panw panos ELK 8143.ndjson

{"attributes":{"allowHidden":false,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-panw.panos*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-panw.panos*"},"coreMigrationVersion":"8.8.0","created_at":"2024-07-18T17:46:33.423Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"76075f55-d644-4ca0-84c9-8482528ef69d","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-07-24T19:23:21.884Z","version":"WzEwMzI3LDZd"}
{"attributes":{"color":"#4DD2CA","description":"","name":"Palo Alto Next-Gen Firewall"},"coreMigrationVersion":"8.8.0","created_at":"2024-07-17T19:15:54.531Z","id":"fleet-pkg-panw-default","managed":false,"references":[],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2024-07-17T19:15:54.531Z","version":"WzM4MDc5OSw2XQ=="}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"da565439-b1a3-41a0-870f-5ccdd566cd58\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"da565439-b1a3-41a0-870f-5ccdd566cd58\",\"fieldName\":\"panw.panos.type\",\"title\":\"panw.panos.type\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"selectedOptions\":[\"TRAFFIC\"],\"enhancements\":{}}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":\"IPv4 source.ip private\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"terms\":{\"source.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"IPv4 destination.ip private\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"terms\":{\"destination.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"links\",\"gridData\":{\"x\":0,\"y\":0,\"w\":39,\"h\":5,\"i\":\"21fc9b0d-8b0c-4036-8fe7-5970b7dff891\"},\"panelIndex\":\"21fc9b0d-8b0c-4036-8fe7-5970b7dff891\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"attributes\":{\"links\":[{\"type\":\"dashboardLink\",\"id\":\"ae6afbad-efb8-4ec2-a45e-62ed750ad258\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":0,\"destinationRefName\":\"link_ae6afbad-efb8-4ec2-a45e-62ed750ad258_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"08136a76-1a7d-4392-98f8-19b9c7063371\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":1,\"destinationRefName\":\"link_08136a76-1a7d-4392-98f8-19b9c7063371_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"67dc314b-04c2-4bdc-ac93-f1284b7b2bb6\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":2,\"destinationRefName\":\"link_67dc314b-04c2-4bdc-ac93-f1284b7b2bb6_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"e3259196-9551-4944-9b9f-83da20935b69\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":3,\"destinationRefName\":\"link_e3259196-9551-4944-9b9f-83da20935b69_dashboard\"}],\"layout\":\"horizontal\"},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":9,\"h\":12,\"i\":\"2a956906-3e27-49ed-9789-a09adf16089e\"},\"panelIndex\":\"2a956906-3e27-49ed-9789-a09adf16089e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149\"}],\"state\":{\"visualization\":{\"layerId\":\"818cae41-a47d-4309-802b-23769f336149\",\"layerType\":\"data\",\"metricAccessor\":\"25ee91df-3eb5-496f-acc8-a83e87213e35\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"818cae41-a47d-4309-802b-23769f336149\":{\"columns\":{\"25ee91df-3eb5-496f-acc8-a83e87213e35\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"25ee91df-3eb5-496f-acc8-a83e87213e35\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":5,\"w\":30,\"h\":12,\"i\":\"08aa5372-3b85-4e96-bc73-734ca004e552\"},\"panelIndex\":\"08aa5372-3b85-4e96-bc73-734ca004e552\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-d1ea09ab-9a25-4522-b665-c70d64c375f9\"},{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-29e03e19-7da7-4eca-b62a-13521fd1779b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":false},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"d1ea09ab-9a25-4522-b665-c70d64c375f9\",\"accessors\":[\"dff0c559-15eb-4779-ae91-bdcd4181e4de\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"16a02240-6061-45bc-a6f7-c218337675f2\",\"yConfig\":[{\"forAccessor\":\"dff0c559-15eb-4779-ae91-bdcd4181e4de\",\"axisMode\":\"left\"}]},{\"layerId\":\"29e03e19-7da7-4eca-b62a-13521fd1779b\",\"seriesType\":\"bar_stacked\",\"accessors\":[\"c270de70-af18-4e02-9f36-cf90cb4b5b94\",\"0da4f50a-7839-4b46-af7a-8d371420d4ce\"],\"layerType\":\"data\",\"xAccessor\":\"d165975c-abce-47cf-b100-e676a79f8578\",\"yConfig\":[{\"forAccessor\":\"c270de70-af18-4e02-9f36-cf90cb4b5b94\",\"axisMode\":\"right\"},{\"forAccessor\":\"0da4f50a-7839-4b46-af7a-8d371420d4ce\",\"axisMode\":\"right\"}]}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"sessions\",\"yRightTitle\":\"sum of network.bytes\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d1ea09ab-9a25-4522-b665-c70d64c375f9\":{\"columns\":{\"16a02240-6061-45bc-a6f7-c218337675f2\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"dff0c559-15eb-4779-ae91-bdcd4181e4de\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"16a02240-6061-45bc-a6f7-c218337675f2\",\"dff0c559-15eb-4779-ae91-bdcd4181e4de\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"},\"29e03e19-7da7-4eca-b62a-13521fd1779b\":{\"columns\":{\"d165975c-abce-47cf-b100-e676a79f8578\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"c270de70-af18-4e02-9f36-cf90cb4b5b94\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"0da4f50a-7839-4b46-af7a-8d371420d4ce\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"d165975c-abce-47cf-b100-e676a79f8578\",\"c270de70-af18-4e02-9f36-cf90cb4b5b94\",\"0da4f50a-7839-4b46-af7a-8d371420d4ce\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"total sessions vs sum of bytes\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":0,\"w\":9,\"h\":5,\"i\":\"8b15a612-7511-45ce-b677-7631fdcf1ee3\"},\"panelIndex\":\"8b15a612-7511-45ce-b677-7631fdcf1ee3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-990833ec-72ce-4e41-a3a5-05c2397e75b8\"}],\"state\":{\"visualization\":{\"layerId\":\"990833ec-72ce-4e41-a3a5-05c2397e75b8\",\"layerType\":\"data\",\"metricAccessor\":\"f2cbe8e8-9fbf-4ce3-ad68-5486b6f32765\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"990833ec-72ce-4e41-a3a5-05c2397e75b8\":{\"columns\":{\"f2cbe8e8-9fbf-4ce3-ad68-5486b6f32765\":{\"label\":\"Total Logs\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"f2cbe8e8-9fbf-4ce3-ad68-5486b6f32765\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":5,\"w\":9,\"h\":12,\"i\":\"1da93dac-8a06-49f6-af13-3d7426b73578\"},\"panelIndex\":\"1da93dac-8a06-49f6-af13-3d7426b73578\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149\"}],\"state\":{\"visualization\":{\"layerId\":\"818cae41-a47d-4309-802b-23769f336149\",\"layerType\":\"data\",\"metricAccessor\":\"25ee91df-3eb5-496f-acc8-a83e87213e35\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"818cae41-a47d-4309-802b-23769f336149\":{\"columns\":{\"25ee91df-3eb5-496f-acc8-a83e87213e35\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"25ee91df-3eb5-496f-acc8-a83e87213e35\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":9,\"h\":18,\"i\":\"52c64ca9-53f9-440c-b11b-4a83589785d1\"},\"panelIndex\":\"52c64ca9-53f9-440c-b11b-4a83589785d1\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":10,\"openLinksInNewTab\":false,\"markdown\":\"**source.bytes**: Bytes sent from the source to the destination.\\n\\n**destination.bytes**: Bytes sent from the destination to the source.\\n\\n**network.bytes**: Total bytes transferred in both directions. If source.bytes and destination.bytes are known, network.bytes is their sum.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"bytes explanation\"},{\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":17,\"w\":16,\"h\":18,\"i\":\"a2cbae8c-5e3e-4044-b0b2-85f91edf1f76\"},\"panelIndex\":\"a2cbae8c-5e3e-4044-b0b2-85f91edf1f76\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2eae64ac-86b2-45df-8a11-bc3cef4c0109\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":false},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"2eae64ac-86b2-45df-8a11-bc3cef4c0109\",\"accessors\":[\"5fbd3040-03ca-4f36-81fb-7084f28e00bc\",\"0c9ffda2-f578-4a7a-a2aa-2e9072b6a518\",\"17ac27dc-d442-414a-ac32-87da5c755c22\",\"eb273d68-878e-4466-9b9d-fe2f5a49a335\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"4641bfdf-e3f7-4226-aba0-b4eb44153192\",\"yConfig\":[{\"forAccessor\":\"eb273d68-878e-4466-9b9d-fe2f5a49a335\",\"axisMode\":\"right\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2eae64ac-86b2-45df-8a11-bc3cef4c0109\":{\"columns\":{\"4641bfdf-e3f7-4226-aba0-b4eb44153192\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"5fbd3040-03ca-4f36-81fb-7084f28e00bc\":{\"label\":\"Median\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}},\"0c9ffda2-f578-4a7a-a2aa-2e9072b6a518\":{\"label\":\"Average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}},\"17ac27dc-d442-414a-ac32-87da5c755c22\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95,\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}},\"customLabel\":true},\"eb273d68-878e-4466-9b9d-fe2f5a49a335\":{\"label\":\"Maximum\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"4641bfdf-e3f7-4226-aba0-b4eb44153192\",\"5fbd3040-03ca-4f36-81fb-7084f28e00bc\",\"0c9ffda2-f578-4a7a-a2aa-2e9072b6a518\",\"17ac27dc-d442-414a-ac32-87da5c755c22\",\"eb273d68-878e-4466-9b9d-fe2f5a49a335\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"event.duration\"},{\"type\":\"lens\",\"gridData\":{\"x\":25,\"y\":17,\"w\":14,\"h\":18,\"i\":\"040827d6-9ca9-4752-8b69-2bf33606a112\"},\"panelIndex\":\"040827d6-9ca9-4752-8b69-2bf33606a112\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2eae64ac-86b2-45df-8a11-bc3cef4c0109\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":false},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"2eae64ac-86b2-45df-8a11-bc3cef4c0109\",\"accessors\":[\"5fbd3040-03ca-4f36-81fb-7084f28e00bc\",\"0c9ffda2-f578-4a7a-a2aa-2e9072b6a518\",\"17ac27dc-d442-414a-ac32-87da5c755c22\",\"76168856-fe07-4040-8c86-a4d3983681e7\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"4641bfdf-e3f7-4226-aba0-b4eb44153192\",\"yConfig\":[{\"forAccessor\":\"76168856-fe07-4040-8c86-a4d3983681e7\",\"axisMode\":\"right\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2eae64ac-86b2-45df-8a11-bc3cef4c0109\":{\"columns\":{\"4641bfdf-e3f7-4226-aba0-b4eb44153192\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"5fbd3040-03ca-4f36-81fb-7084f28e00bc\":{\"label\":\"Median\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"0c9ffda2-f578-4a7a-a2aa-2e9072b6a518\":{\"label\":\"Average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"17ac27dc-d442-414a-ac32-87da5c755c22\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"76168856-fe07-4040-8c86-a4d3983681e7\":{\"label\":\"Maximum\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"4641bfdf-e3f7-4226-aba0-b4eb44153192\",\"5fbd3040-03ca-4f36-81fb-7084f28e00bc\",\"0c9ffda2-f578-4a7a-a2aa-2e9072b6a518\",\"17ac27dc-d442-414a-ac32-87da5c755c22\",\"76168856-fe07-4040-8c86-a4d3983681e7\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"network.bytes\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":17,\"w\":9,\"h\":18,\"i\":\"972cc53b-7a62-4015-a508-757dd6de2cc2\"},\"panelIndex\":\"972cc53b-7a62-4015-a508-757dd6de2cc2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-eb5b68d9-74fd-46ed-920d-24b6b78ed57a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"eb5b68d9-74fd-46ed-920d-24b6b78ed57a\",\"accessors\":[\"92d24ae8-7107-4e32-bebb-8c24a1579968\",\"85d7fc28-26aa-459a-89e8-099dc0b658a4\",\"267ed6b0-4692-4961-b204-90483f993633\",\"eb6083dc-ac8d-4c24-9ec4-6b7d6a642709\",\"9c6ad502-3961-49eb-b56d-9e33f8b812ba\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"eb5b68d9-74fd-46ed-920d-24b6b78ed57a\":{\"columns\":{\"92d24ae8-7107-4e32-bebb-8c24a1579968\":{\"label\":\"5th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":5,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"85d7fc28-26aa-459a-89e8-099dc0b658a4\":{\"label\":\"25th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":25,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"267ed6b0-4692-4961-b204-90483f993633\":{\"label\":\"50th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":50,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"eb6083dc-ac8d-4c24-9ec4-6b7d6a642709\":{\"label\":\"75th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":75,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"9c6ad502-3961-49eb-b56d-9e33f8b812ba\":{\"label\":\"95th percentile\",\"dataType\":\"number\",\"operationType\":\"percentile\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"percentile\":95,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true}},\"columnOrder\":[\"92d24ae8-7107-4e32-bebb-8c24a1579968\",\"85d7fc28-26aa-459a-89e8-099dc0b658a4\",\"267ed6b0-4692-4961-b204-90483f993633\",\"eb6083dc-ac8d-4c24-9ec4-6b7d6a642709\",\"9c6ad502-3961-49eb-b56d-9e33f8b812ba\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"network.bytes\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":17,\"h\":20,\"i\":\"7d470a6b-76b7-43f7-b1fd-862ce0dd074d\"},\"panelIndex\":\"7d470a6b-76b7-43f7-b1fd-862ce0dd074d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsChoropleth\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-a1de3263-e0b5-4cee-b660-256a1c675d96\"}],\"state\":{\"visualization\":{\"layerId\":\"a1de3263-e0b5-4cee-b660-256a1c675d96\",\"emsLayerId\":\"world_countries\",\"emsField\":\"iso2\",\"valueAccessor\":\"5cb0cf15-3bdb-4cc5-885e-644cf5c6bf7e\",\"regionAccessor\":\"86e32a69-d2e8-4cdb-be1a-d46362b03a6a\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a1de3263-e0b5-4cee-b660-256a1c675d96\":{\"columns\":{\"86e32a69-d2e8-4cdb-be1a-d46362b03a6a\":{\"label\":\"Top 50 values of destination.geo.country_iso_code\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_iso_code\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5cb0cf15-3bdb-4cc5-885e-644cf5c6bf7e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"5cb0cf15-3bdb-4cc5-885e-644cf5c6bf7e\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"86e32a69-d2e8-4cdb-be1a-d46362b03a6a\",\"5cb0cf15-3bdb-4cc5-885e-644cf5c6bf7e\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":35,\"w\":6,\"h\":10,\"i\":\"8cdfca57-a3bb-4cc2-80ca-659896390a4e\"},\"panelIndex\":\"8cdfca57-a3bb-4cc2-80ca-659896390a4e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\"],\"metrics\":[\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\":{\"columns\":{\"1c69544e-3475-4d96-b33a-5b648a58a87c\":{\"label\":\"Top values of source.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\",\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source country\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":35,\"w\":16,\"h\":20,\"i\":\"38f2a7f2-a924-4191-a4b9-fa652cd4773f\"},\"panelIndex\":\"38f2a7f2-a924-4191-a4b9-fa652cd4773f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-dac48d89-5b18-40cb-a29f-c044955be746\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"dac48d89-5b18-40cb-a29f-c044955be746\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"lens_heatmap_legendConfig\",\"legendSize\":\"auto\"},\"gridConfig\":{\"type\":\"lens_heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true},\"valueAccessor\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\",\"xAccessor\":\"c6662c96-b4bc-4305-a172-a33aecadec28\",\"yAccessor\":\"8e6de281-690f-44cc-a6a3-9072dbc82c95\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dac48d89-5b18-40cb-a29f-c044955be746\":{\"columns\":{\"c6662c96-b4bc-4305-a172-a33aecadec28\":{\"label\":\"observer.egress.zone\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.egress.zone\",\"isBucketed\":true,\"params\":{\"size\":4,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":true},\"ec32b9d7-1c13-486f-ba0f-e01495495174\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"8e6de281-690f-44cc-a6a3-9072dbc82c95\":{\"label\":\"observer.ingress.zone\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.ingress.zone\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":true}},\"columnOrder\":[\"8e6de281-690f-44cc-a6a3-9072dbc82c95\",\"c6662c96-b4bc-4305-a172-a33aecadec28\",\"ec32b9d7-1c13-486f-ba0f-e01495495174\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"ingress.zone / egress.zone\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":35,\"w\":9,\"h\":20,\"i\":\"7835a4e3-9f58-44bb-a2c8-bf41caef385e\"},\"panelIndex\":\"7835a4e3-9f58-44bb-a2c8-bf41caef385e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-db5cae11-427e-4d12-b21d-3dd48c241a5d\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"db5cae11-427e-4d12-b21d-3dd48c241a5d\",\"accessors\":[\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\",\"945e6772-bf27-45a6-b055-d1b543105b64\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"db5cae11-427e-4d12-b21d-3dd48c241a5d\":{\"columns\":{\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\":{\"label\":\"Top 10 values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"orderAgg\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}}},\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"945e6772-bf27-45a6-b055-d1b543105b64\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\",\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\",\"945e6772-bf27-45a6-b055-d1b543105b64\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"rule.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":45,\"w\":6,\"h\":10,\"i\":\"ff2fb360-ffe1-4837-b389-70e66fb0d883\"},\"panelIndex\":\"ff2fb360-ffe1-4837-b389-70e66fb0d883\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\"],\"metrics\":[\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\":{\"columns\":{\"1c69544e-3475-4d96-b33a-5b648a58a87c\":{\"label\":\"Top values of destination.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\",\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":16,\"h\":5,\"i\":\"e784d64e-573a-4673-a5a8-3f23d78f127e\"},\"panelIndex\":\"e784d64e-573a-4673-a5a8-3f23d78f127e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Source IP [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Source IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":55,\"w\":16,\"h\":5,\"i\":\"ac6c5ef2-81f4-4277-969d-f46da9e4bf2f\"},\"panelIndex\":\"ac6c5ef2-81f4-4277-969d-f46da9e4bf2f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Destination IP [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Destination IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":16,\"h\":15,\"i\":\"fe60a9c7-dec7-4fa9-9490-a8adebee028d\"},\"panelIndex\":\"fe60a9c7-dec7-4fa9-9490-a8adebee028d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"sum network.bytes by source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":60,\"w\":16,\"h\":15,\"i\":\"0903b2f7-307b-4489-ac05-bca8d25d6dea\"},\"panelIndex\":\"0903b2f7-307b-4489-ac05-bca8d25d6dea\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"sum network.bytes by destination.ip\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":55,\"w\":16,\"h\":5,\"i\":\"6ad08a5d-f881-4162-b250-3fe6b4c15f37\"},\"panelIndex\":\"6ad08a5d-f881-4162-b250-3fe6b4c15f37\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Network Protocol [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Destination Port\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":60,\"w\":16,\"h\":15,\"i\":\"73b44f3f-eb49-4217-a5a6-b22eaa1a6307\"},\"panelIndex\":\"73b44f3f-eb49-4217-a5a6-b22eaa1a6307\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"sum network.bytes by destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":6,\"h\":15,\"i\":\"07216882-6c70-4199-b790-80aaea15ef8f\"},\"panelIndex\":\"07216882-6c70-4199-b790-80aaea15ef8f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"15988f62-2f66-4410-9494-fb703bc24787\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":75,\"w\":5,\"h\":15,\"i\":\"ddacb80e-ea7f-43b6-9ba0-c53dd654537b\"},\"panelIndex\":\"ddacb80e-ea7f-43b6-9ba0-c53dd654537b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Median of source.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\":{\"label\":\"Median of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":75,\"w\":5,\"h\":15,\"i\":\"d8fb2619-809d-42fb-aaca-f858a4f2a6b3\"},\"panelIndex\":\"d8fb2619-809d-42fb-aaca-f858a4f2a6b3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"yConfig\":[{\"forAccessor\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"color\":\"#aa6556\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":75,\"w\":6,\"h\":15,\"i\":\"010a7e9d-8e7b-4770-aca4-5252ea01c0ed\"},\"panelIndex\":\"010a7e9d-8e7b-4770-aca4-5252ea01c0ed\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"15988f62-2f66-4410-9494-fb703bc24787\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":75,\"w\":5,\"h\":15,\"i\":\"322d5580-5275-4ea8-aa01-33bdcc5549b5\"},\"panelIndex\":\"322d5580-5275-4ea8-aa01-33bdcc5549b5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Median of source.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\":{\"label\":\"Median of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":75,\"w\":5,\"h\":15,\"i\":\"f53f39b3-6413-4538-b61b-31cdd06b0485\"},\"panelIndex\":\"f53f39b3-6413-4538-b61b-31cdd06b0485\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"yConfig\":[{\"forAccessor\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"color\":\"#aa6556\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":75,\"w\":6,\"h\":15,\"i\":\"32ec28eb-5991-4a0d-bc41-6a88ef3e2ec6\"},\"panelIndex\":\"32ec28eb-5991-4a0d-bc41-6a88ef3e2ec6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"5148691c-b535-4789-b23b-7281ec83189b\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"15988f62-2f66-4410-9494-fb703bc24787\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"},\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"},\"5148691c-b535-4789-b23b-7281ec83189b\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"15988f62-2f66-4410-9494-fb703bc24787\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"5148691c-b535-4789-b23b-7281ec83189b\",\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":38,\"y\":75,\"w\":5,\"h\":15,\"i\":\"bfb7441d-99ae-486b-9338-daeddf333c3e\"},\"panelIndex\":\"bfb7441d-99ae-486b-9338-daeddf333c3e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Median of source.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"},\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\":{\"label\":\"Median of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":75,\"w\":5,\"h\":15,\"i\":\"0a471e98-fca7-4dae-8adc-152fce716a0f\"},\"panelIndex\":\"0a471e98-fca7-4dae-8adc-152fce716a0f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"yConfig\":[{\"forAccessor\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"color\":\"#aa6556\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":90,\"w\":16,\"h\":5,\"i\":\"4cae3f5d-438d-4d31-9c09-c569aeb06d00\"},\"panelIndex\":\"4cae3f5d-438d-4d31-9c09-c569aeb06d00\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Source User [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Source User\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":90,\"w\":16,\"h\":5,\"i\":\"746a892c-735c-4224-842b-0abe9b1ad449\"},\"panelIndex\":\"746a892c-735c-4224-842b-0abe9b1ad449\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Host [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"URL Category\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":95,\"w\":16,\"h\":15,\"i\":\"6cc78719-93ed-4fdc-8a16-a9f305f80825\"},\"panelIndex\":\"6cc78719-93ed-4fdc-8a16-a9f305f80825\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"sum network.bytes by source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":95,\"w\":16,\"h\":15,\"i\":\"2ba51e0a-dfbf-47a9-af6e-d67aefe83ce0\"},\"panelIndex\":\"2ba51e0a-dfbf-47a9-af6e-d67aefe83ce0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top 5 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"sum network.bytes by url.category\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":90,\"w\":16,\"h\":5,\"i\":\"1bc178f5-7fcd-4db5-90d7-351a2f0e5e67\"},\"panelIndex\":\"1bc178f5-7fcd-4db5-90d7-351a2f0e5e67\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Network Application [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Network Application\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":95,\"w\":16,\"h\":15,\"i\":\"b26924b3-9e6d-40a5-bd4c-59a44114cfa5\"},\"panelIndex\":\"b26924b3-9e6d-40a5-bd4c-59a44114cfa5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Sum of network.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"network.bytes\",\"isBucketed\":false,\"scale\":\"ratio\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"sum network.bytes by network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":110,\"w\":6,\"h\":15,\"i\":\"a6553b5a-9adb-4af1-aa9c-3773fa83c0cd\"},\"panelIndex\":\"a6553b5a-9adb-4af1-aa9c-3773fa83c0cd\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"15988f62-2f66-4410-9494-fb703bc24787\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":110,\"w\":5,\"h\":15,\"i\":\"aeac1b60-58b7-43bd-b866-9c89e90d2201\"},\"panelIndex\":\"aeac1b60-58b7-43bd-b866-9c89e90d2201\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Median of source.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\":{\"label\":\"Median of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":110,\"w\":5,\"h\":15,\"i\":\"ea816b1c-b3b6-4701-b0a6-2f65c3ebad47\"},\"panelIndex\":\"ea816b1c-b3b6-4701-b0a6-2f65c3ebad47\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"yConfig\":[{\"forAccessor\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"color\":\"#aa6556\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":110,\"w\":6,\"h\":15,\"i\":\"98fd4185-214d-48e6-86f6-f9dfad646673\"},\"panelIndex\":\"98fd4185-214d-48e6-86f6-f9dfad646673\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"15988f62-2f66-4410-9494-fb703bc24787\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":110,\"w\":5,\"h\":15,\"i\":\"f8b3a849-8499-47e3-aa27-a329954b20e3\"},\"panelIndex\":\"f8b3a849-8499-47e3-aa27-a329954b20e3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Median of source.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\":{\"label\":\"Median of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category\"},{\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":110,\"w\":5,\"h\":15,\"i\":\"f4d9b9a6-1787-4f40-96fd-23640910d046\"},\"panelIndex\":\"f4d9b9a6-1787-4f40-96fd-23640910d046\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"yConfig\":[{\"forAccessor\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"color\":\"#aa6556\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":110,\"w\":6,\"h\":15,\"i\":\"ca6d6587-77db-4bc2-94bc-801abb5c2676\"},\"panelIndex\":\"ca6d6587-77db-4bc2-94bc-801abb5c2676\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"15988f62-2f66-4410-9494-fb703bc24787\":{\"label\":\"Sum of source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\":{\"label\":\"Sum of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"15988f62-2f66-4410-9494-fb703bc24787\",\"1fee46ae-84cd-4701-be54-fd3396c2ab5d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":38,\"y\":110,\"w\":5,\"h\":15,\"i\":\"68f442d1-59b3-46a6-b4ba-6ff06212af2b\"},\"panelIndex\":\"68f442d1-59b3-46a6-b4ba-6ff06212af2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Median of source.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\":{\"label\":\"Median of destination.bytes\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"39ecd4c6-1169-43a9-a36e-e8d69d98a985\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":110,\"w\":5,\"h\":15,\"i\":\"f59d4ae9-ce85-4e14-a579-1e9ca1bcad27\"},\"panelIndex\":\"f59d4ae9-ce85-4e14-a579-1e9ca1bcad27\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"yConfig\":[{\"forAccessor\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\",\"color\":\"#aa6556\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Average of event.duration\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"event.duration\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"format\":{\"id\":\"duration\",\"params\":{\"decimals\":0,\"fromUnit\":\"nanoseconds\"}}}}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"}]","timeRestore":false,"title":"Outbound Bytes Traffic [Palo Alto]","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-07-24T18:39:16.299Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"e749d5df-02ee-4dc8-b1b3-e57e4a48a992","managed":false,"references":[{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"4ab8cacc-8aa0-4152-ac71-390d35cfc7f6","name":"21fc9b0d-8b0c-4036-8fe7-5970b7dff891:link_ae6afbad-efb8-4ec2-a45e-62ed750ad258_dashboard","type":"dashboard"},{"id":"403e9bd1-1184-4369-86ba-a6fecda3d6d6","name":"21fc9b0d-8b0c-4036-8fe7-5970b7dff891:link_08136a76-1a7d-4392-98f8-19b9c7063371_dashboard","type":"dashboard"},{"id":"e749d5df-02ee-4dc8-b1b3-e57e4a48a992","name":"21fc9b0d-8b0c-4036-8fe7-5970b7dff891:link_67dc314b-04c2-4bdc-ac93-f1284b7b2bb6_dashboard","type":"dashboard"},{"id":"61af971f-c73f-420f-9479-c31dbbc8276c","name":"21fc9b0d-8b0c-4036-8fe7-5970b7dff891:link_e3259196-9551-4944-9b9f-83da20935b69_dashboard","type":"dashboard"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"2a956906-3e27-49ed-9789-a09adf16089e:indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"08aa5372-3b85-4e96-bc73-734ca004e552:indexpattern-datasource-layer-d1ea09ab-9a25-4522-b665-c70d64c375f9","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"08aa5372-3b85-4e96-bc73-734ca004e552:indexpattern-datasource-layer-29e03e19-7da7-4eca-b62a-13521fd1779b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"8b15a612-7511-45ce-b677-7631fdcf1ee3:indexpattern-datasource-layer-990833ec-72ce-4e41-a3a5-05c2397e75b8","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"1da93dac-8a06-49f6-af13-3d7426b73578:indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"a2cbae8c-5e3e-4044-b0b2-85f91edf1f76:indexpattern-datasource-layer-2eae64ac-86b2-45df-8a11-bc3cef4c0109","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"040827d6-9ca9-4752-8b69-2bf33606a112:indexpattern-datasource-layer-2eae64ac-86b2-45df-8a11-bc3cef4c0109","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"972cc53b-7a62-4015-a508-757dd6de2cc2:indexpattern-datasource-layer-eb5b68d9-74fd-46ed-920d-24b6b78ed57a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"7d470a6b-76b7-43f7-b1fd-862ce0dd074d:indexpattern-datasource-layer-a1de3263-e0b5-4cee-b660-256a1c675d96","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"8cdfca57-a3bb-4cc2-80ca-659896390a4e:indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"38f2a7f2-a924-4191-a4b9-fa652cd4773f:indexpattern-datasource-layer-dac48d89-5b18-40cb-a29f-c044955be746","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"7835a4e3-9f58-44bb-a2c8-bf41caef385e:indexpattern-datasource-layer-db5cae11-427e-4d12-b21d-3dd48c241a5d","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ff2fb360-ffe1-4837-b389-70e66fb0d883:indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fe60a9c7-dec7-4fa9-9490-a8adebee028d:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"0903b2f7-307b-4489-ac05-bca8d25d6dea:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"73b44f3f-eb49-4217-a5a6-b22eaa1a6307:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"07216882-6c70-4199-b790-80aaea15ef8f:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ddacb80e-ea7f-43b6-9ba0-c53dd654537b:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d8fb2619-809d-42fb-aaca-f858a4f2a6b3:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"010a7e9d-8e7b-4770-aca4-5252ea01c0ed:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"322d5580-5275-4ea8-aa01-33bdcc5549b5:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"f53f39b3-6413-4538-b61b-31cdd06b0485:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"32ec28eb-5991-4a0d-bc41-6a88ef3e2ec6:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"bfb7441d-99ae-486b-9338-daeddf333c3e:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"0a471e98-fca7-4dae-8adc-152fce716a0f:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6cc78719-93ed-4fdc-8a16-a9f305f80825:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"2ba51e0a-dfbf-47a9-af6e-d67aefe83ce0:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"b26924b3-9e6d-40a5-bd4c-59a44114cfa5:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"a6553b5a-9adb-4af1-aa9c-3773fa83c0cd:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"aeac1b60-58b7-43bd-b866-9c89e90d2201:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ea816b1c-b3b6-4701-b0a6-2f65c3ebad47:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"98fd4185-214d-48e6-86f6-f9dfad646673:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"f8b3a849-8499-47e3-aa27-a329954b20e3:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"f4d9b9a6-1787-4f40-96fd-23640910d046:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ca6d6587-77db-4bc2-94bc-801abb5c2676:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"68f442d1-59b3-46a6-b4ba-6ff06212af2b:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"f59d4ae9-ce85-4e14-a579-1e9ca1bcad27:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_da565439-b1a3-41a0-870f-5ccdd566cd58:optionsListDataView","type":"index-pattern"},{"id":"fleet-pkg-panw-default","name":"tag-ref-fleet-pkg-panw-default","type":"tag"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-07-25T11:16:52.686Z","version":"WzEwNDk4LDZd"}
{"attributes":{"allowHidden":false,"fieldAttrs":"{\"@version\":{\"count\":1},\"_id\":{\"count\":1},\"_index\":{\"count\":9},\"data_stream.dataset\":{\"count\":10},\"data_stream.namespace\":{\"count\":18},\"data_stream.type\":{\"count\":6},\"destination.bytes\":{\"count\":3},\"destination.domain\":{\"count\":2},\"destination.geo.city_name\":{\"count\":1},\"destination.geo.country_name\":{\"count\":3},\"destination.geo.location\":{\"count\":1},\"destination.ip\":{\"count\":12},\"destination.locality\":{\"count\":10},\"destination.nat.ip\":{\"count\":2},\"destination.nat.port\":{\"count\":1},\"destination.port\":{\"count\":4},\"dns.id\":{\"count\":1},\"dns.question.class\":{\"count\":2},\"dns.question.name\":{\"count\":3},\"dns.question.registered_domain\":{\"count\":3},\"dns.question.subdomain\":{\"count\":2},\"dns.question.top_level_domain\":{\"count\":3},\"dns.question.type\":{\"count\":2},\"dns.resolved_ip\":{\"count\":5},\"error.message\":{\"count\":2},\"event.action\":{\"count\":10},\"event.category\":{\"count\":1},\"event.code\":{\"count\":4},\"event.created\":{\"count\":3},\"event.dataset\":{\"count\":2},\"event.day_of_week\":{\"count\":1},\"event.duration\":{\"count\":5},\"event.hour_of_day\":{\"count\":1},\"event.ingested\":{\"count\":2},\"event.module\":{\"count\":1},\"event.original\":{\"count\":4},\"event.reason\":{\"count\":1},\"event.risk_score\":{\"count\":3},\"event.start\":{\"count\":1},\"event.timezone\":{\"count\":3},\"fgt.action\":{\"count\":5},\"fgt.app\":{\"count\":1},\"fgt.appcat\":{\"count\":1},\"fgt.applist\":{\"count\":1},\"fgt.attack\":{\"count\":2},\"fgt.authserver\":{\"count\":2},\"fgt.count\":{\"count\":1},\"fgt.cpu\":{\"count\":1},\"fgt.crlevel\":{\"count\":1},\"fgt.crscore\":{\"count\":1},\"fgt.devtype\":{\"count\":2},\"fgt.dstdevtype\":{\"count\":3},\"fgt.dstfamily\":{\"count\":2},\"fgt.dsthwvendor\":{\"count\":3},\"fgt.dsthwversion\":{\"count\":1},\"fgt.dstinetsvc\":{\"count\":1},\"fgt.dstosname\":{\"count\":2},\"fgt.dstport\":{\"count\":2},\"fgt.dstreputation\":{\"count\":1},\"fgt.dstserver\":{\"count\":1},\"fgt.dstswversion\":{\"count\":3},\"fgt.dstunauthuser\":{\"count\":1},\"fgt.eventtype\":{\"count\":7},\"fgt.group\":{\"count\":2},\"fgt.healthcheck\":{\"count\":2},\"fgt.interface\":{\"count\":1},\"fgt.jitter\":{\"count\":2},\"fgt.latency\":{\"count\":1},\"fgt.logdesc\":{\"count\":1},\"fgt.logid\":{\"count\":2},\"fgt.mem\":{\"count\":1},\"fgt.member\":{\"count\":1},\"fgt.newvalue\":{\"count\":1},\"fgt.numpassmember\":{\"count\":1},\"fgt.oldvalue\":{\"count\":1},\"fgt.osname\":{\"count\":2},\"fgt.packetloss\":{\"count\":1},\"fgt.policyname\":{\"count\":1},\"fgt.probeproto\":{\"count\":1},\"fgt.proto\":{\"count\":2},\"fgt.quarskip\":{\"count\":1},\"fgt.reason\":{\"count\":1},\"fgt.remip\":{\"count\":1},\"fgt.seq\":{\"count\":2},\"fgt.service\":{\"count\":2},\"fgt.severity\":{\"count\":2},\"fgt.shapingpolicyid\":{\"count\":1},\"fgt.slatargetid\":{\"count\":1},\"fgt.srcfamily\":{\"count\":3},\"fgt.srchwvendor\":{\"count\":3},\"fgt.srchwversion\":{\"count\":3},\"fgt.srcip\":{\"count\":2},\"fgt.srcmac\":{\"count\":1},\"fgt.srcname\":{\"count\":3},\"fgt.srcserver\":{\"count\":3},\"fgt.srcswversion\":{\"count\":5},\"fgt.subtype\":{\"count\":25},\"fgt.totalsession\":{\"count\":1},\"fgt.tranport\":{\"count\":1},\"fgt.transip\":{\"count\":1},\"fgt.transport\":{\"count\":1},\"fgt.tunneltype\":{\"count\":1},\"fgt.type\":{\"count\":28},\"fgt.tz\":{\"count\":3},\"fgt.unauthuser\":{\"count\":1},\"fgt.unauthusersource\":{\"count\":1},\"fgt.url\":{\"count\":1},\"fgt.user\":{\"count\":2},\"fgt.vd\":{\"count\":1},\"fgt.virus\":{\"count\":1},\"fgt.viruscat\":{\"count\":1},\"fgt.vwlname\":{\"count\":1},\"fgt.xauthgroup\":{\"count\":2},\"fgt.xauthuser\":{\"count\":2},\"file.name\":{\"count\":1},\"host.mac\":{\"count\":1},\"host.name\":{\"count\":5},\"host.os.name\":{\"count\":1},\"host.user.name\":{\"count\":2},\"host.vendor\":{\"count\":1},\"http.request.method\":{\"count\":2},\"http.request.mime_type\":{\"count\":1},\"http.request.referrer\":{\"count\":3},\"http.response.mime_type\":{\"count\":1},\"log.level\":{\"count\":1},\"log.syslog.priority\":{\"count\":1},\"logstash.hostname\":{\"count\":6},\"message\":{\"count\":7},\"network.application\":{\"count\":9},\"network.bytes\":{\"count\":8},\"network.community_id\":{\"count\":4},\"network.direction\":{\"count\":1},\"network.iana_number\":{\"count\":2},\"network.packets\":{\"count\":1},\"network.protocol\":{\"count\":15},\"network.protocol_category\":{\"count\":5},\"network.transport\":{\"count\":5},\"observer.egress.interface.name\":{\"count\":2},\"observer.geo.location\":{\"count\":1},\"observer.hostname\":{\"count\":15},\"observer.ingress.interface.name\":{\"count\":6},\"observer.ip\":{\"count\":7},\"observer.name\":{\"count\":25},\"observer.serial_number\":{\"count\":2},\"organization.name\":{\"count\":16},\"related.ip\":{\"count\":1},\"rule.category\":{\"count\":2},\"rule.id\":{\"count\":9},\"rule.id-name\":{\"count\":1},\"rule.name\":{\"count\":17},\"rule.ruleset\":{\"count\":2},\"source.bytes\":{\"count\":1},\"source.geo.country_name\":{\"count\":2},\"source.geo.location\":{\"count\":2},\"source.geo.timezone\":{\"count\":1},\"source.ip\":{\"count\":22},\"source.locality\":{\"count\":13},\"source.mac\":{\"count\":2},\"source.nat.ip\":{\"count\":2},\"source.nat.locality\":{\"count\":2},\"source.user.group.name\":{\"count\":2},\"source.user.name\":{\"count\":4},\"tags\":{\"count\":8},\"tls.client.server_name\":{\"count\":1},\"tls.server.issuer\":{\"count\":1},\"url.domain\":{\"count\":8},\"url.path\":{\"count\":4},\"url.registered_domain\":{\"count\":6},\"url.top_level_domain\":{\"count\":4},\"user.name\":{\"count\":2},\"user_agent.device.name\":{\"count\":1},\"user_agent.name\":{\"count\":3},\"user_agent.original\":{\"count\":4},\"user_agent.os.full\":{\"count\":1},\"user_agent.os.name\":{\"count\":1},\"user_agent.version\":{\"count\":1},\"fgt.dstuser\":{\"count\":2},\"subtype\":{\"count\":45},\"type\":{\"count\":46},\"action\":{\"count\":17},\"srcserver\":{\"count\":3},\"crlevel\":{\"count\":1},\"cpu\":{\"count\":3},\"mem\":{\"count\":2},\"dstauthserver\":{\"count\":1},\"dstdevcategory\":{\"count\":1},\"dstdevtype\":{\"count\":1},\"dsthwvendor\":{\"count\":2},\"dstosname\":{\"count\":4},\"dstswversion\":{\"count\":2},\"dstunauthuser\":{\"count\":2},\"dstuser\":{\"count\":4},\"observer.egress.interface.role\":{\"count\":2},\"observer.ingress.interface.role\":{\"count\":4},\"trandisp\":{\"count\":2},\"duration\":{\"count\":2},\"fortios.user\":{\"count\":2},\"logdesc\":{\"count\":6},\"reason\":{\"count\":1},\"remip\":{\"count\":1},\"tunnelip\":{\"count\":1},\"tunneltype\":{\"count\":3},\"vpntunnel\":{\"count\":2},\"msg\":{\"count\":3},\"rawdata\":{\"count\":4},\"totalsession\":{\"count\":2},\"craction\":{\"count\":1},\"attack\":{\"count\":4},\"cfgattr\":{\"count\":2},\"cfgobj\":{\"count\":2},\"cfgpath\":{\"count\":2},\"ui\":{\"count\":2},\"analyticscksum\":{\"count\":2},\"authserver\":{\"count\":1},\"dstunauthusersource\":{\"count\":1},\"masterdstmac\":{\"count\":1},\"sessionid\":{\"count\":9},\"dstserver\":{\"count\":1},\"jitter\":{\"count\":2},\"latency\":{\"count\":2},\"packetloss\":{\"count\":2},\"utmaction\":{\"count\":3},\"vd\":{\"count\":4},\"catdesc\":{\"count\":3},\"policytype\":{\"count\":2},\"eventtype\":{\"count\":4},\"urlfilteridx\":{\"count\":1},\"urlfilterlist\":{\"count\":1},\"referralurl\":{\"count\":2},\"cat\":{\"count\":1},\"logid\":{\"count\":4},\"Request-Content-Type\":{\"count\":2},\"boundary\\\\=----WebKitFormBoundary1etD2hzib2U5vAph|Referer\":{\"count\":1},\"charset\\\\=UTF-8|Referer\":{\"count\":1},\"Response-Content-Type\":{\"count\":1},\"method\":{\"count\":2},\"appcat\":{\"count\":2},\"applist\":{\"count\":2},\"count\":{\"count\":1},\"countapp\":{\"count\":4},\"countdns\":{\"count\":1},\"countips\":{\"count\":1},\"countssl\":{\"count\":1},\"countweb\":{\"count\":1},\"fortios.interface\":{\"count\":1},\"healthcheck\":{\"count\":2},\"appact\":{\"count\":2},\"eventsubtype\":{\"count\":2},\"logid_message\":{\"count\":1},\"fgt.ipaddr\":{\"count\":1},\"fgt.dstauthserver\":{\"count\":1}}","fieldFormatMap":"{\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"destination.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"destination.ip\":{\"id\":\"ip\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"destination.nat.ip\":{\"id\":\"ip\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"destination.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[000] a\"}},\"dstip\":{\"id\":\"ip\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"event.duration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"nanoseconds\",\"outputFormat\":\"humanizePrecise\",\"outputPrecision\":2,\"useShortSuffix\":true}},\"network.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"network.bytes_delta\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"source.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"source.ip\":{\"id\":\"ip\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"source.nat.ip\":{\"id\":\"ip\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"source.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"},\"pattern\":\"0,0.[000] a\"}},\"tunnelid\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://kibana.supra.com.pe\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"http.response.bytes\":{\"id\":\"bytes\",\"params\":{}},\"http.response.body.bytes\":{\"id\":\"bytes\",\"params\":{}},\"http.request.bytes\":{\"id\":\"bytes\",\"params\":{}},\"http.request.body.bytes\":{\"id\":\"bytes\",\"params\":{}},\"host.disk.read.bytes\":{\"id\":\"bytes\",\"params\":{}},\"host.network.ingress.bytes\":{\"id\":\"bytes\",\"params\":{}},\"host.network.egress.bytes\":{\"id\":\"bytes\",\"params\":{}},\"host.disk.write.bytes\":{\"id\":\"bytes\",\"params\":{}},\"jitter\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://chinalco-siem.kb.us-east-1.aws.found.io:9243\",\"pathname\":\"/app/discover\",\"basePath\":\"\"},\"inputFormat\":\"milliseconds\",\"outputFormat\":\"humanizePrecise\",\"outputPrecision\":2,\"includeSpaceWithSuffix\":true}},\"latency\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://chinalco-siem.kb.us-east-1.aws.found.io:9243\",\"pathname\":\"/app/discover\",\"basePath\":\"\"},\"inputFormat\":\"milliseconds\",\"outputFormat\":\"humanizePrecise\",\"outputPrecision\":2,\"includeSpaceWithSuffix\":true}},\"fgt.latency\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://alexim-siem.kb.us-east-1.aws.found.io:9243\",\"pathname\":\"/app/home\",\"basePath\":\"\"},\"inputFormat\":\"milliseconds\",\"outputFormat\":\"humanizePrecise\",\"outputPrecision\":2,\"includeSpaceWithSuffix\":true,\"useShortSuffix\":true}},\"fgt.jitter\":{\"id\":\"duration\",\"params\":{\"parsedUrl\":{\"origin\":\"https://alexim-siem.kb.us-east-1.aws.found.io:9243\",\"pathname\":\"/app/home\",\"basePath\":\"\"},\"inputFormat\":\"milliseconds\",\"outputFormat\":\"humanizePrecise\",\"outputPrecision\":2,\"includeSpaceWithSuffix\":true,\"useShortSuffix\":true}},\"fgt.packetloss\":{\"id\":\"number\",\"params\":{}},\"network.packets\":{\"id\":\"number\",\"params\":{}}}","fields":"[]","name":"logs-fortinet.fortigate*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-fortinet.fortigate*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-07-25T11:22:31.689Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"logs-fortinet.fortigate","managed":false,"originId":"logs-fortinet.fortigate","references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-07-25T11:22:31.689Z","version":"WzEwNTEzLDZd"}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"47fff09c-4c33-4391-845e-bda45636f1ed\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"47fff09c-4c33-4391-845e-bda45636f1ed\",\"fieldName\":\"panw.panos.type\",\"title\":\"panw.panos.type\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{},\"selectedOptions\":[\"TRAFFIC\"]}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":\"private IPv4 source.ip\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"terms\":{\"source.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"private IPv4 destination.ip\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"terms\":{\"destination.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"links\",\"gridData\":{\"x\":0,\"y\":0,\"w\":39,\"h\":5,\"i\":\"43d6f426-6e73-4df0-98c6-0733a8d877f9\"},\"panelIndex\":\"43d6f426-6e73-4df0-98c6-0733a8d877f9\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"attributes\":{\"links\":[{\"type\":\"dashboardLink\",\"id\":\"f9679440-367c-4768-a78d-eaedc8ec2419\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":0,\"destinationRefName\":\"link_f9679440-367c-4768-a78d-eaedc8ec2419_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"dafab3d3-7680-40ba-aeb5-d0970b8b3103\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":1,\"destinationRefName\":\"link_dafab3d3-7680-40ba-aeb5-d0970b8b3103_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"7b51c7fd-2ea2-480b-97f1-5c7394f62682\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":2,\"destinationRefName\":\"link_7b51c7fd-2ea2-480b-97f1-5c7394f62682_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"86041a0c-677a-41d4-b0e0-d3279bdd90d7\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":3,\"destinationRefName\":\"link_86041a0c-677a-41d4-b0e0-d3279bdd90d7_dashboard\"}],\"layout\":\"horizontal\"},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":9,\"h\":12,\"i\":\"894f81d1-01f2-48b9-be4e-fe65172609d0\"},\"panelIndex\":\"894f81d1-01f2-48b9-be4e-fe65172609d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149\"}],\"state\":{\"visualization\":{\"layerId\":\"818cae41-a47d-4309-802b-23769f336149\",\"layerType\":\"data\",\"metricAccessor\":\"25ee91df-3eb5-496f-acc8-a83e87213e35\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"818cae41-a47d-4309-802b-23769f336149\":{\"columns\":{\"25ee91df-3eb5-496f-acc8-a83e87213e35\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"25ee91df-3eb5-496f-acc8-a83e87213e35\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":5,\"w\":30,\"h\":12,\"i\":\"7db3e998-4263-4ac3-b2e4-1d85b0ea4063\"},\"panelIndex\":\"7db3e998-4263-4ac3-b2e4-1d85b0ea4063\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-d1ea09ab-9a25-4522-b665-c70d64c375f9\"},{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-29e03e19-7da7-4eca-b62a-13521fd1779b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"d1ea09ab-9a25-4522-b665-c70d64c375f9\",\"accessors\":[\"dff0c559-15eb-4779-ae91-bdcd4181e4de\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"16a02240-6061-45bc-a6f7-c218337675f2\"},{\"layerId\":\"29e03e19-7da7-4eca-b62a-13521fd1779b\",\"seriesType\":\"bar_stacked\",\"accessors\":[\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\"],\"layerType\":\"data\",\"xAccessor\":\"d165975c-abce-47cf-b100-e676a79f8578\",\"splitAccessor\":\"5488fadf-31b3-4036-8471-d600aa8c8e20\"}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"sessions per second\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d1ea09ab-9a25-4522-b665-c70d64c375f9\":{\"columns\":{\"16a02240-6061-45bc-a6f7-c218337675f2\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"dff0c559-15eb-4779-ae91-bdcd4181e4de\":{\"label\":\"all sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"16a02240-6061-45bc-a6f7-c218337675f2\",\"dff0c559-15eb-4779-ae91-bdcd4181e4de\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"},\"29e03e19-7da7-4eca-b62a-13521fd1779b\":{\"columns\":{\"d165975c-abce-47cf-b100-e676a79f8578\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"5488fadf-31b3-4036-8471-d600aa8c8e20\":{\"label\":\"Top 3 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}}},\"columnOrder\":[\"5488fadf-31b3-4036-8471-d600aa8c8e20\",\"d165975c-abce-47cf-b100-e676a79f8578\",\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"total sessions vs event.action\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":0,\"w\":9,\"h\":5,\"i\":\"24c1711c-ff35-4521-a732-acc94eac9608\"},\"panelIndex\":\"24c1711c-ff35-4521-a732-acc94eac9608\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-124335c9-51fa-4846-9cb1-9ba4d65c0a3b\"}],\"state\":{\"visualization\":{\"layerId\":\"124335c9-51fa-4846-9cb1-9ba4d65c0a3b\",\"layerType\":\"data\",\"metricAccessor\":\"3e292140-ec32-4f0b-964f-686aab9faab8\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"124335c9-51fa-4846-9cb1-9ba4d65c0a3b\":{\"columns\":{\"3e292140-ec32-4f0b-964f-686aab9faab8\":{\"label\":\"Total Logs\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"3e292140-ec32-4f0b-964f-686aab9faab8\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":5,\"w\":9,\"h\":12,\"i\":\"6ebd08ab-0099-4b33-945b-f4b52074b068\"},\"panelIndex\":\"6ebd08ab-0099-4b33-945b-f4b52074b068\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"logs-fortinet.fortigate\",\"name\":\"indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"818cae41-a47d-4309-802b-23769f336149\",\"layerType\":\"data\",\"metricAccessor\":\"25ee91df-3eb5-496f-acc8-a83e87213e35\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"818cae41-a47d-4309-802b-23769f336149\":{\"columns\":{\"25ee91df-3eb5-496f-acc8-a83e87213e35\":{\"label\":\"Unique count of destination.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false}},\"columnOrder\":[\"25ee91df-3eb5-496f-acc8-a83e87213e35\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":23,\"h\":18,\"i\":\"2df821d5-2bf4-4225-b144-b92e0b670fc9\"},\"panelIndex\":\"2df821d5-2bf4-4225-b144-b92e0b670fc9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2eae64ac-86b2-45df-8a11-bc3cef4c0109\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"2eae64ac-86b2-45df-8a11-bc3cef4c0109\",\"accessors\":[\"bdd902ee-1796-49d0-9047-57fa399f60c4\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"65264645-fccf-4f52-916c-178b68b7e7dc\",\"splitAccessor\":\"6a93c0f8-c458-4c35-a70a-80847b6458f7\"}],\"yRightExtent\":{\"mode\":\"full\"},\"yLeftExtent\":{\"mode\":\"full\"},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2eae64ac-86b2-45df-8a11-bc3cef4c0109\":{\"columns\":{\"65264645-fccf-4f52-916c-178b68b7e7dc\":{\"label\":\"Top 10 values of panw.panos.endreason\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.endreason\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bdd902ee-1796-49d0-9047-57fa399f60c4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"bdd902ee-1796-49d0-9047-57fa399f60c4\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true},\"6a93c0f8-c458-4c35-a70a-80847b6458f7\":{\"label\":\"Top 5 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bdd902ee-1796-49d0-9047-57fa399f60c4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"}}}},\"columnOrder\":[\"65264645-fccf-4f52-916c-178b68b7e7dc\",\"6a93c0f8-c458-4c35-a70a-80847b6458f7\",\"bdd902ee-1796-49d0-9047-57fa399f60c4\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"endreason by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":17,\"w\":16,\"h\":18,\"i\":\"d9199cfd-2f99-4d9d-a848-2497c4258348\"},\"panelIndex\":\"d9199cfd-2f99-4d9d-a848-2497c4258348\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-b07bf6b7-1e0b-4fcf-a30c-f123e6af7990\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area_percentage_stacked\",\"layers\":[{\"layerId\":\"b07bf6b7-1e0b-4fcf-a30c-f123e6af7990\",\"accessors\":[\"75d91301-ddc2-4099-9d7b-2977db035628\"],\"position\":\"top\",\"seriesType\":\"area_percentage_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"96d1517a-0af5-48e2-b69e-5d66dc7bfe7a\",\"xAccessor\":\"bb24851a-7e24-4dfd-88cd-4971eef0884c\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b07bf6b7-1e0b-4fcf-a30c-f123e6af7990\":{\"columns\":{\"96d1517a-0af5-48e2-b69e-5d66dc7bfe7a\":{\"label\":\"Top 10 values of panw.panos.sub_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.sub_type\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"75d91301-ddc2-4099-9d7b-2977db035628\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"bb24851a-7e24-4dfd-88cd-4971eef0884c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"75d91301-ddc2-4099-9d7b-2977db035628\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"96d1517a-0af5-48e2-b69e-5d66dc7bfe7a\",\"bb24851a-7e24-4dfd-88cd-4971eef0884c\",\"75d91301-ddc2-4099-9d7b-2977db035628\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"subtype %\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":17,\"w\":9,\"h\":18,\"i\":\"a3f7b330-b034-4799-bb70-040453062396\"},\"panelIndex\":\"a3f7b330-b034-4799-bb70-040453062396\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\" \",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"00b76dc2-647f-4f6c-bafb-0e61459b799b\",\"accessors\":[\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"splitAccessor\":\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"00b76dc2-647f-4f6c-bafb-0e61459b799b\":{\"columns\":{\"f022cc79-ec14-4a52-9eab-2e63dc66e677\":{\"label\":\"Top 10 values of panw.panos.sub_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.sub_type\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\":{\"label\":\"Top 3 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e940e5-66ab-422b-92fc-7998c4c77e8b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"subtype by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":17,\"h\":20,\"i\":\"b45646fc-9de7-4fde-9e76-218ea814e1d3\"},\"panelIndex\":\"b45646fc-9de7-4fde-9e76-218ea814e1d3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsChoropleth\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-f49f69c6-b698-4869-a68a-e17fce1a6a92\"}],\"state\":{\"visualization\":{\"layerId\":\"f49f69c6-b698-4869-a68a-e17fce1a6a92\",\"emsLayerId\":\"world_countries\",\"emsField\":\"iso2\",\"valueAccessor\":\"4746007f-dc35-4ec1-94de-429b357994f9\",\"regionAccessor\":\"d99cfce7-5133-4b1f-9a6f-545a2d71dbe1\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f49f69c6-b698-4869-a68a-e17fce1a6a92\":{\"columns\":{\"d99cfce7-5133-4b1f-9a6f-545a2d71dbe1\":{\"label\":\"Top 50 values of destination.geo.country_iso_code\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_iso_code\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4746007f-dc35-4ec1-94de-429b357994f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"4746007f-dc35-4ec1-94de-429b357994f9\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"d99cfce7-5133-4b1f-9a6f-545a2d71dbe1\",\"4746007f-dc35-4ec1-94de-429b357994f9\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":35,\"w\":6,\"h\":10,\"i\":\"5fdc4ac7-5444-46f9-9f65-ad850bbc7873\"},\"panelIndex\":\"5fdc4ac7-5444-46f9-9f65-ad850bbc7873\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\"],\"metrics\":[\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\":{\"columns\":{\"1c69544e-3475-4d96-b33a-5b648a58a87c\":{\"label\":\"Top values of source.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\",\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source country\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":35,\"w\":16,\"h\":20,\"i\":\"6fd8cab3-c2a0-4f74-946e-3e711893e693\"},\"panelIndex\":\"6fd8cab3-c2a0-4f74-946e-3e711893e693\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-dac48d89-5b18-40cb-a29f-c044955be746\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"dac48d89-5b18-40cb-a29f-c044955be746\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"lens_heatmap_legendConfig\",\"legendSize\":\"auto\"},\"gridConfig\":{\"type\":\"lens_heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true},\"valueAccessor\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\",\"xAccessor\":\"c6662c96-b4bc-4305-a172-a33aecadec28\",\"yAccessor\":\"8e6de281-690f-44cc-a6a3-9072dbc82c95\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dac48d89-5b18-40cb-a29f-c044955be746\":{\"columns\":{\"c6662c96-b4bc-4305-a172-a33aecadec28\":{\"label\":\"observer.egress.zone\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.egress.zone\",\"isBucketed\":true,\"params\":{\"size\":4,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":true},\"ec32b9d7-1c13-486f-ba0f-e01495495174\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{},\"customLabel\":true},\"8e6de281-690f-44cc-a6a3-9072dbc82c95\":{\"label\":\"observer.ingress.zone\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.ingress.zone\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":true}},\"columnOrder\":[\"8e6de281-690f-44cc-a6a3-9072dbc82c95\",\"c6662c96-b4bc-4305-a172-a33aecadec28\",\"ec32b9d7-1c13-486f-ba0f-e01495495174\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"ingress.zone / egress.zone\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":35,\"w\":9,\"h\":20,\"i\":\"ccee9680-cac3-479e-b10e-b3a50c2e108a\"},\"panelIndex\":\"ccee9680-cac3-479e-b10e-b3a50c2e108a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-db5cae11-427e-4d12-b21d-3dd48c241a5d\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"db5cae11-427e-4d12-b21d-3dd48c241a5d\",\"accessors\":[\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\",\"splitAccessor\":\"f1cd8a4a-d70d-4db3-b881-df7044915ead\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"db5cae11-427e-4d12-b21d-3dd48c241a5d\":{\"columns\":{\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\":{\"label\":\"Top values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"f1cd8a4a-d70d-4db3-b881-df7044915ead\":{\"label\":\"Top 5 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\",\"f1cd8a4a-d70d-4db3-b881-df7044915ead\",\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"rule.name by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":45,\"w\":6,\"h\":10,\"i\":\"508614a2-23de-45ae-bc67-3223434e4c01\"},\"panelIndex\":\"508614a2-23de-45ae-bc67-3223434e4c01\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\"],\"metrics\":[\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\":{\"columns\":{\"1c69544e-3475-4d96-b33a-5b648a58a87c\":{\"label\":\"Top values of destination.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\",\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":16,\"h\":5,\"i\":\"f61f44cc-742c-423a-a3f7-0884fb28f57c\"},\"panelIndex\":\"f61f44cc-742c-423a-a3f7-0884fb28f57c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Source IP [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Source IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":55,\"w\":16,\"h\":5,\"i\":\"835ccf2c-9c3f-4fa9-94d9-287c39931031\"},\"panelIndex\":\"835ccf2c-9c3f-4fa9-94d9-287c39931031\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Destination IP [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Destination IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":60,\"w\":16,\"h\":15,\"i\":\"3a137ecb-30a2-40f0-a6a8-ac77ffe3c420\"},\"panelIndex\":\"3a137ecb-30a2-40f0-a6a8-ac77ffe3c420\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":60,\"w\":16,\"h\":15,\"i\":\"6648e439-9b38-455d-ae21-fbf85d178612\"},\"panelIndex\":\"6648e439-9b38-455d-ae21-fbf85d178612\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":55,\"w\":16,\"h\":5,\"i\":\"34535ca4-ebce-4fac-92cf-86156b49d158\"},\"panelIndex\":\"34535ca4-ebce-4fac-92cf-86156b49d158\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Network Protocol [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Destination Port\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":60,\"w\":16,\"h\":15,\"i\":\"8ab44620-f4c5-415c-9c4d-6b98c47b4497\"},\"panelIndex\":\"8ab44620-f4c5-415c-9c4d-6b98c47b4497\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":75,\"w\":6,\"h\":15,\"i\":\"6dcad923-e892-4745-ba4b-7f1c89bca6f1\"},\"panelIndex\":\"6dcad923-e892-4745-ba4b-7f1c89bca6f1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":75,\"w\":5,\"h\":15,\"i\":\"c8815305-dc7e-4aa7-8cea-18fb02ed6323\"},\"panelIndex\":\"c8815305-dc7e-4aa7-8cea-18fb02ed6323\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.ip by source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":75,\"w\":5,\"h\":15,\"i\":\"35b841a6-66e6-4946-9b45-9582bb9743b0\"},\"panelIndex\":\"35b841a6-66e6-4946-9b45-9582bb9743b0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.port\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.port\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.port by source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":75,\"w\":6,\"h\":15,\"i\":\"c734c0d9-a3cc-462f-9475-7a50f7c86dfe\"},\"panelIndex\":\"c734c0d9-a3cc-462f-9475-7a50f7c86dfe\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":75,\"w\":5,\"h\":15,\"i\":\"d13321ca-669f-4a51-8020-c17e43e3652e\"},\"panelIndex\":\"d13321ca-669f-4a51-8020-c17e43e3652e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":75,\"w\":5,\"h\":15,\"i\":\"62a4c60d-9bec-490e-a06e-3264899d6892\"},\"panelIndex\":\"62a4c60d-9bec-490e-a06e-3264899d6892\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.port\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.port\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.port by destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":75,\"w\":6,\"h\":15,\"i\":\"fa30a13e-186d-4376-96b1-dbda61198190\"},\"panelIndex\":\"fa30a13e-186d-4376-96b1-dbda61198190\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2bd0d935-9147-4a70-a03a-2fd2d970925f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true},\"2bd0d935-9147-4a70-a03a-2fd2d970925f\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"2bd0d935-9147-4a70-a03a-2fd2d970925f\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":38,\"y\":75,\"w\":5,\"h\":15,\"i\":\"795c64bf-c135-497c-9e88-1fe6c2b772b5\"},\"panelIndex\":\"795c64bf-c135-497c-9e88-1fe6c2b772b5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd545f0f-16a9-4f1f-b42a-fc989728e256\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false},\"cd545f0f-16a9-4f1f-b42a-fc989728e256\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"cd545f0f-16a9-4f1f-b42a-fc989728e256\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":75,\"w\":5,\"h\":15,\"i\":\"20551b9a-edfc-4c21-87f3-b2b79b8d3b2b\"},\"panelIndex\":\"20551b9a-edfc-4c21-87f3-b2b79b8d3b2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"91eb0bfb-0f13-48fc-b7c3-720c47071c40\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false},\"91eb0bfb-0f13-48fc-b7c3-720c47071c40\":{\"label\":\"Top 7 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":7,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"91eb0bfb-0f13-48fc-b7c3-720c47071c40\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.ip by destination.port\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":90,\"w\":16,\"h\":5,\"i\":\"8bcd47f7-58f9-4d67-84a7-b69ccd2a5ec5\"},\"panelIndex\":\"8bcd47f7-58f9-4d67-84a7-b69ccd2a5ec5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Source User [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Source User\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":90,\"w\":16,\"h\":5,\"i\":\"56573e67-c24a-43a3-82fb-dc48241b980f\"},\"panelIndex\":\"56573e67-c24a-43a3-82fb-dc48241b980f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Host [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"URL Category\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":95,\"w\":16,\"h\":15,\"i\":\"58b29faa-cb2f-4bd2-9a87-900480843dd5\"},\"panelIndex\":\"58b29faa-cb2f-4bd2-9a87-900480843dd5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":95,\"w\":16,\"h\":15,\"i\":\"f74c17a5-172a-4222-b2cb-98102fa74df9\"},\"panelIndex\":\"f74c17a5-172a-4222-b2cb-98102fa74df9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top 5 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":90,\"w\":16,\"h\":5,\"i\":\"7ea7a369-ecd2-4e47-8079-29a0a2fba418\"},\"panelIndex\":\"7ea7a369-ecd2-4e47-8079-29a0a2fba418\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Network Application [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Network Application\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":95,\"w\":16,\"h\":15,\"i\":\"71a76f0f-7e9b-479c-85a2-52ac0dd92f41\"},\"panelIndex\":\"71a76f0f-7e9b-479c-85a2-52ac0dd92f41\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":110,\"w\":8,\"h\":15,\"i\":\"39e4f4cf-2d75-4bac-94c8-d92fc6639828\"},\"panelIndex\":\"39e4f4cf-2d75-4bac-94c8-d92fc6639828\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":110,\"w\":8,\"h\":15,\"i\":\"6611963f-f265-42b4-8218-e85a52bb28a4\"},\"panelIndex\":\"6611963f-f265-42b4-8218-e85a52bb28a4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":110,\"w\":8,\"h\":15,\"i\":\"caa3cd5a-0df5-4bde-81ef-e7d025934401\"},\"panelIndex\":\"caa3cd5a-0df5-4bde-81ef-e7d025934401\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":110,\"w\":8,\"h\":15,\"i\":\"8d374133-daf5-40dd-bf6c-f3561365a3a1\"},\"panelIndex\":\"8d374133-daf5-40dd-bf6c-f3561365a3a1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by url.category\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":110,\"w\":8,\"h\":15,\"i\":\"4e69af17-66d9-4605-bc36-26b973b9d14b\"},\"panelIndex\":\"4e69af17-66d9-4605-bc36-26b973b9d14b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":110,\"w\":8,\"h\":15,\"i\":\"c19a1c05-e2dc-4d47-ad53-61e8521754a9\"},\"panelIndex\":\"c19a1c05-e2dc-4d47-ad53-61e8521754a9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by network.application\"}]","timeRestore":false,"title":"Outbound Sessions Traffic [Palo Alto]","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-07-24T18:39:16.299Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"403e9bd1-1184-4369-86ba-a6fecda3d6d6","managed":false,"references":[{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"4ab8cacc-8aa0-4152-ac71-390d35cfc7f6","name":"43d6f426-6e73-4df0-98c6-0733a8d877f9:link_f9679440-367c-4768-a78d-eaedc8ec2419_dashboard","type":"dashboard"},{"id":"403e9bd1-1184-4369-86ba-a6fecda3d6d6","name":"43d6f426-6e73-4df0-98c6-0733a8d877f9:link_dafab3d3-7680-40ba-aeb5-d0970b8b3103_dashboard","type":"dashboard"},{"id":"e749d5df-02ee-4dc8-b1b3-e57e4a48a992","name":"43d6f426-6e73-4df0-98c6-0733a8d877f9:link_7b51c7fd-2ea2-480b-97f1-5c7394f62682_dashboard","type":"dashboard"},{"id":"61af971f-c73f-420f-9479-c31dbbc8276c","name":"43d6f426-6e73-4df0-98c6-0733a8d877f9:link_86041a0c-677a-41d4-b0e0-d3279bdd90d7_dashboard","type":"dashboard"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"894f81d1-01f2-48b9-be4e-fe65172609d0:indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"7db3e998-4263-4ac3-b2e4-1d85b0ea4063:indexpattern-datasource-layer-d1ea09ab-9a25-4522-b665-c70d64c375f9","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"7db3e998-4263-4ac3-b2e4-1d85b0ea4063:indexpattern-datasource-layer-29e03e19-7da7-4eca-b62a-13521fd1779b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"24c1711c-ff35-4521-a732-acc94eac9608:indexpattern-datasource-layer-124335c9-51fa-4846-9cb1-9ba4d65c0a3b","type":"index-pattern"},{"id":"logs-fortinet.fortigate","name":"6ebd08ab-0099-4b33-945b-f4b52074b068:indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"2df821d5-2bf4-4225-b144-b92e0b670fc9:indexpattern-datasource-layer-2eae64ac-86b2-45df-8a11-bc3cef4c0109","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d9199cfd-2f99-4d9d-a848-2497c4258348:indexpattern-datasource-layer-b07bf6b7-1e0b-4fcf-a30c-f123e6af7990","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"a3f7b330-b034-4799-bb70-040453062396:indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"b45646fc-9de7-4fde-9e76-218ea814e1d3:indexpattern-datasource-layer-f49f69c6-b698-4869-a68a-e17fce1a6a92","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"5fdc4ac7-5444-46f9-9f65-ad850bbc7873:indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6fd8cab3-c2a0-4f74-946e-3e711893e693:indexpattern-datasource-layer-dac48d89-5b18-40cb-a29f-c044955be746","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ccee9680-cac3-479e-b10e-b3a50c2e108a:indexpattern-datasource-layer-db5cae11-427e-4d12-b21d-3dd48c241a5d","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"508614a2-23de-45ae-bc67-3223434e4c01:indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"3a137ecb-30a2-40f0-a6a8-ac77ffe3c420:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6648e439-9b38-455d-ae21-fbf85d178612:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"8ab44620-f4c5-415c-9c4d-6b98c47b4497:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6dcad923-e892-4745-ba4b-7f1c89bca6f1:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"c8815305-dc7e-4aa7-8cea-18fb02ed6323:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"35b841a6-66e6-4946-9b45-9582bb9743b0:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"c734c0d9-a3cc-462f-9475-7a50f7c86dfe:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d13321ca-669f-4a51-8020-c17e43e3652e:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"62a4c60d-9bec-490e-a06e-3264899d6892:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fa30a13e-186d-4376-96b1-dbda61198190:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"795c64bf-c135-497c-9e88-1fe6c2b772b5:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"20551b9a-edfc-4c21-87f3-b2b79b8d3b2b:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"58b29faa-cb2f-4bd2-9a87-900480843dd5:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"f74c17a5-172a-4222-b2cb-98102fa74df9:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"71a76f0f-7e9b-479c-85a2-52ac0dd92f41:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"39e4f4cf-2d75-4bac-94c8-d92fc6639828:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6611963f-f265-42b4-8218-e85a52bb28a4:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"caa3cd5a-0df5-4bde-81ef-e7d025934401:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"8d374133-daf5-40dd-bf6c-f3561365a3a1:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"4e69af17-66d9-4605-bc36-26b973b9d14b:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"c19a1c05-e2dc-4d47-ad53-61e8521754a9:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_47fff09c-4c33-4391-845e-bda45636f1ed:optionsListDataView","type":"index-pattern"},{"id":"fleet-pkg-panw-default","name":"tag-ref-fleet-pkg-panw-default","type":"tag"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-07-25T08:38:53.709Z","version":"WzEwNDA2LDZd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":4,\"w\":7,\"h\":15,\"i\":\"79875da8-19ab-4dbf-b21e-777128f8a852\"},\"panelIndex\":\"79875da8-19ab-4dbf-b21e-777128f8a852\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-388be1f2-ca49-40e4-a2d8-c5f3052a5ab5\"}],\"state\":{\"visualization\":{\"layerId\":\"388be1f2-ca49-40e4-a2d8-c5f3052a5ab5\",\"layerType\":\"data\",\"metricAccessor\":\"96b2444d-4b48-486c-b8dc-e81e5f5193bc\",\"secondaryMetricAccessor\":\"60b11eea-2d35-418d-a340-8e0bb9a7baba\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"388be1f2-ca49-40e4-a2d8-c5f3052a5ab5\":{\"columns\":{\"96b2444d-4b48-486c-b8dc-e81e5f5193bc\":{\"label\":\"Total Logs\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{},\"customLabel\":true},\"60b11eea-2d35-418d-a340-8e0bb9a7baba\":{\"label\":\"Unique firewalls\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"observer.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"96b2444d-4b48-486c-b8dc-e81e5f5193bc\",\"60b11eea-2d35-418d-a340-8e0bb9a7baba\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":7,\"y\":4,\"w\":29,\"h\":15,\"i\":\"cad1a977-97d4-497f-88c6-9f74f7ebd63d\"},\"panelIndex\":\"cad1a977-97d4-497f-88c6-9f74f7ebd63d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-5bf06bae-ada3-4d3e-9229-599e9cbd368b\"}],\"state\":{\"visualization\":{\"layerId\":\"5bf06bae-ada3-4d3e-9229-599e9cbd368b\",\"layerType\":\"data\",\"metricAccessor\":\"129942b3-6a1b-40e3-9e14-04ba5fa72922\",\"breakdownByAccessor\":\"52947409-8bba-4fb7-b28d-d235518b84b0\",\"secondaryMetricAccessor\":\"3b82a5c8-2392-46bc-8bfe-3af1f34a0b4c\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":0,\"rangeMax\":100,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#cc5642\",\"stop\":100}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"maxCols\":3},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5bf06bae-ada3-4d3e-9229-599e9cbd368b\":{\"columns\":{\"52947409-8bba-4fb7-b28d-d235518b84b0\":{\"label\":\"Top 2 values of observer.serial_number\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.serial_number\",\"isBucketed\":true,\"params\":{\"size\":2,\"orderBy\":{\"type\":\"column\",\"columnId\":\"129942b3-6a1b-40e3-9e14-04ba5fa72922\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"129942b3-6a1b-40e3-9e14-04ba5fa72922\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"3b82a5c8-2392-46bc-8bfe-3af1f34a0b4c\":{\"label\":\"Unique count of panw.panos.type\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw.panos.type\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"52947409-8bba-4fb7-b28d-d235518b84b0\",\"129942b3-6a1b-40e3-9e14-04ba5fa72922\",\"3b82a5c8-2392-46bc-8bfe-3af1f34a0b4c\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":30,\"i\":\"bbd07531-9de3-44b1-a53f-a218f46c5937\"},\"panelIndex\":\"bbd07531-9de3-44b1-a53f-a218f46c5937\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-e59fde8d-0085-4205-8006-fdef37065488\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"e59fde8d-0085-4205-8006-fdef37065488\",\"accessors\":[\"5012d8db-5e73-4fdc-9f4b-4d9ec9b034dc\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"c67c0217-6e85-4d91-aacc-55e08c9c4acc\",\"splitAccessor\":\"ffd1ff86-6e23-44fa-9a38-e909f08c984b\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e59fde8d-0085-4205-8006-fdef37065488\":{\"columns\":{\"c67c0217-6e85-4d91-aacc-55e08c9c4acc\":{\"label\":\"Top 5 values of observer.serial_number\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.serial_number\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5012d8db-5e73-4fdc-9f4b-4d9ec9b034dc\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":false},\"ffd1ff86-6e23-44fa-9a38-e909f08c984b\":{\"label\":\"Top 3 values of panw.panos.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5012d8db-5e73-4fdc-9f4b-4d9ec9b034dc\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"5012d8db-5e73-4fdc-9f4b-4d9ec9b034dc\":{\"label\":\"logs\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"c67c0217-6e85-4d91-aacc-55e08c9c4acc\",\"ffd1ff86-6e23-44fa-9a38-e909f08c984b\",\"5012d8db-5e73-4fdc-9f4b-4d9ec9b034dc\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"logs by type\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":18,\"h\":15,\"i\":\"d7aa6642-702a-4ffa-9d3b-b44b19e63168\"},\"panelIndex\":\"d7aa6642-702a-4ffa-9d3b-b44b19e63168\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-1595ff41-9582-4ded-a36b-7747cd1f72bd\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"1595ff41-9582-4ded-a36b-7747cd1f72bd\",\"accessors\":[\"462a6781-93cf-4123-8cbc-0a68b99fb043\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"fbf48b80-45f3-4ee6-8ca2-674c83764547\",\"splitAccessor\":\"c2072bec-807e-4fba-ba46-47aeae2af2b7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1595ff41-9582-4ded-a36b-7747cd1f72bd\":{\"columns\":{\"c2072bec-807e-4fba-ba46-47aeae2af2b7\":{\"label\":\"Top 10 values of observer.hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.hostname\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"462a6781-93cf-4123-8cbc-0a68b99fb043\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"fbf48b80-45f3-4ee6-8ca2-674c83764547\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"462a6781-93cf-4123-8cbc-0a68b99fb043\":{\"label\":\"logs per second\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeScale\":\"s\",\"params\":{},\"customLabel\":true}},\"columnOrder\":[\"c2072bec-807e-4fba-ba46-47aeae2af2b7\",\"fbf48b80-45f3-4ee6-8ca2-674c83764547\",\"462a6781-93cf-4123-8cbc-0a68b99fb043\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":19,\"w\":18,\"h\":15,\"i\":\"ad146aaa-4b60-4103-9560-a673181bf721\"},\"panelIndex\":\"ad146aaa-4b60-4103-9560-a673181bf721\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-1595ff41-9582-4ded-a36b-7747cd1f72bd\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"1595ff41-9582-4ded-a36b-7747cd1f72bd\",\"accessors\":[\"462a6781-93cf-4123-8cbc-0a68b99fb043\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"fbf48b80-45f3-4ee6-8ca2-674c83764547\",\"splitAccessor\":\"c2072bec-807e-4fba-ba46-47aeae2af2b7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1595ff41-9582-4ded-a36b-7747cd1f72bd\":{\"columns\":{\"c2072bec-807e-4fba-ba46-47aeae2af2b7\":{\"label\":\"Top 5 values of panw.panos.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"462a6781-93cf-4123-8cbc-0a68b99fb043\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"fbf48b80-45f3-4ee6-8ca2-674c83764547\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"462a6781-93cf-4123-8cbc-0a68b99fb043\":{\"label\":\"logs per second\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeScale\":\"s\",\"params\":{},\"customLabel\":true}},\"columnOrder\":[\"c2072bec-807e-4fba-ba46-47aeae2af2b7\",\"fbf48b80-45f3-4ee6-8ca2-674c83764547\",\"462a6781-93cf-4123-8cbc-0a68b99fb043\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"links\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"46584081-19c2-49ae-9ab7-ebd1bf8fe55a\"},\"panelIndex\":\"46584081-19c2-49ae-9ab7-ebd1bf8fe55a\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"attributes\":{\"links\":[{\"type\":\"dashboardLink\",\"id\":\"0b5b6a67-6055-4a20-aeda-9440b85740fc\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":0,\"destinationRefName\":\"link_0b5b6a67-6055-4a20-aeda-9440b85740fc_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"3341c551-64a9-4504-afaf-b0082b21056a\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":1,\"destinationRefName\":\"link_3341c551-64a9-4504-afaf-b0082b21056a_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"c21bff74-6272-4282-b12e-87548f052273\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":2,\"destinationRefName\":\"link_c21bff74-6272-4282-b12e-87548f052273_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"a54d0cc6-e892-4467-98ba-5fb1c0ca34b8\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":3,\"destinationRefName\":\"link_a54d0cc6-e892-4467-98ba-5fb1c0ca34b8_dashboard\"}],\"layout\":\"horizontal\"},\"enhancements\":{}}}]","timeRestore":false,"title":"Ingest [Palo Alto]","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-07-24T18:39:16.299Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"4ab8cacc-8aa0-4152-ac71-390d35cfc7f6","managed":false,"references":[{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"79875da8-19ab-4dbf-b21e-777128f8a852:indexpattern-datasource-layer-388be1f2-ca49-40e4-a2d8-c5f3052a5ab5","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"cad1a977-97d4-497f-88c6-9f74f7ebd63d:indexpattern-datasource-layer-5bf06bae-ada3-4d3e-9229-599e9cbd368b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"bbd07531-9de3-44b1-a53f-a218f46c5937:indexpattern-datasource-layer-e59fde8d-0085-4205-8006-fdef37065488","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d7aa6642-702a-4ffa-9d3b-b44b19e63168:indexpattern-datasource-layer-1595ff41-9582-4ded-a36b-7747cd1f72bd","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ad146aaa-4b60-4103-9560-a673181bf721:indexpattern-datasource-layer-1595ff41-9582-4ded-a36b-7747cd1f72bd","type":"index-pattern"},{"id":"4ab8cacc-8aa0-4152-ac71-390d35cfc7f6","name":"46584081-19c2-49ae-9ab7-ebd1bf8fe55a:link_0b5b6a67-6055-4a20-aeda-9440b85740fc_dashboard","type":"dashboard"},{"id":"403e9bd1-1184-4369-86ba-a6fecda3d6d6","name":"46584081-19c2-49ae-9ab7-ebd1bf8fe55a:link_3341c551-64a9-4504-afaf-b0082b21056a_dashboard","type":"dashboard"},{"id":"e749d5df-02ee-4dc8-b1b3-e57e4a48a992","name":"46584081-19c2-49ae-9ab7-ebd1bf8fe55a:link_c21bff74-6272-4282-b12e-87548f052273_dashboard","type":"dashboard"},{"id":"61af971f-c73f-420f-9479-c31dbbc8276c","name":"46584081-19c2-49ae-9ab7-ebd1bf8fe55a:link_a54d0cc6-e892-4467-98ba-5fb1c0ca34b8_dashboard","type":"dashboard"},{"id":"fleet-pkg-panw-default","name":"tag-ref-fleet-pkg-panw-default","type":"tag"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-07-24T19:08:32.085Z","version":"WzEwMjc4LDZd"}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"7166e1d0-c60d-4534-ae99-6e80f35570de\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"7166e1d0-c60d-4534-ae99-6e80f35570de\",\"fieldName\":\"panw.panos.type\",\"title\":\"panw.panos.type\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{},\"selectedOptions\":[\"THREAT\"],\"singleSelect\":true}},\"a2090e24-db29-4722-8f65-00e9c62a5e91\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"a2090e24-db29-4722-8f65-00e9c62a5e91\",\"fieldName\":\"panw.panos.severity\",\"title\":\"panw.panos.severity\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"9a695549-c07f-49df-9efc-4f73adbe976b\":{\"type\":\"optionsListControl\",\"order\":4,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"9a695549-c07f-49df-9efc-4f73adbe976b\",\"fieldName\":\"network.direction\",\"title\":\"network.direction\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"52773a52-e270-4941-aba2-89ae22ef2c11\":{\"type\":\"optionsListControl\",\"order\":3,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"52773a52-e270-4941-aba2-89ae22ef2c11\",\"fieldName\":\"panw.panos.network.direction\",\"title\":\"panw.panos.network.direction\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"931f9314-8063-4bd0-89ec-24fdc08b2210\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"931f9314-8063-4bd0-89ec-24fdc08b2210\",\"fieldName\":\"panw.panos.threat_category\",\"title\":\"panw.panos.threat_category\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":true,\"negate\":false,\"alias\":\"IPv4 source private\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"terms\":{\"source.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":true,\"negate\":false,\"alias\":\"IPv4 destination private\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"terms\":{\"destination.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":true,\"negate\":false,\"alias\":\"IPv4 destination.nat.ip private\",\"key\":\"query\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"terms\":{\"destination.nat.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"links\",\"gridData\":{\"x\":0,\"y\":0,\"w\":39,\"h\":6,\"i\":\"154f2272-ca5c-42de-9de6-ae5f305b4c0f\"},\"panelIndex\":\"154f2272-ca5c-42de-9de6-ae5f305b4c0f\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"attributes\":{\"links\":[{\"type\":\"dashboardLink\",\"id\":\"6445368f-5302-4864-a8db-47176e1a863f\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":0,\"destinationRefName\":\"link_6445368f-5302-4864-a8db-47176e1a863f_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"b588eca2-482d-436c-a148-332408571c27\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":1,\"destinationRefName\":\"link_b588eca2-482d-436c-a148-332408571c27_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"4502aac8-3d2d-4f90-9b4c-8b5307a07867\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":2,\"destinationRefName\":\"link_4502aac8-3d2d-4f90-9b4c-8b5307a07867_dashboard\"},{\"type\":\"dashboardLink\",\"id\":\"256555c1-ef27-4a5b-8d02-3ac4462fb359\",\"options\":{\"openInNewTab\":false,\"useCurrentDateRange\":true,\"useCurrentFilters\":false},\"order\":3,\"destinationRefName\":\"link_256555c1-ef27-4a5b-8d02-3ac4462fb359_dashboard\"}],\"layout\":\"horizontal\"},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":6,\"w\":9,\"h\":12,\"i\":\"5d46e2a1-7a12-47c4-b152-ca346ade6322\"},\"panelIndex\":\"5d46e2a1-7a12-47c4-b152-ca346ade6322\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149\"}],\"state\":{\"visualization\":{\"layerId\":\"818cae41-a47d-4309-802b-23769f336149\",\"layerType\":\"data\",\"metricAccessor\":\"25ee91df-3eb5-496f-acc8-a83e87213e35\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"818cae41-a47d-4309-802b-23769f336149\":{\"columns\":{\"25ee91df-3eb5-496f-acc8-a83e87213e35\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"25ee91df-3eb5-496f-acc8-a83e87213e35\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":6,\"w\":30,\"h\":12,\"i\":\"b183625c-9c43-469b-af96-519d13295b91\"},\"panelIndex\":\"b183625c-9c43-469b-af96-519d13295b91\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-29e03e19-7da7-4eca-b62a-13521fd1779b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"29e03e19-7da7-4eca-b62a-13521fd1779b\",\"seriesType\":\"bar_stacked\",\"accessors\":[\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\"],\"layerType\":\"data\",\"xAccessor\":\"d165975c-abce-47cf-b100-e676a79f8578\",\"splitAccessor\":\"5488fadf-31b3-4036-8471-d600aa8c8e20\"}],\"curveType\":\"CURVE_MONOTONE_X\",\"yTitle\":\"sessions per second\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"29e03e19-7da7-4eca-b62a-13521fd1779b\":{\"columns\":{\"d165975c-abce-47cf-b100-e676a79f8578\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"5488fadf-31b3-4036-8471-d600aa8c8e20\":{\"label\":\"Top 5 values of event.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}}},\"columnOrder\":[\"5488fadf-31b3-4036-8471-d600aa8c8e20\",\"d165975c-abce-47cf-b100-e676a79f8578\",\"ebf9920c-5f7a-4442-a3e6-3b4e7bdd91a0\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"total sessions vs event.action\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":0,\"w\":9,\"h\":5,\"i\":\"799c2034-dd1e-49ed-ad80-74f444079f34\"},\"panelIndex\":\"799c2034-dd1e-49ed-ad80-74f444079f34\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-124335c9-51fa-4846-9cb1-9ba4d65c0a3b\"}],\"state\":{\"visualization\":{\"layerId\":\"124335c9-51fa-4846-9cb1-9ba4d65c0a3b\",\"layerType\":\"data\",\"metricAccessor\":\"3e292140-ec32-4f0b-964f-686aab9faab8\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"124335c9-51fa-4846-9cb1-9ba4d65c0a3b\":{\"columns\":{\"3e292140-ec32-4f0b-964f-686aab9faab8\":{\"label\":\"Total Logs\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"3e292140-ec32-4f0b-964f-686aab9faab8\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":5,\"w\":9,\"h\":12,\"i\":\"3f2d0b20-b90f-4df3-a7b8-d9aed624ab7b\"},\"panelIndex\":\"3f2d0b20-b90f-4df3-a7b8-d9aed624ab7b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149\"}],\"state\":{\"visualization\":{\"layerId\":\"818cae41-a47d-4309-802b-23769f336149\",\"layerType\":\"data\",\"metricAccessor\":\"25ee91df-3eb5-496f-acc8-a83e87213e35\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"818cae41-a47d-4309-802b-23769f336149\":{\"columns\":{\"25ee91df-3eb5-496f-acc8-a83e87213e35\":{\"label\":\"Unique count of destination.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false}},\"columnOrder\":[\"25ee91df-3eb5-496f-acc8-a83e87213e35\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":12,\"h\":18,\"i\":\"e52e96ff-6de1-415c-8b1f-e6f9485f5a8d\"},\"panelIndex\":\"e52e96ff-6de1-415c-8b1f-e6f9485f5a8d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\" \",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"00b76dc2-647f-4f6c-bafb-0e61459b799b\",\"accessors\":[\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"splitAccessor\":\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"00b76dc2-647f-4f6c-bafb-0e61459b799b\":{\"columns\":{\"f022cc79-ec14-4a52-9eab-2e63dc66e677\":{\"label\":\"Top 10 values of panw.panos.threat.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.threat.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\":{\"label\":\"Top 5 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e940e5-66ab-422b-92fc-7998c4c77e8b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"threat name by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":18,\"w\":18,\"h\":18,\"i\":\"d3d5702c-d781-432e-8374-219e4dd1614f\"},\"panelIndex\":\"d3d5702c-d781-432e-8374-219e4dd1614f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\" \",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"00b76dc2-647f-4f6c-bafb-0e61459b799b\",\"accessors\":[\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"14d0ba2a-2614-4b68-84b2-1c4aff14569b\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"00b76dc2-647f-4f6c-bafb-0e61459b799b\":{\"columns\":{\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\":{\"label\":\"Top 5 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e940e5-66ab-422b-92fc-7998c4c77e8b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"14d0ba2a-2614-4b68-84b2-1c4aff14569b\":{\"label\":\"Top 3 values of panw.panos.threat_category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.threat_category\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"14d0ba2a-2614-4b68-84b2-1c4aff14569b\",\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"threat category by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":18,\"w\":9,\"h\":18,\"i\":\"06693fd6-74c4-46fb-85aa-0701bf388828\"},\"panelIndex\":\"06693fd6-74c4-46fb-85aa-0701bf388828\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\" \",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"00b76dc2-647f-4f6c-bafb-0e61459b799b\",\"accessors\":[\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"splitAccessor\":\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"00b76dc2-647f-4f6c-bafb-0e61459b799b\":{\"columns\":{\"f022cc79-ec14-4a52-9eab-2e63dc66e677\":{\"label\":\"Top 10 values of panw.panos.severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.severity\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\":{\"label\":\"Top 5 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e940e5-66ab-422b-92fc-7998c4c77e8b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"severity\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":17,\"w\":9,\"h\":18,\"i\":\"94b26672-0fb5-4c54-aa5e-114e49540d7f\"},\"panelIndex\":\"94b26672-0fb5-4c54-aa5e-114e49540d7f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\" \",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"00b76dc2-647f-4f6c-bafb-0e61459b799b\",\"accessors\":[\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"splitAccessor\":\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"00b76dc2-647f-4f6c-bafb-0e61459b799b\":{\"columns\":{\"f022cc79-ec14-4a52-9eab-2e63dc66e677\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\":{\"label\":\"Top 3 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e940e5-66ab-422b-92fc-7998c4c77e8b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"f022cc79-ec14-4a52-9eab-2e63dc66e677\",\"bfb1c9a4-fac3-4c72-b12c-8373c69955b1\",\"49e940e5-66ab-422b-92fc-7998c4c77e8b\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":36,\"w\":17,\"h\":20,\"i\":\"6ac4503f-511d-45b3-a91e-393a43cc1b57\"},\"panelIndex\":\"6ac4503f-511d-45b3-a91e-393a43cc1b57\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsChoropleth\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-f49f69c6-b698-4869-a68a-e17fce1a6a92\"}],\"state\":{\"visualization\":{\"layerId\":\"f49f69c6-b698-4869-a68a-e17fce1a6a92\",\"emsLayerId\":\"world_countries\",\"emsField\":\"iso2\",\"valueAccessor\":\"4746007f-dc35-4ec1-94de-429b357994f9\",\"regionAccessor\":\"d99cfce7-5133-4b1f-9a6f-545a2d71dbe1\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f49f69c6-b698-4869-a68a-e17fce1a6a92\":{\"columns\":{\"d99cfce7-5133-4b1f-9a6f-545a2d71dbe1\":{\"label\":\"Top 50 values of destination.geo.country_iso_code\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_iso_code\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4746007f-dc35-4ec1-94de-429b357994f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"4746007f-dc35-4ec1-94de-429b357994f9\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"d99cfce7-5133-4b1f-9a6f-545a2d71dbe1\",\"4746007f-dc35-4ec1-94de-429b357994f9\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":36,\"w\":6,\"h\":10,\"i\":\"3c724fbc-db5f-493e-9843-d4d57d8fa5c6\"},\"panelIndex\":\"3c724fbc-db5f-493e-9843-d4d57d8fa5c6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\"],\"metrics\":[\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\":{\"columns\":{\"1c69544e-3475-4d96-b33a-5b648a58a87c\":{\"label\":\"Top values of source.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\",\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source country\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":36,\"w\":16,\"h\":20,\"i\":\"e5a1eb72-f55c-4c2f-8ec9-2c8b6e6ff644\"},\"panelIndex\":\"e5a1eb72-f55c-4c2f-8ec9-2c8b6e6ff644\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-dac48d89-5b18-40cb-a29f-c044955be746\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"dac48d89-5b18-40cb-a29f-c044955be746\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"lens_heatmap_legendConfig\",\"legendSize\":\"auto\"},\"gridConfig\":{\"type\":\"lens_heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true},\"valueAccessor\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\",\"xAccessor\":\"c6662c96-b4bc-4305-a172-a33aecadec28\",\"yAccessor\":\"8e6de281-690f-44cc-a6a3-9072dbc82c95\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dac48d89-5b18-40cb-a29f-c044955be746\":{\"columns\":{\"c6662c96-b4bc-4305-a172-a33aecadec28\":{\"label\":\"observer.egress.interface.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.ingress.zone\",\"isBucketed\":true,\"params\":{\"size\":4,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":true},\"ec32b9d7-1c13-486f-ba0f-e01495495174\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{},\"customLabel\":true},\"8e6de281-690f-44cc-a6a3-9072dbc82c95\":{\"label\":\"observer.ingress.interface.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"observer.egress.zone\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ec32b9d7-1c13-486f-ba0f-e01495495174\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}},\"customLabel\":true}},\"columnOrder\":[\"8e6de281-690f-44cc-a6a3-9072dbc82c95\",\"c6662c96-b4bc-4305-a172-a33aecadec28\",\"ec32b9d7-1c13-486f-ba0f-e01495495174\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"ingress.interface / egress.interface\"},{\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":35,\"w\":9,\"h\":20,\"i\":\"b447d314-da1e-4fad-9179-7424cb5ff83e\"},\"panelIndex\":\"b447d314-da1e-4fad-9179-7424cb5ff83e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-db5cae11-427e-4d12-b21d-3dd48c241a5d\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"db5cae11-427e-4d12-b21d-3dd48c241a5d\",\"accessors\":[\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\",\"splitAccessor\":\"f1cd8a4a-d70d-4db3-b881-df7044915ead\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"db5cae11-427e-4d12-b21d-3dd48c241a5d\":{\"columns\":{\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\":{\"label\":\"Top values of rule.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"f1cd8a4a-d70d-4db3-b881-df7044915ead\":{\"label\":\"Top 5 values of panw.panos.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"2dfcd87b-aaa3-41b4-8696-8c7616de6af7\",\"f1cd8a4a-d70d-4db3-b881-df7044915ead\",\"26bbec36-36c0-4d92-aa97-10a2bcfd540a\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"rule.name by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":46,\"w\":6,\"h\":10,\"i\":\"e63d02e9-b50a-47f3-ab97-29be69907c74\"},\"panelIndex\":\"e63d02e9-b50a-47f3-ab97-29be69907c74\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendSize\":\"auto\",\"primaryGroups\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\"],\"metrics\":[\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2f909ccf-8486-4f44-9989-f2ccdec3c7f2\":{\"columns\":{\"1c69544e-3475-4d96-b33a-5b648a58a87c\":{\"label\":\"Top values of destination.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"1c69544e-3475-4d96-b33a-5b648a58a87c\",\"5a4dd525-9ce6-4e3e-9b37-486eee6e2278\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":16,\"h\":5,\"i\":\"3c3326a8-753d-4922-8edc-1544df60c501\"},\"panelIndex\":\"3c3326a8-753d-4922-8edc-1544df60c501\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Source IP [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Source IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":56,\"w\":16,\"h\":5,\"i\":\"114b59a8-ac85-40c1-9925-17150ea7dbb2\"},\"panelIndex\":\"114b59a8-ac85-40c1-9925-17150ea7dbb2\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Destination IP [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Destination IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":61,\"w\":16,\"h\":15,\"i\":\"d760befd-d557-4bf9-a75c-a66d6ff3d4a7\"},\"panelIndex\":\"d760befd-d557-4bf9-a75c-a66d6ff3d4a7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":61,\"w\":16,\"h\":15,\"i\":\"de55bfed-39f8-4e02-960c-a768d387a420\"},\"panelIndex\":\"de55bfed-39f8-4e02-960c-a768d387a420\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":56,\"w\":16,\"h\":5,\"i\":\"2b7e3c6b-6180-422f-b5da-10caf0cfc8c1\"},\"panelIndex\":\"2b7e3c6b-6180-422f-b5da-10caf0cfc8c1\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Network Protocol [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Destination Port\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":61,\"w\":16,\"h\":15,\"i\":\"f7cbfca1-d740-4996-afd8-d732bcf6d6ee\"},\"panelIndex\":\"f7cbfca1-d740-4996-afd8-d732bcf6d6ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\",\"splitAccessor\":\"6044e812-c868-4b91-86c8-68b4ca5db0fd\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"6044e812-c868-4b91-86c8-68b4ca5db0fd\":{\"label\":\"Top 5 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"6044e812-c868-4b91-86c8-68b4ca5db0fd\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":76,\"w\":6,\"h\":15,\"i\":\"e014b9a3-3f28-4df7-8b3a-9ba25582ff7a\"},\"panelIndex\":\"e014b9a3-3f28-4df7-8b3a-9ba25582ff7a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":76,\"w\":5,\"h\":15,\"i\":\"6625deab-f8d3-4006-9405-37cd0a985fc0\"},\"panelIndex\":\"6625deab-f8d3-4006-9405-37cd0a985fc0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.ip by source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":76,\"w\":5,\"h\":15,\"i\":\"d0cad227-f78b-4b9a-a1a7-2f2ff71eae98\"},\"panelIndex\":\"d0cad227-f78b-4b9a-a1a7-2f2ff71eae98\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.port\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.port\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.port by source.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":76,\"w\":6,\"h\":15,\"i\":\"ef00333b-9817-4da6-b695-393e85f50550\"},\"panelIndex\":\"ef00333b-9817-4da6-b695-393e85f50550\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":76,\"w\":5,\"h\":15,\"i\":\"31394539-23a2-491c-ae9f-9367c650b212\"},\"panelIndex\":\"31394539-23a2-491c-ae9f-9367c650b212\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":76,\"w\":5,\"h\":15,\"i\":\"fd1fb17b-682d-4ab2-b486-1fb9eda82ab8\"},\"panelIndex\":\"fd1fb17b-682d-4ab2-b486-1fb9eda82ab8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.port\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.port\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.port by destination.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":76,\"w\":6,\"h\":15,\"i\":\"50eb8966-0063-4e07-a8b3-79b6430e2c70\"},\"panelIndex\":\"50eb8966-0063-4e07-a8b3-79b6430e2c70\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"c01c72a3-9acf-45cf-b310-93e0e93cc5b2\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true},\"c01c72a3-9acf-45cf-b310-93e0e93cc5b2\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"c01c72a3-9acf-45cf-b310-93e0e93cc5b2\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":38,\"y\":76,\"w\":5,\"h\":15,\"i\":\"4a711401-a87a-4a95-98fb-caab0c2de51b\"},\"panelIndex\":\"4a711401-a87a-4a95-98fb-caab0c2de51b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ada5b0af-ba88-485d-b814-90f5e58da05b\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false},\"ada5b0af-ba88-485d-b814-90f5e58da05b\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"ada5b0af-ba88-485d-b814-90f5e58da05b\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by destination.port\"},{\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":76,\"w\":5,\"h\":15,\"i\":\"fbb1ab2f-1930-4dcb-bcc8-dc7bb3753a8a\"},\"panelIndex\":\"fbb1ab2f-1930-4dcb-bcc8-dc7bb3753a8a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"6dae3f21-2ce6-4a5e-b071-b9c1576ec447\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of destination.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false},\"6dae3f21-2ce6-4a5e-b071-b9c1576ec447\":{\"label\":\"Top 10 values of destination.port\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.port\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"6dae3f21-2ce6-4a5e-b071-b9c1576ec447\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique destination.ip by destination.port\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":91,\"w\":16,\"h\":5,\"i\":\"1023e863-3970-4eee-9058-d892c13e96a2\"},\"panelIndex\":\"1023e863-3970-4eee-9058-d892c13e96a2\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Source User [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Source User\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":91,\"w\":16,\"h\":5,\"i\":\"bf424c26-b44d-4ae0-b866-d79f1d845c1b\"},\"panelIndex\":\"bf424c26-b44d-4ae0-b866-d79f1d845c1b\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Host [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"URL Domain\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":96,\"w\":16,\"h\":15,\"i\":\"14957e1d-e1ce-4588-8a3d-06df2e3462b6\"},\"panelIndex\":\"14957e1d-e1ce-4588-8a3d-06df2e3462b6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":96,\"w\":16,\"h\":15,\"i\":\"182e0dcf-359b-4c5e-8c60-acad2cededc1\"},\"panelIndex\":\"182e0dcf-359b-4c5e-8c60-acad2cededc1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top 5 values of url.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.domain\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.domain\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":91,\"w\":16,\"h\":5,\"i\":\"9f38c742-6874-4eab-b416-1483a7286b16\"},\"panelIndex\":\"9f38c742-6874-4eab-b416-1483a7286b16\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Network Application [line]\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Network Application\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":96,\"w\":16,\"h\":15,\"i\":\"fa060757-7c56-48a8-93af-f6f71146ff2d\"},\"panelIndex\":\"fa060757-7c56-48a8-93af-f6f71146ff2d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"auto\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"aefea161-bc94-4630-a170-e2d0e4f528b2\",\"accessors\":[\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"xAccessor\":\"773b753d-9edd-4fc0-9e78-093af4290385\"}],\"valuesInLegend\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aefea161-bc94-4630-a170-e2d0e4f528b2\":{\"columns\":{\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"773b753d-9edd-4fc0-9e78-093af4290385\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true}},\"f41f42ea-a685-49b3-ae78-d78cc7a80390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\"}},\"columnOrder\":[\"b8958bea-4c63-4dc2-9961-13c9eea7e7c1\",\"773b753d-9edd-4fc0-9e78-093af4290385\",\"f41f42ea-a685-49b3-ae78-d78cc7a80390\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":111,\"w\":8,\"h\":15,\"i\":\"d0bafa99-cb35-4578-a862-89698e3875f3\"},\"panelIndex\":\"d0bafa99-cb35-4578-a862-89698e3875f3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":111,\"w\":8,\"h\":15,\"i\":\"fd5a3c76-3964-40cf-a709-a84d69891e23\"},\"panelIndex\":\"fd5a3c76-3964-40cf-a709-a84d69891e23\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of source.user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by source.user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":111,\"w\":8,\"h\":15,\"i\":\"99b57a8e-eb10-46cf-84b9-5bf7258bc3ca\"},\"panelIndex\":\"99b57a8e-eb10-46cf-84b9-5bf7258bc3ca\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of url.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"url.domain\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.domain\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":111,\"w\":8,\"h\":15,\"i\":\"59a42906-2753-4591-9eb5-84a42d0e6907\"},\"panelIndex\":\"59a42906-2753-4591-9eb5-84a42d0e6907\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of panw.panos.url.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw.panos.url.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"url.category\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":111,\"w\":8,\"h\":15,\"i\":\"fbfc1b99-f025-4952-a7d7-70d309d1cff9\"},\"panelIndex\":\"fbfc1b99-f025-4952-a7d7-70d309d1cff9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"sessions\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"customLabel\":true}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"network.application\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":111,\"w\":8,\"h\":15,\"i\":\"95e0f616-7d4a-4207-be7a-90eefec5629b\"},\"panelIndex\":\"95e0f616-7d4a-4207-be7a-90eefec5629b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"76075f55-d644-4ca0-84c9-8482528ef69d\",\"name\":\"indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\",\"accessors\":[\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"38e66b49-ac80-4831-adae-1598ecf1763d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a\":{\"columns\":{\"38e66b49-ac80-4831-adae-1598ecf1763d\":{\"label\":\"Top 10 values of network.application\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.application\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\":{\"label\":\"Unique count of source.ip\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"isBucketed\":false}},\"columnOrder\":[\"38e66b49-ac80-4831-adae-1598ecf1763d\",\"554a0f4f-67f3-4e12-a81b-1246a3dd516d\"],\"incompleteColumns\":{},\"indexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"currentIndexPatternId\":\"76075f55-d644-4ca0-84c9-8482528ef69d\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique source.ip by network.application\"}]","timeRestore":false,"title":"Threat [Palo Alto]","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-07-24T18:39:16.299Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"61af971f-c73f-420f-9479-c31dbbc8276c","managed":false,"references":[{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"4ab8cacc-8aa0-4152-ac71-390d35cfc7f6","name":"154f2272-ca5c-42de-9de6-ae5f305b4c0f:link_6445368f-5302-4864-a8db-47176e1a863f_dashboard","type":"dashboard"},{"id":"403e9bd1-1184-4369-86ba-a6fecda3d6d6","name":"154f2272-ca5c-42de-9de6-ae5f305b4c0f:link_b588eca2-482d-436c-a148-332408571c27_dashboard","type":"dashboard"},{"id":"e749d5df-02ee-4dc8-b1b3-e57e4a48a992","name":"154f2272-ca5c-42de-9de6-ae5f305b4c0f:link_4502aac8-3d2d-4f90-9b4c-8b5307a07867_dashboard","type":"dashboard"},{"id":"61af971f-c73f-420f-9479-c31dbbc8276c","name":"154f2272-ca5c-42de-9de6-ae5f305b4c0f:link_256555c1-ef27-4a5b-8d02-3ac4462fb359_dashboard","type":"dashboard"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"5d46e2a1-7a12-47c4-b152-ca346ade6322:indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"b183625c-9c43-469b-af96-519d13295b91:indexpattern-datasource-layer-29e03e19-7da7-4eca-b62a-13521fd1779b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"799c2034-dd1e-49ed-ad80-74f444079f34:indexpattern-datasource-layer-124335c9-51fa-4846-9cb1-9ba4d65c0a3b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"3f2d0b20-b90f-4df3-a7b8-d9aed624ab7b:indexpattern-datasource-layer-818cae41-a47d-4309-802b-23769f336149","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"e52e96ff-6de1-415c-8b1f-e6f9485f5a8d:indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d3d5702c-d781-432e-8374-219e4dd1614f:indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"06693fd6-74c4-46fb-85aa-0701bf388828:indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"94b26672-0fb5-4c54-aa5e-114e49540d7f:indexpattern-datasource-layer-00b76dc2-647f-4f6c-bafb-0e61459b799b","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6ac4503f-511d-45b3-a91e-393a43cc1b57:indexpattern-datasource-layer-f49f69c6-b698-4869-a68a-e17fce1a6a92","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"3c724fbc-db5f-493e-9843-d4d57d8fa5c6:indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"e5a1eb72-f55c-4c2f-8ec9-2c8b6e6ff644:indexpattern-datasource-layer-dac48d89-5b18-40cb-a29f-c044955be746","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"b447d314-da1e-4fad-9179-7424cb5ff83e:indexpattern-datasource-layer-db5cae11-427e-4d12-b21d-3dd48c241a5d","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"e63d02e9-b50a-47f3-ab97-29be69907c74:indexpattern-datasource-layer-2f909ccf-8486-4f44-9989-f2ccdec3c7f2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d760befd-d557-4bf9-a75c-a66d6ff3d4a7:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"de55bfed-39f8-4e02-960c-a768d387a420:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"f7cbfca1-d740-4996-afd8-d732bcf6d6ee:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"e014b9a3-3f28-4df7-8b3a-9ba25582ff7a:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"6625deab-f8d3-4006-9405-37cd0a985fc0:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d0cad227-f78b-4b9a-a1a7-2f2ff71eae98:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"ef00333b-9817-4da6-b695-393e85f50550:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"31394539-23a2-491c-ae9f-9367c650b212:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fd1fb17b-682d-4ab2-b486-1fb9eda82ab8:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"50eb8966-0063-4e07-a8b3-79b6430e2c70:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"4a711401-a87a-4a95-98fb-caab0c2de51b:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fbb1ab2f-1930-4dcb-bcc8-dc7bb3753a8a:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"14957e1d-e1ce-4588-8a3d-06df2e3462b6:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"182e0dcf-359b-4c5e-8c60-acad2cededc1:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fa060757-7c56-48a8-93af-f6f71146ff2d:indexpattern-datasource-layer-aefea161-bc94-4630-a170-e2d0e4f528b2","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"d0bafa99-cb35-4578-a862-89698e3875f3:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fd5a3c76-3964-40cf-a709-a84d69891e23:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"99b57a8e-eb10-46cf-84b9-5bf7258bc3ca:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"59a42906-2753-4591-9eb5-84a42d0e6907:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"fbfc1b99-f025-4952-a7d7-70d309d1cff9:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"95e0f616-7d4a-4207-be7a-90eefec5629b:indexpattern-datasource-layer-9d69e3fb-d5f0-49d9-8c84-9b32b730ec3a","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_7166e1d0-c60d-4534-ae99-6e80f35570de:optionsListDataView","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_a2090e24-db29-4722-8f65-00e9c62a5e91:optionsListDataView","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_9a695549-c07f-49df-9efc-4f73adbe976b:optionsListDataView","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_52773a52-e270-4941-aba2-89ae22ef2c11:optionsListDataView","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"controlGroup_931f9314-8063-4bd0-89ec-24fdc08b2210:optionsListDataView","type":"index-pattern"},{"id":"fleet-pkg-panw-default","name":"tag-ref-fleet-pkg-panw-default","type":"tag"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-07-25T11:19:28.581Z","version":"WzEwNTA2LDZd"}
{"attributes":{"columns":["panw.panos.type","panw.panos.sub_type","source.user.name","source.ip","panw.panos.source.zone","destination.ip","panw.panos.destination.zone","network.application","panw.panos.url.category","panw.panos.threat.name","panw.panos.action","rule.name","network.direction","panw.panos.network.direction"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"disabled\":false,\"field\":\"panw.panos.type\",\"key\":\"panw.panos.type\",\"negate\":false,\"params\":{\"query\":\"THREAT\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"panw.panos.type\":\"THREAT\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"private IPv4 source.ip\",\"disabled\":true,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"terms\\\":{\\\"source.ip\\\":[\\\"10.0.0.0/8\\\",\\\"172.16.0.0/12\\\",\\\"192.168.0.0/16\\\"]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"terms\":{\"source.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"private IPv4 destination.ip\",\"disabled\":true,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"terms\\\":{\\\"destination.ip\\\":[\\\"10.0.0.0/8\\\",\\\"172.16.0.0/12\\\",\\\"192.168.0.0/16\\\"]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"terms\":{\"destination.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"private IPv4 destination.nat.ip\",\"disabled\":true,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"terms\\\":{\\\"destination.nat.ip\\\":[\\\"10.0.0.0/8\\\",\\\"172.16.0.0/12\\\",\\\"192.168.0.0/16\\\"]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"terms\":{\"destination.nat.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Threat [Palo Alto]"},"coreMigrationVersion":"8.8.0","created_at":"2024-07-24T18:39:16.299Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"aadef970-65bc-11ed-a386-77c73185a9f6","managed":false,"references":[{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"fleet-pkg-panw-default","name":"tag-ref-fleet-pkg-panw-default","type":"tag"}],"type":"search","typeMigrationVersion":"10.3.0","updated_at":"2024-07-24T19:22:46.723Z","version":"WzEwMzI0LDZd"}
{"attributes":{"columns":["panw.panos.type","panw.panos.sub_type","source.user.name","source.ip","panw.panos.source.zone","destination.ip","panw.panos.destination.zone","network.application","panw.panos.url.category","panw.panos.action","panw.panos.endreason","rule.name"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"panw.panos.type\",\"field\":\"panw.panos.type\",\"params\":{\"query\":\"TRAFFIC\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"panw.panos.type\":\"TRAFFIC\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":true,\"negate\":false,\"alias\":\"private IPv4 source.ip\",\"key\":\"query\",\"value\":\"{\\\"terms\\\":{\\\"source.ip\\\":[\\\"10.0.0.0/8\\\",\\\"172.16.0.0/12\\\",\\\"192.168.0.0/16\\\"]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"terms\":{\"source.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":true,\"negate\":false,\"alias\":\"private IPv4 destination.ip\",\"key\":\"query\",\"value\":\"{\\\"terms\\\":{\\\"destination.ip\\\":[\\\"10.0.0.0/8\\\",\\\"172.16.0.0/12\\\",\\\"192.168.0.0/16\\\"]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"terms\":{\"destination.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"custom\",\"disabled\":true,\"negate\":false,\"alias\":\"private IPv4 destination.nat.ip\",\"key\":\"query\",\"value\":\"{\\\"terms\\\":{\\\"destination.nat.ip\\\":[\\\"10.0.0.0/8\\\",\\\"172.16.0.0/12\\\",\\\"192.168.0.0/16\\\"]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"terms\":{\"destination.nat.ip\":[\"10.0.0.0/8\",\"172.16.0.0/12\",\"192.168.0.0/16\"]}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Traffic [Palo Alto]"},"coreMigrationVersion":"8.8.0","created_at":"2024-07-24T18:39:16.299Z","created_by":"u_PaRg-nLhFPeiQBsu7cmBe48wlAUPR9RyiTufeHmDsd0_0","id":"da132f80-6103-11ed-a386-77c73185a9f6","managed":false,"references":[{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"76075f55-d644-4ca0-84c9-8482528ef69d","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"fleet-pkg-panw-default","name":"tag-ref-fleet-pkg-panw-default","type":"tag"}],"type":"search","typeMigrationVersion":"10.3.0","updated_at":"2024-07-24T18:47:36.251Z","version":"WzEwMTk2LDZd"}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":9,"missingRefCount":0,"missingReferences":[]}