnOrder": [ + "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", + "236eb2de-d45f-43f2-83f4-5a1d7355132b", + "301759e0-f73e-4e6d-a7c5-d0938024e989", + "301759e0-f73e-4e6d-a7c5-d0938024e989X1", + "301759e0-f73e-4e6d-a7c5-d0938024e989X0" + ], + "columns": { + "236eb2de-d45f-43f2-83f4-5a1d7355132b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Increases in Controller CPU", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "s" + } }, - { - "id": "metrics-*", - "name": "daf730fb-a3b5-400a-acba-cff0c8ba607d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807": { - "columnOrder": [ - "6cbab896-ee42-4dad-8831-12f53cda0d6d", - "910bd079-4852-48bd-9d7a-e5eb940f0838", - "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "96c80749-da61-425a-b637-878d33e410fd", - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX2", - "96c80749-da61-425a-b637-878d33e410fdX1", - "910bd079-4852-48bd-9d7a-e5eb940f0838X0", - "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" - ], - "columns": { - "6cbab896-ee42-4dad-8831-12f53cda0d6d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "910bd079-4852-48bd-9d7a-e5eb940f0838": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resident memory", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "formula": "last_value(kubernetes.controllermanager.process.memory.resident.bytes)", - "isFormulaBroken": false - }, - "references": [ - "910bd079-4852-48bd-9d7a-e5eb940f0838X0" - ], - "scale": "ratio" - }, - "910bd079-4852-48bd-9d7a-e5eb940f0838X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.process.memory.resident.bytes: *" - }, - "isBucketed": false, - "label": "Part of Resident memory", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.process.memory.resident.bytes" - }, - "96c80749-da61-425a-b637-878d33e410fd": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open file descriptors usage", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 1 - } - }, - "formula": "last_value(kubernetes.controllermanager.process.fds.open.count)/last_value(kubernetes.controllermanager.process.fds.max.count)*100", - "isFormulaBroken": false - }, - "references": [ - "96c80749-da61-425a-b637-878d33e410fdX2" - ], - "scale": "ratio" - }, - "96c80749-da61-425a-b637-878d33e410fdX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.process.fds.open.count: *" - }, - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.process.fds.open.count" - }, - "96c80749-da61-425a-b637-878d33e410fdX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.process.fds.max.count: *" - }, - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.process.fds.max.count" - }, - "96c80749-da61-425a-b637-878d33e410fdX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX1" - ], - "name": "divide", - "type": "function" - }, - 100 - ], - "location": { - "max": 130, - "min": 0 - }, - "name": "multiply", - "text": "last_value(kubernetes.controllermanager.process.fds.open.count)/last_value(kubernetes.controllermanager.process.fds.max.count)*100", - "type": "function" - } - }, - "references": [ - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX1" - ], - "scale": "ratio" - }, - "ee812faf-6f3c-4cc2-ad9a-27136340ef39": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Virtual memory", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "formula": "last_value(kubernetes.controllermanager.process.memory.virtual.bytes)", - "isFormulaBroken": false - }, - "references": [ - "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0" - ], - "scale": "ratio" - }, - "ee812faf-6f3c-4cc2-ad9a-27136340ef39X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.process.memory.virtual.bytes: *" - }, - "isBucketed": false, - "label": "Part of Virtual memory", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.process.memory.virtual.bytes" - } - }, - "incompleteColumns": {} - } - } - } + "formula": "counter_rate(last_value(kubernetes.controllermanager.process.cpu.sec))", + "isFormulaBroken": false + }, + "references": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989X1" + ], + "scale": "ratio" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.process.cpu.sec: *" + }, + "isBucketed": false, + "label": "Part of Increases in Controller CPU", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.process.cpu.sec" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Increases in Controller CPU", + "operationType": "counter_rate", + "references": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "9edf62a7-afd2-4574-9937-34f7ee0c5fcd": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "daf730fb-a3b5-400a-acba-cff0c8ba607d", - "key": "kubernetes.controllermanager.process.fds.open.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.controllermanager.process.fds.open.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "6cbab896-ee42-4dad-8831-12f53cda0d6d" - }, - { - "alignment": "center", - "columnId": "910bd079-4852-48bd-9d7a-e5eb940f0838" - }, - { - "alignment": "center", - "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "isTransposed": false - }, - { - "alignment": "center", - "colorMode": "text", - "columnId": "96c80749-da61-425a-b637-878d33e410fd", - "isTransposed": false, - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#54B399", - "stop": 0 - }, - { - "color": "#e6ca49", - "stop": 60 - }, - { - "color": "#E7664C", - "stop": 90 - } - ], - "continuity": "above", - "name": "custom", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "steps": 5, - "stops": [ - { - "color": "#54B399", - "stop": 60 - }, - { - "color": "#e6ca49", - "stop": 90 - }, - { - "color": "#E7664C", - "stop": 91 - } - ] - }, - "type": "palette" - } - } - ], - "layerId": "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "size": 20 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a781e55e-e2bc-4b36-b197-1b55842aeff7", + "key": "kubernetes.controllermanager.process.cpu.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.controllermanager.process.cpu.sec" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fillOpacity": 0.3, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "hideEndzones": false, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989" + ], + "layerId": "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", + "xAccessor": "236eb2de-d45f-43f2-83f4-5a1d7355132b", + "yConfig": [ + { + "axisMode": "left", + "color": "#d6bf57", + "forAccessor": "301759e0-f73e-4e6d-a7c5-d0938024e989" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "gridData": { - "h": 6, - "i": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec", - "w": 24, - "x": 0, - "y": 44 + "preferredSeriesType": "area", + "showCurrentTimeMarker": false, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec", - "title": "Controller manager process data", - "type": "lens", - "version": "8.6.0" + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "236aa40a-181f-4c61-af17-8df4ecba80d3", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "77da5988-3f03-4e8f-b1e4-39a94d8bec07": { - "columnOrder": [ - "7e1756d9-af1b-4204-a8d4-8c57987216f0", - "d523e6d2-50f3-4b45-8815-8259df43850c", - "cf481e4f-b568-4306-8da9-5e3d516ccbea", - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" - ], - "columns": { - "7e1756d9-af1b-4204-a8d4-8c57987216f0": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "cf481e4f-b568-4306-8da9-5e3d516ccbea": { - "dataType": "number", - "isBucketed": false, - "label": "average(kubernetes.controllermanager.process.memory.resident.bytes)", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 1 - } - }, - "formula": "average(kubernetes.controllermanager.process.memory.resident.bytes)", - "isFormulaBroken": false - }, - "references": [ - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" - ], - "scale": "ratio" - }, - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of average(kubernetes.controllermanager.process.memory.resident.bytes)", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.process.memory.resident.bytes" - }, - "d523e6d2-50f3-4b45-8815-8259df43850c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU usage increase over time" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "f8313a9d-ab58-448e-b183-75f914caf53f", + "w": 48, + "x": 0, + "y": 62 + }, + "panelIndex": "f8313a9d-ab58-448e-b183-75f914caf53f", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(249,235,223,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "HTTP Requests", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "fd90adaf-517f-4b92-a5b5-c29f7a16663b", + "w": 24, + "x": 0, + "y": 65 + }, + "panelIndex": "fd90adaf-517f-4b92-a5b5-c29f7a16663b", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "11922ebb-686e-4ad0-a043-e425a0d2ce35", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "1048fff9-f5a4-446b-8173-e9e22d4b1cff": { + "columnOrder": [ + "37b94d21-2d12-4136-a81d-908d8fc7f78a", + "52732cce-1342-46e1-8273-82efeffe9aac", + "469efac9-749a-455e-9864-90dc0f5f954e", + "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e" + ], + "columns": { + "37b94d21-2d12-4136-a81d-908d8fc7f78a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Cluster", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "236aa40a-181f-4c61-af17-8df4ecba80d3", - "key": "kubernetes.controllermanager.process.cpu.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.controllermanager.process.cpu.sec" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.3, - "layers": [ - { - "accessors": [ - "cf481e4f-b568-4306-8da9-5e3d516ccbea" - ], - "layerId": "77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "7e1756d9-af1b-4204-a8d4-8c57987216f0", - "xAccessor": "d523e6d2-50f3-4b45-8815-8259df43850c", - "yConfig": [] - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yTitle": "" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "orchestrator.cluster.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 18, - "i": "303702e1-ba33-49f2-b337-4cc7d7305606", - "w": 24, - "x": 24, - "y": 44 - }, - "panelIndex": "303702e1-ba33-49f2-b337-4cc7d7305606", - "title": "Average resident memory", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "type": "index-pattern" + "469efac9-749a-455e-9864-90dc0f5f954e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "a781e55e-e2bc-4b36-b197-1b55842aeff7", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332": { - "columnOrder": [ - "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", - "236eb2de-d45f-43f2-83f4-5a1d7355132b", - "301759e0-f73e-4e6d-a7c5-d0938024e989", - "301759e0-f73e-4e6d-a7c5-d0938024e989X1", - "301759e0-f73e-4e6d-a7c5-d0938024e989X0" - ], - "columns": { - "236eb2de-d45f-43f2-83f4-5a1d7355132b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Increases in Controller CPU", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "s" - } - }, - "formula": "counter_rate(last_value(kubernetes.controllermanager.process.cpu.sec))", - "isFormulaBroken": false - }, - "references": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989X1" - ], - "scale": "ratio" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.process.cpu.sec: *" - }, - "isBucketed": false, - "label": "Part of Increases in Controller CPU", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.process.cpu.sec" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Increases in Controller CPU", - "operationType": "counter_rate", - "references": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "9edf62a7-afd2-4574-9937-34f7ee0c5fcd": { - "dataType": "string", - "isBucketed": true, - "label": "Top 20 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a781e55e-e2bc-4b36-b197-1b55842aeff7", - "key": "kubernetes.controllermanager.process.cpu.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.controllermanager.process.cpu.sec" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.name" + }, + "52732cce-1342-46e1-8273-82efeffe9aac": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Leader controller manager name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.3, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "hideEndzones": false, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989" - ], - "layerId": "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", - "xAccessor": "236eb2de-d45f-43f2-83f4-5a1d7355132b", - "yConfig": [ - { - "axisMode": "left", - "color": "#d6bf57", - "forAccessor": "301759e0-f73e-4e6d-a7c5-d0938024e989" - } - ] - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "area", - "showCurrentTimeMarker": false, - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 3 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e": { + "dataType": "boolean", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.leader.is_master: *" + }, + "isBucketed": false, + "label": "Last value of kubernetes.controllermanager.leader.is_master", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.leader.is_master" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "11922ebb-686e-4ad0-a043-e425a0d2ce35", + "key": "kubernetes.controllermanager.leader.is_master", + "negate": false, + "params": { + "query": true }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "1604f0de-edd6-456e-8670-ab9b33988abb", - "w": 24, - "x": 0, - "y": 50 - }, - "panelIndex": "1604f0de-edd6-456e-8670-ab9b33988abb", - "title": "CPU usage increase over time", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(249,235,223,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "HTTP Requests", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true - }, - "title": "", - "type": "metrics", - "uiState": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "kubernetes.controllermanager.leader.is_master": true } - }, - "gridData": { - "h": 3, - "i": "f8313a9d-ab58-448e-b183-75f914caf53f", - "w": 48, - "x": 0, - "y": 62 - }, - "panelIndex": "f8313a9d-ab58-448e-b183-75f914caf53f", - "title": "", - "type": "visualization", - "version": "8.6.0" + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "469efac9-749a-455e-9864-90dc0f5f954e", + "isTransposed": false, + "width": 256.6666666666667 + }, + { + "columnId": "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e", + "hidden": true, + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "52732cce-1342-46e1-8273-82efeffe9aac", + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "37b94d21-2d12-4136-a81d-908d8fc7f78a", + "isTransposed": false, + "width": 345.66666666666663 + } + ], + "headerRowHeight": "auto", + "layerId": "1048fff9-f5a4-446b-8173-e9e22d4b1cff", + "layerType": "data", + "rowHeight": "auto" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Leader controller manager" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "83449269-d517-4fe6-9266-9d875070d90d", + "w": 24, + "x": 24, + "y": 65 + }, + "panelIndex": "83449269-d517-4fe6-9266-9d875070d90d", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**NOTE**: The default period to fetch the metrics used in **Requests and responses counter rate** visualization is **10s**. The timestamps from the visualizations were chosen according to that. Otherwise, they might be inaccurate. Adjust them by clicking on the **settings wheel** on the top right of the visualization and go to the **right side menu**. After that, write the custom period value on **Horizontal axis > @timestamp > Minimum interval**.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "91a7ce56-6a49-4b7e-837f-31c184b48c09", + "w": 24, + "x": 24, + "y": 70 + }, + "panelIndex": "91a7ce56-6a49-4b7e-837f-31c184b48c09", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "692cad49-25ea-40b4-87d2-535b5f35ecd4", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "7c7c4b67-a2df-427f-abbd-635e5fa73a9c": { + "columnOrder": [ + "d3b90051-0bb2-41e0-9d5d-34ff145dba09", + "8a2e9cea-60fb-4603-a072-9b0e6194344c", + "63268365-bb35-456f-831c-78238984a061", + "63268365-bb35-456f-831c-78238984a061X0", + "63268365-bb35-456f-831c-78238984a061X1", + "24a01536-55c3-4c11-b62e-20a2a5435663", + "24a01536-55c3-4c11-b62e-20a2a5435663X1", + "24a01536-55c3-4c11-b62e-20a2a5435663X0", + "1028ba4a-0d68-4d8d-8340-f7a2966f546d", + "1028ba4a-0d68-4d8d-8340-f7a2966f546dX1", + "1028ba4a-0d68-4d8d-8340-f7a2966f546dX0" + ], + "columns": { + "1028ba4a-0d68-4d8d-8340-f7a2966f546d": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.code >= 500" + }, + "isBucketed": false, + "label": "Server errors", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - { - "id": "metrics-*", - "name": "11922ebb-686e-4ad0-a043-e425a0d2ce35", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "1048fff9-f5a4-446b-8173-e9e22d4b1cff": { - "columnOrder": [ - "37b94d21-2d12-4136-a81d-908d8fc7f78a", - "52732cce-1342-46e1-8273-82efeffe9aac", - "469efac9-749a-455e-9864-90dc0f5f954e", - "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e" - ], - "columns": { - "37b94d21-2d12-4136-a81d-908d8fc7f78a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Cluster", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "orchestrator.cluster.name" - }, - "469efac9-749a-455e-9864-90dc0f5f954e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "52732cce-1342-46e1-8273-82efeffe9aac": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Leader controller manager name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 3 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.name" - }, - "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e": { - "dataType": "boolean", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.leader.is_master: *" - }, - "isBucketed": false, - "label": "Last value of kubernetes.controllermanager.leader.is_master", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.leader.is_master" - } - }, - "incompleteColumns": {} - } - } - } + "formula": "counter_rate(last_value(kubernetes.controllermanager.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "1028ba4a-0d68-4d8d-8340-f7a2966f546dX1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "1028ba4a-0d68-4d8d-8340-f7a2966f546dX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.code >= 500" + }, + "isBucketed": false, + "label": "Part of Server errors", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.client.request.count" + }, + "1028ba4a-0d68-4d8d-8340-f7a2966f546dX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.code >= 500" + }, + "isBucketed": false, + "label": "Part of Server errors", + "operationType": "counter_rate", + "references": [ + "1028ba4a-0d68-4d8d-8340-f7a2966f546dX0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "24a01536-55c3-4c11-b62e-20a2a5435663": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.code >= 400 and kubernetes.controllermanager.code < 500" + }, + "isBucketed": false, + "label": "Client errors", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "11922ebb-686e-4ad0-a043-e425a0d2ce35", - "key": "kubernetes.controllermanager.leader.is_master", - "negate": false, - "params": { - "query": true - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "kubernetes.controllermanager.leader.is_master": true - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "formula": "counter_rate(last_value(kubernetes.controllermanager.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "24a01536-55c3-4c11-b62e-20a2a5435663X1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "24a01536-55c3-4c11-b62e-20a2a5435663X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.code >= 400 and kubernetes.controllermanager.code < 500" + }, + "isBucketed": false, + "label": "Part of Client errors", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.client.request.count" + }, + "24a01536-55c3-4c11-b62e-20a2a5435663X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.code >= 400 and kubernetes.controllermanager.code < 500" + }, + "isBucketed": false, + "label": "Part of Client errors", + "operationType": "counter_rate", + "references": [ + "24a01536-55c3-4c11-b62e-20a2a5435663X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "63268365-bb35-456f-831c-78238984a061": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 0 + } }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "469efac9-749a-455e-9864-90dc0f5f954e", - "isTransposed": false, - "width": 256.6666666666667 - }, - { - "columnId": "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e", - "hidden": true, - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "52732cce-1342-46e1-8273-82efeffe9aac", - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "37b94d21-2d12-4136-a81d-908d8fc7f78a", - "isTransposed": false, - "width": 345.66666666666663 - } - ], - "headerRowHeight": "auto", - "layerId": "1048fff9-f5a4-446b-8173-e9e22d4b1cff", - "layerType": "data", - "rowHeight": "auto" - } + "formula": "counter_rate(last_value(kubernetes.controllermanager.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "63268365-bb35-456f-831c-78238984a061X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "fd90adaf-517f-4b92-a5b5-c29f7a16663b", - "w": 24, - "x": 0, - "y": 65 - }, - "panelIndex": "fd90adaf-517f-4b92-a5b5-c29f7a16663b", - "title": "Leader controller manager", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "63268365-bb35-456f-831c-78238984a061X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.client.request.count: *" + }, + "isBucketed": false, + "label": "Part of Requests", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.client.request.count" }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**NOTE**: The default period to fetch the metrics used in **Requests and responses counter rate** visualization is **10s**. The timestamps from the visualizations were chosen according to that. Otherwise, they might be inaccurate. Adjust them by clicking on the **settings wheel** on the top right of the visualization and go to the **right side menu**. After that, write the custom period value on **Horizontal axis \u003e @timestamp \u003e Minimum interval**.", - "openLinksInNewTab": false + "63268365-bb35-456f-831c-78238984a061X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Requests", + "operationType": "counter_rate", + "references": [ + "63268365-bb35-456f-831c-78238984a061X0" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 5, - "i": "83449269-d517-4fe6-9266-9d875070d90d", - "w": 24, - "x": 24, - "y": 65 - }, - "panelIndex": "83449269-d517-4fe6-9266-9d875070d90d", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "type": "index-pattern" + "8a2e9cea-60fb-4603-a072-9b0e6194344c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d3b90051-0bb2-41e0-9d5d-34ff145dba09": { + "dataType": "string", + "isBucketed": true, + "label": "Top values", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "692cad49-25ea-40b4-87d2-535b5f35ecd4", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "7c7c4b67-a2df-427f-abbd-635e5fa73a9c": { - "columnOrder": [ - "d3b90051-0bb2-41e0-9d5d-34ff145dba09", - "8a2e9cea-60fb-4603-a072-9b0e6194344c", - "63268365-bb35-456f-831c-78238984a061", - "63268365-bb35-456f-831c-78238984a061X0", - "63268365-bb35-456f-831c-78238984a061X1", - "24a01536-55c3-4c11-b62e-20a2a5435663", - "24a01536-55c3-4c11-b62e-20a2a5435663X1", - "24a01536-55c3-4c11-b62e-20a2a5435663X0", - "1028ba4a-0d68-4d8d-8340-f7a2966f546d", - "1028ba4a-0d68-4d8d-8340-f7a2966f546dX1", - "1028ba4a-0d68-4d8d-8340-f7a2966f546dX0" - ], - "columns": { - "1028ba4a-0d68-4d8d-8340-f7a2966f546d": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.code \u003e= 500" - }, - "isBucketed": false, - "label": "Server errors", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "counter_rate(last_value(kubernetes.controllermanager.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "1028ba4a-0d68-4d8d-8340-f7a2966f546dX1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "1028ba4a-0d68-4d8d-8340-f7a2966f546dX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.code \u003e= 500" - }, - "isBucketed": false, - "label": "Part of Server errors", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.client.request.count" - }, - "1028ba4a-0d68-4d8d-8340-f7a2966f546dX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.code \u003e= 500" - }, - "isBucketed": false, - "label": "Part of Server errors", - "operationType": "counter_rate", - "references": [ - "1028ba4a-0d68-4d8d-8340-f7a2966f546dX0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "24a01536-55c3-4c11-b62e-20a2a5435663": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.code \u003e= 400 and kubernetes.controllermanager.code \u003c 500" - }, - "isBucketed": false, - "label": "Client errors", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "counter_rate(last_value(kubernetes.controllermanager.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "24a01536-55c3-4c11-b62e-20a2a5435663X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "24a01536-55c3-4c11-b62e-20a2a5435663X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.code \u003e= 400 and kubernetes.controllermanager.code \u003c 500" - }, - "isBucketed": false, - "label": "Part of Client errors", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.client.request.count" - }, - "24a01536-55c3-4c11-b62e-20a2a5435663X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.code \u003e= 400 and kubernetes.controllermanager.code \u003c 500" - }, - "isBucketed": false, - "label": "Part of Client errors", - "operationType": "counter_rate", - "references": [ - "24a01536-55c3-4c11-b62e-20a2a5435663X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "63268365-bb35-456f-831c-78238984a061": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 0 - } - }, - "formula": "counter_rate(last_value(kubernetes.controllermanager.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "63268365-bb35-456f-831c-78238984a061X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "63268365-bb35-456f-831c-78238984a061X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.client.request.count: *" - }, - "isBucketed": false, - "label": "Part of Requests", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.client.request.count" - }, - "63268365-bb35-456f-831c-78238984a061X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Requests", - "operationType": "counter_rate", - "references": [ - "63268365-bb35-456f-831c-78238984a061X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "8a2e9cea-60fb-4603-a072-9b0e6194344c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "d3b90051-0bb2-41e0-9d5d-34ff145dba09": { - "dataType": "string", - "isBucketed": true, - "label": "Top values", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.controllermanager.method", - "kubernetes.controllermanager.code" - ], - "size": 3 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.host" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "692cad49-25ea-40b4-87d2-535b5f35ecd4", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.controllermanager" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.controllermanager" - } - } - } + "secondaryFields": [ + "kubernetes.controllermanager.method", + "kubernetes.controllermanager.code" ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "63268365-bb35-456f-831c-78238984a061", - "24a01536-55c3-4c11-b62e-20a2a5435663", - "1028ba4a-0d68-4d8d-8340-f7a2966f546d" - ], - "layerId": "7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "d3b90051-0bb2-41e0-9d5d-34ff145dba09", - "xAccessor": "8a2e9cea-60fb-4603-a072-9b0e6194344c" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "size": 3 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.host" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "692cad49-25ea-40b4-87d2-535b5f35ecd4", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.controllermanager" }, - "enhancements": {}, - "hidePanelTitles": false + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.controllermanager" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "91a7ce56-6a49-4b7e-837f-31c184b48c09", - "w": 24, - "x": 24, - "y": 70 + "layers": [ + { + "accessors": [ + "63268365-bb35-456f-831c-78238984a061", + "24a01536-55c3-4c11-b62e-20a2a5435663", + "1028ba4a-0d68-4d8d-8340-f7a2966f546d" + ], + "layerId": "7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "d3b90051-0bb2-41e0-9d5d-34ff145dba09", + "xAccessor": "8a2e9cea-60fb-4603-a072-9b0e6194344c" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "91a7ce56-6a49-4b7e-837f-31c184b48c09", - "title": "Requests and responses counter rate", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9": { - "columnOrder": [ - "35a11916-4ca3-421b-9df2-521f52f21fbb", - "ed3c7efa-0467-4a57-8d06-0f4775906cc5", - "43097f7a-e478-47bc-81c1-7541bd899d46", - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1", - "43097f7a-e478-47bc-81c1-7541bd899d46X2" - ], - "columns": { - "35a11916-4ca3-421b-9df2-521f52f21fbb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.controllermanager.verb" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.controllermanager.host" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Average latency in ms", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "ms" - } - }, - "formula": "last_value(kubernetes.controllermanager.client.request.duration.us.sum)/last_value(kubernetes.controllermanager.client.request.duration.us.count)/1000", - "isFormulaBroken": false - }, - "references": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X2" - ], - "scale": "ratio" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.client.request.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of Average latency in ms", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.client.request.duration.us.sum" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.controllermanager.client.request.duration.us.count: *" - }, - "isBucketed": false, - "label": "Part of Average latency in ms", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.controllermanager.client.request.duration.us.count" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Average latency in ms", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1" - ], - "name": "divide", - "type": "function" - }, - 1000 - ], - "location": { - "max": 150, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.controllermanager.client.request.duration.us.sum)/last_value(kubernetes.controllermanager.client.request.duration.us.count)/1000", - "type": "function" - } - }, - "references": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1" - ], - "scale": "ratio" - }, - "ed3c7efa-0467-4a57-8d06-0f4775906cc5": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Requests and responses counter rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "1bd24fa1-319e-4cae-9d45-d821b06a8034", + "w": 24, + "x": 0, + "y": 71 + }, + "panelIndex": "1bd24fa1-319e-4cae-9d45-d821b06a8034", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9": { + "columnOrder": [ + "35a11916-4ca3-421b-9df2-521f52f21fbb", + "ed3c7efa-0467-4a57-8d06-0f4775906cc5", + "43097f7a-e478-47bc-81c1-7541bd899d46", + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1", + "43097f7a-e478-47bc-81c1-7541bd899d46X2" + ], + "columns": { + "35a11916-4ca3-421b-9df2-521f52f21fbb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "43097f7a-e478-47bc-81c1-7541bd899d46" - ], - "layerId": "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "35a11916-4ca3-421b-9df2-521f52f21fbb", - "xAccessor": "ed3c7efa-0467-4a57-8d06-0f4775906cc5", - "yConfig": [] - } - ], - "legend": { - "horizontalAlignment": "right", - "isInside": false, - "isVisible": true, - "legendSize": "large", - "maxLines": 1, - "position": "right", - "shouldTruncate": false, - "verticalAlignment": "bottom" + "secondaryFields": [ + "kubernetes.controllermanager.verb" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.controllermanager.host" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Average latency in ms", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "ms" + } + }, + "formula": "last_value(kubernetes.controllermanager.client.request.duration.us.sum)/last_value(kubernetes.controllermanager.client.request.duration.us.count)/1000", + "isFormulaBroken": false + }, + "references": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X2" + ], + "scale": "ratio" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.client.request.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of Average latency in ms", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.client.request.duration.us.sum" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.controllermanager.client.request.duration.us.count: *" + }, + "isBucketed": false, + "label": "Part of Average latency in ms", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.controllermanager.client.request.duration.us.count" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Average latency in ms", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1" + ], + "name": "divide", + "type": "function" }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yTitle": "" + 1000 + ], + "location": { + "max": 150, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.controllermanager.client.request.duration.us.sum)/last_value(kubernetes.controllermanager.client.request.duration.us.count)/1000", + "type": "function" } + }, + "references": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "ed3c7efa-0467-4a57-8d06-0f4775906cc5": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 13, - "i": "1bd24fa1-319e-4cae-9d45-d821b06a8034", - "w": 24, - "x": 0, - "y": 71 + "layers": [ + { + "accessors": [ + "43097f7a-e478-47bc-81c1-7541bd899d46" + ], + "layerId": "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "35a11916-4ca3-421b-9df2-521f52f21fbb", + "xAccessor": "ed3c7efa-0467-4a57-8d06-0f4775906cc5", + "yConfig": [] + } + ], + "legend": { + "horizontalAlignment": "right", + "isInside": false, + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": false, + "verticalAlignment": "bottom" }, - "panelIndex": "1bd24fa1-319e-4cae-9d45-d821b06a8034", - "title": "Average request latency", - "type": "lens", - "version": "8.6.0" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Controller Manager", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T16:15:05.999Z", - "id": "kubernetes-bf9389f0-0c14-11ed-b760-5d1bccb47f56", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd:metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "aef813b5-85d5-46c9-a86a-2e273806d488:indexpattern-datasource-layer-239b73ac-0fc9-44fd-a7c5-2d0281e6b765", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6:metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:3ed2b7d8-6b77-43b7-8ed3-c52117016d59", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:b460c8d2-ab24-41ed-aac8-998febec263b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3a26dffa-0696-485d-b991-1dbc5092082e:indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3a26dffa-0696-485d-b991-1dbc5092082e:7e0ad24d-199f-4ede-8b71-90152913fa90", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:1c580aea-6c0f-4de6-9c30-f6b9a6964b0d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c3fee68f-01c6-49da-a759-2900b1cd15bf:metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec:indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec:daf730fb-a3b5-400a-acba-cff0c8ba607d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "303702e1-ba33-49f2-b337-4cc7d7305606:indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "303702e1-ba33-49f2-b337-4cc7d7305606:236aa40a-181f-4c61-af17-8df4ecba80d3", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1604f0de-edd6-456e-8670-ab9b33988abb:indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1604f0de-edd6-456e-8670-ab9b33988abb:a781e55e-e2bc-4b36-b197-1b55842aeff7", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f8313a9d-ab58-448e-b183-75f914caf53f:metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "fd90adaf-517f-4b92-a5b5-c29f7a16663b:indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "fd90adaf-517f-4b92-a5b5-c29f7a16663b:11922ebb-686e-4ad0-a043-e425a0d2ce35", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:692cad49-25ea-40b4-87d2-535b5f35ecd4", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1bd24fa1-319e-4cae-9d45-d821b06a8034:indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_f53d0d21-4502-4dce-8004-017a92104040:optionsListDataView", - "type": "index-pattern" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yTitle": "" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_df56c430-83b1-436e-8b9c-fb027aaa29ca:optionsListDataView", - "type": "index-pattern" - } + "title": "Average request latency" + } ], - "type": "dashboard", - "updated_at": "2023-01-11T16:15:05.999Z", - "version": "WzM0NTEsMV0=" + "timeRestore": false, + "title": "[Metrics Kubernetes] Controller Manager", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd:metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "aef813b5-85d5-46c9-a86a-2e273806d488:indexpattern-datasource-layer-239b73ac-0fc9-44fd-a7c5-2d0281e6b765", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6:metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:3ed2b7d8-6b77-43b7-8ed3-c52117016d59", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:b460c8d2-ab24-41ed-aac8-998febec263b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3a26dffa-0696-485d-b991-1dbc5092082e:indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3a26dffa-0696-485d-b991-1dbc5092082e:7e0ad24d-199f-4ede-8b71-90152913fa90", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:1c580aea-6c0f-4de6-9c30-f6b9a6964b0d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c3fee68f-01c6-49da-a759-2900b1cd15bf:metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec:indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "75255ce8-2d49-4b4f-ac0e-a20fe8f4daec:daf730fb-a3b5-400a-acba-cff0c8ba607d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "303702e1-ba33-49f2-b337-4cc7d7305606:indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "303702e1-ba33-49f2-b337-4cc7d7305606:236aa40a-181f-4c61-af17-8df4ecba80d3", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1604f0de-edd6-456e-8670-ab9b33988abb:indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1604f0de-edd6-456e-8670-ab9b33988abb:a781e55e-e2bc-4b36-b197-1b55842aeff7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f8313a9d-ab58-448e-b183-75f914caf53f:metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "fd90adaf-517f-4b92-a5b5-c29f7a16663b:indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "fd90adaf-517f-4b92-a5b5-c29f7a16663b:11922ebb-686e-4ad0-a043-e425a0d2ce35", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:692cad49-25ea-40b4-87d2-535b5f35ecd4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1bd24fa1-319e-4cae-9d45-d821b06a8034:indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_f53d0d21-4502-4dce-8004-017a92104040:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_df56c430-83b1-436e-8b9c-fb027aaa29ca:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56.json b/packages/kubernetes/kibana/dashboard/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56.json index 16596467da9..307ae49b656 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56.json @@ -1,737 +1,749 @@ { - "attributes": { - "description": "Kubernetes API server metrics", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.apiserver" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.apiserver" - } - } - } - ], + "id": "kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1MywyXQ==", + "attributes": { + "description": "Kubernetes API server metrics", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.apiserver" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.apiserver" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": false + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "d79ccab2-4cce-4e41-ae01-434914884a5f", + "w": 48, + "x": 0, + "y": 0 + }, + "panelIndex": "d79ccab2-4cce-4e41-ae01-434914884a5f", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": false + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 21, + "i": "9db496f9-079b-4ddd-b517-cec815a7e9cb", + "w": 24, + "x": 0, + "y": 5 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "9db496f9-079b-4ddd-b517-cec815a7e9cb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "8df21ece-205d-4542-bec9-e381eca92895": { + "columnOrder": [ + "cff4229b-4050-47ef-bb61-9790c5596064", + "42b0785e-95e8-4538-8cc5-b1771f663c0c", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0" + ], + "columns": { + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Rate of Apiserver Requests", + "operationType": "formula", + "params": { + "formula": "counter_rate(max(kubernetes.apiserver.request.count))", + "isFormulaBroken": false + }, + "references": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "description": "", - "id": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Rate of Apiserver Requests", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.apiserver.request.count" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 5, - "i": "d79ccab2-4cce-4e41-ae01-434914884a5f", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "d79ccab2-4cce-4e41-ae01-434914884a5f", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "8df21ece-205d-4542-bec9-e381eca92895": { - "columnOrder": [ - "cff4229b-4050-47ef-bb61-9790c5596064", - "42b0785e-95e8-4538-8cc5-b1771f663c0c", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0" - ], - "columns": { - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Rate of Apiserver Requests", - "operationType": "formula", - "params": { - "formula": "counter_rate(max(kubernetes.apiserver.request.count))", - "isFormulaBroken": false - }, - "references": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Rate of Apiserver Requests", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.apiserver.request.count" - }, - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Rate of Apiserver Requests", - "operationType": "counter_rate", - "references": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "42b0785e-95e8-4538-8cc5-b1771f663c0c": { - "dataType": "string", - "isBucketed": true, - "label": "Top 50 values of kubernetes.apiserver.request.resource", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 50 - }, - "scale": "ordinal", - "sourceField": "kubernetes.apiserver.request.resource" - }, - "cff4229b-4050-47ef-bb61-9790c5596064": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Rate of Apiserver Requests", + "operationType": "counter_rate", + "references": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "42b0785e-95e8-4538-8cc5-b1771f663c0c": { + "dataType": "string", + "isBucketed": true, + "label": "Top 50 values of kubernetes.apiserver.request.resource", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1" - ], - "layerId": "8df21ece-205d-4542-bec9-e381eca92895", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "42b0785e-95e8-4538-8cc5-b1771f663c0c", - "xAccessor": "cff4229b-4050-47ef-bb61-9790c5596064" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } + "size": 50 + }, + "scale": "ordinal", + "sourceField": "kubernetes.apiserver.request.resource" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "cff4229b-4050-47ef-bb61-9790c5596064": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 21, - "i": "9db496f9-079b-4ddd-b517-cec815a7e9cb", - "w": 24, - "x": 0, - "y": 5 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "9db496f9-079b-4ddd-b517-cec815a7e9cb", - "title": "Apiserver Requests Rate per Resource [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "8df21ece-205d-4542-bec9-e381eca92895": { - "columnOrder": [ - "cff4229b-4050-47ef-bb61-9790c5596064", - "42b0785e-95e8-4538-8cc5-b1771f663c0c", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X2" - ], - "columns": { - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Watch Events Size in Bytes", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "formula": "max(kubernetes.apiserver.watch.events.size.bytes.sum)/max(kubernetes.apiserver.watch.events.size.bytes.count)", - "isFormulaBroken": false - }, - "references": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X2" - ], - "scale": "ratio" - }, - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Watch Events Size in Bytes", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.apiserver.watch.events.size.bytes.sum" - }, - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Watch Events Size in Bytes", - "operationType": "max", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.apiserver.watch.events.size.bytes.count" - }, - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Watch Events Size in Bytes", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1" - ], - "location": { - "max": 109, - "min": 0 - }, - "name": "divide", - "text": "max(kubernetes.apiserver.watch.events.size.bytes.sum)/max(kubernetes.apiserver.watch.events.size.bytes.count)", - "type": "function" - } - }, - "references": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0", - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1" - ], - "scale": "ratio" - }, - "42b0785e-95e8-4538-8cc5-b1771f663c0c": { - "dataType": "string", - "isBucketed": true, - "label": "Top 50 values of kubernetes.apiserver.watch.events.kind", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 50 - }, - "scale": "ordinal", - "sourceField": "kubernetes.apiserver.watch.events.kind" - }, - "cff4229b-4050-47ef-bb61-9790c5596064": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "2e2bcfec-99ac-47fd-b901-bab26b32b3d1" - ], - "layerId": "8df21ece-205d-4542-bec9-e381eca92895", - "layerType": "data", - "position": "top", - "seriesType": "area", - "showGridlines": false, - "splitAccessor": "42b0785e-95e8-4538-8cc5-b1771f663c0c", - "xAccessor": "cff4229b-4050-47ef-bb61-9790c5596064" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "area", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "valuesInLegend": true - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 21, - "i": "97d844d4-e990-444a-8b94-34aa4dcd64cc", - "w": 24, - "x": 24, - "y": 5 + "layers": [ + { + "accessors": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1" + ], + "layerId": "8df21ece-205d-4542-bec9-e381eca92895", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "42b0785e-95e8-4538-8cc5-b1771f663c0c", + "xAccessor": "cff4229b-4050-47ef-bb61-9790c5596064" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "97d844d4-e990-444a-8b94-34aa4dcd64cc", - "title": "Apiserver Watch Events Size per Kind [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-aba71622-b1dc-4b3c-b7c0-c9212af90472", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "aba71622-b1dc-4b3c-b7c0-c9212af90472": { - "columnOrder": [ - "f66894ae-0dbb-4132-838b-04725a5ae7bf", - "cad0c9f5-09c6-405b-8801-5177891c830a" - ], - "columns": { - "cad0c9f5-09c6-405b-8801-5177891c830a": { - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.apiserver.etcd.object.count: *" - }, - "isBucketed": false, - "label": "Last value of kubernetes.apiserver.etcd.object.count", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.apiserver.etcd.object.count" - }, - "f66894ae-0dbb-4132-838b-04725a5ae7bf": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.apiserver.request.resource", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "cad0c9f5-09c6-405b-8801-5177891c830a", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.apiserver.request.resource" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Apiserver Requests Rate per Resource [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 21, + "i": "97d844d4-e990-444a-8b94-34aa4dcd64cc", + "w": 24, + "x": 24, + "y": 5 + }, + "panelIndex": "97d844d4-e990-444a-8b94-34aa4dcd64cc", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "8df21ece-205d-4542-bec9-e381eca92895": { + "columnOrder": [ + "cff4229b-4050-47ef-bb61-9790c5596064", + "42b0785e-95e8-4538-8cc5-b1771f663c0c", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X2" + ], + "columns": { + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Watch Events Size in Bytes", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "aba71622-b1dc-4b3c-b7c0-c9212af90472", - "layerType": "data", - "legendDisplay": "default", - "metrics": [ - "cad0c9f5-09c6-405b-8801-5177891c830a" - ], - "nestedLegend": false, - "numberDisplay": "value", - "primaryGroups": [ - "f66894ae-0dbb-4132-838b-04725a5ae7bf" - ] - } - ], - "shape": "pie" - } + "formula": "max(kubernetes.apiserver.watch.events.size.bytes.sum)/max(kubernetes.apiserver.watch.events.size.bytes.count)", + "isFormulaBroken": false + }, + "references": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X2" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 23, - "i": "481678b8-e443-4433-ad15-b55eaab7c8f4", - "w": 24, - "x": 24, - "y": 26 - }, - "panelIndex": "481678b8-e443-4433-ad15-b55eaab7c8f4", - "title": "Apiserver Stored Objects per Resource [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-fc6561f2-f85f-4096-86df-ef5dcb95627c", - "type": "index-pattern" + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Watch Events Size in Bytes", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.apiserver.watch.events.size.bytes.sum" + }, + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Watch Events Size in Bytes", + "operationType": "max", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.apiserver.watch.events.size.bytes.count" + }, + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Watch Events Size in Bytes", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1" + ], + "location": { + "max": 109, + "min": 0 + }, + "name": "divide", + "text": "max(kubernetes.apiserver.watch.events.size.bytes.sum)/max(kubernetes.apiserver.watch.events.size.bytes.count)", + "type": "function" } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "fc6561f2-f85f-4096-86df-ef5dcb95627c": { - "columnOrder": [ - "2a873e10-31f0-4b48-abc0-5c2c0efa8aed", - "a5d3264f-b070-4a5e-a62c-659c410e9a64", - "414b7d77-a53c-4043-9690-4e3b000980be" - ], - "columns": { - "2a873e10-31f0-4b48-abc0-5c2c0efa8aed": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of kubernetes.apiserver.request.subresource", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "414b7d77-a53c-4043-9690-4e3b000980be", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "kubernetes.apiserver.request.subresource" - }, - "414b7d77-a53c-4043-9690-4e3b000980be": { - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.apiserver.request.count: *" - }, - "isBucketed": false, - "label": "Last value of kubernetes.apiserver.request.count", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.apiserver.request.count" - }, - "a5d3264f-b070-4a5e-a62c-659c410e9a64": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10 values of kubernetes.apiserver.request.resource", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "414b7d77-a53c-4043-9690-4e3b000980be", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.apiserver.request.resource" - } - }, - "incompleteColumns": {} - } - } - } + }, + "references": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X0", + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1X1" + ], + "scale": "ratio" + }, + "42b0785e-95e8-4538-8cc5-b1771f663c0c": { + "dataType": "string", + "isBucketed": true, + "label": "Top 50 values of kubernetes.apiserver.watch.events.kind", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "fc6561f2-f85f-4096-86df-ef5dcb95627c", - "layerType": "data", - "legendDisplay": "default", - "metrics": [ - "414b7d77-a53c-4043-9690-4e3b000980be" - ], - "nestedLegend": false, - "numberDisplay": "percent", - "primaryGroups": [ - "2a873e10-31f0-4b48-abc0-5c2c0efa8aed", - "a5d3264f-b070-4a5e-a62c-659c410e9a64" - ] - } - ], - "shape": "treemap" - } + "size": 50 + }, + "scale": "ordinal", + "sourceField": "kubernetes.apiserver.watch.events.kind" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "cff4229b-4050-47ef-bb61-9790c5596064": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 23, - "i": "9f255e7f-b213-4719-9c00-eedc2a919e2c", - "w": 24, - "x": 0, - "y": 26 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "9f255e7f-b213-4719-9c00-eedc2a919e2c", - "title": "Apiserver Requests per Resource and SubResource [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] API server", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-05-11T17:40:45.917Z", - "id": "kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "2e2bcfec-99ac-47fd-b901-bab26b32b3d1" + ], + "layerId": "8df21ece-205d-4542-bec9-e381eca92895", + "layerType": "data", + "position": "top", + "seriesType": "area", + "showGridlines": false, + "splitAccessor": "42b0785e-95e8-4538-8cc5-b1771f663c0c", + "xAccessor": "cff4229b-4050-47ef-bb61-9790c5596064" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" + }, + "preferredSeriesType": "area", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "valuesInLegend": true + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "9db496f9-079b-4ddd-b517-cec815a7e9cb:indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", - "type": "index-pattern" + "title": "Apiserver Watch Events Size per Kind [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 23, + "i": "481678b8-e443-4433-ad15-b55eaab7c8f4", + "w": 24, + "x": 24, + "y": 26 }, - { - "id": "metrics-*", - "name": "97d844d4-e990-444a-8b94-34aa4dcd64cc:indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", - "type": "index-pattern" + "panelIndex": "481678b8-e443-4433-ad15-b55eaab7c8f4", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-aba71622-b1dc-4b3c-b7c0-c9212af90472", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "aba71622-b1dc-4b3c-b7c0-c9212af90472": { + "columnOrder": [ + "f66894ae-0dbb-4132-838b-04725a5ae7bf", + "cad0c9f5-09c6-405b-8801-5177891c830a" + ], + "columns": { + "cad0c9f5-09c6-405b-8801-5177891c830a": { + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.apiserver.etcd.object.count: *" + }, + "isBucketed": false, + "label": "Last value of kubernetes.apiserver.etcd.object.count", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.apiserver.etcd.object.count" + }, + "f66894ae-0dbb-4132-838b-04725a5ae7bf": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.apiserver.request.resource", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "cad0c9f5-09c6-405b-8801-5177891c830a", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.apiserver.request.resource" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "aba71622-b1dc-4b3c-b7c0-c9212af90472", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "cad0c9f5-09c6-405b-8801-5177891c830a" + ], + "nestedLegend": false, + "numberDisplay": "value", + "primaryGroups": [ + "f66894ae-0dbb-4132-838b-04725a5ae7bf" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "481678b8-e443-4433-ad15-b55eaab7c8f4:indexpattern-datasource-layer-aba71622-b1dc-4b3c-b7c0-c9212af90472", - "type": "index-pattern" + "title": "Apiserver Stored Objects per Resource [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 23, + "i": "9f255e7f-b213-4719-9c00-eedc2a919e2c", + "w": 24, + "x": 0, + "y": 26 }, - { - "id": "metrics-*", - "name": "9f255e7f-b213-4719-9c00-eedc2a919e2c:indexpattern-datasource-layer-fc6561f2-f85f-4096-86df-ef5dcb95627c", - "type": "index-pattern" - } + "panelIndex": "9f255e7f-b213-4719-9c00-eedc2a919e2c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-fc6561f2-f85f-4096-86df-ef5dcb95627c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "fc6561f2-f85f-4096-86df-ef5dcb95627c": { + "columnOrder": [ + "2a873e10-31f0-4b48-abc0-5c2c0efa8aed", + "a5d3264f-b070-4a5e-a62c-659c410e9a64", + "414b7d77-a53c-4043-9690-4e3b000980be" + ], + "columns": { + "2a873e10-31f0-4b48-abc0-5c2c0efa8aed": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of kubernetes.apiserver.request.subresource", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "414b7d77-a53c-4043-9690-4e3b000980be", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "kubernetes.apiserver.request.subresource" + }, + "414b7d77-a53c-4043-9690-4e3b000980be": { + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.apiserver.request.count: *" + }, + "isBucketed": false, + "label": "Last value of kubernetes.apiserver.request.count", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.apiserver.request.count" + }, + "a5d3264f-b070-4a5e-a62c-659c410e9a64": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10 values of kubernetes.apiserver.request.resource", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "414b7d77-a53c-4043-9690-4e3b000980be", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.apiserver.request.resource" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "fc6561f2-f85f-4096-86df-ef5dcb95627c", + "layerType": "data", + "legendDisplay": "default", + "metrics": [ + "414b7d77-a53c-4043-9690-4e3b000980be" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "2a873e10-31f0-4b48-abc0-5c2c0efa8aed", + "a5d3264f-b070-4a5e-a62c-659c410e9a64" + ] + } + ], + "shape": "treemap" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Apiserver Requests per Resource and SubResource [Metrics Kubernetes]" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] API server", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9db496f9-079b-4ddd-b517-cec815a7e9cb:indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "97d844d4-e990-444a-8b94-34aa4dcd64cc:indexpattern-datasource-layer-8df21ece-205d-4542-bec9-e381eca92895", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "481678b8-e443-4433-ad15-b55eaab7c8f4:indexpattern-datasource-layer-aba71622-b1dc-4b3c-b7c0-c9212af90472", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9f255e7f-b213-4719-9c00-eedc2a919e2c:indexpattern-datasource-layer-fc6561f2-f85f-4096-86df-ef5dcb95627c", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013.json index a3b2c7ae750..1093b0d5930 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,534 +1,544 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"4623b3fb-e2bc-4f1e-8cd3-0f0a753a171e\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"4623b3fb-e2bc-4f1e-8cd3-0f0a753a171e\",\"enhancements\":{}}},\"24514d41-0fa1-4fc5-96a1-6297453134bd\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.persistentvolume.name\",\"title\":\"Persistent Volume Name\",\"id\":\"24514d41-0fa1-4fc5-96a1-6297453134bd\",\"selectedOptions\":[],\"enhancements\":{}}},\"16f1ca8d-0221-4df5-ae59-42a0e0f92992\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.persistentvolumeclaim.name\",\"title\":\"Persistent Volume Claim Name\",\"id\":\"16f1ca8d-0221-4df5-ae59-42a0e0f92992\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1NCwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "twoLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"4623b3fb-e2bc-4f1e-8cd3-0f0a753a171e\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"4623b3fb-e2bc-4f1e-8cd3-0f0a753a171e\",\"enhancements\":{}}},\"24514d41-0fa1-4fc5-96a1-6297453134bd\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.persistentvolume.name\",\"title\":\"Persistent Volume Name\",\"id\":\"24514d41-0fa1-4fc5-96a1-6297453134bd\",\"selectedOptions\":[],\"enhancements\":{}}},\"16f1ca8d-0221-4df5-ae59-42a0e0f92992\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.persistentvolumeclaim.name\",\"title\":\"Persistent Volume Claim Name\",\"id\":\"16f1ca8d-0221-4df5-ae59-42a0e0f92992\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Metrics about Persistent Volumes and Persistent Volume Claims", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "14993ee2-7277-4012-946c-fa294f024a39", + "w": 48, + "x": 0, + "y": 0 }, - "description": "Metrics about Persistent Volumes and Persistent Volume Claims", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "panelIndex": "14993ee2-7277-4012-946c-fa294f024a39", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "e6032561-b325-41fe-b7f5-6b167d58dc18", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "e6032561-b325-41fe-b7f5-6b167d58dc18", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1b2422f5-7bbd-4173-ae8f-17b87d3dbd29", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "e8ede311-8955-4a16-bf44-8c0ff0e0104b": { + "columnOrder": [ + "8d5b3307-5817-411c-a1a4-dc2cc0a8b08c", + "98d34e0f-186a-47a7-8fa3-de5123d43616", + "420939ad-d9f0-43ee-a1a6-9b9fe5509086", + "546bc1ba-c988-42f6-9d4d-3da5f21cff36" + ], + "columns": { + "420939ad-d9f0-43ee-a1a6-9b9fe5509086": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Capacity", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 0 + } + }, + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.persistentvolume.capacity.bytes" }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false + "546bc1ba-c988-42f6-9d4d-3da5f21cff36": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Storage Class", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolume.storage_class" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "14993ee2-7277-4012-946c-fa294f024a39", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "14993ee2-7277-4012-946c-fa294f024a39", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", - "type": "index-pattern" + "8d5b3307-5817-411c-a1a4-dc2cc0a8b08c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "1b2422f5-7bbd-4173-ae8f-17b87d3dbd29", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "e8ede311-8955-4a16-bf44-8c0ff0e0104b": { - "columnOrder": [ - "8d5b3307-5817-411c-a1a4-dc2cc0a8b08c", - "98d34e0f-186a-47a7-8fa3-de5123d43616", - "420939ad-d9f0-43ee-a1a6-9b9fe5509086", - "546bc1ba-c988-42f6-9d4d-3da5f21cff36" - ], - "columns": { - "420939ad-d9f0-43ee-a1a6-9b9fe5509086": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Capacity", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.persistentvolume.capacity.bytes" - }, - "546bc1ba-c988-42f6-9d4d-3da5f21cff36": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Storage Class", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolume.storage_class" - }, - "8d5b3307-5817-411c-a1a4-dc2cc0a8b08c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolume.name" - }, - "98d34e0f-186a-47a7-8fa3-de5123d43616": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Phase", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolume.phase" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "1b2422f5-7bbd-4173-ae8f-17b87d3dbd29", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.state_persistentvolume", - "kubernetes.state_persistentvolumeclaim" - ], - "type": "phrases", - "value": [ - "kubernetes.state_persistentvolume", - "kubernetes.state_persistentvolumeclaim" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_persistentvolume" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_persistentvolumeclaim" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "8d5b3307-5817-411c-a1a4-dc2cc0a8b08c", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "98d34e0f-186a-47a7-8fa3-de5123d43616", - "isTransposed": false - }, - { - "columnId": "420939ad-d9f0-43ee-a1a6-9b9fe5509086", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "546bc1ba-c988-42f6-9d4d-3da5f21cff36", - "isTransposed": false - } - ], - "layerId": "e8ede311-8955-4a16-bf44-8c0ff0e0104b", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolume.name" }, - "title": "Persistent Volumes Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "e6032561-b325-41fe-b7f5-6b167d58dc18", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "e6032561-b325-41fe-b7f5-6b167d58dc18", - "title": "Persistent Volumes Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "98d34e0f-186a-47a7-8fa3-de5123d43616": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Phase", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolume.phase" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "1b2422f5-7bbd-4173-ae8f-17b87d3dbd29", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.state_persistentvolume", + "kubernetes.state_persistentvolumeclaim" + ], + "type": "phrases", + "value": [ + "kubernetes.state_persistentvolume", + "kubernetes.state_persistentvolumeclaim" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_persistentvolume" + } + }, + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_persistentvolumeclaim" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "8d5b3307-5817-411c-a1a4-dc2cc0a8b08c", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "98d34e0f-186a-47a7-8fa3-de5123d43616", + "isTransposed": false + }, + { + "columnId": "420939ad-d9f0-43ee-a1a6-9b9fe5509086", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "546bc1ba-c988-42f6-9d4d-3da5f21cff36", + "isTransposed": false + } + ], + "layerId": "e8ede311-8955-4a16-bf44-8c0ff0e0104b", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", - "type": "index-pattern" + "title": "Persistent Volumes Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Persistent Volumes Informations [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "e03df747-8a68-4d68-a958-1f0e38218859", + "w": 48, + "x": 0, + "y": 13 + }, + "panelIndex": "e03df747-8a68-4d68-a958-1f0e38218859", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2503a179-a67c-4db4-a091-84e1d54aa5a9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "e8ede311-8955-4a16-bf44-8c0ff0e0104b": { + "columnOrder": [ + "7b08988e-0df9-450c-89d0-b1d71c49a7ec", + "b15e8116-d875-4e7f-97f5-448ab367e5e1", + "1398ca11-cb70-4d9d-bacf-b402bf000905", + "457a059e-0824-4109-9178-6802eed70599", + "388ad9b8-3fec-4e8d-9a13-d950d646bd5b", + "6f4b28cd-dd85-41da-9921-af5faf9f33f8" + ], + "columns": { + "1398ca11-cb70-4d9d-bacf-b402bf000905": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Volume", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolumeclaim.volume_name" + }, + "388ad9b8-3fec-4e8d-9a13-d950d646bd5b": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Access Mode", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolumeclaim.access_mode" + }, + "457a059e-0824-4109-9178-6802eed70599": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Capacity", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 0 + } }, - { - "id": "metrics-*", - "name": "2503a179-a67c-4db4-a091-84e1d54aa5a9", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "e8ede311-8955-4a16-bf44-8c0ff0e0104b": { - "columnOrder": [ - "7b08988e-0df9-450c-89d0-b1d71c49a7ec", - "b15e8116-d875-4e7f-97f5-448ab367e5e1", - "1398ca11-cb70-4d9d-bacf-b402bf000905", - "457a059e-0824-4109-9178-6802eed70599", - "388ad9b8-3fec-4e8d-9a13-d950d646bd5b", - "6f4b28cd-dd85-41da-9921-af5faf9f33f8" - ], - "columns": { - "1398ca11-cb70-4d9d-bacf-b402bf000905": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Volume", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolumeclaim.volume_name" - }, - "388ad9b8-3fec-4e8d-9a13-d950d646bd5b": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Access Mode", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolumeclaim.access_mode" - }, - "457a059e-0824-4109-9178-6802eed70599": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Capacity", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 0 - } - }, - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.persistentvolumeclaim.request_storage.bytes" - }, - "6f4b28cd-dd85-41da-9921-af5faf9f33f8": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Storage Class", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolumeclaim.storage_class" - }, - "7b08988e-0df9-450c-89d0-b1d71c49a7ec": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolumeclaim.name" - }, - "b15e8116-d875-4e7f-97f5-448ab367e5e1": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Phase", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.persistentvolumeclaim.phase" - } - }, - "incompleteColumns": {} - } - } - } + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.persistentvolumeclaim.request_storage.bytes" + }, + "6f4b28cd-dd85-41da-9921-af5faf9f33f8": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Storage Class", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolumeclaim.storage_class" + }, + "7b08988e-0df9-450c-89d0-b1d71c49a7ec": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "2503a179-a67c-4db4-a091-84e1d54aa5a9", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.state_persistentvolume", - "kubernetes.state_persistentvolumeclaim" - ], - "type": "phrases", - "value": [ - "kubernetes.state_persistentvolume", - "kubernetes.state_persistentvolumeclaim" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_persistentvolume" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_persistentvolumeclaim" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "left", - "columnId": "7b08988e-0df9-450c-89d0-b1d71c49a7ec", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "b15e8116-d875-4e7f-97f5-448ab367e5e1", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "1398ca11-cb70-4d9d-bacf-b402bf000905", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "6f4b28cd-dd85-41da-9921-af5faf9f33f8", - "isTransposed": false - }, - { - "columnId": "457a059e-0824-4109-9178-6802eed70599", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "388ad9b8-3fec-4e8d-9a13-d950d646bd5b", - "isTransposed": false - } - ], - "layerId": "e8ede311-8955-4a16-bf44-8c0ff0e0104b", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolumeclaim.name" }, - "title": "Persistent Volume Claims Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "e03df747-8a68-4d68-a958-1f0e38218859", - "w": 48, - "x": 0, - "y": 13 - }, - "panelIndex": "e03df747-8a68-4d68-a958-1f0e38218859", - "title": "Persistent Volume Claims Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] PV/PVC", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T14:23:21.848Z", - "id": "kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "e6032561-b325-41fe-b7f5-6b167d58dc18:indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e6032561-b325-41fe-b7f5-6b167d58dc18:1b2422f5-7bbd-4173-ae8f-17b87d3dbd29", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e03df747-8a68-4d68-a958-1f0e38218859:indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e03df747-8a68-4d68-a958-1f0e38218859:2503a179-a67c-4db4-a091-84e1d54aa5a9", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_4623b3fb-e2bc-4f1e-8cd3-0f0a753a171e:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_24514d41-0fa1-4fc5-96a1-6297453134bd:optionsListDataView", - "type": "index-pattern" + "b15e8116-d875-4e7f-97f5-448ab367e5e1": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Phase", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.persistentvolumeclaim.phase" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "2503a179-a67c-4db4-a091-84e1d54aa5a9", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.state_persistentvolume", + "kubernetes.state_persistentvolumeclaim" + ], + "type": "phrases", + "value": [ + "kubernetes.state_persistentvolume", + "kubernetes.state_persistentvolumeclaim" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_persistentvolume" + } + }, + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_persistentvolumeclaim" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "left", + "columnId": "7b08988e-0df9-450c-89d0-b1d71c49a7ec", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "b15e8116-d875-4e7f-97f5-448ab367e5e1", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "1398ca11-cb70-4d9d-bacf-b402bf000905", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "6f4b28cd-dd85-41da-9921-af5faf9f33f8", + "isTransposed": false + }, + { + "columnId": "457a059e-0824-4109-9178-6802eed70599", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "388ad9b8-3fec-4e8d-9a13-d950d646bd5b", + "isTransposed": false + } + ], + "layerId": "e8ede311-8955-4a16-bf44-8c0ff0e0104b", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "Persistent Volume Claims Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_16f1ca8d-0221-4df5-ae59-42a0e0f92992:optionsListDataView", - "type": "index-pattern" - } + "title": "Persistent Volume Claims Informations [Metrics Kubernetes]" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] PV/PVC", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "e6032561-b325-41fe-b7f5-6b167d58dc18:indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e6032561-b325-41fe-b7f5-6b167d58dc18:1b2422f5-7bbd-4173-ae8f-17b87d3dbd29", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e03df747-8a68-4d68-a958-1f0e38218859:indexpattern-datasource-layer-e8ede311-8955-4a16-bf44-8c0ff0e0104b", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e03df747-8a68-4d68-a958-1f0e38218859:2503a179-a67c-4db4-a091-84e1d54aa5a9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_4623b3fb-e2bc-4f1e-8cd3-0f0a753a171e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_24514d41-0fa1-4fc5-96a1-6297453134bd:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_16f1ca8d-0221-4df5-ae59-42a0e0f92992:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c.json b/packages/kubernetes/kibana/dashboard/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c.json index f7781716d29..f95059fffbc 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c.json @@ -1,3237 +1,3312 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"748291db-2826-4242-9107-9a5226733a06\":{\"order\":0,\"width\":\"large\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"748291db-2826-4242-9107-9a5226733a06\",\"enhancements\":{},\"selectedOptions\":[]}},\"2da8af79-7928-4741-8d03-866642f3c2a0\":{\"order\":1,\"width\":\"large\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace\",\"id\":\"2da8af79-7928-4741-8d03-866642f3c2a0\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1NSwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "oneLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"748291db-2826-4242-9107-9a5226733a06\":{\"order\":0,\"width\":\"large\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"748291db-2826-4242-9107-9a5226733a06\",\"enhancements\":{},\"selectedOptions\":[]}},\"2da8af79-7928-4741-8d03-866642f3c2a0\":{\"order\":1,\"width\":\"large\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace\",\"id\":\"2da8af79-7928-4741-8d03-866642f3c2a0\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Overview of Kubernetes cluster metrics", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "f1541205-b6eb-45a6-bdc5-9aaefa62af66", + "w": 33, + "x": 0, + "y": 0 }, - "description": "Overview of Kubernetes cluster metrics", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "panelIndex": "f1541205-b6eb-45a6-bdc5-9aaefa62af66", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "ace0daf9-5db7-44e5-9fc3-a1b1976b01c2", + "w": 15, + "x": 33, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} + "panelIndex": "ace0daf9-5db7-44e5-9fc3-a1b1976b01c2", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 10, + "markdown": "This dashboard requires having [`kube-state-metrics`](https://github.com/kubernetes/kube-state-metrics#kubernetes-deployment) deployed to your Kubernetes cluster to function properly. \nCheck the **Section: state_\\* and event** of the [Elastic Kubernetes integration](https://docs.elastic.co/en/integrations/kubernetes).", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + }, + "title": "Information" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "33530265-ff62-49e7-9518-f430efb0dde0", + "w": 8, + "x": 0, + "y": 4 + }, + "panelIndex": "33530265-ff62-49e7-9518-f430efb0dde0", + "embeddableConfig": { + "attributes": { + "references": [], + "state": { + "adHocDataViews": { + "0fa53a1e-0589-4380-b700-70dd489a33de": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "0fa53a1e-0589-4380-b700-70dd489a33de", + "name": "state-pods-adhoc", + "runtimeFieldMap": { + "failed": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "not_running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "pending": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" + }, + "type": "long" + }, + "running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" + }, + "type": "long" + }, + "succeeded": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" + }, + "type": "long" } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" }, - "gridData": { - "h": 4, - "i": "f1541205-b6eb-45a6-bdc5-9aaefa62af66", - "w": 33, - "x": 0, - "y": 0 - }, - "panelIndex": "f1541205-b6eb-45a6-bdc5-9aaefa62af66", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "31c14ad9-51fd-465c-957c-b0171c23a0bb": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "31c14ad9-51fd-465c-957c-b0171c23a0bb", + "name": "state_nodes", + "runtimeFieldMap": { + "nodes_not_ready": { + "script": { + "source": "if (doc['kubernetes.node.status.ready'].value == \"false\") { emit(1) }" + }, + "type": "long" + }, + "nodes_ready": { + "script": { + "source": "if (doc['kubernetes.node.status.ready'].value == \"true\") { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "b0224778-49e2-4916-aa97-55d3b4ddf6c1": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "b0224778-49e2-4916-aa97-55d3b4ddf6c1", + "name": "nodes-ad-hoc", + "runtimeFieldMap": { + "not_ready": { + "script": { + "source": "if (doc['kubernetes.node.status.ready'].value == false) { emit(1) }" + }, + "type": "long" + }, + "ready": { + "script": { + "source": "if (doc['kubernetes.node.status.ready'].value == true) { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "d1e9a0d9-4696-43cb-b9f1-a4b0b9fe3732": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "d1e9a0d9-4696-43cb-b9f1-a4b0b9fe3732", + "name": "state_node-ad-hoc", + "runtimeFieldMap": { + "not_ready": { + "script": { + "source": "if (doc['kubernetes.node.status.ready'].value == \"false\" || doc['kubernetes.node.status.ready'].value == \"unknown\") { emit(1) }" + }, + "type": "long" + }, + "ready": { + "script": { + "source": "if (doc['kubernetes.node.status.ready'].value == \"true\") { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", + "name": "daemonsets-ad-hoc", + "runtimeFieldMap": {}, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + } + }, + "datasourceStates": { + "formBased": { + "layers": { + "b7b25285-ced1-481d-999e-1886b3463594": { + "columnOrder": [ + "977fa7a0-b026-427b-8ffd-ee07fd69b50e", + "1b46f7a2-12d8-4773-87db-118234d45186", + "4314b1bf-95bb-477a-9708-ff7324356bda", + "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4" + ], + "columns": { + "1b46f7a2-12d8-4773-87db-118234d45186": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "" + }, + "label": "Status" + } + ] + }, + "scale": "ordinal" }, - "description": "", - "id": "", - "params": { - "fontSize": 10, - "markdown": "This dashboard requires having [`kube-state-metrics`](https://github.com/kubernetes/kube-state-metrics#kubernetes-deployment) deployed to your Kubernetes cluster to function properly. \nCheck the **Section: state_\\* and event** of the [Elastic Kubernetes integration](https://docs.elastic.co/en/integrations/kubernetes).", - "openLinksInNewTab": false + "4314b1bf-95bb-477a-9708-ff7324356bda": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "ready: *" + }, + "isBucketed": false, + "label": "Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "ready" }, - "title": "", - "type": "markdown", - "uiState": {} + "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "not_ready: *" + }, + "isBucketed": false, + "label": "Not Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "not_ready" + }, + "977fa7a0-b026-427b-8ffd-ee07fd69b50e": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "4314b1bf-95bb-477a-9708-ff7324356bda", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "31c14ad9-51fd-465c-957c-b0171c23a0bb", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_node" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" } + } + } + ], + "internalReferences": [ + { + "id": "d1e9a0d9-4696-43cb-b9f1-a4b0b9fe3732", + "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", + "type": "index-pattern" + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "4314b1bf-95bb-477a-9708-ff7324356bda", + "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4" + ], + "collapseFn": "sum", + "layerId": "b7b25285-ced1-481d-999e-1886b3463594", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "977fa7a0-b026-427b-8ffd-ee07fd69b50e", + "xAccessor": "1b46f7a2-12d8-4773-87db-118234d45186", + "yConfig": [ + { + "color": "#a63a38", + "forAccessor": "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4" + }, + { + "color": "#00bfb3", + "forAccessor": "4314b1bf-95bb-477a-9708-ff7324356bda" + } + ] + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false }, - "gridData": { - "h": 4, - "i": "ace0daf9-5db7-44e5-9fc3-a1b1976b01c2", - "w": 15, - "x": 33, - "y": 0 - }, - "panelIndex": "ace0daf9-5db7-44e5-9fc3-a1b1976b01c2", - "title": "Information", - "type": "visualization", - "version": "8.6.0-SNAPSHOT" + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "title": "Empty XY chart", + "valueLabels": "show", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [], - "state": { - "adHocDataViews": { - "0fa53a1e-0589-4380-b700-70dd489a33de": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "0fa53a1e-0589-4380-b700-70dd489a33de", - "name": "state-pods-adhoc", - "runtimeFieldMap": { - "failed": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "not_running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "pending": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" - }, - "type": "long" - }, - "running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" - }, - "type": "long" - }, - "succeeded": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "31c14ad9-51fd-465c-957c-b0171c23a0bb": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "31c14ad9-51fd-465c-957c-b0171c23a0bb", - "name": "state_nodes", - "runtimeFieldMap": { - "nodes_not_ready": { - "script": { - "source": "if (doc['kubernetes.node.status.ready'].value == \"false\") { emit(1) }" - }, - "type": "long" - }, - "nodes_ready": { - "script": { - "source": "if (doc['kubernetes.node.status.ready'].value == \"true\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "b0224778-49e2-4916-aa97-55d3b4ddf6c1": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "b0224778-49e2-4916-aa97-55d3b4ddf6c1", - "name": "nodes-ad-hoc", - "runtimeFieldMap": { - "not_ready": { - "script": { - "source": "if (doc['kubernetes.node.status.ready'].value == false) { emit(1) }" - }, - "type": "long" - }, - "ready": { - "script": { - "source": "if (doc['kubernetes.node.status.ready'].value == true) { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "d1e9a0d9-4696-43cb-b9f1-a4b0b9fe3732": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "d1e9a0d9-4696-43cb-b9f1-a4b0b9fe3732", - "name": "state_node-ad-hoc", - "runtimeFieldMap": { - "not_ready": { - "script": { - "source": "if (doc['kubernetes.node.status.ready'].value == \"false\" || doc['kubernetes.node.status.ready'].value == \"unknown\") { emit(1) }" - }, - "type": "long" - }, - "ready": { - "script": { - "source": "if (doc['kubernetes.node.status.ready'].value == \"true\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", - "name": "daemonsets-ad-hoc", - "runtimeFieldMap": {}, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - } + "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Nodes" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "d0fadeee-3c79-443b-bfcb-b70e78d168e9", + "w": 20, + "x": 28, + "y": 4 + }, + "panelIndex": "d0fadeee-3c79-443b-bfcb-b70e78d168e9", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-c165f898-73a9-48b1-afa9-2b6e75f3cc1f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-dde29dcf-00ae-4b80-8d9e-ab45c51efba0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "fbaf3405-fab6-4f09-883d-45368cf97670", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "c165f898-73a9-48b1-afa9-2b6e75f3cc1f": { + "columnOrder": [ + "7113c7e7-1af9-4350-b5d2-57abcb60c633", + "af01f323-afc0-4b55-b453-8da15facfc28", + "830de93b-4051-4716-99e4-83d625a91288X0", + "830de93b-4051-4716-99e4-83d625a91288X1", + "830de93b-4051-4716-99e4-83d625a91288" + ], + "columns": { + "7113c7e7-1af9-4350-b5d2-57abcb60c633": { + "dataType": "string", + "isBucketed": true, + "label": "Top 100000 values of kubernetes.container.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "customLabel": false, + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - "datasourceStates": { - "formBased": { - "layers": { - "b7b25285-ced1-481d-999e-1886b3463594": { - "columnOrder": [ - "977fa7a0-b026-427b-8ffd-ee07fd69b50e", - "1b46f7a2-12d8-4773-87db-118234d45186", - "4314b1bf-95bb-477a-9708-ff7324356bda", - "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4" - ], - "columns": { - "1b46f7a2-12d8-4773-87db-118234d45186": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "" - }, - "label": "Status" - } - ] - }, - "scale": "ordinal" - }, - "4314b1bf-95bb-477a-9708-ff7324356bda": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "ready: *" - }, - "isBucketed": false, - "label": "Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "ready" - }, - "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "not_ready: *" - }, - "isBucketed": false, - "label": "Not Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "not_ready" - }, - "977fa7a0-b026-427b-8ffd-ee07fd69b50e": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "4314b1bf-95bb-477a-9708-ff7324356bda", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "31c14ad9-51fd-465c-957c-b0171c23a0bb", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_node" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - } - ], - "internalReferences": [ - { - "id": "d1e9a0d9-4696-43cb-b9f1-a4b0b9fe3732", - "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", - "type": "index-pattern" - } - ], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "4314b1bf-95bb-477a-9708-ff7324356bda", - "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4" - ], - "collapseFn": "sum", - "layerId": "b7b25285-ced1-481d-999e-1886b3463594", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "977fa7a0-b026-427b-8ffd-ee07fd69b50e", - "xAccessor": "1b46f7a2-12d8-4773-87db-118234d45186", - "yConfig": [ - { - "color": "#a63a38", - "forAccessor": "607cddcf-ff9a-46a5-b3d6-b6f268ead1e4" - }, - { - "color": "#00bfb3", - "forAccessor": "4314b1bf-95bb-477a-9708-ff7324356bda" - } - ] - } - ], - "legend": { - "isVisible": false, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "title": "Empty XY chart", - "valueLabels": "show", - "xTitle": "", - "yTitle": "" + "secondaryFields": [], + "size": 100000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.container.name" + }, + "830de93b-4051-4716-99e4-83d625a91288": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "data_stream.dataset :\"kubernetes.container\" " + }, + "isBucketed": false, + "label": "Cores Used", + "operationType": "formula", + "params": { + "format": { + "id": "number" + }, + "formula": "last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", + "isFormulaBroken": false + }, + "references": [ + "830de93b-4051-4716-99e4-83d625a91288X1" + ], + "scale": "ratio" + }, + "830de93b-4051-4716-99e4-83d625a91288X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "data_stream.dataset :\"kubernetes.container\" " + }, + "isBucketed": false, + "label": "Part of last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.container.cpu.usage.nanocores" + }, + "830de93b-4051-4716-99e4-83d625a91288X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "830de93b-4051-4716-99e4-83d625a91288X0", + 1000000000 + ], + "location": { + "max": 63, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", + "type": "function" } + }, + "references": [ + "830de93b-4051-4716-99e4-83d625a91288X0" + ], + "scale": "ratio" }, - "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": { - "dynamicActions": { - "events": [] + "af01f323-afc0-4b55-b453-8da15facfc28": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "30s" + }, + "scale": "interval", + "sourceField": "@timestamp" } + }, + "incompleteColumns": {} }, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "33530265-ff62-49e7-9518-f430efb0dde0", - "w": 8, - "x": 0, - "y": 4 - }, - "panelIndex": "33530265-ff62-49e7-9518-f430efb0dde0", - "title": "Nodes", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-c165f898-73a9-48b1-afa9-2b6e75f3cc1f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-dde29dcf-00ae-4b80-8d9e-ab45c51efba0", - "type": "index-pattern" + "dde29dcf-00ae-4b80-8d9e-ab45c51efba0": { + "columnOrder": [ + "f64f7970-3f7d-4f2d-88ae-9e008f2e0bc5", + "c609fc21-331c-4bbe-81c3-ef8251f3cf80", + "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95" + ], + "columns": { + "c609fc21-331c-4bbe-81c3-ef8251f3cf80": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "30s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "data_stream.dataset :\"kubernetes.state_node\" and kubernetes.node.status.ready:\"true\" " + }, + "isBucketed": false, + "label": "Total Cores", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.node.cpu.allocatable.cores" + }, + "f64f7970-3f7d-4f2d-88ae-9e008f2e0bc5": { + "dataType": "string", + "isBucketed": true, + "label": "Top 100000 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "customLabel": false, + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "fbaf3405-fab6-4f09-883d-45368cf97670", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "c165f898-73a9-48b1-afa9-2b6e75f3cc1f": { - "columnOrder": [ - "7113c7e7-1af9-4350-b5d2-57abcb60c633", - "af01f323-afc0-4b55-b453-8da15facfc28", - "830de93b-4051-4716-99e4-83d625a91288X0", - "830de93b-4051-4716-99e4-83d625a91288X1", - "830de93b-4051-4716-99e4-83d625a91288" - ], - "columns": { - "7113c7e7-1af9-4350-b5d2-57abcb60c633": { - "dataType": "string", - "isBucketed": true, - "label": "Top 100000 values of kubernetes.container.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "customLabel": false, - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 100000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.container.name" - }, - "830de93b-4051-4716-99e4-83d625a91288": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset :\"kubernetes.container\" " - }, - "isBucketed": false, - "label": "Cores Used", - "operationType": "formula", - "params": { - "format": { - "id": "number" - }, - "formula": "last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", - "isFormulaBroken": false - }, - "references": [ - "830de93b-4051-4716-99e4-83d625a91288X1" - ], - "scale": "ratio" - }, - "830de93b-4051-4716-99e4-83d625a91288X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset :\"kubernetes.container\" " - }, - "isBucketed": false, - "label": "Part of last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.container.cpu.usage.nanocores" - }, - "830de93b-4051-4716-99e4-83d625a91288X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "830de93b-4051-4716-99e4-83d625a91288X0", - 1000000000 - ], - "location": { - "max": 63, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.container.cpu.usage.nanocores)/1000000000", - "type": "function" - } - }, - "references": [ - "830de93b-4051-4716-99e4-83d625a91288X0" - ], - "scale": "ratio" - }, - "af01f323-afc0-4b55-b453-8da15facfc28": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "30s" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - }, - "dde29dcf-00ae-4b80-8d9e-ab45c51efba0": { - "columnOrder": [ - "f64f7970-3f7d-4f2d-88ae-9e008f2e0bc5", - "c609fc21-331c-4bbe-81c3-ef8251f3cf80", - "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95" - ], - "columns": { - "c609fc21-331c-4bbe-81c3-ef8251f3cf80": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "30s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset :\"kubernetes.state_node\" and kubernetes.node.status.ready:\"true\" " - }, - "isBucketed": false, - "label": "Total Cores", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.node.cpu.allocatable.cores" - }, - "f64f7970-3f7d-4f2d-88ae-9e008f2e0bc5": { - "dataType": "string", - "isBucketed": true, - "label": "Top 100000 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "customLabel": false, - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 100000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "fbaf3405-fab6-4f09-883d-45368cf97670", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.container", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.container", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.container" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.5, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "830de93b-4051-4716-99e4-83d625a91288" - ], - "collapseFn": "sum", - "layerId": "c165f898-73a9-48b1-afa9-2b6e75f3cc1f", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "seriesType": "area", - "splitAccessor": "7113c7e7-1af9-4350-b5d2-57abcb60c633", - "xAccessor": "af01f323-afc0-4b55-b453-8da15facfc28", - "yConfig": [ - { - "axisMode": "left", - "color": "#00bfb3", - "forAccessor": "830de93b-4051-4716-99e4-83d625a91288" - } - ] - }, - { - "accessors": [ - "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95" - ], - "collapseFn": "sum", - "layerId": "dde29dcf-00ae-4b80-8d9e-ab45c51efba0", - "layerType": "data", - "palette": { - "name": "negative", - "type": "palette" - }, - "seriesType": "line", - "splitAccessor": "f64f7970-3f7d-4f2d-88ae-9e008f2e0bc5", - "xAccessor": "c609fc21-331c-4bbe-81c3-ef8251f3cf80", - "yConfig": [ - { - "axisMode": "left", - "color": "#bd271e", - "forAccessor": "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 1, - "position": "top", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yLeftExtent": { - "mode": "full" - }, - "yLeftScale": "linear", - "yRightExtent": { - "mode": "full" - }, - "yRightScale": "linear", - "yTitle": "" - } + "secondaryFields": [], + "size": 100000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "fbaf3405-fab6-4f09-883d-45368cf97670", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.container", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.container", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.container" + } }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } + } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fillOpacity": 0.5, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "830de93b-4051-4716-99e4-83d625a91288" + ], + "collapseFn": "sum", + "layerId": "c165f898-73a9-48b1-afa9-2b6e75f3cc1f", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "splitAccessor": "7113c7e7-1af9-4350-b5d2-57abcb60c633", + "xAccessor": "af01f323-afc0-4b55-b453-8da15facfc28", + "yConfig": [ + { + "axisMode": "left", + "color": "#00bfb3", + "forAccessor": "830de93b-4051-4716-99e4-83d625a91288" + } + ] + }, + { + "accessors": [ + "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95" + ], + "collapseFn": "sum", + "layerId": "dde29dcf-00ae-4b80-8d9e-ab45c51efba0", + "layerType": "data", + "palette": { + "name": "negative", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "d0fadeee-3c79-443b-bfcb-b70e78d168e9", - "w": 20, - "x": 28, - "y": 4 - }, - "panelIndex": "d0fadeee-3c79-443b-bfcb-b70e78d168e9", - "title": "Cores used vs total cores", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "seriesType": "line", + "splitAccessor": "f64f7970-3f7d-4f2d-88ae-9e008f2e0bc5", + "xAccessor": "c609fc21-331c-4bbe-81c3-ef8251f3cf80", + "yConfig": [ + { + "axisMode": "left", + "color": "#bd271e", + "forAccessor": "e1c6fec1-182f-4bf2-aa22-434cd1aa9a95" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "top", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "xTitle": "", + "yLeftExtent": { + "mode": "full" + }, + "yLeftScale": "linear", + "yRightExtent": { + "mode": "full" + }, + "yRightScale": "linear", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-dfd1702f-213e-4fa2-98e3-5106657c62e7", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Cores used vs total cores" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "a91d36c0-f405-4c04-8510-11134bd259f0", + "w": 20, + "x": 8, + "y": 4 + }, + "panelIndex": "a91d36c0-f405-4c04-8510-11134bd259f0", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-dfd1702f-213e-4fa2-98e3-5106657c62e7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-dff09473-7596-48c7-bbf4-beccee70d845", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "21cde57c-0e69-4e4c-b3e9-659de2778d06", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "dfd1702f-213e-4fa2-98e3-5106657c62e7": { + "columnOrder": [ + "f0953a4e-8498-4b22-a63a-d24e4a069ed3", + "5c33dcdb-21de-4bdc-b564-ba82ed037d11", + "62125b6d-3199-420b-9d3b-46f159e15d7f" + ], + "columns": { + "5c33dcdb-21de-4bdc-b564-ba82ed037d11": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "30s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "62125b6d-3199-420b-9d3b-46f159e15d7f": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.node.status.ready:\"true\" and data_stream.dataset :\"kubernetes.state_node\" " + }, + "isBucketed": false, + "label": "Total Memory", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-dff09473-7596-48c7-bbf4-beccee70d845", - "type": "index-pattern" + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.node.memory.allocatable.bytes" + }, + "f0953a4e-8498-4b22-a63a-d24e4a069ed3": { + "dataType": "string", + "isBucketed": true, + "label": "Top 100000 values of kubernetes.node.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "customLabel": false, + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - { - "id": "metrics-*", - "name": "21cde57c-0e69-4e4c-b3e9-659de2778d06", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "dfd1702f-213e-4fa2-98e3-5106657c62e7": { - "columnOrder": [ - "f0953a4e-8498-4b22-a63a-d24e4a069ed3", - "5c33dcdb-21de-4bdc-b564-ba82ed037d11", - "62125b6d-3199-420b-9d3b-46f159e15d7f" - ], - "columns": { - "5c33dcdb-21de-4bdc-b564-ba82ed037d11": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "30s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "62125b6d-3199-420b-9d3b-46f159e15d7f": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.node.status.ready:\"true\" and data_stream.dataset :\"kubernetes.state_node\" " - }, - "isBucketed": false, - "label": "Total Memory", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.node.memory.allocatable.bytes" - }, - "f0953a4e-8498-4b22-a63a-d24e4a069ed3": { - "dataType": "string", - "isBucketed": true, - "label": "Top 100000 values of kubernetes.node.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "customLabel": false, - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 100000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.node.name" - } - }, - "incompleteColumns": {} - }, - "dff09473-7596-48c7-bbf4-beccee70d845": { - "columnOrder": [ - "6677e92c-5874-49c1-979e-c16c0d3838cd", - "46082fb5-9abc-42a0-8e4d-8a8d40a66ddf", - "307be273-94a6-41ab-b93b-0debde733492" - ], - "columns": { - "307be273-94a6-41ab-b93b-0debde733492": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "data_stream.dataset :\"kubernetes.container\" " - }, - "isBucketed": false, - "label": "Memory Used", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "showArrayValues": false, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.container.memory.usage.bytes" - }, - "46082fb5-9abc-42a0-8e4d-8a8d40a66ddf": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "30s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "6677e92c-5874-49c1-979e-c16c0d3838cd": { - "dataType": "string", - "isBucketed": true, - "label": "Top 100000 values of kubernetes.container.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "customLabel": false, - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "params": {}, - "scale": "ratio", - "sourceField": "___records___" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 100000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.container.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "21cde57c-0e69-4e4c-b3e9-659de2778d06", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "kubernetes.container", - "kubernetes.state_node" - ], - "type": "phrases", - "value": [ - "kubernetes.container", - "kubernetes.state_node" - ] - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "kubernetes.container" - } - }, - { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_node" - } - } - ] - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.5, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "307be273-94a6-41ab-b93b-0debde733492" - ], - "collapseFn": "sum", - "layerId": "dff09473-7596-48c7-bbf4-beccee70d845", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "seriesType": "area", - "splitAccessor": "6677e92c-5874-49c1-979e-c16c0d3838cd", - "xAccessor": "46082fb5-9abc-42a0-8e4d-8a8d40a66ddf", - "yConfig": [ - { - "axisMode": "left", - "color": "#00bfb3", - "forAccessor": "307be273-94a6-41ab-b93b-0debde733492" - } - ] - }, - { - "accessors": [ - "62125b6d-3199-420b-9d3b-46f159e15d7f" - ], - "collapseFn": "sum", - "layerId": "dfd1702f-213e-4fa2-98e3-5106657c62e7", - "layerType": "data", - "palette": { - "name": "negative", - "type": "palette" - }, - "seriesType": "line", - "splitAccessor": "f0953a4e-8498-4b22-a63a-d24e4a069ed3", - "xAccessor": "5c33dcdb-21de-4bdc-b564-ba82ed037d11", - "yConfig": [ - { - "axisMode": "left", - "color": "#bd271e", - "forAccessor": "62125b6d-3199-420b-9d3b-46f159e15d7f" - } - ] - } - ], - "legend": { - "isVisible": true, - "maxLines": 1, - "position": "top", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yLeftExtent": { - "mode": "full" - }, - "yLeftScale": "linear", - "yRightExtent": { - "mode": "full" - }, - "yRightScale": "linear", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "secondaryFields": [], + "size": 100000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.node.name" + } + }, + "incompleteColumns": {} }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "a91d36c0-f405-4c04-8510-11134bd259f0", - "w": 20, - "x": 8, - "y": 4 - }, - "panelIndex": "a91d36c0-f405-4c04-8510-11134bd259f0", - "title": "Memory used vs total memory", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [], - "state": { - "adHocDataViews": { - "0fa53a1e-0589-4380-b700-70dd489a33de": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "0fa53a1e-0589-4380-b700-70dd489a33de", - "name": "state-pods-adhoc", - "runtimeFieldMap": { - "failed": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "not_running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "pending": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" - }, - "type": "long" - }, - "running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" - }, - "type": "long" - }, - "succeeded": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "295ecdc5-f413-4f20-9f77-74927a10d33d": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "295ecdc5-f413-4f20-9f77-74927a10d33d", - "name": "state_daemonset-ad-hoc", - "runtimeFieldMap": { - "not_ready": { - "script": { - "source": "if (doc[\"kubernetes.daemonset.replicas.desired\"].value - doc[\"kubernetes.daemonset.replicas.ready\"].value != 0) {emit(1)}" - }, - "type": "long" - }, - "ready": { - "script": { - "source": "if (doc[\"kubernetes.daemonset.replicas.desired\"].value - doc[\"kubernetes.daemonset.replicas.ready\"].value == 0) {emit(1)}" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", - "name": "daemonsets-ad-hoc", - "runtimeFieldMap": {}, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - } + "dff09473-7596-48c7-bbf4-beccee70d845": { + "columnOrder": [ + "6677e92c-5874-49c1-979e-c16c0d3838cd", + "46082fb5-9abc-42a0-8e4d-8a8d40a66ddf", + "307be273-94a6-41ab-b93b-0debde733492" + ], + "columns": { + "307be273-94a6-41ab-b93b-0debde733492": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "data_stream.dataset :\"kubernetes.container\" " + }, + "isBucketed": false, + "label": "Memory Used", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - "datasourceStates": { - "formBased": { - "layers": { - "b7b25285-ced1-481d-999e-1886b3463594": { - "columnOrder": [ - "e36fb66d-f9b0-46d3-aec4-52638d34d308", - "5b89a3a0-f94e-49c2-bc43-fdd4c7671ea5", - "0e2a3f8d-cc26-453d-bed1-b184e48756b2", - "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c" - ], - "columns": { - "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "not_ready: *" - }, - "isBucketed": false, - "label": "Not Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "not_ready" - }, - "0e2a3f8d-cc26-453d-bed1-b184e48756b2": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "ready: *" - }, - "isBucketed": false, - "label": "Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "ready" - }, - "5b89a3a0-f94e-49c2-bc43-fdd4c7671ea5": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "" - }, - "label": "Status" - } - ] - }, - "scale": "ordinal" - }, - "e36fb66d-f9b0-46d3-aec4-52638d34d308": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.daemonset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "0e2a3f8d-cc26-453d-bed1-b184e48756b2", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.daemonset.name" - } - }, - "incompleteColumns": {} - } - } - } + "showArrayValues": false, + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.container.memory.usage.bytes" + }, + "46082fb5-9abc-42a0-8e4d-8a8d40a66ddf": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "30s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "6677e92c-5874-49c1-979e-c16c0d3838cd": { + "dataType": "string", + "isBucketed": true, + "label": "Top 100000 values of kubernetes.container.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "customLabel": false, + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "params": {}, + "scale": "ratio", + "sourceField": "___records___" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "295ecdc5-f413-4f20-9f77-74927a10d33d", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_daemonset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_daemonset" - } - } - } - ], - "internalReferences": [ - { - "id": "295ecdc5-f413-4f20-9f77-74927a10d33d", - "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", - "type": "index-pattern" - } - ], - "query": { - "language": "kuery", - "query": "" + "orderBy": { + "type": "custom" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "0e2a3f8d-cc26-453d-bed1-b184e48756b2", - "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c" - ], - "collapseFn": "sum", - "layerId": "b7b25285-ced1-481d-999e-1886b3463594", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "e36fb66d-f9b0-46d3-aec4-52638d34d308", - "xAccessor": "5b89a3a0-f94e-49c2-bc43-fdd4c7671ea5", - "yConfig": [ - { - "color": "#bd271e", - "forAccessor": "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c" - }, - { - "color": "#00bfb3", - "forAccessor": "0e2a3f8d-cc26-453d-bed1-b184e48756b2" - } - ] - } - ], - "legend": { - "isVisible": false, - "position": "bottom", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "title": "Empty XY chart", - "valueLabels": "show", - "valuesInLegend": true, - "xTitle": "", - "yTitle": "" - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 100000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.container.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "21cde57c-0e69-4e4c-b3e9-659de2778d06", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "kubernetes.container", + "kubernetes.state_node" + ], + "type": "phrases", + "value": [ + "kubernetes.container", + "kubernetes.state_node" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "kubernetes.container" + } }, - "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": { - "dynamicActions": { - "events": [] + { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_node" + } } + ] + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fillOpacity": 0.5, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "307be273-94a6-41ab-b93b-0debde733492" + ], + "collapseFn": "sum", + "layerId": "dff09473-7596-48c7-bbf4-beccee70d845", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "seriesType": "area", + "splitAccessor": "6677e92c-5874-49c1-979e-c16c0d3838cd", + "xAccessor": "46082fb5-9abc-42a0-8e4d-8a8d40a66ddf", + "yConfig": [ + { + "axisMode": "left", + "color": "#00bfb3", + "forAccessor": "307be273-94a6-41ab-b93b-0debde733492" + } + ] + }, + { + "accessors": [ + "62125b6d-3199-420b-9d3b-46f159e15d7f" + ], + "collapseFn": "sum", + "layerId": "dfd1702f-213e-4fa2-98e3-5106657c62e7", + "layerType": "data", + "palette": { + "name": "negative", + "type": "palette" }, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "a45792c9-1600-4632-bf8e-a0a0984d82d9", - "w": 10, - "x": 28, - "y": 13 - }, - "panelIndex": "a45792c9-1600-4632-bf8e-a0a0984d82d9", - "title": "DaemonSets", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "seriesType": "line", + "splitAccessor": "f0953a4e-8498-4b22-a63a-d24e4a069ed3", + "xAccessor": "5c33dcdb-21de-4bdc-b564-ba82ed037d11", + "yConfig": [ + { + "axisMode": "left", + "color": "#bd271e", + "forAccessor": "62125b6d-3199-420b-9d3b-46f159e15d7f" + } + ] + } + ], + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "top", + "shouldTruncate": true, + "showSingleSeries": true + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "xTitle": "", + "yLeftExtent": { + "mode": "full" + }, + "yLeftScale": "linear", + "yRightExtent": { + "mode": "full" + }, + "yRightScale": "linear", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [], - "state": { - "adHocDataViews": { - "0fa53a1e-0589-4380-b700-70dd489a33de": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "0fa53a1e-0589-4380-b700-70dd489a33de", - "name": "state-pods-adhoc", - "runtimeFieldMap": { - "failed": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "not_running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "pending": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" - }, - "type": "long" - }, - "running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" - }, - "type": "long" - }, - "succeeded": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "dbfaeb6f-4fff-4043-8bf8-19d5345fd339": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "dbfaeb6f-4fff-4043-8bf8-19d5345fd339", - "name": "state_replicaset_ad-hoc", - "runtimeFieldMap": { - "not_ready": { - "script": { - "source": "def ready = doc['kubernetes.replicaset.replicas.ready'].value;\ndef des = doc['kubernetes.replicaset.replicas.desired'].value;\nemit(des-ready)" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", - "name": "daemonsets-ad-hoc", - "runtimeFieldMap": {}, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - } - }, - "datasourceStates": { - "formBased": { - "layers": { - "b7b25285-ced1-481d-999e-1886b3463594": { - "columnOrder": [ - "fcc76997-5b49-416b-81ba-37d65ea25296", - "446fc0b3-a6c8-4f4d-914b-748d488083a1", - "a51a9822-167b-4b8f-b7a6-3051da30164b", - "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920" - ], - "columns": { - "446fc0b3-a6c8-4f4d-914b-748d488083a1": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "" - }, - "label": "Status" - } - ] - }, - "scale": "ordinal" - }, - "a51a9822-167b-4b8f-b7a6-3051da30164b": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.replicaset.replicas.ready: *" - }, - "isBucketed": false, - "label": "Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "kubernetes.replicaset.replicas.ready" - }, - "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "not_ready: *" - }, - "isBucketed": false, - "label": "Not Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "not_ready" - }, - "fcc76997-5b49-416b-81ba-37d65ea25296": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.replicaset.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "a51a9822-167b-4b8f-b7a6-3051da30164b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.replicaset.name" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Memory used vs total memory" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "a45792c9-1600-4632-bf8e-a0a0984d82d9", + "w": 10, + "x": 28, + "y": 13 + }, + "panelIndex": "a45792c9-1600-4632-bf8e-a0a0984d82d9", + "embeddableConfig": { + "attributes": { + "references": [], + "state": { + "adHocDataViews": { + "0fa53a1e-0589-4380-b700-70dd489a33de": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "0fa53a1e-0589-4380-b700-70dd489a33de", + "name": "state-pods-adhoc", + "runtimeFieldMap": { + "failed": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "not_running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "pending": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" + }, + "type": "long" + }, + "running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" + }, + "type": "long" + }, + "succeeded": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "295ecdc5-f413-4f20-9f77-74927a10d33d": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "295ecdc5-f413-4f20-9f77-74927a10d33d", + "name": "state_daemonset-ad-hoc", + "runtimeFieldMap": { + "not_ready": { + "script": { + "source": "if (doc[\"kubernetes.daemonset.replicas.desired\"].value - doc[\"kubernetes.daemonset.replicas.ready\"].value != 0) {emit(1)}" + }, + "type": "long" + }, + "ready": { + "script": { + "source": "if (doc[\"kubernetes.daemonset.replicas.desired\"].value - doc[\"kubernetes.daemonset.replicas.ready\"].value == 0) {emit(1)}" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", + "name": "daemonsets-ad-hoc", + "runtimeFieldMap": {}, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + } + }, + "datasourceStates": { + "formBased": { + "layers": { + "b7b25285-ced1-481d-999e-1886b3463594": { + "columnOrder": [ + "e36fb66d-f9b0-46d3-aec4-52638d34d308", + "5b89a3a0-f94e-49c2-bc43-fdd4c7671ea5", + "0e2a3f8d-cc26-453d-bed1-b184e48756b2", + "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c" + ], + "columns": { + "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "not_ready: *" + }, + "isBucketed": false, + "label": "Not Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "not_ready" + }, + "0e2a3f8d-cc26-453d-bed1-b184e48756b2": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "ready: *" + }, + "isBucketed": false, + "label": "Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "ready" + }, + "5b89a3a0-f94e-49c2-bc43-fdd4c7671ea5": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "dbfaeb6f-4fff-4043-8bf8-19d5345fd339", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_replicaset" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_replicaset" - } - } - } - ], - "internalReferences": [ - { - "id": "dbfaeb6f-4fff-4043-8bf8-19d5345fd339", - "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", - "type": "index-pattern" - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "a51a9822-167b-4b8f-b7a6-3051da30164b", - "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920" - ], - "collapseFn": "sum", - "layerId": "b7b25285-ced1-481d-999e-1886b3463594", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "fcc76997-5b49-416b-81ba-37d65ea25296", - "xAccessor": "446fc0b3-a6c8-4f4d-914b-748d488083a1", - "yConfig": [ - { - "color": "#bd271e", - "forAccessor": "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920" - }, - { - "color": "#00bfb3", - "forAccessor": "a51a9822-167b-4b8f-b7a6-3051da30164b" - } - ] - } - ], - "legend": { - "isVisible": false, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "title": "Empty XY chart", - "valueLabels": "show", - "xTitle": "", - "yTitle": "" - } + { + "input": { + "language": "kuery", + "query": "" + }, + "label": "Status" + } + ] + }, + "scale": "ordinal" }, - "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": { - "dynamicActions": { - "events": [] + "e36fb66d-f9b0-46d3-aec4-52638d34d308": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.daemonset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "0e2a3f8d-cc26-453d-bed1-b184e48756b2", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.daemonset.name" } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "295ecdc5-f413-4f20-9f77-74927a10d33d", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_daemonset" }, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "eb118cf7-b033-4bcf-acdf-dab0b5da73e7", - "w": 10, - "x": 38, - "y": 13 - }, - "panelIndex": "eb118cf7-b033-4bcf-acdf-dab0b5da73e7", - "title": "ReplicaSets", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_daemonset" + } + } + } + ], + "internalReferences": [ + { + "id": "295ecdc5-f413-4f20-9f77-74927a10d33d", + "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", + "type": "index-pattern" + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "0e2a3f8d-cc26-453d-bed1-b184e48756b2", + "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c" + ], + "collapseFn": "sum", + "layerId": "b7b25285-ced1-481d-999e-1886b3463594", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "e36fb66d-f9b0-46d3-aec4-52638d34d308", + "xAccessor": "5b89a3a0-f94e-49c2-bc43-fdd4c7671ea5", + "yConfig": [ + { + "color": "#bd271e", + "forAccessor": "05b6d6a0-0ed8-4f14-a3e4-68071b01b03c" + }, + { + "color": "#00bfb3", + "forAccessor": "0e2a3f8d-cc26-453d-bed1-b184e48756b2" + } + ] + } + ], + "legend": { + "isVisible": false, + "position": "bottom", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "title": "Empty XY chart", + "valueLabels": "show", + "valuesInLegend": true, + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-2ca9773d-0221-478b-b8bc-90bb8d439f33", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "5c81359c-376d-41bd-984d-60fb106f2e33", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "2ca9773d-0221-478b-b8bc-90bb8d439f33": { - "columnOrder": [ - "76e50af3-9df6-42c7-9b0e-eea21ab3650f", - "1a2ebd5d-82b1-4cf8-a934-152a5726a82f", - "0f308b41-fbc2-41aa-beef-ba6412224944" - ], - "columns": { - "0f308b41-fbc2-41aa-beef-ba6412224944": { - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.status.phase : \"running\" " - }, - "isBucketed": false, - "label": "Unique count of kubernetes.pod.name", - "operationType": "unique_count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.name" - }, - "1a2ebd5d-82b1-4cf8-a934-152a5726a82f": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "" - }, - "label": "Pods per Namespace" - } - ] - }, - "scale": "ordinal" - }, - "76e50af3-9df6-42c7-9b0e-eea21ab3650f": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of kubernetes.namespace", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0f308b41-fbc2-41aa-beef-ba6412224944", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "kubernetes.namespace" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "DaemonSets" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "eb118cf7-b033-4bcf-acdf-dab0b5da73e7", + "w": 10, + "x": 38, + "y": 13 + }, + "panelIndex": "eb118cf7-b033-4bcf-acdf-dab0b5da73e7", + "embeddableConfig": { + "attributes": { + "references": [], + "state": { + "adHocDataViews": { + "0fa53a1e-0589-4380-b700-70dd489a33de": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "0fa53a1e-0589-4380-b700-70dd489a33de", + "name": "state-pods-adhoc", + "runtimeFieldMap": { + "failed": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "not_running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "pending": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" + }, + "type": "long" + }, + "running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" + }, + "type": "long" + }, + "succeeded": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "dbfaeb6f-4fff-4043-8bf8-19d5345fd339": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "dbfaeb6f-4fff-4043-8bf8-19d5345fd339", + "name": "state_replicaset_ad-hoc", + "runtimeFieldMap": { + "not_ready": { + "script": { + "source": "def ready = doc['kubernetes.replicaset.replicas.ready'].value;\ndef des = doc['kubernetes.replicaset.replicas.desired'].value;\nemit(des-ready)" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", + "name": "daemonsets-ad-hoc", + "runtimeFieldMap": {}, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + } + }, + "datasourceStates": { + "formBased": { + "layers": { + "b7b25285-ced1-481d-999e-1886b3463594": { + "columnOrder": [ + "fcc76997-5b49-416b-81ba-37d65ea25296", + "446fc0b3-a6c8-4f4d-914b-748d488083a1", + "a51a9822-167b-4b8f-b7a6-3051da30164b", + "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920" + ], + "columns": { + "446fc0b3-a6c8-4f4d-914b-748d488083a1": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "5c81359c-376d-41bd-984d-60fb106f2e33", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_pod" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "0f308b41-fbc2-41aa-beef-ba6412224944" - ], - "layerId": "2ca9773d-0221-478b-b8bc-90bb8d439f33", - "layerType": "data", - "palette": { - "name": "status", - "type": "palette" - }, - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "76e50af3-9df6-42c7-9b0e-eea21ab3650f", - "xAccessor": "1a2ebd5d-82b1-4cf8-a934-152a5726a82f" - } - ], - "legend": { - "isVisible": false, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "title": "Empty XY chart", - "valueLabels": "show", - "xTitle": "", - "yTitle": "" - } + { + "input": { + "language": "kuery", + "query": "" + }, + "label": "Status" + } + ] + }, + "scale": "ordinal" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "a51a9822-167b-4b8f-b7a6-3051da30164b": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.replicaset.replicas.ready: *" + }, + "isBucketed": false, + "label": "Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "kubernetes.replicaset.replicas.ready" + }, + "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "not_ready: *" + }, + "isBucketed": false, + "label": "Not Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "not_ready" + }, + "fcc76997-5b49-416b-81ba-37d65ea25296": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.replicaset.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "a51a9822-167b-4b8f-b7a6-3051da30164b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.replicaset.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "dbfaeb6f-4fff-4043-8bf8-19d5345fd339", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_replicaset" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "64dd7c4e-b503-4cc4-8c61-e17c52204b54", - "w": 9, - "x": 0, - "y": 13 - }, - "panelIndex": "64dd7c4e-b503-4cc4-8c61-e17c52204b54", - "title": "Running pods per namespace", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_replicaset" + } + } + } + ], + "internalReferences": [ + { + "id": "dbfaeb6f-4fff-4043-8bf8-19d5345fd339", + "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", + "type": "index-pattern" + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "a51a9822-167b-4b8f-b7a6-3051da30164b", + "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920" + ], + "collapseFn": "sum", + "layerId": "b7b25285-ced1-481d-999e-1886b3463594", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "fcc76997-5b49-416b-81ba-37d65ea25296", + "xAccessor": "446fc0b3-a6c8-4f4d-914b-748d488083a1", + "yConfig": [ + { + "color": "#bd271e", + "forAccessor": "e8f5e7ee-1dc9-46e8-b43a-18f7a358d920" + }, + { + "color": "#00bfb3", + "forAccessor": "a51a9822-167b-4b8f-b7a6-3051da30164b" + } + ] + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "title": "Empty XY chart", + "valueLabels": "show", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [], - "state": { - "adHocDataViews": { - "0fa53a1e-0589-4380-b700-70dd489a33de": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "0fa53a1e-0589-4380-b700-70dd489a33de", - "name": "state-pods-adhoc", - "runtimeFieldMap": { - "failed": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "not_running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "pending": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" - }, - "type": "long" - }, - "running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" - }, - "type": "long" - }, - "succeeded": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - } + "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "ReplicaSets" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "64dd7c4e-b503-4cc4-8c61-e17c52204b54", + "w": 9, + "x": 0, + "y": 13 + }, + "panelIndex": "64dd7c4e-b503-4cc4-8c61-e17c52204b54", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2ca9773d-0221-478b-b8bc-90bb8d439f33", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "5c81359c-376d-41bd-984d-60fb106f2e33", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2ca9773d-0221-478b-b8bc-90bb8d439f33": { + "columnOrder": [ + "76e50af3-9df6-42c7-9b0e-eea21ab3650f", + "1a2ebd5d-82b1-4cf8-a934-152a5726a82f", + "0f308b41-fbc2-41aa-beef-ba6412224944" + ], + "columns": { + "0f308b41-fbc2-41aa-beef-ba6412224944": { + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.status.phase : \"running\" " + }, + "isBucketed": false, + "label": "Unique count of kubernetes.pod.name", + "operationType": "unique_count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.name" + }, + "1a2ebd5d-82b1-4cf8-a934-152a5726a82f": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "" + }, + "label": "Pods per Namespace" + } + ] + }, + "scale": "ordinal" + }, + "76e50af3-9df6-42c7-9b0e-eea21ab3650f": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of kubernetes.namespace", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0f308b41-fbc2-41aa-beef-ba6412224944", + "type": "column" }, - "datasourceStates": { - "formBased": { - "layers": { - "b7b25285-ced1-481d-999e-1886b3463594": { - "columnOrder": [ - "3d69345e-fb52-485a-8762-fdfaf09ea013", - "1699b42c-8ab5-43dc-a722-6d70911eae94", - "1c9e34cf-591d-4a4f-9999-67e95918e933", - "92280dfe-0252-4993-9c5d-28764c18bc13", - "1df45e80-f287-4f85-9f8e-6efaddff0f77", - "866856c3-c189-4457-9240-ab6a9d2df75d" - ], - "columns": { - "1699b42c-8ab5-43dc-a722-6d70911eae94": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "*" - }, - "label": "Status" - } - ] - }, - "scale": "ordinal" - }, - "1c9e34cf-591d-4a4f-9999-67e95918e933": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "running: *" - }, - "isBucketed": false, - "label": "Running", - "operationType": "last_value", - "params": { - "showArrayValues": false, - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "running" - }, - "1df45e80-f287-4f85-9f8e-6efaddff0f77": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "pending: *" - }, - "isBucketed": false, - "label": "Pending", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "pending" - }, - "3d69345e-fb52-485a-8762-fdfaf09ea013": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "1df45e80-f287-4f85-9f8e-6efaddff0f77", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - }, - "866856c3-c189-4457-9240-ab6a9d2df75d": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "failed: *" - }, - "isBucketed": false, - "label": "Failed", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "failed" - }, - "92280dfe-0252-4993-9c5d-28764c18bc13": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "succeeded: *" - }, - "isBucketed": false, - "label": "Succeeded", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "succeeded" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "kubernetes.namespace" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5c81359c-376d-41bd-984d-60fb106f2e33", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_pod" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_pod" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "0f308b41-fbc2-41aa-beef-ba6412224944" + ], + "layerId": "2ca9773d-0221-478b-b8bc-90bb8d439f33", + "layerType": "data", + "palette": { + "name": "status", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "76e50af3-9df6-42c7-9b0e-eea21ab3650f", + "xAccessor": "1a2ebd5d-82b1-4cf8-a934-152a5726a82f" + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "title": "Empty XY chart", + "valueLabels": "show", + "xTitle": "", + "yTitle": "" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Running pods per namespace" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "91e43cd8-5259-43a8-b9d7-a098875ae5b3", + "w": 9, + "x": 9, + "y": 13 + }, + "panelIndex": "91e43cd8-5259-43a8-b9d7-a098875ae5b3", + "embeddableConfig": { + "attributes": { + "references": [], + "state": { + "adHocDataViews": { + "0fa53a1e-0589-4380-b700-70dd489a33de": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "0fa53a1e-0589-4380-b700-70dd489a33de", + "name": "state-pods-adhoc", + "runtimeFieldMap": { + "failed": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "not_running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "pending": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" + }, + "type": "long" + }, + "running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" + }, + "type": "long" + }, + "succeeded": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + } + }, + "datasourceStates": { + "formBased": { + "layers": { + "b7b25285-ced1-481d-999e-1886b3463594": { + "columnOrder": [ + "3d69345e-fb52-485a-8762-fdfaf09ea013", + "1699b42c-8ab5-43dc-a722-6d70911eae94", + "1c9e34cf-591d-4a4f-9999-67e95918e933", + "92280dfe-0252-4993-9c5d-28764c18bc13", + "1df45e80-f287-4f85-9f8e-6efaddff0f77", + "866856c3-c189-4457-9240-ab6a9d2df75d" + ], + "columns": { + "1699b42c-8ab5-43dc-a722-6d70911eae94": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "0fa53a1e-0589-4380-b700-70dd489a33de", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_pod" - } - } - } - ], - "internalReferences": [ - { - "id": "0fa53a1e-0589-4380-b700-70dd489a33de", - "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", - "type": "index-pattern" - } - ], - "query": { - "language": "kuery", - "query": "" + { + "input": { + "language": "kuery", + "query": "*" + }, + "label": "Status" + } + ] + }, + "scale": "ordinal" + }, + "1c9e34cf-591d-4a4f-9999-67e95918e933": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "running: *" + }, + "isBucketed": false, + "label": "Running", + "operationType": "last_value", + "params": { + "showArrayValues": false, + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "running" + }, + "1df45e80-f287-4f85-9f8e-6efaddff0f77": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "pending: *" + }, + "isBucketed": false, + "label": "Pending", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "pending" + }, + "3d69345e-fb52-485a-8762-fdfaf09ea013": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "1df45e80-f287-4f85-9f8e-6efaddff0f77", + "type": "column" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "1c9e34cf-591d-4a4f-9999-67e95918e933", - "92280dfe-0252-4993-9c5d-28764c18bc13", - "1df45e80-f287-4f85-9f8e-6efaddff0f77", - "866856c3-c189-4457-9240-ab6a9d2df75d" - ], - "collapseFn": "sum", - "layerId": "b7b25285-ced1-481d-999e-1886b3463594", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "3d69345e-fb52-485a-8762-fdfaf09ea013", - "xAccessor": "1699b42c-8ab5-43dc-a722-6d70911eae94", - "yConfig": [ - { - "color": "#bd271e", - "forAccessor": "866856c3-c189-4457-9240-ab6a9d2df75d" - }, - { - "color": "#fec514", - "forAccessor": "1df45e80-f287-4f85-9f8e-6efaddff0f77" - }, - { - "color": "#00bfb3", - "forAccessor": "1c9e34cf-591d-4a4f-9999-67e95918e933" - }, - { - "color": "#0077cc", - "forAccessor": "92280dfe-0252-4993-9c5d-28764c18bc13" - } - ] - } - ], - "legend": { - "horizontalAlignment": "right", - "isInside": false, - "isVisible": false, - "maxLines": 1, - "position": "bottom", - "shouldTruncate": true, - "showSingleSeries": false, - "verticalAlignment": "bottom" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "title": "Empty XY chart", - "valueLabels": "show", - "valuesInLegend": true, - "xTitle": "", - "yTitle": "" - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" }, - "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": { - "dynamicActions": { - "events": [] + "866856c3-c189-4457-9240-ab6a9d2df75d": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "failed: *" + }, + "isBucketed": false, + "label": "Failed", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "failed" + }, + "92280dfe-0252-4993-9c5d-28764c18bc13": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "succeeded: *" + }, + "isBucketed": false, + "label": "Succeeded", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "succeeded" } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "0fa53a1e-0589-4380-b700-70dd489a33de", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_pod" }, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "91e43cd8-5259-43a8-b9d7-a098875ae5b3", - "w": 9, - "x": 9, - "y": 13 - }, - "panelIndex": "91e43cd8-5259-43a8-b9d7-a098875ae5b3", - "title": "Pods", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_pod" + } + } + } + ], + "internalReferences": [ + { + "id": "0fa53a1e-0589-4380-b700-70dd489a33de", + "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", + "type": "index-pattern" + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "1c9e34cf-591d-4a4f-9999-67e95918e933", + "92280dfe-0252-4993-9c5d-28764c18bc13", + "1df45e80-f287-4f85-9f8e-6efaddff0f77", + "866856c3-c189-4457-9240-ab6a9d2df75d" + ], + "collapseFn": "sum", + "layerId": "b7b25285-ced1-481d-999e-1886b3463594", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "3d69345e-fb52-485a-8762-fdfaf09ea013", + "xAccessor": "1699b42c-8ab5-43dc-a722-6d70911eae94", + "yConfig": [ + { + "color": "#bd271e", + "forAccessor": "866856c3-c189-4457-9240-ab6a9d2df75d" + }, + { + "color": "#fec514", + "forAccessor": "1df45e80-f287-4f85-9f8e-6efaddff0f77" + }, + { + "color": "#00bfb3", + "forAccessor": "1c9e34cf-591d-4a4f-9999-67e95918e933" + }, + { + "color": "#0077cc", + "forAccessor": "92280dfe-0252-4993-9c5d-28764c18bc13" + } + ] + } + ], + "legend": { + "horizontalAlignment": "right", + "isInside": false, + "isVisible": false, + "maxLines": 1, + "position": "bottom", + "shouldTruncate": true, + "showSingleSeries": false, + "verticalAlignment": "bottom" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "title": "Empty XY chart", + "valueLabels": "show", + "valuesInLegend": true, + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [], - "state": { - "adHocDataViews": { - "0b9c02fc-3c21-47e2-abed-31cbc41b11cc": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "0b9c02fc-3c21-47e2-abed-31cbc41b11cc", - "name": "state_deployment-ad-hoc", - "runtimeFieldMap": { - "not_ready": { - "script": { - "source": "if (doc[\"kubernetes.deployment.replicas.desired\"].value - doc[\"kubernetes.deployment.replicas.available\"].value != 0) { emit(1) }" - }, - "type": "long" - }, - "ready": { - "script": { - "source": "if (doc[\"kubernetes.deployment.replicas.desired\"].value - doc[\"kubernetes.deployment.replicas.available\"].value == 0) { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "0fa53a1e-0589-4380-b700-70dd489a33de": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "0fa53a1e-0589-4380-b700-70dd489a33de", - "name": "state-pods-adhoc", - "runtimeFieldMap": { - "failed": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "not_running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" - }, - "type": "long" - }, - "pending": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" - }, - "type": "long" - }, - "running": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" - }, - "type": "long" - }, - "succeeded": { - "script": { - "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "34c15200-5232-4a16-8fb0-36ca5a194638": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "34c15200-5232-4a16-8fb0-36ca5a194638", - "name": "deployments-ad-hoc", - "runtimeFieldMap": { - "not_running": { - "script": { - "source": "if (doc['kubernetes.deployment.paused'].value == true) { emit(1) }" - }, - "type": "long" - }, - "running": { - "script": { - "source": "if (doc['kubernetes.deployment.paused'].value == false) { emit(1) }" - }, - "type": "long" - } - }, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - }, - "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { - "allowNoIndex": false, - "fieldAttrs": {}, - "fieldFormats": {}, - "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", - "name": "daemonsets-ad-hoc", - "runtimeFieldMap": {}, - "sourceFilters": [], - "timeFieldName": "@timestamp", - "title": "metrics-*,*:metrics-*" - } - }, - "datasourceStates": { - "formBased": { - "layers": { - "b7b25285-ced1-481d-999e-1886b3463594": { - "columnOrder": [ - "6690f3c6-3a05-47e0-8f98-5baea37f351c", - "2b790ab1-6a55-4c4c-9131-964752309c72", - "143fa2b5-a63f-4d51-9207-f6e3441dd124", - "16807879-5684-4aab-9b80-cc701f820e68" - ], - "columns": { - "143fa2b5-a63f-4d51-9207-f6e3441dd124": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "ready: *" - }, - "isBucketed": false, - "label": "Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "ready" - }, - "16807879-5684-4aab-9b80-cc701f820e68": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "not_ready: *" - }, - "isBucketed": false, - "label": "Not Ready", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "reducedTimeRange": "1m", - "scale": "ratio", - "sourceField": "not_ready" - }, - "2b790ab1-6a55-4c4c-9131-964752309c72": { - "dataType": "string", - "isBucketed": true, - "label": "Filters", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "" - }, - "label": "Status" - } - ] - }, - "scale": "ordinal" - }, - "6690f3c6-3a05-47e0-8f98-5baea37f351c": { - "dataType": "string", - "isBucketed": true, - "label": "Top 10000 values of kubernetes.deployment.name", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "columnId": "143fa2b5-a63f-4d51-9207-f6e3441dd124", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.deployment.name" - } - }, - "incompleteColumns": {} - } - } - } - }, + "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Pods" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "9543898d-c036-4680-b122-45fe721c0226", + "w": 10, + "x": 18, + "y": 13 + }, + "panelIndex": "9543898d-c036-4680-b122-45fe721c0226", + "embeddableConfig": { + "attributes": { + "references": [], + "state": { + "adHocDataViews": { + "0b9c02fc-3c21-47e2-abed-31cbc41b11cc": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "0b9c02fc-3c21-47e2-abed-31cbc41b11cc", + "name": "state_deployment-ad-hoc", + "runtimeFieldMap": { + "not_ready": { + "script": { + "source": "if (doc[\"kubernetes.deployment.replicas.desired\"].value - doc[\"kubernetes.deployment.replicas.available\"].value != 0) { emit(1) }" + }, + "type": "long" + }, + "ready": { + "script": { + "source": "if (doc[\"kubernetes.deployment.replicas.desired\"].value - doc[\"kubernetes.deployment.replicas.available\"].value == 0) { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "0fa53a1e-0589-4380-b700-70dd489a33de": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "0fa53a1e-0589-4380-b700-70dd489a33de", + "name": "state-pods-adhoc", + "runtimeFieldMap": { + "failed": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "not_running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\" || doc['kubernetes.pod.status.phase'].value == \"failed\") { emit(1) }" + }, + "type": "long" + }, + "pending": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"pending\") { emit(1) }" + }, + "type": "long" + }, + "running": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"running\") { emit(1) }" + }, + "type": "long" + }, + "succeeded": { + "script": { + "source": "if (doc['kubernetes.pod.status.phase'].value == \"succeeded\") { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "34c15200-5232-4a16-8fb0-36ca5a194638": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "34c15200-5232-4a16-8fb0-36ca5a194638", + "name": "deployments-ad-hoc", + "runtimeFieldMap": { + "not_running": { + "script": { + "source": "if (doc['kubernetes.deployment.paused'].value == true) { emit(1) }" + }, + "type": "long" + }, + "running": { + "script": { + "source": "if (doc['kubernetes.deployment.paused'].value == false) { emit(1) }" + }, + "type": "long" + } + }, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + }, + "f8fa576a-6f91-4a11-a43d-7f3964869d7d": { + "allowNoIndex": false, + "fieldAttrs": {}, + "fieldFormats": {}, + "id": "f8fa576a-6f91-4a11-a43d-7f3964869d7d", + "name": "daemonsets-ad-hoc", + "runtimeFieldMap": {}, + "sourceFilters": [], + "timeFieldName": "@timestamp", + "title": "metrics-*,*:metrics-*" + } + }, + "datasourceStates": { + "formBased": { + "layers": { + "b7b25285-ced1-481d-999e-1886b3463594": { + "columnOrder": [ + "6690f3c6-3a05-47e0-8f98-5baea37f351c", + "2b790ab1-6a55-4c4c-9131-964752309c72", + "143fa2b5-a63f-4d51-9207-f6e3441dd124", + "16807879-5684-4aab-9b80-cc701f820e68" + ], + "columns": { + "143fa2b5-a63f-4d51-9207-f6e3441dd124": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "ready: *" + }, + "isBucketed": false, + "label": "Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "ready" + }, + "16807879-5684-4aab-9b80-cc701f820e68": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "not_ready: *" + }, + "isBucketed": false, + "label": "Not Ready", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "reducedTimeRange": "1m", + "scale": "ratio", + "sourceField": "not_ready" + }, + "2b790ab1-6a55-4c4c-9131-964752309c72": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "0b9c02fc-3c21-47e2-abed-31cbc41b11cc", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_deployment" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_deployment" - } - } - } - ], - "internalReferences": [ - { - "id": "0b9c02fc-3c21-47e2-abed-31cbc41b11cc", - "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", - "type": "index-pattern" - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "143fa2b5-a63f-4d51-9207-f6e3441dd124", - "16807879-5684-4aab-9b80-cc701f820e68" - ], - "collapseFn": "sum", - "layerId": "b7b25285-ced1-481d-999e-1886b3463594", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "6690f3c6-3a05-47e0-8f98-5baea37f351c", - "xAccessor": "2b790ab1-6a55-4c4c-9131-964752309c72", - "yConfig": [ - { - "color": "#bd271e", - "forAccessor": "16807879-5684-4aab-9b80-cc701f820e68" - }, - { - "color": "#00bfb3", - "forAccessor": "143fa2b5-a63f-4d51-9207-f6e3441dd124" - } - ] - } - ], - "legend": { - "isVisible": false, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "title": "Empty XY chart", - "valueLabels": "show", - "xTitle": "", - "yTitle": "" - } + { + "input": { + "language": "kuery", + "query": "" + }, + "label": "Status" + } + ] + }, + "scale": "ordinal" }, - "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": { - "dynamicActions": { - "events": [] + "6690f3c6-3a05-47e0-8f98-5baea37f351c": { + "dataType": "string", + "isBucketed": true, + "label": "Top 10000 values of kubernetes.deployment.name", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "columnId": "143fa2b5-a63f-4d51-9207-f6e3441dd124", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 10000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.deployment.name" } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "0b9c02fc-3c21-47e2-abed-31cbc41b11cc", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_deployment" }, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "9543898d-c036-4680-b122-45fe721c0226", - "w": 10, - "x": 18, - "y": 13 - }, - "panelIndex": "9543898d-c036-4680-b122-45fe721c0226", - "title": "Deployments", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_deployment" + } + } + } + ], + "internalReferences": [ + { + "id": "0b9c02fc-3c21-47e2-abed-31cbc41b11cc", + "name": "indexpattern-datasource-layer-b7b25285-ced1-481d-999e-1886b3463594", + "type": "index-pattern" + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "143fa2b5-a63f-4d51-9207-f6e3441dd124", + "16807879-5684-4aab-9b80-cc701f820e68" + ], + "collapseFn": "sum", + "layerId": "b7b25285-ced1-481d-999e-1886b3463594", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "6690f3c6-3a05-47e0-8f98-5baea37f351c", + "xAccessor": "2b790ab1-6a55-4c4c-9131-964752309c72", + "yConfig": [ + { + "color": "#bd271e", + "forAccessor": "16807879-5684-4aab-9b80-cc701f820e68" + }, + { + "color": "#00bfb3", + "forAccessor": "143fa2b5-a63f-4d51-9207-f6e3441dd124" + } + ] + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "title": "Empty XY chart", + "valueLabels": "show", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", - "type": "index-pattern" + "title": "Total Pods per Namespace [Metrics Kubernetes] (copy 1)", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": { + "dynamicActions": { + "events": [] + } + }, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Deployments" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "14ceb02d-63b6-448a-85fe-28a9e974e80c", + "w": 24, + "x": 0, + "y": 19 + }, + "panelIndex": "14ceb02d-63b6-448a-85fe-28a9e974e80c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a06a30d5-05f1-46ea-9075-3e6051f5781a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "9c0b0d2f-c443-4c41-b55c-c7ad0db60302", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "06a776d4-f25a-45c0-a54e-82d0cb913047": { + "columnOrder": [ + "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", + "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" + ], + "columns": { + "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.cpu.usage.limit.pct: *" + }, + "isBucketed": false, + "label": "Average Pod CPU Usage ", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "a06a30d5-05f1-46ea-9075-3e6051f5781a", - "type": "index-pattern" + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.cpu.usage.limit.pct" + }, + "f4242bda-ae9c-4d7c-8cda-43f56c38acb5": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": true, + "missingBucket": false, + "orderBy": { + "columnId": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c", + "type": "column" }, - { - "id": "metrics-*", - "name": "9c0b0d2f-c443-4c41-b55c-c7ad0db60302", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "06a776d4-f25a-45c0-a54e-82d0cb913047": { - "columnOrder": [ - "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", - "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" - ], - "columns": { - "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.cpu.usage.limit.pct: *" - }, - "isBucketed": false, - "label": "Average Pod CPU Usage ", - "operationType": "last_value", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.cpu.usage.limit.pct" - }, - "f4242bda-ae9c-4d7c-8cda-43f56c38acb5": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": true, - "missingBucket": false, - "orderBy": { - "columnId": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a06a30d5-05f1-46ea-9075-3e6051f5781a", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "9c0b0d2f-c443-4c41-b55c-c7ad0db60302", - "key": "kubernetes.pod.cpu.usage.limit.pct", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.pod.cpu.usage.limit.pct" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" - ], - "layerId": "06a776d4-f25a-45c0-a54e-82d0cb913047", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", - "yConfig": [ - { - "color": "#00bfb3", - "forAccessor": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" - } - ] - } - ], - "legend": { - "isVisible": false, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "valueLabels": "show", - "xTitle": "", - "yTitle": "" - } - }, - "title": "Cpu Usage per Namespace [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsXY" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "a06a30d5-05f1-46ea-9075-3e6051f5781a", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "14ceb02d-63b6-448a-85fe-28a9e974e80c", - "w": 24, - "x": 0, - "y": 19 - }, - "panelIndex": "14ceb02d-63b6-448a-85fe-28a9e974e80c", - "title": "Top CPU intensive pods", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "9c0b0d2f-c443-4c41-b55c-c7ad0db60302", + "key": "kubernetes.pod.cpu.usage.limit.pct", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.pod.cpu.usage.limit.pct" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" + ], + "layerId": "06a776d4-f25a-45c0-a54e-82d0cb913047", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", + "yConfig": [ + { + "color": "#00bfb3", + "forAccessor": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" + } + ] + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "valueLabels": "show", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", - "type": "index-pattern" + "title": "Cpu Usage per Namespace [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top CPU intensive pods" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "783789d4-8473-40f5-acf0-7ae5c850cd3e", + "w": 24, + "x": 24, + "y": 19 + }, + "panelIndex": "783789d4-8473-40f5-acf0-7ae5c850cd3e", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "8769bfd6-a9c7-4bab-b048-0e2fcffe8114", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d79e5279-bd92-48b0-bd92-767cf6b8892d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "06a776d4-f25a-45c0-a54e-82d0cb913047": { + "columnOrder": [ + "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", + "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" + ], + "columns": { + "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.pod.memory.usage.limit.pct: *" + }, + "isBucketed": false, + "label": "Average Pod memory Usage ", + "operationType": "last_value", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "8769bfd6-a9c7-4bab-b048-0e2fcffe8114", - "type": "index-pattern" + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.pod.memory.usage.limit.pct" + }, + "f4242bda-ae9c-4d7c-8cda-43f56c38acb5": { + "dataType": "string", + "isBucketed": true, + "label": "Top 5 values of kubernetes.pod.name", + "operationType": "terms", + "params": { + "accuracyMode": true, + "missingBucket": false, + "orderBy": { + "columnId": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c", + "type": "column" }, - { - "id": "metrics-*", - "name": "d79e5279-bd92-48b0-bd92-767cf6b8892d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "06a776d4-f25a-45c0-a54e-82d0cb913047": { - "columnOrder": [ - "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", - "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" - ], - "columns": { - "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.pod.memory.usage.limit.pct: *" - }, - "isBucketed": false, - "label": "Average Pod memory Usage ", - "operationType": "last_value", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 2 - } - }, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.pod.memory.usage.limit.pct" - }, - "f4242bda-ae9c-4d7c-8cda-43f56c38acb5": { - "dataType": "string", - "isBucketed": true, - "label": "Top 5 values of kubernetes.pod.name", - "operationType": "terms", - "params": { - "accuracyMode": true, - "missingBucket": false, - "orderBy": { - "columnId": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "kubernetes.pod.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "8769bfd6-a9c7-4bab-b048-0e2fcffe8114", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.pod" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.pod" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "d79e5279-bd92-48b0-bd92-767cf6b8892d", - "key": "kubernetes.pod.memory.usage.limit.pct", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.pod.memory.usage.limit.pct" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" - ], - "layerId": "06a776d4-f25a-45c0-a54e-82d0cb913047", - "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", - "yConfig": [ - { - "color": "#00bfb3", - "forAccessor": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" - } - ] - } - ], - "legend": { - "isVisible": false, - "position": "right", - "showSingleSeries": false - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": false, - "yRight": true - }, - "valueLabels": "show", - "xTitle": "", - "yTitle": "" - } - }, - "title": "Cpu Usage per Namespace [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsXY" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "kubernetes.pod.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "8769bfd6-a9c7-4bab-b048-0e2fcffe8114", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.pod" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "783789d4-8473-40f5-acf0-7ae5c850cd3e", - "w": 24, - "x": 24, - "y": 19 - }, - "panelIndex": "783789d4-8473-40f5-acf0-7ae5c850cd3e", - "title": "Top memory intensive pods", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.pod" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "d79e5279-bd92-48b0-bd92-767cf6b8892d", + "key": "kubernetes.pod.memory.usage.limit.pct", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.pod.memory.usage.limit.pct" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" + ], + "layerId": "06a776d4-f25a-45c0-a54e-82d0cb913047", + "layerType": "data", + "seriesType": "bar_horizontal", + "xAccessor": "f4242bda-ae9c-4d7c-8cda-43f56c38acb5", + "yConfig": [ + { + "color": "#00bfb3", + "forAccessor": "d954ad9d-4fc7-44d3-8fe9-eecae0d8302c" + } + ] + } + ], + "legend": { + "isVisible": false, + "position": "right", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": false, + "yRight": true + }, + "valueLabels": "show", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-a69d8e15-2ebf-401c-af12-4b6762f230db", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "086a73a8-ac9d-48eb-b5b7-3c697278cc9e", - "type": "index-pattern" + "title": "Cpu Usage per Namespace [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top memory intensive pods" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "2525515f-80e7-455f-b88b-53e4abf31cd2", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "2525515f-80e7-455f-b88b-53e4abf31cd2", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-a69d8e15-2ebf-401c-af12-4b6762f230db", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "086a73a8-ac9d-48eb-b5b7-3c697278cc9e", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "a69d8e15-2ebf-401c-af12-4b6762f230db": { + "columnOrder": [ + "be5ed114-ba6d-42c6-b8ff-da6142c14a1b", + "b0cd680f-edeb-4934-aceb-6820ad9f01ec", + "b7df21c2-ee65-47cb-9370-294846cfbb65" + ], + "columns": { + "b0cd680f-edeb-4934-aceb-6820ad9f01ec": { + "customLabel": false, + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": false, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "b7df21c2-ee65-47cb-9370-294846cfbb65": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.event.metadata.uid: * and kubernetes.event.type : \"Warning\" " + }, + "isBucketed": false, + "label": "New Warnings", + "operationType": "count", + "params": { + "emptyAsNull": true, + "format": { + "id": "number", + "params": { + "decimals": 0 + } } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "a69d8e15-2ebf-401c-af12-4b6762f230db": { - "columnOrder": [ - "be5ed114-ba6d-42c6-b8ff-da6142c14a1b", - "b0cd680f-edeb-4934-aceb-6820ad9f01ec", - "b7df21c2-ee65-47cb-9370-294846cfbb65" - ], - "columns": { - "b0cd680f-edeb-4934-aceb-6820ad9f01ec": { - "customLabel": false, - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": false, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "b7df21c2-ee65-47cb-9370-294846cfbb65": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.event.metadata.uid: * and kubernetes.event.type : \"Warning\" " - }, - "isBucketed": false, - "label": "New Warnings", - "operationType": "count", - "params": { - "emptyAsNull": true, - "format": { - "id": "number", - "params": { - "decimals": 0 - } - } - }, - "scale": "ratio", - "sourceField": "kubernetes.event.metadata.uid" - }, - "be5ed114-ba6d-42c6-b8ff-da6142c14a1b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of kubernetes.event.involved_object.uid + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "b7df21c2-ee65-47cb-9370-294846cfbb65", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.event.type" - ], - "size": 1000 - }, - "scale": "ordinal", - "sourceField": "kubernetes.event.involved_object.uid" - } - }, - "incompleteColumns": {} - } - } - } + }, + "scale": "ratio", + "sourceField": "kubernetes.event.metadata.uid" + }, + "be5ed114-ba6d-42c6-b8ff-da6142c14a1b": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of kubernetes.event.involved_object.uid + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b7df21c2-ee65-47cb-9370-294846cfbb65", + "type": "column" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "086a73a8-ac9d-48eb-b5b7-3c697278cc9e", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.event" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.event" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "Linear", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "b7df21c2-ee65-47cb-9370-294846cfbb65" - ], - "collapseFn": "sum", - "layerId": "a69d8e15-2ebf-401c-af12-4b6762f230db", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "be5ed114-ba6d-42c6-b8ff-da6142c14a1b", - "xAccessor": "b0cd680f-edeb-4934-aceb-6820ad9f01ec", - "yConfig": [ - { - "color": "#fec514", - "forAccessor": "b7df21c2-ee65-47cb-9370-294846cfbb65" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yLeftExtent": { - "mode": "full" - }, - "yLeftScale": "linear", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "secondaryFields": [ + "kubernetes.event.type" + ], + "size": 1000 + }, + "scale": "ordinal", + "sourceField": "kubernetes.event.involved_object.uid" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "086a73a8-ac9d-48eb-b5b7-3c697278cc9e", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.event" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "2525515f-80e7-455f-b88b-53e4abf31cd2", - "w": 24, - "x": 0, - "y": 30 - }, - "panelIndex": "2525515f-80e7-455f-b88b-53e4abf31cd2", - "title": "Kubernetes warning events", - "type": "lens", - "version": "8.6.0-SNAPSHOT" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.event" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "Linear", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "b7df21c2-ee65-47cb-9370-294846cfbb65" + ], + "collapseFn": "sum", + "layerId": "a69d8e15-2ebf-401c-af12-4b6762f230db", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "be5ed114-ba6d-42c6-b8ff-da6142c14a1b", + "xAccessor": "b0cd680f-edeb-4934-aceb-6820ad9f01ec", + "yConfig": [ + { + "color": "#fec514", + "forAccessor": "b7df21c2-ee65-47cb-9370-294846cfbb65" + } + ] + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "xTitle": "", + "yLeftExtent": { + "mode": "full" + }, + "yLeftScale": "linear", + "yTitle": "" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "a59fd3c5-5f33-425d-b14e-4713222cc729", - "w": 24, - "x": 24, - "y": 30 - }, - "panelIndex": "a59fd3c5-5f33-425d-b14e-4713222cc729", - "panelRefName": "panel_a59fd3c5-5f33-425d-b14e-4713222cc729", - "title": "Latest Kubernetes warnings", - "type": "search", - "version": "8.6.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Cluster Overview", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-12T14:44:58.161Z", - "id": "kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "d0fadeee-3c79-443b-bfcb-b70e78d168e9:indexpattern-datasource-layer-c165f898-73a9-48b1-afa9-2b6e75f3cc1f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "d0fadeee-3c79-443b-bfcb-b70e78d168e9:indexpattern-datasource-layer-dde29dcf-00ae-4b80-8d9e-ab45c51efba0", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "d0fadeee-3c79-443b-bfcb-b70e78d168e9:fbaf3405-fab6-4f09-883d-45368cf97670", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a91d36c0-f405-4c04-8510-11134bd259f0:indexpattern-datasource-layer-dfd1702f-213e-4fa2-98e3-5106657c62e7", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a91d36c0-f405-4c04-8510-11134bd259f0:indexpattern-datasource-layer-dff09473-7596-48c7-bbf4-beccee70d845", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a91d36c0-f405-4c04-8510-11134bd259f0:21cde57c-0e69-4e4c-b3e9-659de2778d06", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "64dd7c4e-b503-4cc4-8c61-e17c52204b54:indexpattern-datasource-layer-2ca9773d-0221-478b-b8bc-90bb8d439f33", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "64dd7c4e-b503-4cc4-8c61-e17c52204b54:5c81359c-376d-41bd-984d-60fb106f2e33", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "14ceb02d-63b6-448a-85fe-28a9e974e80c:indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "14ceb02d-63b6-448a-85fe-28a9e974e80c:a06a30d5-05f1-46ea-9075-3e6051f5781a", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "14ceb02d-63b6-448a-85fe-28a9e974e80c:9c0b0d2f-c443-4c41-b55c-c7ad0db60302", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "783789d4-8473-40f5-acf0-7ae5c850cd3e:indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "783789d4-8473-40f5-acf0-7ae5c850cd3e:8769bfd6-a9c7-4bab-b048-0e2fcffe8114", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "783789d4-8473-40f5-acf0-7ae5c850cd3e:d79e5279-bd92-48b0-bd92-767cf6b8892d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2525515f-80e7-455f-b88b-53e4abf31cd2:indexpattern-datasource-layer-a69d8e15-2ebf-401c-af12-4b6762f230db", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2525515f-80e7-455f-b88b-53e4abf31cd2:086a73a8-ac9d-48eb-b5b7-3c697278cc9e", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "kubernetes-ee55101a-9f62-44da-b64c-ffa1eb5abad8", - "name": "a59fd3c5-5f33-425d-b14e-4713222cc729:panel_a59fd3c5-5f33-425d-b14e-4713222cc729", - "type": "search" + "title": "Kubernetes warning events" + }, + { + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "attributes": { + "columns": [ + "kubernetes.event.type", + "kubernetes.event.reason", + "kubernetes.event.involved_object.name" + ], + "description": "Kubernetes Warnings", + "grid": { + "columns": { + "kubernetes.event.involved_object.kind": { + "width": 198.30555555555554 + }, + "kubernetes.event.metadata.namespace": { + "width": 249.83333333333337 + }, + "kubernetes.event.reason": { + "width": 176.33333333333331 + }, + "kubernetes.event.type": { + "width": 156.91666666666663 + } + } + }, + "hideChart": false, + "isTextBasedQuery": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"kubernetes.event.type\",\"negate\":false,\"params\":{\"query\":\"Warning\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"kubernetes.event.type\":\"Warning\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset :\\\"kubernetes.event\\\" \"}}" + }, + "rowHeight": -1, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "timeRestore": false, + "title": "Kubernetes Warnings", + "usesAdHocDataView": false, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ] + } }, - { - "id": "metrics-*", - "name": "controlGroup_748291db-2826-4242-9107-9a5226733a06:optionsListDataView", - "type": "index-pattern" + "gridData": { + "h": 11, + "i": "a59fd3c5-5f33-425d-b14e-4713222cc729", + "w": 24, + "x": 24, + "y": 30 }, - { - "id": "metrics-*", - "name": "controlGroup_2da8af79-7928-4741-8d03-866642f3c2a0:optionsListDataView", - "type": "index-pattern" - } + "panelIndex": "a59fd3c5-5f33-425d-b14e-4713222cc729", + "title": "Latest Kubernetes warnings", + "type": "search", + "version": "8.0.0" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] Cluster Overview", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "d0fadeee-3c79-443b-bfcb-b70e78d168e9:indexpattern-datasource-layer-c165f898-73a9-48b1-afa9-2b6e75f3cc1f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d0fadeee-3c79-443b-bfcb-b70e78d168e9:indexpattern-datasource-layer-dde29dcf-00ae-4b80-8d9e-ab45c51efba0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d0fadeee-3c79-443b-bfcb-b70e78d168e9:fbaf3405-fab6-4f09-883d-45368cf97670", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a91d36c0-f405-4c04-8510-11134bd259f0:indexpattern-datasource-layer-dfd1702f-213e-4fa2-98e3-5106657c62e7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a91d36c0-f405-4c04-8510-11134bd259f0:indexpattern-datasource-layer-dff09473-7596-48c7-bbf4-beccee70d845", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a91d36c0-f405-4c04-8510-11134bd259f0:21cde57c-0e69-4e4c-b3e9-659de2778d06", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "64dd7c4e-b503-4cc4-8c61-e17c52204b54:indexpattern-datasource-layer-2ca9773d-0221-478b-b8bc-90bb8d439f33", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "64dd7c4e-b503-4cc4-8c61-e17c52204b54:5c81359c-376d-41bd-984d-60fb106f2e33", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "14ceb02d-63b6-448a-85fe-28a9e974e80c:indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "14ceb02d-63b6-448a-85fe-28a9e974e80c:a06a30d5-05f1-46ea-9075-3e6051f5781a", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "14ceb02d-63b6-448a-85fe-28a9e974e80c:9c0b0d2f-c443-4c41-b55c-c7ad0db60302", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "783789d4-8473-40f5-acf0-7ae5c850cd3e:indexpattern-datasource-layer-06a776d4-f25a-45c0-a54e-82d0cb913047", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "783789d4-8473-40f5-acf0-7ae5c850cd3e:8769bfd6-a9c7-4bab-b048-0e2fcffe8114", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "783789d4-8473-40f5-acf0-7ae5c850cd3e:d79e5279-bd92-48b0-bd92-767cf6b8892d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2525515f-80e7-455f-b88b-53e4abf31cd2:indexpattern-datasource-layer-a69d8e15-2ebf-401c-af12-4b6762f230db", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2525515f-80e7-455f-b88b-53e4abf31cd2:086a73a8-ac9d-48eb-b5b7-3c697278cc9e", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_748291db-2826-4242-9107-9a5226733a06:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_2da8af79-7928-4741-8d03-866642f3c2a0:optionsListDataView", + "type": "index-pattern" + }, + { + "type": "index-pattern", + "name": "a59fd3c5-5f33-425d-b14e-4713222cc729:kibanaSavedObjectMeta.searchSourceJSON.index", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "a59fd3c5-5f33-425d-b14e-4713222cc729:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "id": "metrics-*" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-f5ab5510-9c94-11e9-94fd-c91206cd5249.json b/packages/kubernetes/kibana/dashboard/kubernetes-f5ab5510-9c94-11e9-94fd-c91206cd5249.json index 8c92202ee74..35a1626c9fa 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-f5ab5510-9c94-11e9-94fd-c91206cd5249.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-f5ab5510-9c94-11e9-94fd-c91206cd5249.json @@ -1,3666 +1,3693 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"f53d0d21-4502-4dce-8004-017a92104040\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.name\",\"title\":\"Host\",\"id\":\"f53d0d21-4502-4dce-8004-017a92104040\",\"selectedOptions\":[],\"enhancements\":{},\"singleSelect\":false}},\"df56c430-83b1-436e-8b9c-fb027aaa29ca\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster\",\"singleSelect\":true,\"id\":\"df56c430-83b1-436e-8b9c-fb027aaa29ca\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "id": "kubernetes-f5ab5510-9c94-11e9-94fd-c91206cd5249", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1NiwyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "oneLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"f53d0d21-4502-4dce-8004-017a92104040\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.name\",\"title\":\"Host\",\"id\":\"f53d0d21-4502-4dce-8004-017a92104040\",\"selectedOptions\":[],\"enhancements\":{},\"singleSelect\":false}},\"df56c430-83b1-436e-8b9c-fb027aaa29ca\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster\",\"singleSelect\":true,\"id\":\"df56c430-83b1-436e-8b9c-fb027aaa29ca\",\"selectedOptions\":[],\"enhancements\":{}}}}" + }, + "description": "Kubernetes Scheduler metrics", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.scheduler" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.scheduler" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": true, + "syncCursor": true, + "syncTooltips": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 12, + "i": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", + "w": 13, + "x": 0, + "y": 0 }, - "description": "Kubernetes Scheduler metrics", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ + "panelIndex": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "### Scheduler\n\nThis dashboard collects metrics from [kube scheduler](https://kubernetes.io/docs/concepts/overview/components/#kube-scheduler) endpoint. Its purpose is to give an overview of what is happening inside it through this component metrics and detect problems that might be happening. \n\n**WARNING**: This dataset **requires access** to the Kubernetes scheduler endpoint. Refer [here](https://docs.elastic.co/en/integrations/kubernetes#scheduler-and-controllermanager) to learn how to enable it. In some \"As a Service\" Kubernetes implementations, like GKE or AKS, it is **not possible** to access its metrics.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", + "w": 35, + "x": 13, + "y": 0 + }, + "panelIndex": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(203,228,249,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Scheduling", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ { - "$state": { - "store": "appState" + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "a47d16df-1a5a-49e1-9a33-dba87c371904", + "w": 16, + "x": 13, + "y": 3 + }, + "panelIndex": "a47d16df-1a5a-49e1-9a33-dba87c371904", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**NOTE**: This section is meant for **one** cluster. Please, filter above. Otherwise, results might be inaccurate.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 9, + "i": "a2b844d8-11e3-4469-af4b-744d33b603ad", + "w": 19, + "x": 29, + "y": 3 + }, + "panelIndex": "a2b844d8-11e3-4469-af4b-744d33b603ad", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-0c578d26-c937-4b73-a3a6-e15ebd5854e6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "0c578d26-c937-4b73-a3a6-e15ebd5854e6": { + "columnOrder": [ + "51d8044e-b2ce-4afa-bca8-4898ee203019", + "680c2d97-35c9-4804-9c57-06645378bef4", + "3309a725-61ed-41e9-99cf-c37888da689b" + ], + "columns": { + "3309a725-61ed-41e9-99cf-c37888da689b": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.scheduling.pending.pods.count: *" + }, + "isBucketed": false, + "label": "Total", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.scheduling.pending.pods.count" }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.scheduler" + "51d8044e-b2ce-4afa-bca8-4898ee203019": { + "customLabel": false, + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of kubernetes.scheduler.queue", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3309a725-61ed-41e9-99cf-c37888da689b", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.queue" }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.scheduler" - } + "680c2d97-35c9-4804-9c57-06645378bef4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Scheduler node", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "3309a725-61ed-41e9-99cf-c37888da689b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "host.name" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "3309a725-61ed-41e9-99cf-c37888da689b" + }, + { + "alignment": "center", + "columnId": "680c2d97-35c9-4804-9c57-06645378bef4", + "isTransposed": false + }, + { + "columnId": "51d8044e-b2ce-4afa-bca8-4898ee203019", + "isTransposed": true + } + ], + "headerRowHeight": "auto", + "layerId": "0c578d26-c937-4b73-a3a6-e15ebd5854e6", + "layerType": "data", + "rowHeight": "auto" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": true, - "syncCursor": true, - "syncTooltips": false, - "useMargins": true + "title": "Pending pods" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "125ec894-444e-486b-a9c8-7205cde12a7e", + "w": 8, + "x": 13, + "y": 6 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "125ec894-444e-486b-a9c8-7205cde12a7e", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-8cad09ad-7860-45ac-aaad-7b94af09c33d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "8cad09ad-7860-45ac-aaad-7b94af09c33d": { + "columnOrder": [ + "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51", + "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51X0" + ], + "columns": { + "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Preemption attempts", + "operationType": "formula", + "params": { + "formula": "last_value(kubernetes.scheduler.scheduling.preemption.attempts.count)", + "isFormulaBroken": false + }, + "references": [ + "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51X0" + ], + "scale": "ratio" }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "### Scheduler\n\nThis dashboard collects metrics from [kube scheduler](https://kubernetes.io/docs/concepts/overview/components/#kube-scheduler) endpoint. Its purpose is to give an overview of what is happening inside it through this component metrics and detect problems that might be happening. \n\n**WARNING**: This dataset **requires access** to the Kubernetes scheduler endpoint. Refer [here](https://docs.elastic.co/en/integrations/kubernetes#scheduler-and-controllermanager) to learn how to enable it. In some \"As a Service\" Kubernetes implementations, like GKE or AKS, it is **not possible** to access its metrics.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} + "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.scheduling.preemption.attempts.count: *" + }, + "isBucketed": false, + "label": "Part of Preemption attempts", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.scheduling.preemption.attempts.count" + } + }, + "incompleteColumns": {}, + "sampling": 1 } + } }, - "gridData": { - "h": 12, - "i": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", - "w": 13, - "x": 0, - "y": 0 - }, - "panelIndex": "c13eb504-6afb-4fa5-8a7d-a75c5fee15b7", - "type": "visualization", - "version": "8.6.0" + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "8cad09ad-7860-45ac-aaad-7b94af09c33d", + "layerType": "data", + "metricAccessor": "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(203,228,249,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Scheduling", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true, + "type": "lens" + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "e6506b77-2e3b-4bfa-831a-8a5daada553b", + "w": 8, + "x": 21, + "y": 6 + }, + "panelIndex": "e6506b77-2e3b-4bfa-831a-8a5daada553b", + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-af585c84-2ebf-42a3-9073-4d76e8b2610d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "af585c84-2ebf-42a3-9073-4d76e8b2610d": { + "columnOrder": [ + "19819472-270b-4678-8367-9d09f29ae509", + "19819472-270b-4678-8367-9d09f29ae509X0" + ], + "columns": { + "19819472-270b-4678-8367-9d09f29ae509": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Preemption victims", + "operationType": "formula", + "params": { + "formula": "last_value(kubernetes.scheduler.scheduling.preemption.victims.count)", + "isFormulaBroken": false + }, + "references": [ + "19819472-270b-4678-8367-9d09f29ae509X0" + ], + "scale": "ratio" }, - "title": "", - "type": "metrics", - "uiState": {} + "19819472-270b-4678-8367-9d09f29ae509X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.scheduling.preemption.victims.count: *" + }, + "isBucketed": false, + "label": "Part of Preemption victims", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.scheduling.preemption.victims.count" + } + }, + "incompleteColumns": {}, + "sampling": 1 } + } }, - "gridData": { - "h": 3, - "i": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", - "w": 35, - "x": 13, - "y": 0 - }, - "panelIndex": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd", - "title": "", - "type": "visualization", - "version": "8.6.0" + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layerId": "af585c84-2ebf-42a3-9073-4d76e8b2610d", + "layerType": "data", + "metricAccessor": "19819472-270b-4678-8367-9d09f29ae509" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**NOTE**: This section is meant for **one** cluster. Please, filter above. Otherwise, results might be inaccurate.", - "openLinksInNewTab": false + "title": "", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {}, + "hidePanelTitles": true, + "type": "lens" + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "181a3fe5-e5b5-472e-98af-ea4aaadc3109", + "w": 24, + "x": 0, + "y": 12 + }, + "panelIndex": "181a3fe5-e5b5-472e-98af-ea4aaadc3109", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-c0fe3677-6a5b-4340-8ad0-d8e31b042fe8", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c038d00b-5e03-420e-9c45-a8aea3c41f99", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "c0fe3677-6a5b-4340-8ad0-d8e31b042fe8": { + "columnOrder": [ + "51038211-b99f-4527-b1f1-cab52e7a4902", + "3ef7d43e-6806-4ae6-bd67-38a7c29d0f7c", + "d23c570b-1f9a-4ea6-be40-b6860fff0d75", + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0", + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X2", + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1" + ], + "columns": { + "3ef7d43e-6806-4ae6-bd67-38a7c29d0f7c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 3, - "i": "a47d16df-1a5a-49e1-9a33-dba87c371904", - "w": 16, - "x": 13, - "y": 3 - }, - "panelIndex": "a47d16df-1a5a-49e1-9a33-dba87c371904", - "type": "visualization", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-0c578d26-c937-4b73-a3a6-e15ebd5854e6", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "0c578d26-c937-4b73-a3a6-e15ebd5854e6": { - "columnOrder": [ - "51d8044e-b2ce-4afa-bca8-4898ee203019", - "680c2d97-35c9-4804-9c57-06645378bef4", - "3309a725-61ed-41e9-99cf-c37888da689b" - ], - "columns": { - "3309a725-61ed-41e9-99cf-c37888da689b": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.scheduling.pending.pods.count: *" - }, - "isBucketed": false, - "label": "Total", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.scheduling.pending.pods.count" - }, - "51d8044e-b2ce-4afa-bca8-4898ee203019": { - "customLabel": false, - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of kubernetes.scheduler.queue", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3309a725-61ed-41e9-99cf-c37888da689b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.queue" - }, - "680c2d97-35c9-4804-9c57-06645378bef4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Scheduler node", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "3309a725-61ed-41e9-99cf-c37888da689b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } + "51038211-b99f-4527-b1f1-cab52e7a4902": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "3309a725-61ed-41e9-99cf-c37888da689b" - }, - { - "alignment": "center", - "columnId": "680c2d97-35c9-4804-9c57-06645378bef4", - "isTransposed": false - }, - { - "columnId": "51d8044e-b2ce-4afa-bca8-4898ee203019", - "isTransposed": true - } - ], - "headerRowHeight": "auto", - "layerId": "0c578d26-c937-4b73-a3a6-e15ebd5854e6", - "layerType": "data", - "rowHeight": "auto" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "host.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "a2b844d8-11e3-4469-af4b-744d33b603ad", - "w": 19, - "x": 29, - "y": 3 - }, - "panelIndex": "a2b844d8-11e3-4469-af4b-744d33b603ad", - "title": "Pending pods", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-8cad09ad-7860-45ac-aaad-7b94af09c33d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "8cad09ad-7860-45ac-aaad-7b94af09c33d": { - "columnOrder": [ - "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51", - "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51X0" - ], - "columns": { - "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Preemption attempts", - "operationType": "formula", - "params": { - "formula": "last_value(kubernetes.scheduler.scheduling.preemption.attempts.count)", - "isFormulaBroken": false - }, - "references": [ - "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51X0" - ], - "scale": "ratio" - }, - "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.scheduling.preemption.attempts.count: *" - }, - "isBucketed": false, - "label": "Part of Preemption attempts", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.scheduling.preemption.attempts.count" - } - }, - "incompleteColumns": {}, - "sampling": 1 - } - } - }, - "textBased": { - "layers": {} - } + "d23c570b-1f9a-4ea6-be40-b6860fff0d75": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Average latency", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "ms" + } }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layerId": "8cad09ad-7860-45ac-aaad-7b94af09c33d", - "layerType": "data", - "metricAccessor": "7bce9fb8-18e2-4eb4-a7d7-891cc72a3c51" - } + "formula": "last_value(kubernetes.scheduler.scheduling.attempts.duration.us.sum)/pick_max(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.count),1)/1000", + "isFormulaBroken": false + }, + "references": [ + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X2" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true - }, - "gridData": { - "h": 6, - "i": "125ec894-444e-486b-a9c8-7205cde12a7e", - "w": 8, - "x": 13, - "y": 6 - }, - "panelIndex": "125ec894-444e-486b-a9c8-7205cde12a7e", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-af585c84-2ebf-42a3-9073-4d76e8b2610d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "af585c84-2ebf-42a3-9073-4d76e8b2610d": { - "columnOrder": [ - "19819472-270b-4678-8367-9d09f29ae509", - "19819472-270b-4678-8367-9d09f29ae509X0" - ], - "columns": { - "19819472-270b-4678-8367-9d09f29ae509": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Preemption victims", - "operationType": "formula", - "params": { - "formula": "last_value(kubernetes.scheduler.scheduling.preemption.victims.count)", - "isFormulaBroken": false - }, - "references": [ - "19819472-270b-4678-8367-9d09f29ae509X0" - ], - "scale": "ratio" - }, - "19819472-270b-4678-8367-9d09f29ae509X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.scheduling.preemption.victims.count: *" - }, - "isBucketed": false, - "label": "Part of Preemption victims", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.scheduling.preemption.victims.count" - } - }, - "incompleteColumns": {}, - "sampling": 1 - } + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.scheduling.attempts.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of Average latency", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.scheduling.attempts.duration.us.sum" + }, + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.scheduling.attempts.duration.us.count: *" + }, + "isBucketed": false, + "label": "Part of Average latency", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.scheduling.attempts.duration.us.count" + }, + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Average latency", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0", + { + "args": [ + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1", + 1 + ], + "location": { + "max": 151, + "min": 69 + }, + "name": "pick_max", + "text": "pick_max(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.count),1)", + "type": "function" } + ], + "name": "divide", + "type": "function" }, - "textBased": { - "layers": {} - } - }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layerId": "af585c84-2ebf-42a3-9073-4d76e8b2610d", - "layerType": "data", - "metricAccessor": "19819472-270b-4678-8367-9d09f29ae509" + 1000 + ], + "location": { + "max": 156, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.scheduler.scheduling.attempts.duration.us.sum)/pick_max(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.count),1)/1000", + "type": "function" } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsMetric" - }, - "enhancements": {}, - "hidePanelTitles": true + }, + "references": [ + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0", + "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "c038d00b-5e03-420e-9c45-a8aea3c41f99", + "key": "kubernetes.scheduler.scheduling.attempts.duration.us.bucket.+Inf", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.scheduling.attempts.duration.us.bucket.+Inf" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 6, - "i": "e6506b77-2e3b-4bfa-831a-8a5daada553b", - "w": 8, - "x": 21, - "y": 6 + "layers": [ + { + "accessors": [ + "d23c570b-1f9a-4ea6-be40-b6860fff0d75" + ], + "layerId": "c0fe3677-6a5b-4340-8ad0-d8e31b042fe8", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "51038211-b99f-4527-b1f1-cab52e7a4902", + "xAccessor": "3ef7d43e-6806-4ae6-bd67-38a7c29d0f7c" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "e6506b77-2e3b-4bfa-831a-8a5daada553b", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-c0fe3677-6a5b-4340-8ad0-d8e31b042fe8", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average scheduling attempt latency" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "d35d8849-89ba-42b8-8120-c14b087f9690", + "w": 24, + "x": 24, + "y": 12 + }, + "panelIndex": "d35d8849-89ba-42b8-8120-c14b087f9690", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2b43c72b-5964-4c48-8239-72a42fbe334f", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b43c72b-5964-4c48-8239-72a42fbe334f": { + "columnOrder": [ + "9a10de81-8e85-4356-8381-5cd24bd4f88e", + "afa79db7-0c03-40d0-a80b-6bf59b9a4925", + "46b12a48-f8b8-42ca-bfd6-adec41da55ed", + "46b12a48-f8b8-42ca-bfd6-adec41da55edX0", + "46b12a48-f8b8-42ca-bfd6-adec41da55edX1" + ], + "columns": { + "46b12a48-f8b8-42ca-bfd6-adec41da55ed": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Attempts", + "operationType": "formula", + "params": { + "formula": "counter_rate(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.sum))", + "isFormulaBroken": false + }, + "references": [ + "46b12a48-f8b8-42ca-bfd6-adec41da55edX1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "46b12a48-f8b8-42ca-bfd6-adec41da55edX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.scheduling.attempts.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of Attempts", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.scheduling.attempts.duration.us.sum" + }, + "46b12a48-f8b8-42ca-bfd6-adec41da55edX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Attempts", + "operationType": "counter_rate", + "references": [ + "46b12a48-f8b8-42ca-bfd6-adec41da55edX0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "9a10de81-8e85-4356-8381-5cd24bd4f88e": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of kubernetes.scheduler.result + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "c038d00b-5e03-420e-9c45-a8aea3c41f99", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "c0fe3677-6a5b-4340-8ad0-d8e31b042fe8": { - "columnOrder": [ - "51038211-b99f-4527-b1f1-cab52e7a4902", - "3ef7d43e-6806-4ae6-bd67-38a7c29d0f7c", - "d23c570b-1f9a-4ea6-be40-b6860fff0d75", - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0", - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X2", - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1" - ], - "columns": { - "3ef7d43e-6806-4ae6-bd67-38a7c29d0f7c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "51038211-b99f-4527-b1f1-cab52e7a4902": { - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "d23c570b-1f9a-4ea6-be40-b6860fff0d75": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Average latency", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "ms" - } - }, - "formula": "last_value(kubernetes.scheduler.scheduling.attempts.duration.us.sum)/pick_max(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.count),1)/1000", - "isFormulaBroken": false - }, - "references": [ - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X2" - ], - "scale": "ratio" - }, - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.scheduling.attempts.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of Average latency", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.scheduling.attempts.duration.us.sum" - }, - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.scheduling.attempts.duration.us.count: *" - }, - "isBucketed": false, - "label": "Part of Average latency", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.scheduling.attempts.duration.us.count" - }, - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Average latency", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0", - { - "args": [ - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1", - 1 - ], - "location": { - "max": 151, - "min": 69 - }, - "name": "pick_max", - "text": "pick_max(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.count),1)", - "type": "function" - } - ], - "name": "divide", - "type": "function" - }, - 1000 - ], - "location": { - "max": 156, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.scheduler.scheduling.attempts.duration.us.sum)/pick_max(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.count),1)/1000", - "type": "function" - } - }, - "references": [ - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X0", - "d23c570b-1f9a-4ea6-be40-b6860fff0d75X1" - ], - "scale": "ratio" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "c038d00b-5e03-420e-9c45-a8aea3c41f99", - "key": "kubernetes.scheduler.scheduling.attempts.duration.us.bucket.+Inf", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.scheduling.attempts.duration.us.bucket.+Inf" - } - } - } + "secondaryFields": [ + "host.name" ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "d23c570b-1f9a-4ea6-be40-b6860fff0d75" - ], - "layerId": "c0fe3677-6a5b-4340-8ad0-d8e31b042fe8", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "51038211-b99f-4527-b1f1-cab52e7a4902", - "xAccessor": "3ef7d43e-6806-4ae6-bd67-38a7c29d0f7c" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.result" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "afa79db7-0c03-40d0-a80b-6bf59b9a4925": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "30s" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "181a3fe5-e5b5-472e-98af-ea4aaadc3109", - "w": 24, - "x": 0, - "y": 12 + "layers": [ + { + "accessors": [ + "46b12a48-f8b8-42ca-bfd6-adec41da55ed" + ], + "layerId": "2b43c72b-5964-4c48-8239-72a42fbe334f", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "9a10de81-8e85-4356-8381-5cd24bd4f88e", + "xAccessor": "afa79db7-0c03-40d0-a80b-6bf59b9a4925" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right" }, - "panelIndex": "181a3fe5-e5b5-472e-98af-ea4aaadc3109", - "title": "Average scheduling attempt latency", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-2b43c72b-5964-4c48-8239-72a42fbe334f", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "2b43c72b-5964-4c48-8239-72a42fbe334f": { - "columnOrder": [ - "9a10de81-8e85-4356-8381-5cd24bd4f88e", - "afa79db7-0c03-40d0-a80b-6bf59b9a4925", - "46b12a48-f8b8-42ca-bfd6-adec41da55ed", - "46b12a48-f8b8-42ca-bfd6-adec41da55edX0", - "46b12a48-f8b8-42ca-bfd6-adec41da55edX1" - ], - "columns": { - "46b12a48-f8b8-42ca-bfd6-adec41da55ed": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Attempts", - "operationType": "formula", - "params": { - "formula": "counter_rate(last_value(kubernetes.scheduler.scheduling.attempts.duration.us.sum))", - "isFormulaBroken": false - }, - "references": [ - "46b12a48-f8b8-42ca-bfd6-adec41da55edX1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "46b12a48-f8b8-42ca-bfd6-adec41da55edX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.scheduling.attempts.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of Attempts", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.scheduling.attempts.duration.us.sum" - }, - "46b12a48-f8b8-42ca-bfd6-adec41da55edX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Attempts", - "operationType": "counter_rate", - "references": [ - "46b12a48-f8b8-42ca-bfd6-adec41da55edX0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "9a10de81-8e85-4356-8381-5cd24bd4f88e": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of kubernetes.scheduler.result + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 3 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.result" - }, - "afa79db7-0c03-40d0-a80b-6bf59b9a4925": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "30s" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Attempts counter rate by result" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", + "w": 48, + "x": 0, + "y": 26 + }, + "panelIndex": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(205,245,246,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Workqueue", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "2ba53067-d43d-42eb-ac50-2d941977ce95", + "w": 24, + "x": 0, + "y": 29 + }, + "panelIndex": "2ba53067-d43d-42eb-ac50-2d941977ce95", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "6572ee4d-01b4-47db-8804-d8ef217e21da", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7": { + "columnOrder": [ + "f2d3349e-531e-453c-bac7-fc4c1a47ea86", + "4266ba8e-3786-4162-9140-15f600580db0", + "5b2495ee-2297-4e20-81d3-ac385205cb01", + "5b2495ee-2297-4e20-81d3-ac385205cb01X1", + "5b2495ee-2297-4e20-81d3-ac385205cb01X0" + ], + "columns": { + "4266ba8e-3786-4162-9140-15f600580db0": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "5b2495ee-2297-4e20-81d3-ac385205cb01": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Counter rate", + "operationType": "formula", + "params": { + "formula": "counter_rate(last_value(kubernetes.scheduler.workqueue.adds.count))", + "isFormulaBroken": false + }, + "references": [ + "5b2495ee-2297-4e20-81d3-ac385205cb01X1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "5b2495ee-2297-4e20-81d3-ac385205cb01X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.workqueue.adds.count: *" + }, + "isBucketed": false, + "label": "", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.adds.count" + }, + "5b2495ee-2297-4e20-81d3-ac385205cb01X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "", + "operationType": "counter_rate", + "references": [ + "5b2495ee-2297-4e20-81d3-ac385205cb01X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "f2d3349e-531e-453c-bac7-fc4c1a47ea86": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Workqueues", + "operationType": "terms", + "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "46b12a48-f8b8-42ca-bfd6-adec41da55ed" - ], - "layerId": "2b43c72b-5964-4c48-8239-72a42fbe334f", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "9a10de81-8e85-4356-8381-5cd24bd4f88e", - "xAccessor": "afa79db7-0c03-40d0-a80b-6bf59b9a4925" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "size": 5 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "6572ee4d-01b4-47db-8804-d8ef217e21da", + "key": "kubernetes.scheduler.workqueue.adds.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.workqueue.adds.count" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 14, - "i": "d35d8849-89ba-42b8-8120-c14b087f9690", - "w": 24, - "x": 24, - "y": 12 + "curveType": "LINEAR", + "layers": [ + { + "accessors": [ + "5b2495ee-2297-4e20-81d3-ac385205cb01" + ], + "layerId": "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "f2d3349e-531e-453c-bac7-fc4c1a47ea86", + "xAccessor": "4266ba8e-3786-4162-9140-15f600580db0" + } + ], + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "right", + "shouldTruncate": true }, - "panelIndex": "d35d8849-89ba-42b8-8120-c14b087f9690", - "title": "Attempts counter rate by result", - "type": "lens", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Workqueue additions increase rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", + "w": 24, + "x": 24, + "y": 29 + }, + "panelIndex": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "55eaa53f-a391-4996-9721-2f7af9aa963d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "77b347b2-91fa-470f-861d-ada0e175cbc4": { + "columnOrder": [ + "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", + "34f7328b-5fef-43e7-9350-98256b031a79", + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71", + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1", + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" + ], + "columns": { + "34f7328b-5fef-43e7-9350-98256b031a79": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(205,245,246,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Workqueue", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } + "68f1dece-b63b-4a27-9c1f-8068f2f9bedb": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of kubernetes.scheduler.name + 1 other", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of kubernetes.scheduler.workqueue.retries.count", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.retries.count" + }, + "orderBy": { + "type": "custom" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "host.name" ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.name" + }, + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Rate", + "operationType": "formula", + "params": { + "formula": "counter_rate(last_value(kubernetes.scheduler.workqueue.retries.count))", + "isFormulaBroken": false + }, + "references": [ + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "metrics", - "uiState": {} + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.workqueue.retries.count: *" + }, + "isBucketed": false, + "label": "Part of Rate", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.retries.count" + }, + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Rate", + "operationType": "counter_rate", + "references": [ + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" + ], + "scale": "ratio", + "timeScale": "s" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "55eaa53f-a391-4996-9721-2f7af9aa963d", + "key": "kubernetes.scheduler.workqueue.retries.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.workqueue.retries.count" } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", - "w": 48, - "x": 0, - "y": 26 + "layers": [ + { + "accessors": [ + "a1a9d92a-c7cc-43f4-950a-25dd5108bf71" + ], + "layerId": "77b347b2-91fa-470f-861d-ada0e175cbc4", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", + "xAccessor": "34f7328b-5fef-43e7-9350-98256b031a79" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true }, - "panelIndex": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Workqueue retries increase rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "3a26dffa-0696-485d-b991-1dbc5092082e", + "w": 24, + "x": 0, + "y": 43 + }, + "panelIndex": "3a26dffa-0696-485d-b991-1dbc5092082e", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "09d7cafe-19c4-4da8-a1b9-5ecd3ec6b0b0", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "2b80230c-9cc8-444f-b092-1fbc4d764992": { + "columnOrder": [ + "e7259e4c-0700-48a5-aeff-993fc075bcab", + "7b8d9b03-439b-4171-8b64-91b8664b4b94", + "725088f8-ac91-4df6-8863-f9abe7ad40cd", + "725088f8-ac91-4df6-8863-f9abe7ad40cdX1", + "725088f8-ac91-4df6-8863-f9abe7ad40cdX0" + ], + "columns": { + "725088f8-ac91-4df6-8863-f9abe7ad40cd": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Depth", + "operationType": "formula", + "params": { + "formula": "differences(average(kubernetes.scheduler.workqueue.depth.count, kql='kubernetes.scheduler.workqueue.depth.count: *'))", + "isFormulaBroken": false + }, + "references": [ + "725088f8-ac91-4df6-8863-f9abe7ad40cdX1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "725088f8-ac91-4df6-8863-f9abe7ad40cdX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.workqueue.depth.count: *" + }, + "isBucketed": false, + "label": "Part of Depth", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.depth.count" + }, + "725088f8-ac91-4df6-8863-f9abe7ad40cdX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Depth", + "operationType": "differences", + "references": [ + "725088f8-ac91-4df6-8863-f9abe7ad40cdX0" + ], + "scale": "ratio" + }, + "7b8d9b03-439b-4171-8b64-91b8664b4b94": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e7259e4c-0700-48a5-aeff-993fc075bcab": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Depth", + "operationType": "terms", + "params": { + "accuracyMode": false, + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of kubernetes.scheduler.workqueue.depth.count", + "operationType": "sum", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.depth.count" }, - { - "id": "metrics-*", - "name": "6572ee4d-01b4-47db-8804-d8ef217e21da", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7": { - "columnOrder": [ - "f2d3349e-531e-453c-bac7-fc4c1a47ea86", - "4266ba8e-3786-4162-9140-15f600580db0", - "5b2495ee-2297-4e20-81d3-ac385205cb01", - "5b2495ee-2297-4e20-81d3-ac385205cb01X1", - "5b2495ee-2297-4e20-81d3-ac385205cb01X0" - ], - "columns": { - "4266ba8e-3786-4162-9140-15f600580db0": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "5b2495ee-2297-4e20-81d3-ac385205cb01": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Counter rate", - "operationType": "formula", - "params": { - "formula": "counter_rate(last_value(kubernetes.scheduler.workqueue.adds.count))", - "isFormulaBroken": false - }, - "references": [ - "5b2495ee-2297-4e20-81d3-ac385205cb01X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "5b2495ee-2297-4e20-81d3-ac385205cb01X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.workqueue.adds.count: *" - }, - "isBucketed": false, - "label": "", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.adds.count" - }, - "5b2495ee-2297-4e20-81d3-ac385205cb01X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "", - "operationType": "counter_rate", - "references": [ - "5b2495ee-2297-4e20-81d3-ac385205cb01X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "f2d3349e-531e-453c-bac7-fc4c1a47ea86": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Workqueues", - "operationType": "terms", - "params": { - "exclude": [], - "excludeIsRegex": false, - "include": [], - "includeIsRegex": false, - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "6572ee4d-01b4-47db-8804-d8ef217e21da", - "key": "kubernetes.scheduler.workqueue.adds.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.workqueue.adds.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "layers": [ - { - "accessors": [ - "5b2495ee-2297-4e20-81d3-ac385205cb01" - ], - "layerId": "76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "f2d3349e-531e-453c-bac7-fc4c1a47ea86", - "xAccessor": "4266ba8e-3786-4162-9140-15f600580db0" - } - ], - "legend": { - "isVisible": true, - "maxLines": 1, - "position": "right", - "shouldTruncate": true - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "secondaryFields": [ + "host.name" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "09d7cafe-19c4-4da8-a1b9-5ecd3ec6b0b0", + "key": "kubernetes.scheduler.workqueue.depth.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.workqueue.depth.count" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "curveType": "LINEAR", + "layers": [ + { + "accessors": [ + "725088f8-ac91-4df6-8863-f9abe7ad40cd" + ], + "collapseFn": "", + "layerId": "2b80230c-9cc8-444f-b092-1fbc4d764992", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "e7259e4c-0700-48a5-aeff-993fc075bcab", + "xAccessor": "7b8d9b03-439b-4171-8b64-91b8664b4b94" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true, + "showSingleSeries": true }, - "gridData": { - "h": 14, - "i": "2ba53067-d43d-42eb-ac50-2d941977ce95", - "w": 24, - "x": 0, - "y": 29 + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "2ba53067-d43d-42eb-ac50-2d941977ce95", - "title": "Workqueue additions increase rate", - "type": "lens", - "version": "8.6.0" + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Workqueue depth rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", + "w": 24, + "x": 24, + "y": 43 + }, + "panelIndex": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "695725fe-9d35-49c6-8289-21fbe54ff2a6", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "a2facaed-7c02-4fb6-9126-5512b8ffd26f": { + "columnOrder": [ + "73933c6b-b6da-45c6-a190-c501453f658f", + "3ed7787d-1fbe-487f-a377-9a5e5e6f2571", + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778", + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778X0" + ], + "columns": { + "3ed7787d-1fbe-487f-a377-9a5e5e6f2571": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "73933c6b-b6da-45c6-a190-c501453f658f": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of kubernetes.scheduler.name + 1 other", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderAgg": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of kubernetes.scheduler.workqueue.unfinished.sec", + "operationType": "max", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.unfinished.sec" }, - { - "id": "metrics-*", - "name": "55eaa53f-a391-4996-9721-2f7af9aa963d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "77b347b2-91fa-470f-861d-ada0e175cbc4": { - "columnOrder": [ - "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", - "34f7328b-5fef-43e7-9350-98256b031a79", - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71", - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1", - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" - ], - "columns": { - "34f7328b-5fef-43e7-9350-98256b031a79": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "68f1dece-b63b-4a27-9c1f-8068f2f9bedb": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of kubernetes.scheduler.name + 1 other", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of kubernetes.scheduler.workqueue.retries.count", - "operationType": "max", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.retries.count" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.name" - }, - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Rate", - "operationType": "formula", - "params": { - "formula": "counter_rate(last_value(kubernetes.scheduler.workqueue.retries.count))", - "isFormulaBroken": false - }, - "references": [ - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.workqueue.retries.count: *" - }, - "isBucketed": false, - "label": "Part of Rate", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.retries.count" - }, - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Rate", - "operationType": "counter_rate", - "references": [ - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71X0" - ], - "scale": "ratio", - "timeScale": "s" - } - }, - "incompleteColumns": {} - } - } - } + "orderBy": { + "type": "custom" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "55eaa53f-a391-4996-9721-2f7af9aa963d", - "key": "kubernetes.scheduler.workqueue.retries.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.workqueue.retries.count" - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "host.name" ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.name" + }, + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778": { + "dataType": "number", + "isBucketed": false, + "label": "last_value(kubernetes.scheduler.workqueue.unfinished.sec)", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "s" + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "a1a9d92a-c7cc-43f4-950a-25dd5108bf71" - ], - "layerId": "77b347b2-91fa-470f-861d-ada0e175cbc4", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "68f1dece-b63b-4a27-9c1f-8068f2f9bedb", - "xAccessor": "34f7328b-5fef-43e7-9350-98256b031a79" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "formula": "last_value(kubernetes.scheduler.workqueue.unfinished.sec)", + "isFormulaBroken": false + }, + "references": [ + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778X0" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.workqueue.unfinished.sec: *" + }, + "isBucketed": false, + "label": "Part of last_value(kubernetes.scheduler.workqueue.unfinished.sec)", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.workqueue.unfinished.sec" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "695725fe-9d35-49c6-8289-21fbe54ff2a6", + "key": "kubernetes.scheduler.workqueue.unfinished.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.workqueue.unfinished.sec" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778" + ], + "layerId": "a2facaed-7c02-4fb6-9126-5512b8ffd26f", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "73933c6b-b6da-45c6-a190-c501453f658f", + "xAccessor": "3ed7787d-1fbe-487f-a377-9a5e5e6f2571" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "shouldTruncate": true }, - "gridData": { - "h": 14, - "i": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", - "w": 24, - "x": 24, - "y": 29 + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "1cd3ebab-9630-4253-b9a6-5f921e5cb617", - "title": "Workqueue retries increase rate", - "type": "lens", - "version": "8.6.0" + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Current unfinished work" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "c3fee68f-01c6-49da-a759-2900b1cd15bf", + "w": 48, + "x": 0, + "y": 57 + }, + "panelIndex": "c3fee68f-01c6-49da-a759-2900b1cd15bf", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", - "type": "index-pattern" + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(239,249,218,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "Process", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "a0716ae8-4157-473d-8eba-8ff6625fed4b", + "w": 24, + "x": 0, + "y": 60 + }, + "panelIndex": "a0716ae8-4157-473d-8eba-8ff6625fed4b", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "36494898-fe02-477e-9364-d94ea0fcb947", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807": { + "columnOrder": [ + "6cbab896-ee42-4dad-8831-12f53cda0d6d", + "910bd079-4852-48bd-9d7a-e5eb940f0838", + "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "96c80749-da61-425a-b637-878d33e410fd", + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX2", + "96c80749-da61-425a-b637-878d33e410fdX1", + "910bd079-4852-48bd-9d7a-e5eb940f0838X0" + ], + "columns": { + "6cbab896-ee42-4dad-8831-12f53cda0d6d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "type": "column" }, - { - "id": "metrics-*", - "name": "09d7cafe-19c4-4da8-a1b9-5ecd3ec6b0b0", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "2b80230c-9cc8-444f-b092-1fbc4d764992": { - "columnOrder": [ - "e7259e4c-0700-48a5-aeff-993fc075bcab", - "7b8d9b03-439b-4171-8b64-91b8664b4b94", - "725088f8-ac91-4df6-8863-f9abe7ad40cd", - "725088f8-ac91-4df6-8863-f9abe7ad40cdX1", - "725088f8-ac91-4df6-8863-f9abe7ad40cdX0" - ], - "columns": { - "725088f8-ac91-4df6-8863-f9abe7ad40cd": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Depth", - "operationType": "formula", - "params": { - "formula": "differences(average(kubernetes.scheduler.workqueue.depth.count, kql='kubernetes.scheduler.workqueue.depth.count: *'))", - "isFormulaBroken": false - }, - "references": [ - "725088f8-ac91-4df6-8863-f9abe7ad40cdX1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "725088f8-ac91-4df6-8863-f9abe7ad40cdX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.workqueue.depth.count: *" - }, - "isBucketed": false, - "label": "Part of Depth", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.depth.count" - }, - "725088f8-ac91-4df6-8863-f9abe7ad40cdX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Depth", - "operationType": "differences", - "references": [ - "725088f8-ac91-4df6-8863-f9abe7ad40cdX0" - ], - "scale": "ratio" - }, - "7b8d9b03-439b-4171-8b64-91b8664b4b94": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e7259e4c-0700-48a5-aeff-993fc075bcab": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Depth", - "operationType": "terms", - "params": { - "accuracyMode": false, - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of kubernetes.scheduler.workqueue.depth.count", - "operationType": "sum", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.depth.count" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "09d7cafe-19c4-4da8-a1b9-5ecd3ec6b0b0", - "key": "kubernetes.scheduler.workqueue.depth.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.workqueue.depth.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.name" + }, + "910bd079-4852-48bd-9d7a-e5eb940f0838": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Resident memory", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "curveType": "LINEAR", - "layers": [ - { - "accessors": [ - "725088f8-ac91-4df6-8863-f9abe7ad40cd" - ], - "collapseFn": "", - "layerId": "2b80230c-9cc8-444f-b092-1fbc4d764992", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "e7259e4c-0700-48a5-aeff-993fc075bcab", - "xAccessor": "7b8d9b03-439b-4171-8b64-91b8664b4b94" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true, - "showSingleSeries": true - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yLeftExtent": { - "mode": "full" + "formula": "last_value(kubernetes.scheduler.process.memory.resident.bytes, kql='kubernetes.scheduler.process.memory.resident.bytes: *')", + "isFormulaBroken": false + }, + "references": [ + "910bd079-4852-48bd-9d7a-e5eb940f0838X0" + ], + "scale": "ratio" + }, + "910bd079-4852-48bd-9d7a-e5eb940f0838X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.process.memory.resident.bytes: *" + }, + "isBucketed": false, + "label": "Part of Resident memory", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.process.memory.resident.bytes" + }, + "96c80749-da61-425a-b637-878d33e410fd": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Open file descriptors usage", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 1 + } + }, + "formula": "last_value(kubernetes.scheduler.process.fds.open.count)/last_value(kubernetes.scheduler.process.fds.max.count)*100", + "isFormulaBroken": false + }, + "references": [ + "96c80749-da61-425a-b637-878d33e410fdX2" + ], + "scale": "ratio" + }, + "96c80749-da61-425a-b637-878d33e410fdX0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.process.fds.open.count: *" + }, + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.process.fds.open.count" + }, + "96c80749-da61-425a-b637-878d33e410fdX1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.process.fds.max.count: *" + }, + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.process.fds.max.count" + }, + "96c80749-da61-425a-b637-878d33e410fdX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Open file descriptors usage", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX1" + ], + "name": "divide", + "type": "function" }, - "yTitle": "" + 100 + ], + "location": { + "max": 114, + "min": 0 + }, + "name": "multiply", + "text": "last_value(kubernetes.scheduler.process.fds.open.count)/last_value(kubernetes.scheduler.process.fds.max.count)*100", + "type": "function" } + }, + "references": [ + "96c80749-da61-425a-b637-878d33e410fdX0", + "96c80749-da61-425a-b637-878d33e410fdX1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "3a26dffa-0696-485d-b991-1dbc5092082e", - "w": 24, - "x": 0, - "y": 43 - }, - "panelIndex": "3a26dffa-0696-485d-b991-1dbc5092082e", - "title": "Workqueue depth rate", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", - "type": "index-pattern" + "ee812faf-6f3c-4cc2-ad9a-27136340ef39": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.process.memory.virtual.bytes: *" + }, + "isBucketed": false, + "label": "Virtual memory", + "operationType": "last_value", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } }, - { - "id": "metrics-*", - "name": "695725fe-9d35-49c6-8289-21fbe54ff2a6", - "type": "index-pattern" - } + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.process.memory.virtual.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "36494898-fe02-477e-9364-d94ea0fcb947", + "key": "kubernetes.scheduler.process.fds.open.count", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.process.fds.open.count" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "6cbab896-ee42-4dad-8831-12f53cda0d6d" + }, + { + "alignment": "center", + "columnId": "910bd079-4852-48bd-9d7a-e5eb940f0838" + }, + { + "alignment": "center", + "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", + "isTransposed": false + }, + { + "alignment": "center", + "colorMode": "text", + "columnId": "96c80749-da61-425a-b637-878d33e410fd", + "isTransposed": false, + "palette": { + "name": "custom", + "params": { + "colorStops": [ + { + "color": "#54B399", + "stop": 0 + }, + { + "color": "#D6BF57", + "stop": 60 + }, + { + "color": "#E7664C", + "stop": 90 + } ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "a2facaed-7c02-4fb6-9126-5512b8ffd26f": { - "columnOrder": [ - "73933c6b-b6da-45c6-a190-c501453f658f", - "3ed7787d-1fbe-487f-a377-9a5e5e6f2571", - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778", - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778X0" - ], - "columns": { - "3ed7787d-1fbe-487f-a377-9a5e5e6f2571": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "73933c6b-b6da-45c6-a190-c501453f658f": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of kubernetes.scheduler.name + 1 other", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderAgg": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of kubernetes.scheduler.workqueue.unfinished.sec", - "operationType": "max", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.unfinished.sec" - }, - "orderBy": { - "type": "custom" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "host.name" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.name" - }, - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778": { - "dataType": "number", - "isBucketed": false, - "label": "last_value(kubernetes.scheduler.workqueue.unfinished.sec)", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "s" - } - }, - "formula": "last_value(kubernetes.scheduler.workqueue.unfinished.sec)", - "isFormulaBroken": false - }, - "references": [ - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778X0" - ], - "scale": "ratio" - }, - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.workqueue.unfinished.sec: *" - }, - "isBucketed": false, - "label": "Part of last_value(kubernetes.scheduler.workqueue.unfinished.sec)", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.workqueue.unfinished.sec" - } - }, - "incompleteColumns": {} - } - } - } + "continuity": "above", + "name": "custom", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "steps": 5, + "stops": [ + { + "color": "#54B399", + "stop": 60 + }, + { + "color": "#D6BF57", + "stop": 90 + }, + { + "color": "#E7664C", + "stop": 91 + } + ] + }, + "type": "palette" + } + } + ], + "layerId": "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Scheduler process data" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 18, + "i": "303702e1-ba33-49f2-b337-4cc7d7305606", + "w": 24, + "x": 24, + "y": 60 + }, + "panelIndex": "303702e1-ba33-49f2-b337-4cc7d7305606", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "77da5988-3f03-4e8f-b1e4-39a94d8bec07": { + "columnOrder": [ + "7e1756d9-af1b-4204-a8d4-8c57987216f0", + "d523e6d2-50f3-4b45-8815-8259df43850c", + "cf481e4f-b568-4306-8da9-5e3d516ccbea", + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" + ], + "columns": { + "7e1756d9-af1b-4204-a8d4-8c57987216f0": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "695725fe-9d35-49c6-8289-21fbe54ff2a6", - "key": "kubernetes.scheduler.workqueue.unfinished.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.workqueue.unfinished.sec" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "7b75d52d-c30f-4d3c-a1fc-f1a9ce764778" - ], - "layerId": "a2facaed-7c02-4fb6-9126-5512b8ffd26f", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "73933c6b-b6da-45c6-a190-c501453f658f", - "xAccessor": "3ed7787d-1fbe-487f-a377-9a5e5e6f2571" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "shouldTruncate": true - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "host.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", - "w": 24, - "x": 24, - "y": 43 - }, - "panelIndex": "6a8b9a40-11ec-4790-a38d-2d88c5468f12", - "title": "Current unfinished work", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "cf481e4f-b568-4306-8da9-5e3d516ccbea": { + "dataType": "number", + "isBucketed": false, + "label": "average(kubernetes.scheduler.process.memory.resident.bytes)", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 1 + } + }, + "formula": "average(kubernetes.scheduler.process.memory.resident.bytes)", + "isFormulaBroken": false + }, + "references": [ + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" + ], + "scale": "ratio" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(239,249,218,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "Process", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of average(kubernetes.scheduler.process.memory.resident.bytes)", + "operationType": "average", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.process.memory.resident.bytes" }, - "title": "", - "type": "metrics", - "uiState": {} + "d523e6d2-50f3-4b45-8815-8259df43850c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 3, - "i": "c3fee68f-01c6-49da-a759-2900b1cd15bf", - "w": 48, - "x": 0, - "y": 57 + "fillOpacity": 0.3, + "layers": [ + { + "accessors": [ + "cf481e4f-b568-4306-8da9-5e3d516ccbea" + ], + "layerId": "77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "layerType": "data", + "palette": { + "name": "temperature", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "7e1756d9-af1b-4204-a8d4-8c57987216f0", + "xAccessor": "d523e6d2-50f3-4b45-8815-8259df43850c", + "yConfig": [] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "c3fee68f-01c6-49da-a759-2900b1cd15bf", - "title": "", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Average resident memory" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 12, + "i": "1604f0de-edd6-456e-8670-ab9b33988abb", + "w": 24, + "x": 0, + "y": 66 + }, + "panelIndex": "1604f0de-edd6-456e-8670-ab9b33988abb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "38ef18ec-512c-4c90-ad86-214a5c9bfe9d", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332": { + "columnOrder": [ + "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", + "236eb2de-d45f-43f2-83f4-5a1d7355132b", + "301759e0-f73e-4e6d-a7c5-d0938024e989", + "301759e0-f73e-4e6d-a7c5-d0938024e989X1", + "301759e0-f73e-4e6d-a7c5-d0938024e989X0" + ], + "columns": { + "236eb2de-d45f-43f2-83f4-5a1d7355132b": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Increase in Scheduler CPU", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "s" + } }, - { - "id": "metrics-*", - "name": "36494898-fe02-477e-9364-d94ea0fcb947", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807": { - "columnOrder": [ - "6cbab896-ee42-4dad-8831-12f53cda0d6d", - "910bd079-4852-48bd-9d7a-e5eb940f0838", - "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "96c80749-da61-425a-b637-878d33e410fd", - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX2", - "96c80749-da61-425a-b637-878d33e410fdX1", - "910bd079-4852-48bd-9d7a-e5eb940f0838X0" - ], - "columns": { - "6cbab896-ee42-4dad-8831-12f53cda0d6d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "910bd079-4852-48bd-9d7a-e5eb940f0838": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Resident memory", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "formula": "last_value(kubernetes.scheduler.process.memory.resident.bytes, kql='kubernetes.scheduler.process.memory.resident.bytes: *')", - "isFormulaBroken": false - }, - "references": [ - "910bd079-4852-48bd-9d7a-e5eb940f0838X0" - ], - "scale": "ratio" - }, - "910bd079-4852-48bd-9d7a-e5eb940f0838X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.process.memory.resident.bytes: *" - }, - "isBucketed": false, - "label": "Part of Resident memory", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.process.memory.resident.bytes" - }, - "96c80749-da61-425a-b637-878d33e410fd": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Open file descriptors usage", - "operationType": "formula", - "params": { - "format": { - "id": "percent", - "params": { - "decimals": 1 - } - }, - "formula": "last_value(kubernetes.scheduler.process.fds.open.count)/last_value(kubernetes.scheduler.process.fds.max.count)*100", - "isFormulaBroken": false - }, - "references": [ - "96c80749-da61-425a-b637-878d33e410fdX2" - ], - "scale": "ratio" - }, - "96c80749-da61-425a-b637-878d33e410fdX0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.process.fds.open.count: *" - }, - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.process.fds.open.count" - }, - "96c80749-da61-425a-b637-878d33e410fdX1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.process.fds.max.count: *" - }, - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.process.fds.max.count" - }, - "96c80749-da61-425a-b637-878d33e410fdX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Open file descriptors usage", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX1" - ], - "name": "divide", - "type": "function" - }, - 100 - ], - "location": { - "max": 114, - "min": 0 - }, - "name": "multiply", - "text": "last_value(kubernetes.scheduler.process.fds.open.count)/last_value(kubernetes.scheduler.process.fds.max.count)*100", - "type": "function" - } - }, - "references": [ - "96c80749-da61-425a-b637-878d33e410fdX0", - "96c80749-da61-425a-b637-878d33e410fdX1" - ], - "scale": "ratio" - }, - "ee812faf-6f3c-4cc2-ad9a-27136340ef39": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.process.memory.virtual.bytes: *" - }, - "isBucketed": false, - "label": "Virtual memory", - "operationType": "last_value", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - }, - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.process.memory.virtual.bytes" - } - }, - "incompleteColumns": {} - } - } - } + "formula": "counter_rate(last_value(kubernetes.scheduler.process.cpu.sec))", + "isFormulaBroken": false + }, + "references": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989X1" + ], + "scale": "ratio" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.process.cpu.sec: *" + }, + "isBucketed": false, + "label": "Part of Increase in Scheduler CPU", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.process.cpu.sec" + }, + "301759e0-f73e-4e6d-a7c5-d0938024e989X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Increase in Scheduler CPU", + "operationType": "counter_rate", + "references": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "9edf62a7-afd2-4574-9937-34f7ee0c5fcd": { + "dataType": "string", + "isBucketed": true, + "label": "Top 20 values of host.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": false, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "36494898-fe02-477e-9364-d94ea0fcb947", - "key": "kubernetes.scheduler.process.fds.open.count", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.process.fds.open.count" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "6cbab896-ee42-4dad-8831-12f53cda0d6d" - }, - { - "alignment": "center", - "columnId": "910bd079-4852-48bd-9d7a-e5eb940f0838" - }, - { - "alignment": "center", - "columnId": "ee812faf-6f3c-4cc2-ad9a-27136340ef39", - "isTransposed": false - }, - { - "alignment": "center", - "colorMode": "text", - "columnId": "96c80749-da61-425a-b637-878d33e410fd", - "isTransposed": false, - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#54B399", - "stop": 0 - }, - { - "color": "#D6BF57", - "stop": 60 - }, - { - "color": "#E7664C", - "stop": 90 - } - ], - "continuity": "above", - "name": "custom", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "steps": 5, - "stops": [ - { - "color": "#54B399", - "stop": 60 - }, - { - "color": "#D6BF57", - "stop": 90 - }, - { - "color": "#E7664C", - "stop": 91 - } - ] - }, - "type": "palette" - } - } - ], - "layerId": "380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "layerType": "data" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" + "size": 20 + }, + "scale": "ordinal", + "sourceField": "host.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "38ef18ec-512c-4c90-ad86-214a5c9bfe9d", + "key": "kubernetes.scheduler.process.cpu.sec", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "kubernetes.scheduler.process.cpu.sec" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fillOpacity": 0.3, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "hideEndzones": false, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "301759e0-f73e-4e6d-a7c5-d0938024e989" + ], + "layerId": "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" }, - "enhancements": {}, - "hidePanelTitles": false + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", + "xAccessor": "236eb2de-d45f-43f2-83f4-5a1d7355132b", + "yConfig": [ + { + "axisMode": "left", + "color": "#d6bf57", + "forAccessor": "301759e0-f73e-4e6d-a7c5-d0938024e989" + } + ] + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "gridData": { - "h": 6, - "i": "a0716ae8-4157-473d-8eba-8ff6625fed4b", - "w": 24, - "x": 0, - "y": 60 + "preferredSeriesType": "area", + "showCurrentTimeMarker": false, + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "a0716ae8-4157-473d-8eba-8ff6625fed4b", - "title": "Scheduler process data", - "type": "lens", - "version": "8.6.0" + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "77da5988-3f03-4e8f-b1e4-39a94d8bec07": { - "columnOrder": [ - "7e1756d9-af1b-4204-a8d4-8c57987216f0", - "d523e6d2-50f3-4b45-8815-8259df43850c", - "cf481e4f-b568-4306-8da9-5e3d516ccbea", - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" - ], - "columns": { - "7e1756d9-af1b-4204-a8d4-8c57987216f0": { - "dataType": "string", - "isBucketed": true, - "label": "Top 3 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "cf481e4f-b568-4306-8da9-5e3d516ccbea": { - "dataType": "number", - "isBucketed": false, - "label": "average(kubernetes.scheduler.process.memory.resident.bytes)", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 1 - } - }, - "formula": "average(kubernetes.scheduler.process.memory.resident.bytes)", - "isFormulaBroken": false - }, - "references": [ - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0" - ], - "scale": "ratio" - }, - "cf481e4f-b568-4306-8da9-5e3d516ccbeaX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of average(kubernetes.scheduler.process.memory.resident.bytes)", - "operationType": "average", - "params": { - "emptyAsNull": false - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.process.memory.resident.bytes" - }, - "d523e6d2-50f3-4b45-8815-8259df43850c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "CPU usage increase over time" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 3, + "i": "f8313a9d-ab58-448e-b183-75f914caf53f", + "w": 48, + "x": 0, + "y": 78 + }, + "panelIndex": "f8313a9d-ab58-448e-b183-75f914caf53f", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color": "rgba(249,235,223,1)", + "drop_last_bucket": 0, + "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", + "index_pattern_ref_name": "metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", + "interval": "", + "isModelInvalid": false, + "markdown": "HTTP Requests", + "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "default", + "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", + "line_width": 1, + "metrics": [ + { + "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", + "type": "count" + } + ], + "override_index_pattern": 0, + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "series_drop_last_bucket": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "", + "type": "metrics", + "uiState": {} + }, + "type": "visualization" + }, + "title": "" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "668a51aa-98da-465e-9b09-d49e4f219968", + "w": 24, + "x": 0, + "y": 81 + }, + "panelIndex": "668a51aa-98da-465e-9b09-d49e4f219968", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f3653393-ef8e-45e9-8b91-5a0472ecf752", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "1048fff9-f5a4-446b-8173-e9e22d4b1cff": { + "columnOrder": [ + "37b94d21-2d12-4136-a81d-908d8fc7f78a", + "52732cce-1342-46e1-8273-82efeffe9aac", + "469efac9-749a-455e-9864-90dc0f5f954e", + "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e" + ], + "columns": { + "37b94d21-2d12-4136-a81d-908d8fc7f78a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Cluster", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.3, - "layers": [ - { - "accessors": [ - "cf481e4f-b568-4306-8da9-5e3d516ccbea" - ], - "layerId": "77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "layerType": "data", - "palette": { - "name": "temperature", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "7e1756d9-af1b-4204-a8d4-8c57987216f0", - "xAccessor": "d523e6d2-50f3-4b45-8815-8259df43850c", - "yConfig": [] - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yTitle": "" - } + "size": 3 + }, + "scale": "ordinal", + "sourceField": "orchestrator.cluster.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 18, - "i": "303702e1-ba33-49f2-b337-4cc7d7305606", - "w": 24, - "x": 24, - "y": 60 - }, - "panelIndex": "303702e1-ba33-49f2-b337-4cc7d7305606", - "title": "Average resident memory", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "type": "index-pattern" + "469efac9-749a-455e-9864-90dc0f5f954e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - { - "id": "metrics-*", - "name": "38ef18ec-512c-4c90-ad86-214a5c9bfe9d", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332": { - "columnOrder": [ - "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", - "236eb2de-d45f-43f2-83f4-5a1d7355132b", - "301759e0-f73e-4e6d-a7c5-d0938024e989", - "301759e0-f73e-4e6d-a7c5-d0938024e989X1", - "301759e0-f73e-4e6d-a7c5-d0938024e989X0" - ], - "columns": { - "236eb2de-d45f-43f2-83f4-5a1d7355132b": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Increase in Scheduler CPU", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "s" - } - }, - "formula": "counter_rate(last_value(kubernetes.scheduler.process.cpu.sec))", - "isFormulaBroken": false - }, - "references": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989X1" - ], - "scale": "ratio" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.process.cpu.sec: *" - }, - "isBucketed": false, - "label": "Part of Increase in Scheduler CPU", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.process.cpu.sec" - }, - "301759e0-f73e-4e6d-a7c5-d0938024e989X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Increase in Scheduler CPU", - "operationType": "counter_rate", - "references": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "9edf62a7-afd2-4574-9937-34f7ee0c5fcd": { - "dataType": "string", - "isBucketed": true, - "label": "Top 20 values of host.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": false, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 20 - }, - "scale": "ordinal", - "sourceField": "host.name" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "38ef18ec-512c-4c90-ad86-214a5c9bfe9d", - "key": "kubernetes.scheduler.process.cpu.sec", - "negate": false, - "type": "exists", - "value": "exists" - }, - "query": { - "exists": { - "field": "kubernetes.scheduler.process.cpu.sec" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "size": 5 + }, + "scale": "ordinal", + "sourceField": "host.name" + }, + "52732cce-1342-46e1-8273-82efeffe9aac": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Leader scheduler name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "fillOpacity": 0.3, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "hideEndzones": false, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "301759e0-f73e-4e6d-a7c5-d0938024e989" - ], - "layerId": "d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "9edf62a7-afd2-4574-9937-34f7ee0c5fcd", - "xAccessor": "236eb2de-d45f-43f2-83f4-5a1d7355132b", - "yConfig": [ - { - "axisMode": "left", - "color": "#d6bf57", - "forAccessor": "301759e0-f73e-4e6d-a7c5-d0938024e989" - } - ] - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "area", - "showCurrentTimeMarker": false, - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" + "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e": { + "dataType": "boolean", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.leader.is_master: *" + }, + "isBucketed": false, + "label": "Last value of kubernetes.scheduler.leader.is_master", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.leader.is_master" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "f3653393-ef8e-45e9-8b91-5a0472ecf752", + "key": "kubernetes.scheduler.leader.is_master", + "negate": false, + "params": { + "query": true }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 12, - "i": "1604f0de-edd6-456e-8670-ab9b33988abb", - "w": 24, - "x": 0, - "y": 66 - }, - "panelIndex": "1604f0de-edd6-456e-8670-ab9b33988abb", - "title": "CPU usage increase over time", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color": "rgba(249,235,223,1)", - "drop_last_bucket": 0, - "id": "6f526672-7eb3-4643-b49d-676d2eeac17b", - "index_pattern_ref_name": "metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", - "interval": "", - "isModelInvalid": false, - "markdown": "HTTP Requests", - "markdown_css": "font-family:system-ui,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Segoe UI Emoji\",\"Segoe UI Symbol\";font-weight:500;font-kerning:normal;font-size:36px;font-stretch:100%;font-style:normal;font-variant-caps:normal;font-variant-east-asian:normal;font-variant-ligatures:normal;font-variant-numeric:normal;\np {\n text-align: center;\n } a{text-decoration:none !important;}", - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "default", - "id": "d65c8740-c2c0-4471-9f94-38baadcf2df2", - "line_width": 1, - "metrics": [ - { - "id": "6a297bc8-ba40-4dbe-b5bc-6ca95dc292bb", - "type": "count" - } - ], - "override_index_pattern": 0, - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "series_drop_last_bucket": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true - }, - "title": "", - "type": "metrics", - "uiState": {} + "type": "phrase" + }, + "query": { + "match_phrase": { + "kubernetes.scheduler.leader.is_master": true } - }, - "gridData": { - "h": 3, - "i": "f8313a9d-ab58-448e-b183-75f914caf53f", - "w": 48, - "x": 0, - "y": 78 - }, - "panelIndex": "f8313a9d-ab58-448e-b183-75f914caf53f", - "title": "", - "type": "visualization", - "version": "8.6.0" + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "alignment": "center", + "columnId": "469efac9-749a-455e-9864-90dc0f5f954e", + "isTransposed": false, + "width": 256.6666666666667 + }, + { + "columnId": "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e", + "hidden": true, + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "52732cce-1342-46e1-8273-82efeffe9aac", + "isTransposed": false + }, + { + "alignment": "center", + "columnId": "37b94d21-2d12-4136-a81d-908d8fc7f78a", + "isTransposed": false, + "width": 345.66666666666663 + } + ], + "headerRowHeight": "auto", + "layerId": "1048fff9-f5a4-446b-8173-e9e22d4b1cff", + "layerType": "data", + "rowHeight": "auto" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", - "type": "index-pattern" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Leader scheduler" + }, + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "e70eea20-8653-4340-b6dd-620090d3cf7a", + "w": 24, + "x": 24, + "y": 81 + }, + "panelIndex": "e70eea20-8653-4340-b6dd-620090d3cf7a", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**NOTE**: The default period to fetch the metrics used in **Requests and responses counter rate** visualization is **10s**. The timestamps from the visualizations were chosen according to that. Otherwise, they might be inaccurate. Adjust them by clicking on the **settings wheel** on the top right of the visualization and go to the **right side menu**. After that, write the custom period value on **Horizontal axis > @timestamp > Minimum interval**.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" + } + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "91a7ce56-6a49-4b7e-837f-31c184b48c09", + "w": 24, + "x": 24, + "y": 86 + }, + "panelIndex": "91a7ce56-6a49-4b7e-837f-31c184b48c09", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "7c7c4b67-a2df-427f-abbd-635e5fa73a9c": { + "columnOrder": [ + "d3b90051-0bb2-41e0-9d5d-34ff145dba09", + "8a2e9cea-60fb-4603-a072-9b0e6194344c", + "63268365-bb35-456f-831c-78238984a061", + "63268365-bb35-456f-831c-78238984a061X0", + "63268365-bb35-456f-831c-78238984a061X1", + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4", + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X1", + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X0", + "00501c90-b23d-4bca-9354-eb2c48236139", + "00501c90-b23d-4bca-9354-eb2c48236139X1", + "00501c90-b23d-4bca-9354-eb2c48236139X0" + ], + "columns": { + "00501c90-b23d-4bca-9354-eb2c48236139": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.schedule.code >= 500" + }, + "isBucketed": false, + "label": "Server errors", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1 + } }, - { - "id": "metrics-*", - "name": "f3653393-ef8e-45e9-8b91-5a0472ecf752", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "1048fff9-f5a4-446b-8173-e9e22d4b1cff": { - "columnOrder": [ - "37b94d21-2d12-4136-a81d-908d8fc7f78a", - "52732cce-1342-46e1-8273-82efeffe9aac", - "469efac9-749a-455e-9864-90dc0f5f954e", - "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e" - ], - "columns": { - "37b94d21-2d12-4136-a81d-908d8fc7f78a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Cluster", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "orchestrator.cluster.name" - }, - "469efac9-749a-455e-9864-90dc0f5f954e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "host.name" - }, - "52732cce-1342-46e1-8273-82efeffe9aac": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Leader scheduler name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.name" - }, - "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e": { - "dataType": "boolean", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.leader.is_master: *" - }, - "isBucketed": false, - "label": "Last value of kubernetes.scheduler.leader.is_master", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.leader.is_master" - } - }, - "incompleteColumns": {} - } - } - } + "formula": "counter_rate(last_value(kubernetes.scheduler.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "00501c90-b23d-4bca-9354-eb2c48236139X1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "00501c90-b23d-4bca-9354-eb2c48236139X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.schedule.code >= 500" + }, + "isBucketed": false, + "label": "Part of Server errors", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.client.request.count" + }, + "00501c90-b23d-4bca-9354-eb2c48236139X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.schedule.code >= 500" + }, + "isBucketed": false, + "label": "Part of Server errors", + "operationType": "counter_rate", + "references": [ + "00501c90-b23d-4bca-9354-eb2c48236139X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.code >= 400 and kubernetes.scheduler.code < 500" + }, + "isBucketed": false, + "label": "Client errors", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1 + } }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "f3653393-ef8e-45e9-8b91-5a0472ecf752", - "key": "kubernetes.scheduler.leader.is_master", - "negate": false, - "params": { - "query": true - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "kubernetes.scheduler.leader.is_master": true - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "formula": "counter_rate(last_value(kubernetes.scheduler.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X1" + ], + "scale": "ratio", + "timeScale": "s" + }, + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.code >= 400 and kubernetes.scheduler.code < 500" + }, + "isBucketed": false, + "label": "Part of Client errors", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.client.request.count" + }, + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.code >= 400 and kubernetes.scheduler.code < 500" + }, + "isBucketed": false, + "label": "Part of Client errors", + "operationType": "counter_rate", + "references": [ + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X0" + ], + "scale": "ratio", + "timeScale": "s" + }, + "63268365-bb35-456f-831c-78238984a061": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Requests", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1 + } }, - "visualization": { - "columns": [ - { - "alignment": "center", - "columnId": "469efac9-749a-455e-9864-90dc0f5f954e", - "isTransposed": false, - "width": 256.6666666666667 - }, - { - "columnId": "e014cfcb-3d50-4bbe-a6e6-4d8ea547ec4e", - "hidden": true, - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "52732cce-1342-46e1-8273-82efeffe9aac", - "isTransposed": false - }, - { - "alignment": "center", - "columnId": "37b94d21-2d12-4136-a81d-908d8fc7f78a", - "isTransposed": false, - "width": 345.66666666666663 - } - ], - "headerRowHeight": "auto", - "layerId": "1048fff9-f5a4-446b-8173-e9e22d4b1cff", - "layerType": "data", - "rowHeight": "auto" - } + "formula": "counter_rate(last_value(kubernetes.scheduler.client.request.count))", + "isFormulaBroken": false + }, + "references": [ + "63268365-bb35-456f-831c-78238984a061X1" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 6, - "i": "668a51aa-98da-465e-9b09-d49e4f219968", - "w": 24, - "x": 0, - "y": 81 - }, - "panelIndex": "668a51aa-98da-465e-9b09-d49e4f219968", - "title": "Leader scheduler", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "63268365-bb35-456f-831c-78238984a061X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Requests", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.client.request.count" }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**NOTE**: The default period to fetch the metrics used in **Requests and responses counter rate** visualization is **10s**. The timestamps from the visualizations were chosen according to that. Otherwise, they might be inaccurate. Adjust them by clicking on the **settings wheel** on the top right of the visualization and go to the **right side menu**. After that, write the custom period value on **Horizontal axis \u003e @timestamp \u003e Minimum interval**.", - "openLinksInNewTab": false + "63268365-bb35-456f-831c-78238984a061X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Requests", + "operationType": "counter_rate", + "references": [ + "63268365-bb35-456f-831c-78238984a061X0" + ], + "scale": "ratio", + "timeScale": "s" }, - "title": "", - "type": "markdown", - "uiState": {} + "8a2e9cea-60fb-4603-a072-9b0e6194344c": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d3b90051-0bb2-41e0-9d5d-34ff145dba09": { + "dataType": "string", + "isBucketed": true, + "label": "Top values", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" + }, + "orderDirection": "asc", + "otherBucket": false, + "parentFormat": { + "id": "multi_terms" + }, + "secondaryFields": [ + "kubernetes.scheduler.method", + "kubernetes.scheduler.code" + ], + "size": 3 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.host" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 5, - "i": "e70eea20-8653-4340-b6dd-620090d3cf7a", - "w": 24, - "x": 24, - "y": 81 + "layers": [ + { + "accessors": [ + "63268365-bb35-456f-831c-78238984a061", + "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4", + "00501c90-b23d-4bca-9354-eb2c48236139" + ], + "layerId": "7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "layerType": "data", + "palette": { + "name": "default", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "d3b90051-0bb2-41e0-9d5d-34ff145dba09", + "xAccessor": "8a2e9cea-60fb-4603-a072-9b0e6194344c" + } + ], + "legend": { + "isVisible": true, + "legendSize": "large", + "position": "right", + "shouldTruncate": false }, - "panelIndex": "e70eea20-8653-4340-b6dd-620090d3cf7a", - "type": "visualization", - "version": "8.6.0" + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide", + "xTitle": "", + "yTitle": "" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "7c7c4b67-a2df-427f-abbd-635e5fa73a9c": { - "columnOrder": [ - "d3b90051-0bb2-41e0-9d5d-34ff145dba09", - "8a2e9cea-60fb-4603-a072-9b0e6194344c", - "63268365-bb35-456f-831c-78238984a061", - "63268365-bb35-456f-831c-78238984a061X0", - "63268365-bb35-456f-831c-78238984a061X1", - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4", - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X1", - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X0", - "00501c90-b23d-4bca-9354-eb2c48236139", - "00501c90-b23d-4bca-9354-eb2c48236139X1", - "00501c90-b23d-4bca-9354-eb2c48236139X0" - ], - "columns": { - "00501c90-b23d-4bca-9354-eb2c48236139": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.schedule.code \u003e= 500" - }, - "isBucketed": false, - "label": "Server errors", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1 - } - }, - "formula": "counter_rate(last_value(kubernetes.scheduler.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "00501c90-b23d-4bca-9354-eb2c48236139X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "00501c90-b23d-4bca-9354-eb2c48236139X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.schedule.code \u003e= 500" - }, - "isBucketed": false, - "label": "Part of Server errors", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.client.request.count" - }, - "00501c90-b23d-4bca-9354-eb2c48236139X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.schedule.code \u003e= 500" - }, - "isBucketed": false, - "label": "Part of Server errors", - "operationType": "counter_rate", - "references": [ - "00501c90-b23d-4bca-9354-eb2c48236139X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.code \u003e= 400 and kubernetes.scheduler.code \u003c 500" - }, - "isBucketed": false, - "label": "Client errors", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1 - } - }, - "formula": "counter_rate(last_value(kubernetes.scheduler.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.code \u003e= 400 and kubernetes.scheduler.code \u003c 500" - }, - "isBucketed": false, - "label": "Part of Client errors", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.client.request.count" - }, - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.code \u003e= 400 and kubernetes.scheduler.code \u003c 500" - }, - "isBucketed": false, - "label": "Part of Client errors", - "operationType": "counter_rate", - "references": [ - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "63268365-bb35-456f-831c-78238984a061": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Requests", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1 - } - }, - "formula": "counter_rate(last_value(kubernetes.scheduler.client.request.count))", - "isFormulaBroken": false - }, - "references": [ - "63268365-bb35-456f-831c-78238984a061X1" - ], - "scale": "ratio", - "timeScale": "s" - }, - "63268365-bb35-456f-831c-78238984a061X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Requests", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.client.request.count" - }, - "63268365-bb35-456f-831c-78238984a061X1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Requests", - "operationType": "counter_rate", - "references": [ - "63268365-bb35-456f-831c-78238984a061X0" - ], - "scale": "ratio", - "timeScale": "s" - }, - "8a2e9cea-60fb-4603-a072-9b0e6194344c": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "d3b90051-0bb2-41e0-9d5d-34ff145dba09": { - "dataType": "string", - "isBucketed": true, - "label": "Top values", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": false, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.scheduler.method", - "kubernetes.scheduler.code" - ], - "size": 3 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.host" - } - }, - "incompleteColumns": {} - } - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Requests and responses counter rate" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "1bd24fa1-319e-4cae-9d45-d821b06a8034", + "w": 24, + "x": 0, + "y": 87 + }, + "panelIndex": "1bd24fa1-319e-4cae-9d45-d821b06a8034", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9": { + "columnOrder": [ + "35a11916-4ca3-421b-9df2-521f52f21fbb", + "ed3c7efa-0467-4a57-8d06-0f4775906cc5", + "43097f7a-e478-47bc-81c1-7541bd899d46", + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1", + "43097f7a-e478-47bc-81c1-7541bd899d46X2" + ], + "columns": { + "35a11916-4ca3-421b-9df2-521f52f21fbb": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Host", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "multi_terms" }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "63268365-bb35-456f-831c-78238984a061", - "148bf5e1-71ed-4e36-af5d-ebc5a76b0da4", - "00501c90-b23d-4bca-9354-eb2c48236139" - ], - "layerId": "7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "layerType": "data", - "palette": { - "name": "default", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "d3b90051-0bb2-41e0-9d5d-34ff145dba09", - "xAccessor": "8a2e9cea-60fb-4603-a072-9b0e6194344c" - } - ], - "legend": { - "isVisible": true, - "legendSize": "large", - "position": "right", - "shouldTruncate": false - }, - "preferredSeriesType": "bar_stacked", - "title": "Empty XY chart", - "valueLabels": "hide", - "xTitle": "", - "yTitle": "" - } + "secondaryFields": [ + "kubernetes.scheduler.verb" + ], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.scheduler.host" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 14, - "i": "91a7ce56-6a49-4b7e-837f-31c184b48c09", - "w": 24, - "x": 24, - "y": 86 - }, - "panelIndex": "91a7ce56-6a49-4b7e-837f-31c184b48c09", - "title": "Requests and responses counter rate", - "type": "lens", - "version": "8.6.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9": { - "columnOrder": [ - "35a11916-4ca3-421b-9df2-521f52f21fbb", - "ed3c7efa-0467-4a57-8d06-0f4775906cc5", - "43097f7a-e478-47bc-81c1-7541bd899d46", - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1", - "43097f7a-e478-47bc-81c1-7541bd899d46X2" - ], - "columns": { - "35a11916-4ca3-421b-9df2-521f52f21fbb": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Host", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "multi_terms" - }, - "secondaryFields": [ - "kubernetes.scheduler.verb" - ], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.scheduler.host" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Average latency in ms", - "operationType": "formula", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 1, - "suffix": "ms" - } - }, - "formula": "last_value(kubernetes.scheduler.client.request.duration.us.sum)/last_value(kubernetes.scheduler.client.request.duration.us.count)/1000", - "isFormulaBroken": false - }, - "references": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X2" - ], - "scale": "ratio" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X0": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.client.request.duration.us.sum: *" - }, - "isBucketed": false, - "label": "Part of Average latency in ms", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.client.request.duration.us.sum" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X1": { - "customLabel": true, - "dataType": "number", - "filter": { - "language": "kuery", - "query": "kubernetes.scheduler.client.request.duration.us.count: *" - }, - "isBucketed": false, - "label": "Part of Average latency in ms", - "operationType": "last_value", - "params": { - "sortField": "@timestamp" - }, - "scale": "ratio", - "sourceField": "kubernetes.scheduler.client.request.duration.us.count" - }, - "43097f7a-e478-47bc-81c1-7541bd899d46X2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Average latency in ms", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - { - "args": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1" - ], - "name": "divide", - "type": "function" - }, - 1000 - ], - "location": { - "max": 134, - "min": 0 - }, - "name": "divide", - "text": "last_value(kubernetes.scheduler.client.request.duration.us.sum)/last_value(kubernetes.scheduler.client.request.duration.us.count)/1000", - "type": "function" - } - }, - "references": [ - "43097f7a-e478-47bc-81c1-7541bd899d46X0", - "43097f7a-e478-47bc-81c1-7541bd899d46X1" - ], - "scale": "ratio" - }, - "ed3c7efa-0467-4a57-8d06-0f4775906cc5": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": true, - "includeEmptyRows": true, - "interval": "10s" - }, - "scale": "interval", - "sourceField": "@timestamp" - } - }, - "incompleteColumns": {} - } - } - } + "43097f7a-e478-47bc-81c1-7541bd899d46": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Average latency in ms", + "operationType": "formula", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 1, + "suffix": "ms" + } }, - "filters": [], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": false, - "yLeft": false, - "yRight": true - }, - "layers": [ - { - "accessors": [ - "43097f7a-e478-47bc-81c1-7541bd899d46" - ], - "layerId": "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "layerType": "data", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "35a11916-4ca3-421b-9df2-521f52f21fbb", - "xAccessor": "ed3c7efa-0467-4a57-8d06-0f4775906cc5", - "yConfig": [] - } - ], - "legend": { - "horizontalAlignment": "right", - "isInside": false, - "isVisible": true, - "legendSize": "large", - "maxLines": 1, - "position": "right", - "shouldTruncate": false, - "verticalAlignment": "bottom" + "formula": "last_value(kubernetes.scheduler.client.request.duration.us.sum)/last_value(kubernetes.scheduler.client.request.duration.us.count)/1000", + "isFormulaBroken": false + }, + "references": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X2" + ], + "scale": "ratio" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.client.request.duration.us.sum: *" + }, + "isBucketed": false, + "label": "Part of Average latency in ms", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.client.request.duration.us.sum" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X1": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "kubernetes.scheduler.client.request.duration.us.count: *" + }, + "isBucketed": false, + "label": "Part of Average latency in ms", + "operationType": "last_value", + "params": { + "sortField": "@timestamp" + }, + "scale": "ratio", + "sourceField": "kubernetes.scheduler.client.request.duration.us.count" + }, + "43097f7a-e478-47bc-81c1-7541bd899d46X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Average latency in ms", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + { + "args": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1" + ], + "name": "divide", + "type": "function" }, - "preferredSeriesType": "area", - "title": "Empty XY chart", - "valueLabels": "hide", - "valuesInLegend": false, - "xTitle": "", - "yTitle": "" + 1000 + ], + "location": { + "max": 134, + "min": 0 + }, + "name": "divide", + "text": "last_value(kubernetes.scheduler.client.request.duration.us.sum)/last_value(kubernetes.scheduler.client.request.duration.us.count)/1000", + "type": "function" } + }, + "references": [ + "43097f7a-e478-47bc-81c1-7541bd899d46X0", + "43097f7a-e478-47bc-81c1-7541bd899d46X1" + ], + "scale": "ratio" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "ed3c7efa-0467-4a57-8d06-0f4775906cc5": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": true, + "includeEmptyRows": true, + "interval": "10s" + }, + "scale": "interval", + "sourceField": "@timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true }, - "gridData": { - "h": 13, - "i": "1bd24fa1-319e-4cae-9d45-d821b06a8034", - "w": 24, - "x": 0, - "y": 87 + "layers": [ + { + "accessors": [ + "43097f7a-e478-47bc-81c1-7541bd899d46" + ], + "layerId": "f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "layerType": "data", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "35a11916-4ca3-421b-9df2-521f52f21fbb", + "xAccessor": "ed3c7efa-0467-4a57-8d06-0f4775906cc5", + "yConfig": [] + } + ], + "legend": { + "horizontalAlignment": "right", + "isInside": false, + "isVisible": true, + "legendSize": "large", + "maxLines": 1, + "position": "right", + "shouldTruncate": false, + "verticalAlignment": "bottom" }, - "panelIndex": "1bd24fa1-319e-4cae-9d45-d821b06a8034", - "title": "Average request latency", - "type": "lens", - "version": "8.6.0" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Scheduler", - "version": 1 - }, - "coreMigrationVersion": "8.8.0", - "created_at": "2023-04-24T13:36:10.877Z", - "id": "kubernetes-f5ab5510-9c94-11e9-94fd-c91206cd5249", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd:metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a2b844d8-11e3-4469-af4b-744d33b603ad:indexpattern-datasource-layer-0c578d26-c937-4b73-a3a6-e15ebd5854e6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "125ec894-444e-486b-a9c8-7205cde12a7e:indexpattern-datasource-layer-8cad09ad-7860-45ac-aaad-7b94af09c33d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "e6506b77-2e3b-4bfa-831a-8a5daada553b:indexpattern-datasource-layer-af585c84-2ebf-42a3-9073-4d76e8b2610d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "181a3fe5-e5b5-472e-98af-ea4aaadc3109:indexpattern-datasource-layer-c0fe3677-6a5b-4340-8ad0-d8e31b042fe8", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "181a3fe5-e5b5-472e-98af-ea4aaadc3109:c038d00b-5e03-420e-9c45-a8aea3c41f99", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "d35d8849-89ba-42b8-8120-c14b087f9690:indexpattern-datasource-layer-2b43c72b-5964-4c48-8239-72a42fbe334f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6:metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:6572ee4d-01b4-47db-8804-d8ef217e21da", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:55eaa53f-a391-4996-9721-2f7af9aa963d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3a26dffa-0696-485d-b991-1dbc5092082e:indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3a26dffa-0696-485d-b991-1dbc5092082e:09d7cafe-19c4-4da8-a1b9-5ecd3ec6b0b0", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:695725fe-9d35-49c6-8289-21fbe54ff2a6", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "c3fee68f-01c6-49da-a759-2900b1cd15bf:metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a0716ae8-4157-473d-8eba-8ff6625fed4b:indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "a0716ae8-4157-473d-8eba-8ff6625fed4b:36494898-fe02-477e-9364-d94ea0fcb947", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "303702e1-ba33-49f2-b337-4cc7d7305606:indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1604f0de-edd6-456e-8670-ab9b33988abb:indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1604f0de-edd6-456e-8670-ab9b33988abb:38ef18ec-512c-4c90-ad86-214a5c9bfe9d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "f8313a9d-ab58-448e-b183-75f914caf53f:metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "668a51aa-98da-465e-9b09-d49e4f219968:indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "668a51aa-98da-465e-9b09-d49e4f219968:f3653393-ef8e-45e9-8b91-5a0472ecf752", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:c61ac757-89a1-4673-86b7-698a0d48e06e", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "1bd24fa1-319e-4cae-9d45-d821b06a8034:indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_f53d0d21-4502-4dce-8004-017a92104040:optionsListDataView", - "type": "index-pattern" + "preferredSeriesType": "area", + "title": "Empty XY chart", + "valueLabels": "hide", + "valuesInLegend": false, + "xTitle": "", + "yTitle": "" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_df56c430-83b1-436e-8b9c-fb027aaa29ca:optionsListDataView", - "type": "index-pattern" - } + "title": "Average request latency" + } ], - "type": "dashboard", - "updated_at": "2023-01-11T16:15:10.039Z", - "version": "WzM0NzYsMV0=" + "timeRestore": false, + "title": "[Metrics Kubernetes] Scheduler", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd:metrics_ff6afcdf-0de2-47fb-aa9e-72b48f11e0cd_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a2b844d8-11e3-4469-af4b-744d33b603ad:indexpattern-datasource-layer-0c578d26-c937-4b73-a3a6-e15ebd5854e6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "125ec894-444e-486b-a9c8-7205cde12a7e:indexpattern-datasource-layer-8cad09ad-7860-45ac-aaad-7b94af09c33d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "e6506b77-2e3b-4bfa-831a-8a5daada553b:indexpattern-datasource-layer-af585c84-2ebf-42a3-9073-4d76e8b2610d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "181a3fe5-e5b5-472e-98af-ea4aaadc3109:indexpattern-datasource-layer-c0fe3677-6a5b-4340-8ad0-d8e31b042fe8", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "181a3fe5-e5b5-472e-98af-ea4aaadc3109:c038d00b-5e03-420e-9c45-a8aea3c41f99", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "d35d8849-89ba-42b8-8120-c14b087f9690:indexpattern-datasource-layer-2b43c72b-5964-4c48-8239-72a42fbe334f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "0599e0ae-2375-4ceb-b12d-2ebec4310cc6:metrics_0599e0ae-2375-4ceb-b12d-2ebec4310cc6_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:indexpattern-datasource-layer-76c85206-02c1-4f35-bb0d-c1d4d3ee59d7", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "2ba53067-d43d-42eb-ac50-2d941977ce95:6572ee4d-01b4-47db-8804-d8ef217e21da", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:indexpattern-datasource-layer-77b347b2-91fa-470f-861d-ada0e175cbc4", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1cd3ebab-9630-4253-b9a6-5f921e5cb617:55eaa53f-a391-4996-9721-2f7af9aa963d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3a26dffa-0696-485d-b991-1dbc5092082e:indexpattern-datasource-layer-2b80230c-9cc8-444f-b092-1fbc4d764992", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3a26dffa-0696-485d-b991-1dbc5092082e:09d7cafe-19c4-4da8-a1b9-5ecd3ec6b0b0", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:indexpattern-datasource-layer-a2facaed-7c02-4fb6-9126-5512b8ffd26f", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "6a8b9a40-11ec-4790-a38d-2d88c5468f12:695725fe-9d35-49c6-8289-21fbe54ff2a6", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "c3fee68f-01c6-49da-a759-2900b1cd15bf:metrics_c3fee68f-01c6-49da-a759-2900b1cd15bf_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a0716ae8-4157-473d-8eba-8ff6625fed4b:indexpattern-datasource-layer-380c5d66-2e69-4e96-b5fb-ac4e5ab1c807", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "a0716ae8-4157-473d-8eba-8ff6625fed4b:36494898-fe02-477e-9364-d94ea0fcb947", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "303702e1-ba33-49f2-b337-4cc7d7305606:indexpattern-datasource-layer-77da5988-3f03-4e8f-b1e4-39a94d8bec07", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1604f0de-edd6-456e-8670-ab9b33988abb:indexpattern-datasource-layer-d3be0fa3-c7a4-49ba-b8cf-ab79f477f332", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1604f0de-edd6-456e-8670-ab9b33988abb:38ef18ec-512c-4c90-ad86-214a5c9bfe9d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "f8313a9d-ab58-448e-b183-75f914caf53f:metrics_f8313a9d-ab58-448e-b183-75f914caf53f_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "668a51aa-98da-465e-9b09-d49e4f219968:indexpattern-datasource-layer-1048fff9-f5a4-446b-8173-e9e22d4b1cff", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "668a51aa-98da-465e-9b09-d49e4f219968:f3653393-ef8e-45e9-8b91-5a0472ecf752", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:indexpattern-datasource-layer-7c7c4b67-a2df-427f-abbd-635e5fa73a9c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "91a7ce56-6a49-4b7e-837f-31c184b48c09:c61ac757-89a1-4673-86b7-698a0d48e06e", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "1bd24fa1-319e-4cae-9d45-d821b06a8034:indexpattern-datasource-layer-f7b7d15b-f8d9-4c06-abf0-7503ae32b8e9", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_f53d0d21-4502-4dce-8004-017a92104040:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_df56c430-83b1-436e-8b9c-fb027aaa29ca:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/dashboard/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013.json b/packages/kubernetes/kibana/dashboard/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013.json index f9ba2707c5c..6dd3d4d8ce2 100644 --- a/packages/kubernetes/kibana/dashboard/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013.json +++ b/packages/kubernetes/kibana/dashboard/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013.json @@ -1,309 +1,318 @@ { - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "twoLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"baa3640d-f954-4b56-ade6-01393a3991bc\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"baa3640d-f954-4b56-ade6-01393a3991bc\",\"enhancements\":{}}},\"5822d806-385b-435c-b83e-79e38e38fbb6\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"5822d806-385b-435c-b83e-79e38e38fbb6\",\"enhancements\":{}}},\"c749b037-7a98-4555-822b-cb9a52395dbb\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.service.name\",\"title\":\"Service Name\",\"id\":\"c749b037-7a98-4555-822b-cb9a52395dbb\",\"enhancements\":{}}}}" + "id": "kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013", + "type": "dashboard", + "namespaces": [ + "default" + ], + "migrationVersion": { + "dashboard": "8.9.0" + }, + "updated_at": "2024-03-13T10:46:00.096Z", + "created_at": "2024-03-13T10:46:00.096Z", + "version": "WzI1NywyXQ==", + "attributes": { + "controlGroupInput": { + "controlStyle": "twoLine", + "chainingSystem": "HIERARCHICAL", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"baa3640d-f954-4b56-ade6-01393a3991bc\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"orchestrator.cluster.name\",\"title\":\"Cluster Name\",\"id\":\"baa3640d-f954-4b56-ade6-01393a3991bc\",\"enhancements\":{}}},\"5822d806-385b-435c-b83e-79e38e38fbb6\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.namespace\",\"title\":\"Namespace Name\",\"id\":\"5822d806-385b-435c-b83e-79e38e38fbb6\",\"enhancements\":{}}},\"c749b037-7a98-4555-822b-cb9a52395dbb\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"kubernetes.service.name\",\"title\":\"Service Name\",\"id\":\"c749b037-7a98-4555-822b-cb9a52395dbb\",\"enhancements\":{}}}}" + }, + "description": "Metrics about Services", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.9.0", + "type": "visualization", + "gridData": { + "h": 4, + "i": "60c70dea-d4f0-43ea-a43f-7927dcf5c34d", + "w": 48, + "x": 0, + "y": 0 }, - "description": "Metrics about Services", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "panelIndex": "60c70dea-d4f0-43ea-a43f-7927dcf5c34d", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } - } + } + }, + "description": "", + "params": { + "fontSize": 10, + "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Kubernetes Dashboards [Metrics Kubernetes]" + }, + { + "version": "8.9.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "3df5f644-b37e-471c-b2c5-ad4db122d1de", + "w": 48, + "x": 0, + "y": 4 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "panelIndex": "3df5f644-b37e-471c-b2c5-ad4db122d1de", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-15362d53-5f27-48a6-a339-8a5fc2c5339d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "009fece4-2d13-4c71-aeef-56c7288e17bf", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "15362d53-5f27-48a6-a339-8a5fc2c5339d": { + "columnOrder": [ + "5bcc83c1-a9ef-4489-841c-e5c6e82f346b", + "5288fb8d-2eec-4da6-a9e6-81e6ee0a429f", + "2d715eff-85bb-431f-a5a6-3432b6a704a9", + "07f7d695-1388-41fb-a4fc-4bf13d299688", + "8d4e5a02-d3f5-4960-b3a9-121f64d42ba6", + "226bd103-5a5d-4756-bbc5-2c7f5da03488" + ], + "columns": { + "07f7d695-1388-41fb-a4fc-4bf13d299688": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Cluster IP", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.service.cluster_ip" }, - "description": "", - "params": { - "fontSize": 10, - "markdown": "[Kubernetes Overview](#/view/kubernetes-f4dc26db-1b53-4ea2-a78b-1bfab8ea267c),\n[Kubernetes Nodes](#/view/kubernetes-b945b7b0-bcb1-11ec-b64f-7dd6e8e82013), \n[Kubernetes Pods](#/view/kubernetes-3d4d9290-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Deployments](#/view/kubernetes-5be46210-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes StatefulSets](#/view/kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes DaemonSets](#/view/kubernetes-85879010-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes CronJobs](#/view/kubernetes-0a672d50-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Jobs](#/view/kubernetes-9bf990a0-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Volumes](#/view/kubernetes-3912d9a0-bcb2-11ec-b64f-7dd6e8e82013), [Kubernetes PV/PVC](#/view/kubernetes-dd081350-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes Services](#/view/kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013), [Kubernetes API Server](#/view/kubernetes-d3bd9650-0c14-11ed-b760-5d1bccb47f56)", - "openLinksInNewTab": false + "226bd103-5a5d-4756-bbc5-2c7f5da03488": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Created", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.service.created" }, - "title": "", - "type": "markdown", - "uiState": {} - } - }, - "gridData": { - "h": 4, - "i": "60c70dea-d4f0-43ea-a43f-7927dcf5c34d", - "w": 48, - "x": 0, - "y": 0 - }, - "panelIndex": "60c70dea-d4f0-43ea-a43f-7927dcf5c34d", - "title": "Kubernetes Dashboards [Metrics Kubernetes]", - "type": "visualization", - "version": "8.6.0-SNAPSHOT" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-15362d53-5f27-48a6-a339-8a5fc2c5339d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "009fece4-2d13-4c71-aeef-56c7288e17bf", - "type": "index-pattern" - } - ], - "state": { - "adHocDataViews": {}, - "datasourceStates": { - "formBased": { - "layers": { - "15362d53-5f27-48a6-a339-8a5fc2c5339d": { - "columnOrder": [ - "5bcc83c1-a9ef-4489-841c-e5c6e82f346b", - "5288fb8d-2eec-4da6-a9e6-81e6ee0a429f", - "2d715eff-85bb-431f-a5a6-3432b6a704a9", - "07f7d695-1388-41fb-a4fc-4bf13d299688", - "8d4e5a02-d3f5-4960-b3a9-121f64d42ba6", - "226bd103-5a5d-4756-bbc5-2c7f5da03488" - ], - "columns": { - "07f7d695-1388-41fb-a4fc-4bf13d299688": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Cluster IP", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.service.cluster_ip" - }, - "226bd103-5a5d-4756-bbc5-2c7f5da03488": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Created", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.service.created" - }, - "2d715eff-85bb-431f-a5a6-3432b6a704a9": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Type", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.service.type" - }, - "5288fb8d-2eec-4da6-a9e6-81e6ee0a429f": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Namespace", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.namespace" - }, - "5bcc83c1-a9ef-4489-841c-e5c6e82f346b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Service Name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "fallback": true, - "type": "alphabetical" - }, - "orderDirection": "asc", - "otherBucket": true, - "parentFormat": { - "id": "terms" - }, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "kubernetes.service.name" - }, - "8d4e5a02-d3f5-4960-b3a9-121f64d42ba6": { - "customLabel": true, - "dataType": "string", - "isBucketed": false, - "label": "Ingress IP", - "operationType": "last_value", - "params": { - "showArrayValues": true, - "sortField": "@timestamp" - }, - "scale": "ordinal", - "sourceField": "kubernetes.service.ingress_ip" - } - }, - "incompleteColumns": {} - } - } - } + "2d715eff-85bb-431f-a5a6-3432b6a704a9": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Type", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.service.type" + }, + "5288fb8d-2eec-4da6-a9e6-81e6ee0a429f": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Namespace", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.namespace" + }, + "5bcc83c1-a9ef-4489-841c-e5c6e82f346b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Service Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "fallback": true, + "type": "alphabetical" }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "009fece4-2d13-4c71-aeef-56c7288e17bf", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "kubernetes.state_service" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "kubernetes.state_service" - } - } - } - ], - "internalReferences": [], - "query": { - "language": "kuery", - "query": "" + "orderDirection": "asc", + "otherBucket": true, + "parentFormat": { + "id": "terms" }, - "visualization": { - "columns": [ - { - "columnId": "5bcc83c1-a9ef-4489-841c-e5c6e82f346b", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "07f7d695-1388-41fb-a4fc-4bf13d299688", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "2d715eff-85bb-431f-a5a6-3432b6a704a9", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "226bd103-5a5d-4756-bbc5-2c7f5da03488", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "5288fb8d-2eec-4da6-a9e6-81e6ee0a429f", - "isTransposed": false - }, - { - "alignment": "right", - "columnId": "8d4e5a02-d3f5-4960-b3a9-121f64d42ba6", - "isTransposed": false - } - ], - "layerId": "15362d53-5f27-48a6-a339-8a5fc2c5339d", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "size": 10 + }, + "scale": "ordinal", + "sourceField": "kubernetes.service.name" }, - "title": "Services Informations [Metrics Kubernetes]", - "type": "lens", - "visualizationType": "lnsDatatable" + "8d4e5a02-d3f5-4960-b3a9-121f64d42ba6": { + "customLabel": true, + "dataType": "string", + "isBucketed": false, + "label": "Ingress IP", + "operationType": "last_value", + "params": { + "showArrayValues": true, + "sortField": "@timestamp" + }, + "scale": "ordinal", + "sourceField": "kubernetes.service.ingress_ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "009fece4-2d13-4c71-aeef-56c7288e17bf", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "kubernetes.state_service" }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "3df5f644-b37e-471c-b2c5-ad4db122d1de", - "w": 48, - "x": 0, - "y": 4 - }, - "panelIndex": "3df5f644-b37e-471c-b2c5-ad4db122d1de", - "title": "Services Informations [Metrics Kubernetes]", - "type": "lens", - "version": "8.6.0-SNAPSHOT" - } - ], - "timeRestore": false, - "title": "[Metrics Kubernetes] Services", - "version": 1 - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T14:25:08.717Z", - "id": "kubernetes-ff1b3850-bcb1-11ec-b64f-7dd6e8e82013", - "migrationVersion": { - "dashboard": "8.6.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "3df5f644-b37e-471c-b2c5-ad4db122d1de:indexpattern-datasource-layer-15362d53-5f27-48a6-a339-8a5fc2c5339d", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "3df5f644-b37e-471c-b2c5-ad4db122d1de:009fece4-2d13-4c71-aeef-56c7288e17bf", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_baa3640d-f954-4b56-ade6-01393a3991bc:optionsListDataView", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "controlGroup_5822d806-385b-435c-b83e-79e38e38fbb6:optionsListDataView", - "type": "index-pattern" + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "kubernetes.state_service" + } + } + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "5bcc83c1-a9ef-4489-841c-e5c6e82f346b", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "07f7d695-1388-41fb-a4fc-4bf13d299688", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "2d715eff-85bb-431f-a5a6-3432b6a704a9", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "226bd103-5a5d-4756-bbc5-2c7f5da03488", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "5288fb8d-2eec-4da6-a9e6-81e6ee0a429f", + "isTransposed": false + }, + { + "alignment": "right", + "columnId": "8d4e5a02-d3f5-4960-b3a9-121f64d42ba6", + "isTransposed": false + } + ], + "layerId": "15362d53-5f27-48a6-a339-8a5fc2c5339d", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "Services Informations [Metrics Kubernetes]", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - { - "id": "metrics-*", - "name": "controlGroup_c749b037-7a98-4555-822b-cb9a52395dbb:optionsListDataView", - "type": "index-pattern" - } + "title": "Services Informations [Metrics Kubernetes]" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics Kubernetes] Services", + "version": 1 + }, + "references": [ + { + "id": "metrics-*", + "name": "3df5f644-b37e-471c-b2c5-ad4db122d1de:indexpattern-datasource-layer-15362d53-5f27-48a6-a339-8a5fc2c5339d", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "3df5f644-b37e-471c-b2c5-ad4db122d1de:009fece4-2d13-4c71-aeef-56c7288e17bf", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_baa3640d-f954-4b56-ade6-01393a3991bc:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_5822d806-385b-435c-b83e-79e38e38fbb6:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "controlGroup_c749b037-7a98-4555-822b-cb9a52395dbb:optionsListDataView", + "type": "index-pattern" + } + ], + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/kubernetes/kibana/search/kubernetes-adc7d0c0-d1fc-11ec-8c69-8bbb7ca8f9ee.json b/packages/kubernetes/kibana/search/kubernetes-adc7d0c0-d1fc-11ec-8c69-8bbb7ca8f9ee.json deleted file mode 100644 index d17d85efaaa..00000000000 --- a/packages/kubernetes/kibana/search/kubernetes-adc7d0c0-d1fc-11ec-8c69-8bbb7ca8f9ee.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "attributes": { - "columns": [ - "kubernetes.event.type", - "kubernetes.event.reason", - "kubernetes.event.involved_object.kind", - "kubernetes.event.metadata.namespace", - "kubernetes.event.involved_object.name", - "message" - ], - "description": "Kubernetes Events", - "grid": { - "columns": { - "kubernetes.event.involved_object.kind": { - "width": 198.30555555555554 - }, - "kubernetes.event.metadata.namespace": { - "width": 249.83333333333337 - }, - "kubernetes.event.reason": { - "width": 176.33333333333331 - }, - "kubernetes.event.type": { - "width": 156.91666666666663 - } - } - }, - "hideChart": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "event.dataset:kubernetes.event" - } - } - }, - "rowHeight": -1, - "sort": [ - [ - "@timestamp", - "desc" - ] - ], - "title": "Kubernetes Events [Metrics Kubernetes]" - }, - "coreMigrationVersion": "8.4.0", - "id": "kubernetes-adc7d0c0-d1fc-11ec-8c69-8bbb7ca8f9ee", - "migrationVersion": { - "search": "8.0.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "type": "search" -} \ No newline at end of file diff --git a/packages/kubernetes/kibana/search/kubernetes-ee55101a-9f62-44da-b64c-ffa1eb5abad8.json b/packages/kubernetes/kibana/search/kubernetes-ee55101a-9f62-44da-b64c-ffa1eb5abad8.json deleted file mode 100644 index 689683825df..00000000000 --- a/packages/kubernetes/kibana/search/kubernetes-ee55101a-9f62-44da-b64c-ffa1eb5abad8.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "attributes": { - "columns": [ - "kubernetes.event.type", - "kubernetes.event.reason", - "kubernetes.event.involved_object.name" - ], - "description": "Kubernetes Warnings", - "grid": { - "columns": { - "kubernetes.event.involved_object.kind": { - "width": 198.30555555555554 - }, - "kubernetes.event.metadata.namespace": { - "width": 249.83333333333337 - }, - "kubernetes.event.reason": { - "width": 176.33333333333331 - }, - "kubernetes.event.type": { - "width": 156.91666666666663 - } - } - }, - "hideChart": false, - "isTextBasedQuery": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "kubernetes.event.type", - "negate": false, - "params": { - "query": "Warning" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "kubernetes.event.type": "Warning" - } - } - } - ], - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", - "query": { - "language": "kuery", - "query": "data_stream.dataset :\"kubernetes.event\" " - } - } - }, - "rowHeight": -1, - "sort": [ - [ - "@timestamp", - "desc" - ] - ], - "timeRestore": false, - "title": "Kubernetes Warnings", - "usesAdHocDataView": false - }, - "coreMigrationVersion": "8.6.0", - "created_at": "2023-01-11T08:05:47.489Z", - "id": "kubernetes-ee55101a-9f62-44da-b64c-ffa1eb5abad8", - "migrationVersion": { - "search": "8.0.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - } - ], - "type": "search" -} \ No newline at end of file diff --git a/packages/kubernetes/manifest.yml b/packages/kubernetes/manifest.yml index cb9164f701c..e5d02ebbf71 100644 --- a/packages/kubernetes/manifest.yml +++ b/packages/kubernetes/manifest.yml @@ -1,7 +1,7 @@ -format_version: 2.9.0 +format_version: 3.1.2 name: kubernetes title: Kubernetes -version: 1.57.0 +version: 1.58.0 description: Collect logs and metrics from Kubernetes clusters with Elastic Agent. type: integration categories: @@ -9,7 +9,8 @@ categories: - containers - kubernetes conditions: - kibana.version: "^8.12.0" + kibana: + version: "^8.12.0" screenshots: - src: /img/metricbeat_kubernetes_overview.png title: Metricbeat Kubernetes Overview @@ -237,3 +238,4 @@ policy_templates: type: image/png owner: github: elastic/obs-cloudnative-monitoring + type: elastic