From 8014ec259e110cbd506ab28892efc8b7247bcb3f Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Wed, 29 May 2024 10:15:20 -0700 Subject: [PATCH] Fix flint skipping index syntax issues (#1846) (#1852) * update flint related issues for - vpc flow - cloud trail - multiple records protocol support * update flint vega ip sankey visualization query --------- (cherry picked from commit 0d2a1c7361520e52a4f5a014e19ee3d38bb91eeb) Signed-off-by: YANGDB Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] --- .../aws_vpc_flow_flint-live-1.0.0.ndjson | 34 ++++---- .../aws_vpc_flow_flint-pre_agg-1.0.0.ndjson | 36 ++++---- .../assets/create_mv_vpc-1.0.0.sql | 0 .../assets/create_skipping_index-1.0.0.sql | 11 ++- .../assets/create_table_parquet_vpc-1.0.0.sql | 2 +- .../assets/aws_cloudtrail-flint-1.0.0.ndjson | 34 ++++---- .../assets/create_mv_cloud-trail-1.0.0.sql | 83 +++++++++---------- .../create_mv_cloud-trail-records-1.0.0.sql | 55 ++++++++++++ .../assets/create_skipping_index-1.0.0.sql | 18 ++-- .../assets/create_table_cloud-trail-1.0.0.sql | 13 ++- ...create_table_cloud-trail-records-1.0.0.sql | 67 +++++++++++++++ .../assets/example_queries-1.0.0.ndjson | 8 +- .../example_queries-records-1.0.0.ndjson | 5 ++ .../aws_cloudtrail/aws_cloudtrail-1.0.0.json | 71 ++++++++++------ .../aws_cloudtrail/data/raw-sample.json | 44 ++++++++++ 15 files changed, 335 insertions(+), 146 deletions(-) delete mode 100644 server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_mv_vpc-1.0.0.sql create mode 100644 server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-records-1.0.0.sql create mode 100644 server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-records-1.0.0.sql create mode 100644 server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson create mode 100644 server/adaptors/integrations/__data__/repository/aws_cloudtrail/data/raw-sample.json diff --git a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson index 098b03a7e..409f1ccaa 100644 --- a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson +++ b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-live-1.0.0.ndjson @@ -1,18 +1,18 @@ -{"attributes":{"fields":"[{\"count\":0,\"name\":\"@message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"attributes.data_stream.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"attributes.data_stream.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"attributes.data_stream.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":2,\"name\":\"aws.s3.bucket\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.copy_source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.delete\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.part_number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.upload_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.az-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.az-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.az-id\"}}},{\"count\":1,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":3,\"name\":\"aws.vpc.dstaddr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.end\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.flow-direction\"}}},{\"count\":0,\"name\":\"aws.vpc.instance-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.instance-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.instance-id\"}}},{\"count\":0,\"name\":\"aws.vpc.interface-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.log-status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.pkt-dst-aws-service\"}}},{\"count\":1,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.pkt-src-aws-service\"}}},{\"count\":0,\"name\":\"aws.vpc.protocol\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.region.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.region\"}}},{\"count\":1,\"name\":\"aws.vpc.srcaddr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.subnet-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.subnet-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.subnet-id\"}}},{\"count\":0,\"name\":\"aws.vpc.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.vpc-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.vpc-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.vpc-id\"}}},{\"count\":0,\"name\":\"body\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.account.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.resource_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.destination.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.destination.address\"}}},{\"count\":0,\"name\":\"communication.destination.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.destination.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.destination.domain\"}}},{\"count\":0,\"name\":\"communication.destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.sock.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.source.address\"}}},{\"count\":0,\"name\":\"communication.source.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.source.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.source.domain\"}}},{\"count\":0,\"name\":\"communication.source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.exception.message\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.exception.stacktrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.exception.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.result\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"instrumentationScope.dropped_attributes_count\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"instrumentationScope.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.name\"}}},{\"count\":0,\"name\":\"instrumentationScope.schemaUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.schemaUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.schemaUrl\"}}},{\"count\":0,\"name\":\"instrumentationScope.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.version\"}}},{\"count\":0,\"name\":\"observedTimestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"observerTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"schemaUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"schemaUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"schemaUrl\"}}},{\"count\":0,\"name\":\"severity.number\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"severity.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"severity.text.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"severity.text\"}}},{\"count\":0,\"name\":\"spanId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"traceId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"flint_zero_etl_amazons3_default_vpc_integration_week_live_mview"},"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Total Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Total Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Total Requests\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"8eedcff8-310f-4095-8d7e-4d863ebe46a4","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Request History","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Request History\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2023-07-19T02:48:00.000Z\",\"to\":\"2023-07-19T02:48:10.000Z\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"4f182dd9-f6a3-495c-b259-f595f306720e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Requests by Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Requests by Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":true}}"},"id":"3f991167-d95a-4324-b1ea-2a0bf34cc027","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Bytes\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"882edbf5-ad9d-4232-a2d4-7c21409d2cc1","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Packets","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Packets\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Packets\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Packets\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"ee27bc70-8c55-4a4f-87a4-90495397e06d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-src-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-src-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Source AWS Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Source AWS Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-src-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":true}}"},"id":"de9c1a7c-96f6-4d76-8f4c-1bf8915ef199","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-dst-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-dst-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destination AWS Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destination AWS Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-dst-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d2109719-2a70-4f1b-8ee7-b8ccc159f6d0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Requests by Direction Metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Requests by Direction Metric\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"343f80f5-a6d4-4710-af71-a62c17f9492f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destination Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destination Bytes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"dcff10b9-1fe0-46c5-9795-3fd85ca074e6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Source Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Source Bytes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"682ca65f-9611-434e-af14-cb8554c4d570","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Sources","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Sources\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"795967a5-0b1d-44cd-a081-552e20b062b9","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destinations","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destinations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"fae68953-a782-41ad-80f3-eb6bfc333359","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzM5OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[AWS VPC Flow Logs 1.0] Flow","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Flow\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n data: [\\n\\t{\\n \\t// query OpenSearch based on the currently selected time range and filter string\\n \\tname: rawData\\n \\turl: {\\n \\tindex: flint_zero_etl_amazons3_default_vpc_integration_*\\n \\tbody: {\\n \\tsize: 0\\n \\taggs: {\\n \\ttable: {\\n \\tcomposite: {\\n \\tsize: 10000\\n \\tsources: [\\n \\t{\\n \\tstk1: {\\n \\tterms: {field: \\\"aws.vpc.srcaddr\\\"}\\n \\t}\\n \\t}\\n \\t{\\n \\tstk2: {\\n \\tterms: {field: \\\"aws.vpc.dstaddr\\\"}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t// From the result, take just the data we are interested in\\n \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n \\t// Convert key.stk1 -> stk1 for simpler access below\\n \\ttransform: [\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: nodes\\n \\tsource: rawData\\n \\ttransform: [\\n \\t// when a country is selected, filter out unrelated data\\n \\t{\\n \\ttype: filter\\n \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n \\t}\\n \\t// Set new key for later lookups - identifies each node\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n \\t// instead of each table row, create two new rows,\\n \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n \\t{\\n \\ttype: fold\\n \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n \\t}\\n \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n \\tas: sortField\\n \\t}\\n \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n \\t// independently for each stack, and ensuring they are in the proper order,\\n \\t// alphabetical from the top (reversed on the y axis)\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n \\tfield: size\\n \\t}\\n \\t// calculate vertical center point for each node, used to draw edges\\n \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: groups\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// combine all nodes into country groups, summing up the doc counts\\n \\t{\\n \\ttype: aggregate\\n \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n \\tfields: [\\\"size\\\"]\\n \\tops: [\\\"sum\\\"]\\n \\tas: [\\\"total\\\"]\\n \\t}\\n \\t// re-calculate the stacking y0,y1 values\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n \\tfield: total\\n \\t}\\n \\t// project y0 and y1 values to screen coordinates\\n \\t// doing it once here instead of doing it several times in marks\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n \\t// boolean flag if the label should be on the right of the stack\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n \\t// domain upper bound, which represents the total traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.total/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n\\t{\\n \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n \\tname: destinationNodes\\n \\tsource: nodes\\n \\ttransform: [\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: edges\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// we only want nodes from the left stack\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n \\t{\\n \\ttype: lookup\\n \\tfrom: destinationNodes\\n \\tkey: key\\n \\tfields: [\\\"key\\\"]\\n \\tas: [\\\"target\\\"]\\n \\t}\\n \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n \\t{\\n \\ttype: linkpath\\n \\torient: horizontal\\n \\tshape: diagonal\\n \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n \\t}\\n \\t// A little trick to calculate the thickness of the line.\\n \\t// The value needs to be the same as the hight of the node, but scaling\\n \\t// size to screen's height gives inversed value because screen's Y\\n \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n \\t// is at the bottom. So subtracting scaled doc count from screen height\\n \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n \\t{\\n \\ttype: formula\\n \\texpr: range('y')[0]-scale('y', datum.size)\\n \\tas: strokeWidth\\n \\t}\\n \\t// Tooltip needs individual link's percentage of all traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.size/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n ]\\n scales: [\\n\\t{\\n \\t// calculates horizontal stack positioning\\n \\tname: x\\n \\ttype: band\\n \\trange: width\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tpaddingOuter: 0.05\\n \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n \\t// this scale goes up as high as the highest y1 value of all nodes\\n \\tname: y\\n \\ttype: linear\\n \\trange: height\\n \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n \\t// use rawData to ensure the colors stay the same when clicking.\\n \\tname: color\\n \\ttype: ordinal\\n \\trange: category\\n \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n \\tname: stackNames\\n \\ttype: ordinal\\n \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n ]\\n axes: [\\n\\t{\\n \\t// x axis should use custom label formatting to print proper stack names\\n \\torient: bottom\\n \\tscale: x\\n \\tencode: {\\n \\tlabels: {\\n \\tupdate: {\\n \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n \\t}\\n \\t}\\n \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n ]\\n marks: [\\n\\t{\\n \\t// draw the connecting line between stacks\\n \\ttype: path\\n \\tname: edgeMark\\n \\tfrom: {data: \\\"edges\\\"}\\n \\t// this prevents some autosizing issues with large strokeWidth for paths\\n \\tclip: true\\n \\tencode: {\\n \\tupdate: {\\n \\t// By default use color of the left node, except when showing traffic\\n \\t// from just one country, in which case use destination color.\\n \\tstroke: [\\n \\t{\\n \\ttest: groupSelector && groupSelector.stack=='stk1'\\n \\tscale: color\\n \\tfield: stk2\\n \\t}\\n \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n \\t]\\n \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n \\tpath: {field: \\\"path\\\"}\\n \\t// when showing all traffic, and hovering over a country,\\n \\t// highlight the traffic from that country.\\n \\tstrokeOpacity: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n \\t}\\n \\t// Ensure that the hover-selected edges show on top\\n \\tzindex: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n \\t}\\n \\t// format tooltip string\\n \\ttooltip: {\\n \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\t// Simple mouseover highlighting of a single line\\n \\thover: {\\n \\tstrokeOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw stack groups (countries)\\n \\ttype: rect\\n \\tname: groupMark\\n \\tfrom: {data: \\\"groups\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n \\twidth: {scale: \\\"x\\\", band: 1}\\n \\t}\\n \\tupdate: {\\n \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n \\ty: {field: \\\"scaledY0\\\"}\\n \\ty2: {field: \\\"scaledY1\\\"}\\n \\tfillOpacity: {value: 0.6}\\n \\ttooltip: {\\n \\tsignal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\thover: {\\n \\tfillOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw country code labels on the inner side of the stack\\n \\ttype: text\\n \\tfrom: {data: \\\"groups\\\"}\\n \\t// don't process events for the labels - otherwise line mouseover is unclean\\n \\tinteractive: false\\n \\tencode: {\\n \\tupdate: {\\n \\t// depending on which stack it is, position x with some padding\\n \\tx: {\\n \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n \\t}\\n \\t// middle of the group\\n \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\t// only show text label if the group's height is large enough\\n \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n \\ttype: group\\n \\tdata: [\\n \\t// We need to make the button show only when groupSelector signal is true.\\n \\t// Each mark is drawn as many times as there are elements in the backing data.\\n \\t// Which means that if values list is empty, it will not be drawn.\\n \\t// Here I create a data source with one empty object, and filter that list\\n \\t// based on the signal value. This can only be done in a group.\\n \\t{\\n \\tname: dataForShowAll\\n \\tvalues: [{}]\\n \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n \\t}\\n \\t]\\n \\t// Set button size and positioning\\n \\tencode: {\\n \\tenter: {\\n \\txc: {signal: \\\"width/2\\\"}\\n \\ty: {value: 30}\\n \\twidth: {value: 80}\\n \\theight: {value: 30}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\t// This group is shown as a button with rounded corners.\\n \\ttype: group\\n \\t// mark name allows signal capturing\\n \\tname: groupReset\\n \\t// Only shows button if dataForShowAll has values.\\n \\tfrom: {data: \\\"dataForShowAll\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tcornerRadius: {value: 6}\\n \\tfill: {value: \\\"#F5F7FA\\\"}\\n \\tstroke: {value: \\\"#c1c1c1\\\"}\\n \\tstrokeWidth: {value: 2}\\n \\t// use parent group's size\\n \\theight: {\\n \\tfield: {group: \\\"height\\\"}\\n \\t}\\n \\twidth: {\\n \\tfield: {group: \\\"width\\\"}\\n \\t}\\n \\t}\\n \\tupdate: {\\n \\t// groups are transparent by default\\n \\topacity: {value: 1}\\n \\t}\\n \\thover: {\\n \\topacity: {value: 0.7}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\ttype: text\\n \\t// if true, it will prevent clicking on the button when over text.\\n \\tinteractive: false\\n \\tencode: {\\n \\tenter: {\\n \\t// center text in the paren group\\n \\txc: {\\n \\tfield: {group: \\\"width\\\"}\\n \\tmult: 0.5\\n \\t}\\n \\tyc: {\\n \\tfield: {group: \\\"height\\\"}\\n \\tmult: 0.5\\n \\toffset: 2\\n \\t}\\n \\talign: {value: \\\"center\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\ttext: {value: \\\"Show All\\\"}\\n \\t}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t]\\n\\t}\\n ]\\n signals: [\\n\\t{\\n \\t// used to highlight traffic to/from the same country\\n \\tname: groupHover\\n \\tvalue: {}\\n \\ton: [\\n \\t{\\n \\tevents: @groupMark:mouseover\\n \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n \\tname: groupSelector\\n \\tvalue: false\\n \\ton: [\\n \\t{\\n \\t// Clicking groupMark sets this signal to the filter values\\n \\tevents: @groupMark:click!\\n \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{\\n \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n \\tevents: [\\n \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n \\t{type: \\\"dblclick\\\"}\\n \\t]\\n \\tupdate: \\\"false\\\"\\n \\t}\\n \\t]\\n\\t}\\n ]\\n}\\n\"}}"},"id":"97d96a8a-e75d-4346-a56c-c4a75e4eb801","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.srcaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Heat Map","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Heat Map\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Address\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Address\"},\"schema\":\"group\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"id":"768b09c9-bba3-49c1-a810-68479b1a8056","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMiwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"interval_start_time\",\"calendar_interval\":\"1d\",\"time_zone\":\"America/Vancouver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"VPC - Live Raw Search","version":1},"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","migrationVersion":{"search":"7.9.3"},"references":[{"id":"3cbc7909-58c7-4eef-a8cd-70edc0e6b03c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-04-17T00:35:11.899Z","version":"WzQwMywxXQ=="} -{"attributes":{"description":"VPC Flow Logs dashboard with basic Observability\nonly using live MV queries projection","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":13,\"i\":\"ea07e9f4-6719-4c34-bfb8-ca48e9fda75b\"},\"panelIndex\":\"ea07e9f4-6719-4c34-bfb8-ca48e9fda75b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":11,\"y\":0,\"w\":25,\"h\":13,\"i\":\"9931d8df-e493-4649-9934-0a24c8b091f8\"},\"panelIndex\":\"9931d8df-e493-4649-9934-0a24c8b091f8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":36,\"y\":0,\"w\":11,\"h\":13,\"i\":\"816b48d0-7c09-42e9-97be-a19c17634fc5\"},\"panelIndex\":\"816b48d0-7c09-42e9-97be-a19c17634fc5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":13,\"w\":22,\"h\":13,\"i\":\"6b04df64-559d-4d48-b454-ddeec66690d1\"},\"panelIndex\":\"6b04df64-559d-4d48-b454-ddeec66690d1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":22,\"y\":13,\"w\":25,\"h\":13,\"i\":\"fb0eb25c-f2b3-484c-9125-4bc201e97b3f\"},\"panelIndex\":\"fb0eb25c-f2b3-484c-9125-4bc201e97b3f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":15,\"h\":15,\"i\":\"79b5d7c5-7e66-4f92-b8ad-80a42167d181\"},\"panelIndex\":\"79b5d7c5-7e66-4f92-b8ad-80a42167d181\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":15,\"y\":26,\"w\":14,\"h\":15,\"i\":\"8bbe7594-e52c-4fa6-8432-f265d0db5fd8\"},\"panelIndex\":\"8bbe7594-e52c-4fa6-8432-f265d0db5fd8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":29,\"y\":26,\"w\":18,\"h\":15,\"i\":\"4ea77bab-a48b-4ccf-b8e0-6b2f5b5c337a\"},\"panelIndex\":\"4ea77bab-a48b-4ccf-b8e0-6b2f5b5c337a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":41,\"w\":12,\"h\":15,\"i\":\"d9e75376-2d8c-49f4-babb-335e73c99dee\"},\"panelIndex\":\"d9e75376-2d8c-49f4-babb-335e73c99dee\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":12,\"y\":41,\"w\":12,\"h\":15,\"i\":\"8844e89c-9c06-4141-899f-b1f6fdde901b\"},\"panelIndex\":\"8844e89c-9c06-4141-899f-b1f6fdde901b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":24,\"y\":41,\"w\":12,\"h\":15,\"i\":\"b4d94532-59cf-454e-98a2-beb15b8a752f\"},\"panelIndex\":\"b4d94532-59cf-454e-98a2-beb15b8a752f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":36,\"y\":41,\"w\":12,\"h\":15,\"i\":\"505c0278-0d96-4617-9976-7bd9a8787e3a\"},\"panelIndex\":\"505c0278-0d96-4617-9976-7bd9a8787e3a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":27,\"i\":\"fb0edb10-2e2a-4b3f-99a5-22ffe95e3250\"},\"panelIndex\":\"fb0edb10-2e2a-4b3f-99a5-22ffe95e3250\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":27,\"i\":\"5392e5cd-13cc-4904-abe7-1e183dc59478\"},\"panelIndex\":\"5392e5cd-13cc-4904-abe7-1e183dc59478\",\"embeddableConfig\":{\"vis\":null},\"panelRefName\":\"panel_13\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":13,\"i\":\"291bd66b-062e-4019-90e7-e2b0da7c284a\"},\"panelIndex\":\"291bd66b-062e-4019-90e7-e2b0da7c284a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"AWS VPC Flow Logs Only-Live Overview","version":1},"id":"331c7b50-fc4d-11ee-bcb2-63941cdc5839","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"8eedcff8-310f-4095-8d7e-4d863ebe46a4","name":"panel_0","type":"visualization"},{"id":"4f182dd9-f6a3-495c-b259-f595f306720e","name":"panel_1","type":"visualization"},{"id":"3f991167-d95a-4324-b1ea-2a0bf34cc027","name":"panel_2","type":"visualization"},{"id":"882edbf5-ad9d-4232-a2d4-7c21409d2cc1","name":"panel_3","type":"visualization"},{"id":"ee27bc70-8c55-4a4f-87a4-90495397e06d","name":"panel_4","type":"visualization"},{"id":"de9c1a7c-96f6-4d76-8f4c-1bf8915ef199","name":"panel_5","type":"visualization"},{"id":"d2109719-2a70-4f1b-8ee7-b8ccc159f6d0","name":"panel_6","type":"visualization"},{"id":"343f80f5-a6d4-4710-af71-a62c17f9492f","name":"panel_7","type":"visualization"},{"id":"dcff10b9-1fe0-46c5-9795-3fd85ca074e6","name":"panel_8","type":"visualization"},{"id":"682ca65f-9611-434e-af14-cb8554c4d570","name":"panel_9","type":"visualization"},{"id":"795967a5-0b1d-44cd-a081-552e20b062b9","name":"panel_10","type":"visualization"},{"id":"fae68953-a782-41ad-80f3-eb6bfc333359","name":"panel_11","type":"visualization"},{"id":"97d96a8a-e75d-4346-a56c-c4a75e4eb801","name":"panel_12","type":"visualization"},{"id":"768b09c9-bba3-49c1-a810-68479b1a8056","name":"panel_13","type":"visualization"},{"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","name":"panel_14","type":"search"}],"type":"dashboard","updated_at":"2024-04-17T00:46:34.443Z","version":"WzQwNSwxXQ=="} +{"attributes":{"fields":"[{\"count\":0,\"name\":\"@message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"attributes.data_stream.dataset\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"attributes.data_stream.namespace\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"attributes.data_stream.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":2,\"name\":\"aws.s3.bucket\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.copy_source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.delete\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.key\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.part_number\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.s3.upload_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.action\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.az-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.az-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.az-id\"}}},{\"count\":1,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":3,\"name\":\"aws.vpc.dstaddr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.end\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.flow-direction\"}}},{\"count\":0,\"name\":\"aws.vpc.instance-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.instance-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.instance-id\"}}},{\"count\":0,\"name\":\"aws.vpc.interface-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.log-status\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.pkt-dst-aws-service\"}}},{\"count\":1,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.pkt-src-aws-service\"}}},{\"count\":0,\"name\":\"aws.vpc.protocol\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.region.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.region\"}}},{\"count\":1,\"name\":\"aws.vpc.srcaddr\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.start\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.subnet-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.subnet-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.subnet-id\"}}},{\"count\":0,\"name\":\"aws.vpc.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.vpc.vpc-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.vpc-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.vpc.vpc-id\"}}},{\"count\":0,\"name\":\"body\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.account.id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.platform\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"cloud.resource_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.destination.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.destination.address\"}}},{\"count\":0,\"name\":\"communication.destination.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.destination.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.destination.domain\"}}},{\"count\":0,\"name\":\"communication.destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.sock.family\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.source.address\"}}},{\"count\":0,\"name\":\"communication.source.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"communication.source.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"communication.source.domain\"}}},{\"count\":0,\"name\":\"communication.source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.mac\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"communication.source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.domain\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.exception.message\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.exception.stacktrace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.exception.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.result\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.source\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"event.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"instrumentationScope.dropped_attributes_count\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"instrumentationScope.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.name\"}}},{\"count\":0,\"name\":\"instrumentationScope.schemaUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.schemaUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.schemaUrl\"}}},{\"count\":0,\"name\":\"instrumentationScope.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"instrumentationScope.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"instrumentationScope.version\"}}},{\"count\":0,\"name\":\"observedTimestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"observerTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"schemaUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"schemaUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"schemaUrl\"}}},{\"count\":0,\"name\":\"severity.number\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"severity.text\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"severity.text.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"severity.text\"}}},{\"count\":0,\"name\":\"spanId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"traceId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"flint_zeroetl_default_amazon_vpc_flow_new_release__*"},"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU0NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Total Requests","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Total Requests\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Total Requests\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"dc6cedd8-8eec-4db7-8a6a-722050aadf65","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU0NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Request History","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Request History\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"2023-07-19T02:48:00.000Z\",\"to\":\"2023-07-19T02:48:10.000Z\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"73fcebfb-fc36-4c3c-92d8-354b003d3079","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Requests by Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Requests by Direction\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":true}}"},"id":"9d75d3b9-3093-4120-bbce-7bbfdd283045","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU0OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Bytes\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"c25cf44b-016b-4796-a5e8-bc018b28bc1a","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Packets","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Packets\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Packets\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Packets\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"8bc28feb-9149-40fb-b7f2-495008f5102c","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-src-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-src-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Source AWS Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Source AWS Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-src-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"row\":true}}"},"id":"e7e44e10-b9bf-4e37-a1fa-8b9a7c18fafa","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-dst-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-dst-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destination AWS Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destination AWS Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-dst-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"e37b37ff-2926-4da7-a177-4a1b2e2c2de7","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Requests by Direction Metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Requests by Direction Metric\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"d0a7db2b-8a19-4978-87be-1f21aef48b31","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destination Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destination Bytes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"51a7564f-b392-4faa-92b8-909ad827252e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Source Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Source Bytes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"aws.vpc.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a8296e29-b0e4-4287-a723-4ddfc7cb3fcf","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Sources","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Sources\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"6382feef-2b3a-4123-8167-3581d6d3c933","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Top Destinations","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Top Destinations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"e150d97c-ceb8-4a38-82a1-9154fa9064f6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"[AWS VPC Flow Logs 1.0] Flow","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Flow\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n data: [\\n\\t{\\n \\t// query OpenSearch based on the currently selected time range and filter string\\n \\tname: rawData\\n \\turl: {\\n \\tindex: flint_*vpc*__live_mview\\n \\tbody: {\\n \\tsize: 0\\n \\taggs: {\\n \\ttable: {\\n \\tcomposite: {\\n \\tsize: 10000\\n \\tsources: [\\n \\t{\\n \\tstk1: {\\n \\tterms: {field: \\\"aws.vpc.srcaddr\\\"}\\n \\t}\\n \\t}\\n \\t{\\n \\tstk2: {\\n \\tterms: {field: \\\"aws.vpc.dstaddr\\\"}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t// From the result, take just the data we are interested in\\n \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n \\t// Convert key.stk1 -> stk1 for simpler access below\\n \\ttransform: [\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: nodes\\n \\tsource: rawData\\n \\ttransform: [\\n \\t// when a country is selected, filter out unrelated data\\n \\t{\\n \\ttype: filter\\n \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n \\t}\\n \\t// Set new key for later lookups - identifies each node\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n \\t// instead of each table row, create two new rows,\\n \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n \\t{\\n \\ttype: fold\\n \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n \\t}\\n \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n \\tas: sortField\\n \\t}\\n \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n \\t// independently for each stack, and ensuring they are in the proper order,\\n \\t// alphabetical from the top (reversed on the y axis)\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n \\tfield: size\\n \\t}\\n \\t// calculate vertical center point for each node, used to draw edges\\n \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: groups\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// combine all nodes into country groups, summing up the doc counts\\n \\t{\\n \\ttype: aggregate\\n \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n \\tfields: [\\\"size\\\"]\\n \\tops: [\\\"sum\\\"]\\n \\tas: [\\\"total\\\"]\\n \\t}\\n \\t// re-calculate the stacking y0,y1 values\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n \\tfield: total\\n \\t}\\n \\t// project y0 and y1 values to screen coordinates\\n \\t// doing it once here instead of doing it several times in marks\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n \\t// boolean flag if the label should be on the right of the stack\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n \\t// domain upper bound, which represents the total traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.total/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n\\t{\\n \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n \\tname: destinationNodes\\n \\tsource: nodes\\n \\ttransform: [\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: edges\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// we only want nodes from the left stack\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n \\t{\\n \\ttype: lookup\\n \\tfrom: destinationNodes\\n \\tkey: key\\n \\tfields: [\\\"key\\\"]\\n \\tas: [\\\"target\\\"]\\n \\t}\\n \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n \\t{\\n \\ttype: linkpath\\n \\torient: horizontal\\n \\tshape: diagonal\\n \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n \\t}\\n \\t// A little trick to calculate the thickness of the line.\\n \\t// The value needs to be the same as the hight of the node, but scaling\\n \\t// size to screen's height gives inversed value because screen's Y\\n \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n \\t// is at the bottom. So subtracting scaled doc count from screen height\\n \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n \\t{\\n \\ttype: formula\\n \\texpr: range('y')[0]-scale('y', datum.size)\\n \\tas: strokeWidth\\n \\t}\\n \\t// Tooltip needs individual link's percentage of all traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.size/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n ]\\n scales: [\\n\\t{\\n \\t// calculates horizontal stack positioning\\n \\tname: x\\n \\ttype: band\\n \\trange: width\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tpaddingOuter: 0.05\\n \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n \\t// this scale goes up as high as the highest y1 value of all nodes\\n \\tname: y\\n \\ttype: linear\\n \\trange: height\\n \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n \\t// use rawData to ensure the colors stay the same when clicking.\\n \\tname: color\\n \\ttype: ordinal\\n \\trange: category\\n \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n \\tname: stackNames\\n \\ttype: ordinal\\n \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n ]\\n axes: [\\n\\t{\\n \\t// x axis should use custom label formatting to print proper stack names\\n \\torient: bottom\\n \\tscale: x\\n \\tencode: {\\n \\tlabels: {\\n \\tupdate: {\\n \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n \\t}\\n \\t}\\n \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n ]\\n marks: [\\n\\t{\\n \\t// draw the connecting line between stacks\\n \\ttype: path\\n \\tname: edgeMark\\n \\tfrom: {data: \\\"edges\\\"}\\n \\t// this prevents some autosizing issues with large strokeWidth for paths\\n \\tclip: true\\n \\tencode: {\\n \\tupdate: {\\n \\t// By default use color of the left node, except when showing traffic\\n \\t// from just one country, in which case use destination color.\\n \\tstroke: [\\n \\t{\\n \\ttest: groupSelector && groupSelector.stack=='stk1'\\n \\tscale: color\\n \\tfield: stk2\\n \\t}\\n \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n \\t]\\n \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n \\tpath: {field: \\\"path\\\"}\\n \\t// when showing all traffic, and hovering over a country,\\n \\t// highlight the traffic from that country.\\n \\tstrokeOpacity: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n \\t}\\n \\t// Ensure that the hover-selected edges show on top\\n \\tzindex: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n \\t}\\n \\t// format tooltip string\\n \\ttooltip: {\\n \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\t// Simple mouseover highlighting of a single line\\n \\thover: {\\n \\tstrokeOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw stack groups (countries)\\n \\ttype: rect\\n \\tname: groupMark\\n \\tfrom: {data: \\\"groups\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n \\twidth: {scale: \\\"x\\\", band: 1}\\n \\t}\\n \\tupdate: {\\n \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n \\ty: {field: \\\"scaledY0\\\"}\\n \\ty2: {field: \\\"scaledY1\\\"}\\n \\tfillOpacity: {value: 0.6}\\n \\ttooltip: {\\n \\tsignal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\thover: {\\n \\tfillOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw country code labels on the inner side of the stack\\n \\ttype: text\\n \\tfrom: {data: \\\"groups\\\"}\\n \\t// don't process events for the labels - otherwise line mouseover is unclean\\n \\tinteractive: false\\n \\tencode: {\\n \\tupdate: {\\n \\t// depending on which stack it is, position x with some padding\\n \\tx: {\\n \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n \\t}\\n \\t// middle of the group\\n \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\t// only show text label if the group's height is large enough\\n \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n \\ttype: group\\n \\tdata: [\\n \\t// We need to make the button show only when groupSelector signal is true.\\n \\t// Each mark is drawn as many times as there are elements in the backing data.\\n \\t// Which means that if values list is empty, it will not be drawn.\\n \\t// Here I create a data source with one empty object, and filter that list\\n \\t// based on the signal value. This can only be done in a group.\\n \\t{\\n \\tname: dataForShowAll\\n \\tvalues: [{}]\\n \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n \\t}\\n \\t]\\n \\t// Set button size and positioning\\n \\tencode: {\\n \\tenter: {\\n \\txc: {signal: \\\"width/2\\\"}\\n \\ty: {value: 30}\\n \\twidth: {value: 80}\\n \\theight: {value: 30}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\t// This group is shown as a button with rounded corners.\\n \\ttype: group\\n \\t// mark name allows signal capturing\\n \\tname: groupReset\\n \\t// Only shows button if dataForShowAll has values.\\n \\tfrom: {data: \\\"dataForShowAll\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tcornerRadius: {value: 6}\\n \\tfill: {value: \\\"#F5F7FA\\\"}\\n \\tstroke: {value: \\\"#c1c1c1\\\"}\\n \\tstrokeWidth: {value: 2}\\n \\t// use parent group's size\\n \\theight: {\\n \\tfield: {group: \\\"height\\\"}\\n \\t}\\n \\twidth: {\\n \\tfield: {group: \\\"width\\\"}\\n \\t}\\n \\t}\\n \\tupdate: {\\n \\t// groups are transparent by default\\n \\topacity: {value: 1}\\n \\t}\\n \\thover: {\\n \\topacity: {value: 0.7}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\ttype: text\\n \\t// if true, it will prevent clicking on the button when over text.\\n \\tinteractive: false\\n \\tencode: {\\n \\tenter: {\\n \\t// center text in the paren group\\n \\txc: {\\n \\tfield: {group: \\\"width\\\"}\\n \\tmult: 0.5\\n \\t}\\n \\tyc: {\\n \\tfield: {group: \\\"height\\\"}\\n \\tmult: 0.5\\n \\toffset: 2\\n \\t}\\n \\talign: {value: \\\"center\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\ttext: {value: \\\"Show All\\\"}\\n \\t}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t]\\n\\t}\\n ]\\n signals: [\\n\\t{\\n \\t// used to highlight traffic to/from the same country\\n \\tname: groupHover\\n \\tvalue: {}\\n \\ton: [\\n \\t{\\n \\tevents: @groupMark:mouseover\\n \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n \\tname: groupSelector\\n \\tvalue: false\\n \\ton: [\\n \\t{\\n \\t// Clicking groupMark sets this signal to the filter values\\n \\tevents: @groupMark:click!\\n \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{\\n \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n \\tevents: [\\n \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n \\t{type: \\\"dblclick\\\"}\\n \\t]\\n \\tupdate: \\\"false\\\"\\n \\t}\\n \\t]\\n\\t}\\n ]\\n}\\n\"}}"},"id":"0e694bb1-ded3-454f-8d12-dd9234a3b91b","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2024-05-23T01:41:20.805Z","version":"WzEwMDcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.srcaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"[AWS VPC Flow Logs 1.0] Heat Map","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"[AWS VPC Flow Logs 1.0] Heat Map\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Address\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Address\"},\"schema\":\"group\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"id":"8fa03bc9-aac3-4303-be9e-dab6fdb919d6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU2MCwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"interval_start_time\",\"calendar_interval\":\"1d\",\"time_zone\":\"America/Vancouver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"VPC - Live Raw Search","version":1},"id":"a4b45e7a-8eee-45d3-8d48-c21bd17c5c25","migrationVersion":{"search":"7.9.3"},"references":[{"id":"cfee1484-73a2-406b-b291-1a7eb46bf660","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-05-22T06:13:26.555Z","version":"WzU2MSwxXQ=="} +{"attributes":{"description":"VPC Flow Logs dashboard with basic Observability\nonly using live MV queries projection","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"ea07e9f4-6719-4c34-bfb8-ca48e9fda75b\",\"w\":11,\"x\":0,\"y\":0},\"panelIndex\":\"ea07e9f4-6719-4c34-bfb8-ca48e9fda75b\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"9931d8df-e493-4649-9934-0a24c8b091f8\",\"w\":25,\"x\":11,\"y\":0},\"panelIndex\":\"9931d8df-e493-4649-9934-0a24c8b091f8\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"816b48d0-7c09-42e9-97be-a19c17634fc5\",\"w\":11,\"x\":36,\"y\":0},\"panelIndex\":\"816b48d0-7c09-42e9-97be-a19c17634fc5\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"6b04df64-559d-4d48-b454-ddeec66690d1\",\"w\":22,\"x\":0,\"y\":13},\"panelIndex\":\"6b04df64-559d-4d48-b454-ddeec66690d1\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"fb0eb25c-f2b3-484c-9125-4bc201e97b3f\",\"w\":25,\"x\":22,\"y\":13},\"panelIndex\":\"fb0eb25c-f2b3-484c-9125-4bc201e97b3f\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"79b5d7c5-7e66-4f92-b8ad-80a42167d181\",\"w\":15,\"x\":0,\"y\":26},\"panelIndex\":\"79b5d7c5-7e66-4f92-b8ad-80a42167d181\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"8bbe7594-e52c-4fa6-8432-f265d0db5fd8\",\"w\":14,\"x\":15,\"y\":26},\"panelIndex\":\"8bbe7594-e52c-4fa6-8432-f265d0db5fd8\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"4ea77bab-a48b-4ccf-b8e0-6b2f5b5c337a\",\"w\":18,\"x\":29,\"y\":26},\"panelIndex\":\"4ea77bab-a48b-4ccf-b8e0-6b2f5b5c337a\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"d9e75376-2d8c-49f4-babb-335e73c99dee\",\"w\":12,\"x\":0,\"y\":41},\"panelIndex\":\"d9e75376-2d8c-49f4-babb-335e73c99dee\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"8844e89c-9c06-4141-899f-b1f6fdde901b\",\"w\":12,\"x\":12,\"y\":41},\"panelIndex\":\"8844e89c-9c06-4141-899f-b1f6fdde901b\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"b4d94532-59cf-454e-98a2-beb15b8a752f\",\"w\":12,\"x\":24,\"y\":41},\"panelIndex\":\"b4d94532-59cf-454e-98a2-beb15b8a752f\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"505c0278-0d96-4617-9976-7bd9a8787e3a\",\"w\":12,\"x\":36,\"y\":41},\"panelIndex\":\"505c0278-0d96-4617-9976-7bd9a8787e3a\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":27,\"i\":\"fb0edb10-2e2a-4b3f-99a5-22ffe95e3250\",\"w\":24,\"x\":0,\"y\":56},\"panelIndex\":\"fb0edb10-2e2a-4b3f-99a5-22ffe95e3250\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"vis\":null},\"gridData\":{\"h\":27,\"i\":\"5392e5cd-13cc-4904-abe7-1e183dc59478\",\"w\":24,\"x\":24,\"y\":56},\"panelIndex\":\"5392e5cd-13cc-4904-abe7-1e183dc59478\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"291bd66b-062e-4019-90e7-e2b0da7c284a\",\"w\":48,\"x\":0,\"y\":83},\"panelIndex\":\"291bd66b-062e-4019-90e7-e2b0da7c284a\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"AWS VPC Flow Logs Only-Live Overview","version":1},"id":"797eceae-7fff-45e9-948f-354368937cbd","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"dc6cedd8-8eec-4db7-8a6a-722050aadf65","name":"panel_0","type":"visualization"},{"id":"73fcebfb-fc36-4c3c-92d8-354b003d3079","name":"panel_1","type":"visualization"},{"id":"9d75d3b9-3093-4120-bbce-7bbfdd283045","name":"panel_2","type":"visualization"},{"id":"c25cf44b-016b-4796-a5e8-bc018b28bc1a","name":"panel_3","type":"visualization"},{"id":"8bc28feb-9149-40fb-b7f2-495008f5102c","name":"panel_4","type":"visualization"},{"id":"e7e44e10-b9bf-4e37-a1fa-8b9a7c18fafa","name":"panel_5","type":"visualization"},{"id":"e37b37ff-2926-4da7-a177-4a1b2e2c2de7","name":"panel_6","type":"visualization"},{"id":"d0a7db2b-8a19-4978-87be-1f21aef48b31","name":"panel_7","type":"visualization"},{"id":"51a7564f-b392-4faa-92b8-909ad827252e","name":"panel_8","type":"visualization"},{"id":"a8296e29-b0e4-4287-a723-4ddfc7cb3fcf","name":"panel_9","type":"visualization"},{"id":"6382feef-2b3a-4123-8167-3581d6d3c933","name":"panel_10","type":"visualization"},{"id":"e150d97c-ceb8-4a38-82a1-9154fa9064f6","name":"panel_11","type":"visualization"},{"id":"0e694bb1-ded3-454f-8d12-dd9234a3b91b","name":"panel_12","type":"visualization"},{"id":"8fa03bc9-aac3-4303-be9e-dab6fdb919d6","name":"panel_13","type":"visualization"},{"id":"a4b45e7a-8eee-45d3-8d48-c21bd17c5c25","name":"panel_14","type":"search"}],"type":"dashboard","updated_at":"2024-05-23T01:41:47.481Z","version":"WzEwMDgsMV0="} {"exportedCount":17,"missingRefCount":0,"missingReferences":[]} diff --git a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson index a57ebb774..28ca23c8c 100644 --- a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson +++ b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/aws_vpc_flow_flint-pre_agg-1.0.0.ndjson @@ -1,19 +1,19 @@ -{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.activity_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.category_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.class_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_account_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.boundary\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.tcp_flags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.disposition\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.severity\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.status_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.type_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"interval_end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"interval_start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_connections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"interval_start_time","title":"flint_zero_etl_amazons3_default_vpc_integration_*"},"id":"82591050-f957-11ee-a76d-adfe4df99235","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-13T05:34:33.941Z","version":"WzMwMiwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"interval_start_time\",\"calendar_interval\":\"1d\",\"time_zone\":\"America/Vancouver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"VPC - Live Raw Search","version":1},"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","migrationVersion":{"search":"7.9.3"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-04-15T02:35:45.806Z","version":"WzM0MCwxXQ=="} -{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.activity_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.category_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.class_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_account_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.boundary\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.tcp_flags\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.disposition\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.severity\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.status_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.type_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"start_time","title":"flint_zero_etl_amazons3_default_vpcflow_raw_live_view_mv"},"id":"576bb580-f3b9-11ee-ac0d-035f63514f06","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-06T01:59:45.623Z","version":"WzI0MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"aws.vpc.dstaddr\",\"value\":\"-\",\"params\":[\"-\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"aws.vpc.srcaddr\",\"value\":\"-\",\"params\":[\"-\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"Live VPC Sankey IP Flow Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Live VPC Sankey IP Flow Graph\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n data: [\\n\\t{\\n \\t// query OpenSearch based on the currently selected time range and filter string\\n \\tname: rawData\\n \\turl: {\\n \\tindex: flint_zero_etl_amazons3_default_vpc_integration_*\\n \\tbody: {\\n \\tsize: 0\\n \\taggs: {\\n \\ttable: {\\n \\tcomposite: {\\n \\tsize: 10000\\n \\tsources: [\\n \\t{\\n \\tstk1: {\\n \\tterms: {field: \\\"aws.vpc.srcaddr\\\"}\\n \\t}\\n \\t}\\n \\t{\\n \\tstk2: {\\n \\tterms: {field: \\\"aws.vpc.dstaddr\\\"}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t// From the result, take just the data we are interested in\\n \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n \\t// Convert key.stk1 -> stk1 for simpler access below\\n \\ttransform: [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"datum.key.stk1 !== '-' && datum.key.stk2 !== '-'\\\"\\n },\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: nodes\\n \\tsource: rawData\\n \\ttransform: [\\n \\t// when a country is selected, filter out unrelated data\\n \\t{\\n \\ttype: filter\\n \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n \\t}\\n \\t// Set new key for later lookups - identifies each node\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n \\t// instead of each table row, create two new rows,\\n \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n \\t{\\n \\ttype: fold\\n \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n \\t}\\n \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n \\tas: sortField\\n \\t}\\n \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n \\t// independently for each stack, and ensuring they are in the proper order,\\n \\t// alphabetical from the top (reversed on the y axis)\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n \\tfield: size\\n \\t}\\n \\t// calculate vertical center point for each node, used to draw edges\\n \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: groups\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// combine all nodes into country groups, summing up the doc counts\\n \\t{\\n \\ttype: aggregate\\n \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n \\tfields: [\\\"size\\\"]\\n \\tops: [\\\"sum\\\"]\\n \\tas: [\\\"total\\\"]\\n \\t}\\n \\t// re-calculate the stacking y0,y1 values\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n \\tfield: total\\n \\t}\\n \\t// project y0 and y1 values to screen coordinates\\n \\t// doing it once here instead of doing it several times in marks\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n \\t// boolean flag if the label should be on the right of the stack\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n \\t// domain upper bound, which represents the total traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.total/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n\\t{\\n \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n \\tname: destinationNodes\\n \\tsource: nodes\\n \\ttransform: [\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: edges\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// we only want nodes from the left stack\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n \\t{\\n \\ttype: lookup\\n \\tfrom: destinationNodes\\n \\tkey: key\\n \\tfields: [\\\"key\\\"]\\n \\tas: [\\\"target\\\"]\\n \\t}\\n \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n \\t{\\n \\ttype: linkpath\\n \\torient: horizontal\\n \\tshape: diagonal\\n \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n \\t}\\n \\t// A little trick to calculate the thickness of the line.\\n \\t// The value needs to be the same as the hight of the node, but scaling\\n \\t// size to screen's height gives inversed value because screen's Y\\n \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n \\t// is at the bottom. So subtracting scaled doc count from screen height\\n \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n \\t{\\n \\ttype: formula\\n \\texpr: range('y')[0]-scale('y', datum.size)\\n \\tas: strokeWidth\\n \\t}\\n \\t// Tooltip needs individual link's percentage of all traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.size/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n ]\\n scales: [\\n\\t{\\n \\t// calculates horizontal stack positioning\\n \\tname: x\\n \\ttype: band\\n \\trange: width\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tpaddingOuter: 0.05\\n \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n \\t// this scale goes up as high as the highest y1 value of all nodes\\n \\tname: y\\n \\ttype: linear\\n \\trange: height\\n \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n \\t// use rawData to ensure the colors stay the same when clicking.\\n \\tname: color\\n \\ttype: ordinal\\n \\trange: category\\n \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n \\tname: stackNames\\n \\ttype: ordinal\\n \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n ]\\n axes: [\\n\\t{\\n \\t// x axis should use custom label formatting to print proper stack names\\n \\torient: bottom\\n \\tscale: x\\n \\tencode: {\\n \\tlabels: {\\n \\tupdate: {\\n \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n \\t}\\n \\t}\\n \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n ]\\n marks: [\\n\\t{\\n \\t// draw the connecting line between stacks\\n \\ttype: path\\n \\tname: edgeMark\\n \\tfrom: {data: \\\"edges\\\"}\\n \\t// this prevents some autosizing issues with large strokeWidth for paths\\n \\tclip: true\\n \\tencode: {\\n \\tupdate: {\\n \\t// By default use color of the left node, except when showing traffic\\n \\t// from just one country, in which case use destination color.\\n \\tstroke: [\\n \\t{\\n \\ttest: groupSelector && groupSelector.stack=='stk1'\\n \\tscale: color\\n \\tfield: stk2\\n \\t}\\n \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n \\t]\\n \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n \\tpath: {field: \\\"path\\\"}\\n \\t// when showing all traffic, and hovering over a country,\\n \\t// highlight the traffic from that country.\\n \\tstrokeOpacity: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n \\t}\\n \\t// Ensure that the hover-selected edges show on top\\n \\tzindex: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n \\t}\\n \\t// format tooltip string\\n \\ttooltip: {\\n \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\t// Simple mouseover highlighting of a single line\\n \\thover: {\\n \\tstrokeOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw stack groups (countries)\\n \\ttype: rect\\n \\tname: groupMark\\n \\tfrom: {data: \\\"groups\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n \\twidth: {scale: \\\"x\\\", band: 1}\\n \\t}\\n \\tupdate: {\\n \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n \\ty: {field: \\\"scaledY0\\\"}\\n \\ty2: {field: \\\"scaledY1\\\"}\\n \\tfillOpacity: {value: 0.6}\\n \\ttooltip: {\\n \\tsignal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\thover: {\\n \\tfillOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw country code labels on the inner side of the stack\\n \\ttype: text\\n \\tfrom: {data: \\\"groups\\\"}\\n \\t// don't process events for the labels - otherwise line mouseover is unclean\\n \\tinteractive: false\\n \\tencode: {\\n \\tupdate: {\\n \\t// depending on which stack it is, position x with some padding\\n \\tx: {\\n \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n \\t}\\n \\t// middle of the group\\n \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\t// only show text label if the group's height is large enough\\n \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n \\ttype: group\\n \\tdata: [\\n \\t// We need to make the button show only when groupSelector signal is true.\\n \\t// Each mark is drawn as many times as there are elements in the backing data.\\n \\t// Which means that if values list is empty, it will not be drawn.\\n \\t// Here I create a data source with one empty object, and filter that list\\n \\t// based on the signal value. This can only be done in a group.\\n \\t{\\n \\tname: dataForShowAll\\n \\tvalues: [{}]\\n \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n \\t}\\n \\t]\\n \\t// Set button size and positioning\\n \\tencode: {\\n \\tenter: {\\n \\txc: {signal: \\\"width/2\\\"}\\n \\ty: {value: 30}\\n \\twidth: {value: 80}\\n \\theight: {value: 30}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\t// This group is shown as a button with rounded corners.\\n \\ttype: group\\n \\t// mark name allows signal capturing\\n \\tname: groupReset\\n \\t// Only shows button if dataForShowAll has values.\\n \\tfrom: {data: \\\"dataForShowAll\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tcornerRadius: {value: 6}\\n \\tfill: {value: \\\"#F5F7FA\\\"}\\n \\tstroke: {value: \\\"#c1c1c1\\\"}\\n \\tstrokeWidth: {value: 2}\\n \\t// use parent group's size\\n \\theight: {\\n \\tfield: {group: \\\"height\\\"}\\n \\t}\\n \\twidth: {\\n \\tfield: {group: \\\"width\\\"}\\n \\t}\\n \\t}\\n \\tupdate: {\\n \\t// groups are transparent by default\\n \\topacity: {value: 1}\\n \\t}\\n \\thover: {\\n \\topacity: {value: 0.7}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\ttype: text\\n \\t// if true, it will prevent clicking on the button when over text.\\n \\tinteractive: false\\n \\tencode: {\\n \\tenter: {\\n \\t// center text in the paren group\\n \\txc: {\\n \\tfield: {group: \\\"width\\\"}\\n \\tmult: 0.5\\n \\t}\\n \\tyc: {\\n \\tfield: {group: \\\"height\\\"}\\n \\tmult: 0.5\\n \\toffset: 2\\n \\t}\\n \\talign: {value: \\\"center\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\ttext: {value: \\\"Show All\\\"}\\n \\t}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t]\\n\\t}\\n ]\\n signals: [\\n\\t{\\n \\t// used to highlight traffic to/from the same country\\n \\tname: groupHover\\n \\tvalue: {}\\n \\ton: [\\n \\t{\\n \\tevents: @groupMark:mouseover\\n \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n \\tname: groupSelector\\n \\tvalue: false\\n \\ton: [\\n \\t{\\n \\t// Clicking groupMark sets this signal to the filter values\\n \\tevents: @groupMark:click!\\n \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{\\n \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n \\tevents: [\\n \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n \\t{type: \\\"dblclick\\\"}\\n \\t]\\n \\tupdate: \\\"false\\\"\\n \\t}\\n \\t]\\n\\t}\\n ]\\n}\\n\"}}"},"id":"69c857b0-f5e4-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"576bb580-f3b9-11ee-ac0d-035f63514f06","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"576bb580-f3b9-11ee-ac0d-035f63514f06","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:50:20.409Z","version":"WzMyOCwxXQ=="} -{"attributes":{"description":"Total Connections using Agg projection","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total VPC Connections ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total VPC Connections \",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_connections\",\"customLabel\":\"total count connections\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"59059230-fac6-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:20:29.907Z","version":"WzMwMywxXQ=="} -{"attributes":{"description":"Get sum of requests status","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Requests By Status Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Requests By Status Type\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"status\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.status_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d65de390-fac6-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:24:00.201Z","version":"WzMwNSwxXQ=="} -{"attributes":{"description":"VPC connections hourly agg count","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC connections hourly Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC connections hourly Count\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_connections\",\"customLabel\":\"Connections\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-06-05T01:12:24.910Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Connections\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"63cd5120-fac7-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:28:04.437Z","version":"WzMwOCwxXQ=="} -{"attributes":{"description":"VPC Id pie chart","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Id Pie Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Id Pie Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC Source Id\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.src-vpc_uid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VPC - Source Id\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c992a190-fac7-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:32:36.049Z","version":"WzMxNCwxXQ=="} -{"attributes":{"description":"VPC total connection's hourly connections bytes summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Hourly Total Connection's Byte Sum","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Hourly Total Connection's Byte Sum\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"total bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-05-02T01:19:45.232Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"total bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"total bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"717bb540-fac8-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:35:29.939Z","version":"WzMxNSwxXQ=="} -{"attributes":{"description":"VPC Hourly Total Connection's Packets summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Hourly Total Connection's Packets Sum","uiStateJSON":"{\"vis\":{\"colors\":{\"Packats Sum\":\"#7ba4cb\"}}}","version":1,"visState":"{\"title\":\"VPC Hourly Total Connection's Packets Sum\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_packets\",\"customLabel\":\"Packats Sum\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-06-02T01:22:26.633Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Packats Sum\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Packats Sum\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"d9b9f4f0-fac8-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:38:34.222Z","version":"WzMxOCwxXQ=="} -{"attributes":{"description":"VPC Summary of Connection's directions","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Connections Directions Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Connections Directions Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"3d283600-fac9-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:41:15.627Z","version":"WzMyMSwxXQ=="} -{"attributes":{"description":"VPC Top Destination Addresses (by count agg)","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destination Addresses ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destination Addresses \",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_count\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Address\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Requests\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Requests\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"c7a9f980-fac9-11ee-bcb2-63941cdc5839","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:45:04.024Z","version":"WzMyMywxXQ=="} -{"attributes":{"description":"VPC Top Destinations By bytes summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destinations By Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destinations By Bytes\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"487d40d0-faca-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:48:50.336Z","version":"WzMyNiwxXQ=="} -{"attributes":{"description":"IP source to destination heat map aggregation","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.srcaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"IP HeatMap Summary","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IP HeatMap Summary\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"group\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"id":"26926ee0-facb-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T01:54:57.007Z","version":"WzMzMSwxXQ=="} -{"attributes":{"description":"VPC Top Source Services Summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-src-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-src-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Source Services Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Source Services Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Services\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-src-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Services\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d5279ec0-facc-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T02:07:05.138Z","version":"WzMzNSwxXQ=="} -{"attributes":{"description":"VPC Top Destination Services Summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-dst-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-dst-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destination Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destination Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Services\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-dst-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Services\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"27a49040-facd-11ee-ac0d-035f63514f06","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"82591050-f957-11ee-a76d-adfe4df99235","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-15T02:09:13.539Z","version":"WzMzNywxXQ=="} -{"attributes":{"description":"Live VPC Logs Timeline","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Live VPC Logs TimeLine","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Live VPC Logs TimeLine\",\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".opensearch(index=flint_zero_etl_amazons3_default_vpc_integration_*)\",\"interval\":\"auto\"}}"},"id":"b4307ed0-fad1-11ee-a76d-adfe4df99235","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2024-04-15T02:41:47.325Z","version":"WzM0MSwxXQ=="} -{"attributes":{"description":"VPC Flow Logs dashboard with basic Observability\n- using pre-aggregated auto sync MV's\n- using one week live vpc stream data","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"2.11.0\",\"gridData\":{\"h\":15,\"i\":\"5273b8b5-d2f3-4b60-9470-0602312dc7b0\",\"w\":48,\"x\":0,\"y\":94},\"panelIndex\":\"5273b8b5-d2f3-4b60-9470-0602312dc7b0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":30,\"i\":\"734bfb96-97b9-4b73-be67-ca2ea5e9f6c9\",\"w\":24,\"x\":0,\"y\":51},\"panelIndex\":\"734bfb96-97b9-4b73-be67-ca2ea5e9f6c9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":8,\"i\":\"ea6955a9-7954-4b25-86bb-9fd3d72505d7\",\"w\":11,\"x\":0,\"y\":0},\"panelIndex\":\"ea6955a9-7954-4b25-86bb-9fd3d72505d7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":10,\"i\":\"9b53600a-5b6b-4d73-a251-a9cd22ba74de\",\"w\":11,\"x\":0,\"y\":8},\"panelIndex\":\"9b53600a-5b6b-4d73-a251-a9cd22ba74de\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":18,\"i\":\"b964f5f7-7ee9-4127-90d7-bc305e1cb844\",\"w\":24,\"x\":11,\"y\":0},\"panelIndex\":\"b964f5f7-7ee9-4127-90d7-bc305e1cb844\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":18,\"i\":\"48598628-3542-4a1a-af34-80e6d2158fa3\",\"w\":13,\"x\":35,\"y\":0},\"panelIndex\":\"48598628-3542-4a1a-af34-80e6d2158fa3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":17,\"i\":\"5cf2eebd-f3c9-43c6-9b64-7b7ec8bbc5d9\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"5cf2eebd-f3c9-43c6-9b64-7b7ec8bbc5d9\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"total bytes\":\"#a87691\"}}},\"panelRefName\":\"panel_6\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":17,\"i\":\"10f10c13-633b-4933-a653-0f0303b32f75\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"10f10c13-633b-4933-a653-0f0303b32f75\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":16,\"i\":\"df9f5173-31a7-4cb3-b1b7-790e7f0c9deb\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"df9f5173-31a7-4cb3-b1b7-790e7f0c9deb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":16,\"i\":\"e11f3a05-a229-408a-a6b5-cb935dc41442\",\"w\":17,\"x\":12,\"y\":35},\"panelIndex\":\"e11f3a05-a229-408a-a6b5-cb935dc41442\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Requests\":\"#ca8eae\"}}},\"panelRefName\":\"panel_9\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":16,\"i\":\"6e7015b3-f04e-4ff4-884f-4698c60dff33\",\"w\":19,\"x\":29,\"y\":35},\"panelIndex\":\"6e7015b3-f04e-4ff4-884f-4698c60dff33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.11.0\",\"gridData\":{\"h\":15,\"i\":\"3f3f74b4-b151-43a3-a820-978712b8f7d1\",\"w\":24,\"x\":24,\"y\":51},\"panelIndex\":\"3f3f74b4-b151-43a3-a820-978712b8f7d1\",\"embeddableConfig\":{\"vis\":null},\"panelRefName\":\"panel_11\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":24,\"y\":66,\"w\":12,\"h\":15,\"i\":\"41210c02-f7c2-4ae9-8c6c-7f7323068896\"},\"panelIndex\":\"41210c02-f7c2-4ae9-8c6c-7f7323068896\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":36,\"y\":66,\"w\":12,\"h\":15,\"i\":\"749bf6dc-4ef1-4e95-916b-260baaff8c4a\"},\"panelIndex\":\"749bf6dc-4ef1-4e95-916b-260baaff8c4a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"2.11.0\",\"gridData\":{\"x\":0,\"y\":81,\"w\":48,\"h\":13,\"i\":\"51896973-ef3d-4a2d-a811-4834abbdf829\"},\"panelIndex\":\"51896973-ef3d-4a2d-a811-4834abbdf829\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"AWS VPC Flow Logs Overview Flint Aligned","version":1},"id":"44ef8120-f954-11ee-ac0d-035f63514f06","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"ace5ba60-f3b9-11ee-bcb2-63941cdc5839","name":"panel_0","type":"search"},{"id":"69c857b0-f5e4-11ee-ac0d-035f63514f06","name":"panel_1","type":"visualization"},{"id":"59059230-fac6-11ee-a76d-adfe4df99235","name":"panel_2","type":"visualization"},{"id":"d65de390-fac6-11ee-a76d-adfe4df99235","name":"panel_3","type":"visualization"},{"id":"63cd5120-fac7-11ee-ac0d-035f63514f06","name":"panel_4","type":"visualization"},{"id":"c992a190-fac7-11ee-ac0d-035f63514f06","name":"panel_5","type":"visualization"},{"id":"717bb540-fac8-11ee-a76d-adfe4df99235","name":"panel_6","type":"visualization"},{"id":"d9b9f4f0-fac8-11ee-a76d-adfe4df99235","name":"panel_7","type":"visualization"},{"id":"3d283600-fac9-11ee-ac0d-035f63514f06","name":"panel_8","type":"visualization"},{"id":"c7a9f980-fac9-11ee-bcb2-63941cdc5839","name":"panel_9","type":"visualization"},{"id":"487d40d0-faca-11ee-ac0d-035f63514f06","name":"panel_10","type":"visualization"},{"id":"26926ee0-facb-11ee-a76d-adfe4df99235","name":"panel_11","type":"visualization"},{"id":"d5279ec0-facc-11ee-ac0d-035f63514f06","name":"panel_12","type":"visualization"},{"id":"27a49040-facd-11ee-ac0d-035f63514f06","name":"panel_13","type":"visualization"},{"id":"b4307ed0-fad1-11ee-a76d-adfe4df99235","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2024-04-15T02:42:17.764Z","version":"WzM0MiwxXQ=="} +{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.activity_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.category_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.class_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_account_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.boundary\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.tcp_flags\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.disposition\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.severity\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.status_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.type_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"interval_end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"interval_start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_connections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"total_packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"interval_start_time","title":"flint_zeroetl_default_amazon_vpc_flow_newest__*"},"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNTYsMV0="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"interval_start_time\",\"calendar_interval\":\"1d\",\"time_zone\":\"America/Vancouver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"VPC - Live Raw Search","version":1},"id":"118a9233-2997-46cd-88ca-da43eb11ca06","migrationVersion":{"search":"7.9.3"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNTcsMV0="} +{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.vpc.account-id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.activity_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.category_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.class_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_account_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_provider\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.cloud_zone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.boundary\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_num\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.protocol_ver\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.connection.tcp_flags\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.disposition\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dst-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.dstport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.flow-direction\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-dst-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.pkt-src-aws-service\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.region\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.severity\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-instance_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-interface_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-subnet_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.src-vpc_uid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcaddr\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.srcport\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.status_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.vpc.type_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"end_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"start_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"start_time","title":"flint_zeroetl_default_amazon_vpc_flow_newest__*"},"id":"e0eb2595-479f-429d-8be3-20556bf4c386","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNTgsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"aws.vpc.dstaddr\",\"value\":\"-\",\"params\":[\"-\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"aws.vpc.srcaddr\",\"value\":\"-\",\"params\":[\"-\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"title":"Live VPC Sankey IP Flow Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Live VPC Sankey IP Flow Graph\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n data: [\\n\\t{\\n \\t// query OpenSearch based on the currently selected time range and filter string\\n \\tname: rawData\\n \\turl: {\\n \\tindex: flint_*vpc*__live_mview\\n \\tbody: {\\n \\tsize: 0\\n \\taggs: {\\n \\ttable: {\\n \\tcomposite: {\\n \\tsize: 10000\\n \\tsources: [\\n \\t{\\n \\tstk1: {\\n \\tterms: {field: \\\"aws.vpc.srcaddr\\\"}\\n \\t}\\n \\t}\\n \\t{\\n \\tstk2: {\\n \\tterms: {field: \\\"aws.vpc.dstaddr\\\"}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t// From the result, take just the data we are interested in\\n \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n \\t// Convert key.stk1 -> stk1 for simpler access below\\n \\ttransform: [\\n {\\n \\\"type\\\": \\\"filter\\\",\\n \\\"expr\\\": \\\"datum.key.stk1 !== '-' && datum.key.stk2 !== '-'\\\"\\n },\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: nodes\\n \\tsource: rawData\\n \\ttransform: [\\n \\t// when a country is selected, filter out unrelated data\\n \\t{\\n \\ttype: filter\\n \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n \\t}\\n \\t// Set new key for later lookups - identifies each node\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n \\t// instead of each table row, create two new rows,\\n \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n \\t{\\n \\ttype: fold\\n \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n \\t}\\n \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n \\tas: sortField\\n \\t}\\n \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n \\t// independently for each stack, and ensuring they are in the proper order,\\n \\t// alphabetical from the top (reversed on the y axis)\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n \\tfield: size\\n \\t}\\n \\t// calculate vertical center point for each node, used to draw edges\\n \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: groups\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// combine all nodes into country groups, summing up the doc counts\\n \\t{\\n \\ttype: aggregate\\n \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n \\tfields: [\\\"size\\\"]\\n \\tops: [\\\"sum\\\"]\\n \\tas: [\\\"total\\\"]\\n \\t}\\n \\t// re-calculate the stacking y0,y1 values\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n \\tfield: total\\n \\t}\\n \\t// project y0 and y1 values to screen coordinates\\n \\t// doing it once here instead of doing it several times in marks\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n \\t// boolean flag if the label should be on the right of the stack\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n \\t// domain upper bound, which represents the total traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.total/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n\\t{\\n \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n \\tname: destinationNodes\\n \\tsource: nodes\\n \\ttransform: [\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: edges\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// we only want nodes from the left stack\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n \\t{\\n \\ttype: lookup\\n \\tfrom: destinationNodes\\n \\tkey: key\\n \\tfields: [\\\"key\\\"]\\n \\tas: [\\\"target\\\"]\\n \\t}\\n \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n \\t{\\n \\ttype: linkpath\\n \\torient: horizontal\\n \\tshape: diagonal\\n \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n \\t}\\n \\t// A little trick to calculate the thickness of the line.\\n \\t// The value needs to be the same as the hight of the node, but scaling\\n \\t// size to screen's height gives inversed value because screen's Y\\n \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n \\t// is at the bottom. So subtracting scaled doc count from screen height\\n \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n \\t{\\n \\ttype: formula\\n \\texpr: range('y')[0]-scale('y', datum.size)\\n \\tas: strokeWidth\\n \\t}\\n \\t// Tooltip needs individual link's percentage of all traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.size/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n ]\\n scales: [\\n\\t{\\n \\t// calculates horizontal stack positioning\\n \\tname: x\\n \\ttype: band\\n \\trange: width\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tpaddingOuter: 0.05\\n \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n \\t// this scale goes up as high as the highest y1 value of all nodes\\n \\tname: y\\n \\ttype: linear\\n \\trange: height\\n \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n \\t// use rawData to ensure the colors stay the same when clicking.\\n \\tname: color\\n \\ttype: ordinal\\n \\trange: category\\n \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n \\tname: stackNames\\n \\ttype: ordinal\\n \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n ]\\n axes: [\\n\\t{\\n \\t// x axis should use custom label formatting to print proper stack names\\n \\torient: bottom\\n \\tscale: x\\n \\tencode: {\\n \\tlabels: {\\n \\tupdate: {\\n \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n \\t}\\n \\t}\\n \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n ]\\n marks: [\\n\\t{\\n \\t// draw the connecting line between stacks\\n \\ttype: path\\n \\tname: edgeMark\\n \\tfrom: {data: \\\"edges\\\"}\\n \\t// this prevents some autosizing issues with large strokeWidth for paths\\n \\tclip: true\\n \\tencode: {\\n \\tupdate: {\\n \\t// By default use color of the left node, except when showing traffic\\n \\t// from just one country, in which case use destination color.\\n \\tstroke: [\\n \\t{\\n \\ttest: groupSelector && groupSelector.stack=='stk1'\\n \\tscale: color\\n \\tfield: stk2\\n \\t}\\n \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n \\t]\\n \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n \\tpath: {field: \\\"path\\\"}\\n \\t// when showing all traffic, and hovering over a country,\\n \\t// highlight the traffic from that country.\\n \\tstrokeOpacity: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n \\t}\\n \\t// Ensure that the hover-selected edges show on top\\n \\tzindex: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n \\t}\\n \\t// format tooltip string\\n \\ttooltip: {\\n \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\t// Simple mouseover highlighting of a single line\\n \\thover: {\\n \\tstrokeOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw stack groups (countries)\\n \\ttype: rect\\n \\tname: groupMark\\n \\tfrom: {data: \\\"groups\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n \\twidth: {scale: \\\"x\\\", band: 1}\\n \\t}\\n \\tupdate: {\\n \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n \\ty: {field: \\\"scaledY0\\\"}\\n \\ty2: {field: \\\"scaledY1\\\"}\\n \\tfillOpacity: {value: 0.6}\\n \\ttooltip: {\\n \\tsignal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\thover: {\\n \\tfillOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw country code labels on the inner side of the stack\\n \\ttype: text\\n \\tfrom: {data: \\\"groups\\\"}\\n \\t// don't process events for the labels - otherwise line mouseover is unclean\\n \\tinteractive: false\\n \\tencode: {\\n \\tupdate: {\\n \\t// depending on which stack it is, position x with some padding\\n \\tx: {\\n \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n \\t}\\n \\t// middle of the group\\n \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\t// only show text label if the group's height is large enough\\n \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n \\ttype: group\\n \\tdata: [\\n \\t// We need to make the button show only when groupSelector signal is true.\\n \\t// Each mark is drawn as many times as there are elements in the backing data.\\n \\t// Which means that if values list is empty, it will not be drawn.\\n \\t// Here I create a data source with one empty object, and filter that list\\n \\t// based on the signal value. This can only be done in a group.\\n \\t{\\n \\tname: dataForShowAll\\n \\tvalues: [{}]\\n \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n \\t}\\n \\t]\\n \\t// Set button size and positioning\\n \\tencode: {\\n \\tenter: {\\n \\txc: {signal: \\\"width/2\\\"}\\n \\ty: {value: 30}\\n \\twidth: {value: 80}\\n \\theight: {value: 30}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\t// This group is shown as a button with rounded corners.\\n \\ttype: group\\n \\t// mark name allows signal capturing\\n \\tname: groupReset\\n \\t// Only shows button if dataForShowAll has values.\\n \\tfrom: {data: \\\"dataForShowAll\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tcornerRadius: {value: 6}\\n \\tfill: {value: \\\"#F5F7FA\\\"}\\n \\tstroke: {value: \\\"#c1c1c1\\\"}\\n \\tstrokeWidth: {value: 2}\\n \\t// use parent group's size\\n \\theight: {\\n \\tfield: {group: \\\"height\\\"}\\n \\t}\\n \\twidth: {\\n \\tfield: {group: \\\"width\\\"}\\n \\t}\\n \\t}\\n \\tupdate: {\\n \\t// groups are transparent by default\\n \\topacity: {value: 1}\\n \\t}\\n \\thover: {\\n \\topacity: {value: 0.7}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\ttype: text\\n \\t// if true, it will prevent clicking on the button when over text.\\n \\tinteractive: false\\n \\tencode: {\\n \\tenter: {\\n \\t// center text in the paren group\\n \\txc: {\\n \\tfield: {group: \\\"width\\\"}\\n \\tmult: 0.5\\n \\t}\\n \\tyc: {\\n \\tfield: {group: \\\"height\\\"}\\n \\tmult: 0.5\\n \\toffset: 2\\n \\t}\\n \\talign: {value: \\\"center\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\ttext: {value: \\\"Show All\\\"}\\n \\t}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t]\\n\\t}\\n ]\\n signals: [\\n\\t{\\n \\t// used to highlight traffic to/from the same country\\n \\tname: groupHover\\n \\tvalue: {}\\n \\ton: [\\n \\t{\\n \\tevents: @groupMark:mouseover\\n \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n \\tname: groupSelector\\n \\tvalue: false\\n \\ton: [\\n \\t{\\n \\t// Clicking groupMark sets this signal to the filter values\\n \\tevents: @groupMark:click!\\n \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{\\n \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n \\tevents: [\\n \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n \\t{type: \\\"dblclick\\\"}\\n \\t]\\n \\tupdate: \\\"false\\\"\\n \\t}\\n \\t]\\n\\t}\\n ]\\n}\\n\"}}"},"id":"b60b071f-9fe5-46bf-8d27-8a1276b0c1fc","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"e0eb2595-479f-429d-8be3-20556bf4c386","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"e0eb2595-479f-429d-8be3-20556bf4c386","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:17:47.169Z","version":"WzEwNzgsMV0="} +{"attributes":{"description":"Total Connections using Agg projection","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total VPC Connections ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total VPC Connections \",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_connections\",\"customLabel\":\"total count connections\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1ffe6a3b-32c6-479f-b926-8f380a3ecb39","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjAsMV0="} +{"attributes":{"description":"Get sum of requests status","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Requests By Status Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Requests By Status Type\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"status\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.status_code\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status Code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d35956f8-3277-48ff-a896-b54c50fe3ffc","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjEsMV0="} +{"attributes":{"description":"VPC connections hourly agg count","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC connections hourly Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC connections hourly Count\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_connections\",\"customLabel\":\"Connections\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-06-05T01:12:24.910Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Connections\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"c36df9ba-3d96-4512-b114-884a4b3d0cc4","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjIsMV0="} +{"attributes":{"description":"VPC Id pie chart","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Id Pie Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Id Pie Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC Source Id\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.src-vpc_uid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VPC - Source Id\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"412bac98-d0dd-4d0d-804c-039e9ed54cb2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjMsMV0="} +{"attributes":{"description":"VPC total connection's hourly connections bytes summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Hourly Total Connection's Byte Sum","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Hourly Total Connection's Byte Sum\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"total bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-05-02T01:19:45.232Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"total bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"total bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"6ab65d35-4b95-4425-9b53-2abc999137f3","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjQsMV0="} +{"attributes":{"description":"VPC Hourly Total Connection's Packets summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Hourly Total Connection's Packets Sum","uiStateJSON":"{\"vis\":{\"colors\":{\"Packats Sum\":\"#7ba4cb\"}}}","version":1,"visState":"{\"title\":\"VPC Hourly Total Connection's Packets Sum\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_packets\",\"customLabel\":\"Packats Sum\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"interval_start_time\",\"timeRange\":{\"from\":\"2023-06-02T01:22:26.633Z\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"h\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Packats Sum\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Packats Sum\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"b98087ed-dd43-4441-ac72-903e3e62b3c9","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjUsMV0="} +{"attributes":{"description":"VPC Summary of Connection's directions","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Connections Directions Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Connections Directions Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.flow-direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection Direction\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"1be9ed29-ae29-4770-a0ec-c1fc5d0c7d0d","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjYsMV0="} +{"attributes":{"description":"VPC Top Destination Addresses (by count agg)","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destination Addresses ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destination Addresses \",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_count\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Address\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Requests\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Requests\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"76bf33ac-c439-4b5c-9993-0e4412d43831","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjcsMV0="} +{"attributes":{"description":"VPC Top Destinations By bytes summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destinations By Bytes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destinations By Bytes\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"80c39bce-9b7f-4f91-8545-d8e4c771a324","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjgsMV0="} +{"attributes":{"description":"IP source to destination heat map aggregation","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.srcaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.srcaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrase\",\"key\":\"aws.vpc.dstaddr\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"negate\":true,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.dstaddr\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"IP HeatMap Summary","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IP HeatMap Summary\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.srcaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.dstaddr\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"group\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"id":"5574b82b-221e-4961-aaf1-2e9e0d0ed3ae","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNjksMV0="} +{"attributes":{"description":"VPC Top Source Services Summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-src-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-src-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Source Services Chart","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Source Services Chart\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Services\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-src-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Services\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"d137a667-d2f7-464f-8a3d-d912d83a90c2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNzAsMV0="} +{"attributes":{"description":"VPC Top Destination Services Summary","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"aws.vpc.pkt-dst-aws-service\",\"params\":{\"query\":\"-\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.vpc.pkt-dst-aws-service\":\"-\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"VPC Top Destination Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"VPC Top Destination Services\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Services\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.vpc.pkt-dst-aws-service\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Services\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c6e5db9e-e0a1-45aa-8d7b-823b36a03b50","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"dd166158-4a51-4fd1-9ecb-d64d08f30683","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-23T02:01:44.186Z","version":"WzEwNzEsMV0="} +{"attributes":{"description":"Live VPC Logs Timeline","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Live VPC Logs TimeLine","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Live VPC Logs TimeLine\",\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".opensearch(index=flint_*vpc*__live_mview)\",\"interval\":\"auto\"}}"},"id":"db0b5826-336d-4f6a-90cc-1524ef279229","migrationVersion":{"visualization":"7.10.0"},"references":[],"type":"visualization","updated_at":"2024-05-23T02:17:19.946Z","version":"WzEwNzcsMV0="} +{"attributes":{"description":"VPC Flow Logs dashboard with basic Observability\n- using pre-aggregated auto sync MV's\n- using one week live vpc stream data","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"5273b8b5-d2f3-4b60-9470-0602312dc7b0\",\"w\":48,\"x\":0,\"y\":94},\"panelIndex\":\"5273b8b5-d2f3-4b60-9470-0602312dc7b0\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":30,\"i\":\"734bfb96-97b9-4b73-be67-ca2ea5e9f6c9\",\"w\":24,\"x\":0,\"y\":51},\"panelIndex\":\"734bfb96-97b9-4b73-be67-ca2ea5e9f6c9\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"ea6955a9-7954-4b25-86bb-9fd3d72505d7\",\"w\":11,\"x\":0,\"y\":0},\"panelIndex\":\"ea6955a9-7954-4b25-86bb-9fd3d72505d7\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"9b53600a-5b6b-4d73-a251-a9cd22ba74de\",\"w\":11,\"x\":0,\"y\":8},\"panelIndex\":\"9b53600a-5b6b-4d73-a251-a9cd22ba74de\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b964f5f7-7ee9-4127-90d7-bc305e1cb844\",\"w\":24,\"x\":11,\"y\":0},\"panelIndex\":\"b964f5f7-7ee9-4127-90d7-bc305e1cb844\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"48598628-3542-4a1a-af34-80e6d2158fa3\",\"w\":13,\"x\":35,\"y\":0},\"panelIndex\":\"48598628-3542-4a1a-af34-80e6d2158fa3\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"total bytes\":\"#a87691\"}}},\"gridData\":{\"h\":17,\"i\":\"5cf2eebd-f3c9-43c6-9b64-7b7ec8bbc5d9\",\"w\":24,\"x\":0,\"y\":18},\"panelIndex\":\"5cf2eebd-f3c9-43c6-9b64-7b7ec8bbc5d9\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"10f10c13-633b-4933-a653-0f0303b32f75\",\"w\":24,\"x\":24,\"y\":18},\"panelIndex\":\"10f10c13-633b-4933-a653-0f0303b32f75\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"df9f5173-31a7-4cb3-b1b7-790e7f0c9deb\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"df9f5173-31a7-4cb3-b1b7-790e7f0c9deb\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"colors\":{\"Requests\":\"#ca8eae\"}}},\"gridData\":{\"h\":16,\"i\":\"e11f3a05-a229-408a-a6b5-cb935dc41442\",\"w\":17,\"x\":12,\"y\":35},\"panelIndex\":\"e11f3a05-a229-408a-a6b5-cb935dc41442\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"6e7015b3-f04e-4ff4-884f-4698c60dff33\",\"w\":19,\"x\":29,\"y\":35},\"panelIndex\":\"6e7015b3-f04e-4ff4-884f-4698c60dff33\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":null},\"gridData\":{\"h\":15,\"i\":\"3f3f74b4-b151-43a3-a820-978712b8f7d1\",\"w\":24,\"x\":24,\"y\":51},\"panelIndex\":\"3f3f74b4-b151-43a3-a820-978712b8f7d1\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"41210c02-f7c2-4ae9-8c6c-7f7323068896\",\"w\":12,\"x\":24,\"y\":66},\"panelIndex\":\"41210c02-f7c2-4ae9-8c6c-7f7323068896\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"749bf6dc-4ef1-4e95-916b-260baaff8c4a\",\"w\":12,\"x\":36,\"y\":66},\"panelIndex\":\"749bf6dc-4ef1-4e95-916b-260baaff8c4a\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":13,\"i\":\"51896973-ef3d-4a2d-a811-4834abbdf829\",\"w\":48,\"x\":0,\"y\":81},\"panelIndex\":\"51896973-ef3d-4a2d-a811-4834abbdf829\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"AWS VPC Flow Logs Overview Flint Aligned","version":1},"id":"9698bbf4-779e-42ef-96df-012dd9fdf9bb","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"118a9233-2997-46cd-88ca-da43eb11ca06","name":"panel_0","type":"search"},{"id":"b60b071f-9fe5-46bf-8d27-8a1276b0c1fc","name":"panel_1","type":"visualization"},{"id":"1ffe6a3b-32c6-479f-b926-8f380a3ecb39","name":"panel_2","type":"visualization"},{"id":"d35956f8-3277-48ff-a896-b54c50fe3ffc","name":"panel_3","type":"visualization"},{"id":"c36df9ba-3d96-4512-b114-884a4b3d0cc4","name":"panel_4","type":"visualization"},{"id":"412bac98-d0dd-4d0d-804c-039e9ed54cb2","name":"panel_5","type":"visualization"},{"id":"6ab65d35-4b95-4425-9b53-2abc999137f3","name":"panel_6","type":"visualization"},{"id":"b98087ed-dd43-4441-ac72-903e3e62b3c9","name":"panel_7","type":"visualization"},{"id":"1be9ed29-ae29-4770-a0ec-c1fc5d0c7d0d","name":"panel_8","type":"visualization"},{"id":"76bf33ac-c439-4b5c-9993-0e4412d43831","name":"panel_9","type":"visualization"},{"id":"80c39bce-9b7f-4f91-8545-d8e4c771a324","name":"panel_10","type":"visualization"},{"id":"5574b82b-221e-4961-aaf1-2e9e0d0ed3ae","name":"panel_11","type":"visualization"},{"id":"d137a667-d2f7-464f-8a3d-d912d83a90c2","name":"panel_12","type":"visualization"},{"id":"c6e5db9e-e0a1-45aa-8d7b-823b36a03b50","name":"panel_13","type":"visualization"},{"id":"db0b5826-336d-4f6a-90cc-1524ef279229","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2024-05-23T02:17:59.815Z","version":"WzEwNzksMV0="} {"exportedCount":18,"missingRefCount":0,"missingReferences":[]} diff --git a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_mv_vpc-1.0.0.sql b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_mv_vpc-1.0.0.sql deleted file mode 100644 index e69de29bb..000000000 diff --git a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_skipping_index-1.0.0.sql b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_skipping_index-1.0.0.sql index 977af0b95..0e6ce0a3f 100644 --- a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_skipping_index-1.0.0.sql +++ b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_skipping_index-1.0.0.sql @@ -2,12 +2,11 @@ CREATE SKIPPING INDEX ON {table_name} ( accountid BLOOM_FILTER, region VALUE_SET, severity_id VALUE_SET, - src_endpoint.ip BLOOM_FILTER, - dst_endpoint.ip BLOOM_FILTER, - src_endpoint.svc_name VALUE_SET, - dst_endpoint.svc_name VALUE_SET, - request_processing_time MIN_MAX, - traffic.bytes MIN_MAX + `src_endpoint.ip` BLOOM_FILTER, + `dst_endpoint.ip` BLOOM_FILTER, + `src_endpoint.svc_name` VALUE_SET, + `dst_endpoint.svc_name` VALUE_SET, + `traffic.bytes` MIN_MAX ) WITH ( auto_refresh = true, refresh_interval = '15 Minutes', diff --git a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql index 30e509131..bf376b5f1 100644 --- a/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql +++ b/server/adaptors/integrations/__data__/repository/amazon_vpc_flow/assets/create_table_parquet_vpc-1.0.0.sql @@ -58,5 +58,5 @@ CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} ( accountid STRING, eventday STRING ) -USING json +USING parquet LOCATION '{s3_bucket_location}' diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/aws_cloudtrail-flint-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/aws_cloudtrail-flint-1.0.0.ndjson index bcb7136aa..a21c219f3 100644 --- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/aws_cloudtrail-flint-1.0.0.ndjson +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/aws_cloudtrail-flint-1.0.0.ndjson @@ -1,18 +1,18 @@ -{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.AuthenticationMethod\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.AuthenticationMethod.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.AuthenticationMethod\"}}},{\"count\":0,\"name\":\"additionalEventData.CipherSuite\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.CipherSuite.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.CipherSuite\"}}},{\"count\":0,\"name\":\"additionalEventData.SSEApplied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.SSEApplied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.SSEApplied\"}}},{\"count\":0,\"name\":\"additionalEventData.SignatureVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.SignatureVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.SignatureVersion\"}}},{\"count\":0,\"name\":\"additionalEventData.bytesTransferredIn\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"additionalEventData.bytesTransferredOut\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"additionalEventData.x-amz-id-2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.x-amz-id-2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.x-amz-id-2\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.apiVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.cloudtrail.awsRegion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":2,\"name\":\"errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"errorCode\"}}},{\"count\":2,\"name\":\"errorMessage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"errorMessage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"errorMessage\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.eventCategory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"eventID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"eventID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"eventID\"}}},{\"count\":2,\"name\":\"aws.cloudtrail.eventName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.cloudtrail.eventSource\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.eventTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.eventType\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.eventVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"managementEvent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"readOnly\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"recipientAccountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"recipientAccountId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"recipientAccountId\"}}},{\"count\":0,\"name\":\"requestID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"requestID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"requestID\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameter.endTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameter.startTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.Host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.Host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.Host\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Event\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Value\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Queue\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.xmlns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.xmlns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.xmlns\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aRN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aRN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.aRN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.accelerate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.accelerate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.accelerate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.acl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.acl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.acl\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedOptions.indices.query.bool.max_clause_count\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedOptions.indices.query.bool.max_clause_count.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.advancedOptions.indices.query.bool.max_clause_count\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedSecurityOptions.masterUserOptions.masterUserARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedSecurityOptions.masterUserOptions.masterUserARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.advancedSecurityOptions.masterUserOptions.masterUserARN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aggregateField\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aggregateField.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.aggregateField\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.architectures\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.architectures.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.architectures\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.DelaySeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.DelaySeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.DelaySeconds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MaximumMessageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MaximumMessageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.MaximumMessageSize\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MessageRetentionPeriod\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MessageRetentionPeriod.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.MessageRetentionPeriod\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.ReceiveMessageWaitTimeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.ReceiveMessageWaitTimeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.ReceiveMessageWaitTimeSeconds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.RedrivePolicy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.RedrivePolicy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.RedrivePolicy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.VisibilityTimeout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.VisibilityTimeout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.VisibilityTimeout\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.bucketName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.bucketName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.bucketName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Bucket\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Bucket.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.code.s3Bucket\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.code.s3Key\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextEquals.aws:lambda:FunctionArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextEquals.aws:lambda:FunctionArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextEquals.aws:lambda:FunctionArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextSubset.domainARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextSubset.domainARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextSubset.domainARN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.cors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.cors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.cors\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.description\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.documentName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.documentName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.documentName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainNames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainNames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.domainNames\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.dryRun\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.durationSeconds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryption\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryption.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryption\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionAlgorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionAlgorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionAlgorithm\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:cloudtrail:arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:cloudtrail:arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:cloudtrail:arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:kinesis:arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:kinesis:arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:kinesis:arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:lambda:FunctionArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:lambda:FunctionArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:lambda:FunctionArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:s3:arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:s3:arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:s3:arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.domainARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.domainARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.domainARN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.engineVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.engineVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.engineVersion\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.externalId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.externalId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.externalId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.eventStatusCodes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.eventStatusCodes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filter.eventStatusCodes\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.startTimes.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.startTimes.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filter.startTimes.from\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filterSet.items.name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.valueSet.items.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.valueSet.items.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filterSet.items.valueSet.items.value\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filters.name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.values\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.values.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filters.values\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.functionName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.functionName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.functionName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.granteePrincipal\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.granteePrincipal.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.granteePrincipal\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.groupSet.items.groupId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.groupSet.items.groupId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.groupSet.items.groupId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.handler\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.handler.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.handler\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.includeAllInstances\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instanceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instanceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.instanceType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instancesSet.items.instanceId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instancesSet.items.instanceId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.instancesSet.items.instanceId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.interactive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.itemsPerPage\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.key\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.keyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keySpec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keySpec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.keySpec\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.layers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.layers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.layers\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.lifecycle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.lifecycle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.lifecycle\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.locale\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.locale.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.locale\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logGroupName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logGroupName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.logGroupName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logStreamName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logStreamName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.logStreamName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logging\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logging.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.logging\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.maxResults\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.memorySize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notification\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notification.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.notification\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notificationFilter.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notificationFilter.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.notificationFilter.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.numberOfBytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.object-lock\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.object-lock.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.object-lock\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.operations\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.operations.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.operations\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.parameters.commands\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.parameters.commands.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.parameters.commands\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.policy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.policyName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.publicAccessBlock\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.publicAccessBlock.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.publicAccessBlock\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.publish\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.queueName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.queueName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.queueName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.replication\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.replication.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.replication\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.requestPayer\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.requestPayment\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.retiringPrincipal\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.retiringPrincipal.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.retiringPrincipal\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.role\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.role.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.role\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.roleArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.roleName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleSessionName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleSessionName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.roleSessionName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.runtime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.runtime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.runtime\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.securityGroupIdSet.items.groupId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.securityGroupIdSet.items.groupId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.securityGroupIdSet.items.groupId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.stackName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.stackName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.stackName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.subnetId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetSet.items.subnetId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetSet.items.subnetId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.subnetSet.items.subnetId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tagging\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tagging.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tagging\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:logical-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:logical-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:logical-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.targetGroupArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.targetGroupArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.targetGroupArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.timeout\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.uUID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.uUID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.uUID\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.versioning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.versioning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.versioning\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.vpcConfig.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.vpcConfig.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcSet.items.vpcId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcSet.items.vpcId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.vpcSet.items.vpcId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.website\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.website.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.website\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-acl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-acl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-acl\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-aws-kms-key-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-aws-kms-key-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-aws-kms-key-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-context\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-context.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-context\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption\"}}},{\"count\":0,\"name\":\"resources.ARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resources.ARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resources.ARN\"}}},{\"count\":0,\"name\":\"resources.accountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resources.accountId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resources.accountId\"}}},{\"count\":0,\"name\":\"resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resources.type\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.architectures\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.architectures.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.architectures\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.assumedRoleUser.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.assumedRoleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.assumedRoleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.assumedRoleUser.assumedRoleId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.certificateArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.certificateArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.certificateSummaryList.certificateArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.certificateSummaryList.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.codeSha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.codeSha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.codeSha256\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.codeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchLogGroupName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchLogGroupName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchLogGroupName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchOutputEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.commandId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.commandId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.commandId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.comment\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.completedCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.deliveryTimedOutCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.documentName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.documentVersion\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.errorCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.expiresAfter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.expiresAfter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.expiresAfter\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.interactive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxConcurrency\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxConcurrency.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.maxConcurrency\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxErrors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxErrors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.maxErrors\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3BucketName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3BucketName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.outputS3BucketName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3KeyPrefix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3KeyPrefix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.outputS3KeyPrefix\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3Region\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3Region.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.outputS3Region\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.parameters.commands\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.parameters.commands.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.parameters.commands\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.requestedDateTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.requestedDateTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.requestedDateTime\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.serviceRole\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.serviceRole.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.serviceRole\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.status\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.statusDetails\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.statusDetails.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.statusDetails\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.targetCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.timeoutSeconds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.accessKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.accessKeyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.credentials.accessKeyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.expiration\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.expiration.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.credentials.expiration\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.sessionToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.sessionToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.credentials.sessionToken\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.description\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.fielddata.cache.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.fielddata.cache.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.fielddata.cache.size\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.query.bool.max_clause_count\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.query.bool.max_clause_count.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.query.bool.max_clause_count\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.override_main_response_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.override_main_response_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.override_main_response_version\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.options.anonymousAuthEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.options.internalUserDatabaseEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.desiredState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.desiredState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.desiredState\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.rollbackOnDisable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.rollbackOnDisable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.rollbackOnDisable\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.coldStorageOptions.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.dedicatedMasterEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.warmEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.zoneAwarenessEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.customEndpointEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.enforceHTTPS\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.tLSSecurityPolicy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.tLSSecurityPolicy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.tLSSecurityPolicy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.eBSEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.kmsKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.kmsKeyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.kmsKeyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.options.automatedSnapshotStartHour\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.availabilityZones\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.availabilityZones.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.availabilityZones\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.vPCId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.vPCId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.vPCId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.fielddata.cache.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.fielddata.cache.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.fielddata.cache.size\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.query.bool.max_clause_count\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.query.bool.max_clause_count.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.query.bool.max_clause_count\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.override_main_response_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.override_main_response_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.override_main_response_version\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.options.anonymousAuthEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.options.internalUserDatabaseEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.desiredState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.desiredState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.desiredState\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.rollbackOnDisable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.rollbackOnDisable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.rollbackOnDisable\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.customEndpointEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.enforceHTTPS\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.tLSSecurityPolicy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.tLSSecurityPolicy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.tLSSecurityPolicy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.eBSEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.coldStorageOptions.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.dedicatedMasterEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.warmEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.zoneAwarenessEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.kmsKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.kmsKeyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.kmsKeyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.cloudWatchLogsLogGroupArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.cloudWatchLogsLogGroupArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.cloudWatchLogsLogGroupArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.cloudWatchLogsLogGroupArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.cloudWatchLogsLogGroupArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.cloudWatchLogsLogGroupArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.options.automatedSnapshotStartHour\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.availabilityZones\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.availabilityZones.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.availabilityZones\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.vPCId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.vPCId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.vPCId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.functionArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.functionName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.grantId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.grantId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.grantId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.handler\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.handler.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.handler\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.isOpenSearchDomain\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.lastModified\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.layers.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.codeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.uncompressedCodeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.memorySize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.notificationFilter.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.notificationFilter.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.notificationFilter.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.packageType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.packageType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.packageType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.queueUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.queueUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.queueUrl\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.revisionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.revisionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.revisionId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.role\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.role.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.role\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.runtime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.runtime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.runtime\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.stateReason\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReasonCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReasonCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.stateReasonCode\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.timeout\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.tracingConfig.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.tracingConfig.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.tracingConfig.mode\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.vpcConfig.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.vpcConfig.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.vpcId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.vpcId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.vpcConfig.vpcId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-aws-kms-key-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-aws-kms-key-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-aws-kms-key-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-context\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-context.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-context\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption\"}}},{\"count\":0,\"name\":\"sessionCredentialFromConsole\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"sessionCredentialFromConsole.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sessionCredentialFromConsole\"}}},{\"count\":0,\"name\":\"sharedEventID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"sharedEventID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sharedEventID\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.sourceIPAddress\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tlsDetails.cipherSuite\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"tlsDetails.cipherSuite.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tlsDetails.cipherSuite\"}}},{\"count\":0,\"name\":\"tlsDetails.clientProvidedHostHeader\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"tlsDetails.clientProvidedHostHeader.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tlsDetails.clientProvidedHostHeader\"}}},{\"count\":0,\"name\":\"tlsDetails.tlsVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"tlsDetails.tlsVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tlsDetails.tlsVersion\"}}},{\"count\":1,\"name\":\"userAgent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"userAgent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"userAgent\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accessKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accessKeyId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.accessKeyId\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.accountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accountId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.accountId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.invokedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.invokedBy\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.invokedBy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.principalId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accountId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.principalId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.creationDate\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.type\"}}},{\"count\":0,\"name\":\"vpcEndpointId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"vpcEndpointId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"vpcEndpointId\"}}}]","timeFieldName":"@timestamp","title":"flint_mys3_default_cloudtrail_mview7"},"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MjYsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logs-cloudtrail-Global Control","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Global Control\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1637912766383\",\"fieldName\":\"aws.cloudtrail.awsRegion\",\"parent\":\"\",\"label\":\"Region\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"e61107ab-83be-4cd2-b4ea-ebeeb828f08f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MjcsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event History","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event History\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"cdd3f173-1420-471b-9231-ffb5f98658c6","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MjgsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event by Account ID","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event by Account ID\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.accountId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"585d0a6b-7ab7-4d85-8288-9569ce009c90","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MjksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Total Event Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Total Event Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event Count\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"269d3145-1572-44f0-942a-4e149a7af942","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzAsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Event Names","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Event Names\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Name\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"474e4340-55dd-42db-93f5-b1965ecfa7ed","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzEsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Event Sources","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Event Sources\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventSource\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"468dd8cb-f7a5-4de8-ae50-4226f1879130","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzIsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event Category\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventCategory\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"945b30a0-a58f-453e-9873-be43f03d149c","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzMsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event By Region","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event By Region\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.awsRegion\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c9e463e4-a260-49c9-80b1-d7b92874bca0","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzQsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Users","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.accountId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Account Id\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"13306aeb-5518-4221-a808-78e42223cfb3","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzUsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not aws.cloudtrail.sourceIPAddress:*.amazon*.com* AWS*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.sourceIPAddress\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a22bfb77-df20-4573-af83-a99e9546d11f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzYsMV0="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"not (aws.cloudtrail.eventName: Get* Describe* List* Head*)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"logs-cloudtrail-Change Events","version":1},"id":"28881df5-87e8-414d-899c-23650c78897d","migrationVersion":{"search":"7.9.3"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3MzgsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.cloudtrail.eventSource: ec2* and aws.cloudtrail.eventName: (RunInstances or TerminateInstances or RunInstances or StopInstances)\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"logs-cloudtrail-EC2 Instance Changes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-EC2 Instance Changes\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"e953d901-7ec7-4751-92e8-bdaf60cefe3f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"28881df5-87e8-414d-899c-23650c78897d","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3NDAsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.cloudtrail.eventSource: ec2*\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"logs-cloudtrail-EC2 Changed By","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-EC2 Changed By\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"4bc4a220-a77a-4b00-8bae-cdda13b7f5a3","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"28881df5-87e8-414d-899c-23650c78897d","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3NDEsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.cloudtrail.eventSource:ec2*\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"logs-cloudtrail-Top EC2 Change Events","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top EC2 Change Events\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"be9f9af3-f8fe-4bc5-9a04-6d461bcb2cf2","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"28881df5-87e8-414d-899c-23650c78897d","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3NDQsMV0="} -{"attributes":{"columns":["errorCode","errorMessage","aws.cloudtrail.eventName","aws.cloudtrail.eventSource","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type","aws.cloudtrail.awsRegion","aws.cloudtrail.sourceIPAddress","userAgent","aws.cloudtrail.userIdentity.accountId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"errorCode:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"logs-cloudtrail-Error Events","version":1},"id":"2cd5af97-4163-4f22-9faa-cfdff3ca3fae","migrationVersion":{"search":"7.9.3"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-04-16T17:22:27.719Z","version":"WzI3NDIsMV0="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"controlledBy\":\"1637912766383\",\"disabled\":false,\"key\":\"aws.cloudtrail.awsRegion\",\"negate\":false,\"params\":{\"query\":\"us-west-2\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.cloudtrail.awsRegion\":\"us-west-2\"}}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"f41fba39-1664-460f-9b7f-2da72a45eea9\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"f41fba39-1664-460f-9b7f-2da72a45eea9\",\"title\":\"Global Control\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"f00cf363-a72e-4ef7-9e87-527d86ae8be2\",\"w\":24,\"x\":12,\"y\":0},\"panelIndex\":\"f00cf363-a72e-4ef7-9e87-527d86ae8be2\",\"title\":\"Event History\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"19a014c4-0fec-40bc-914d-b985b2b84c1b\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"19a014c4-0fec-40bc-914d-b985b2b84c1b\",\"title\":\"Event by Account ID\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"ef438b13-4c77-48b9-8ae0-c28ae717e0ac\",\"w\":12,\"x\":0,\"y\":7},\"panelIndex\":\"ef438b13-4c77-48b9-8ae0-c28ae717e0ac\",\"title\":\"Total Event Count\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"22948727-ec80-4cd2-9bae-c76889332504\",\"w\":12,\"x\":0,\"y\":16},\"panelIndex\":\"22948727-ec80-4cd2-9bae-c76889332504\",\"title\":\"Top Event Names\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"f9525bf2-311b-4767-8d84-67fa5c7bdaf3\",\"w\":12,\"x\":12,\"y\":16},\"panelIndex\":\"f9525bf2-311b-4767-8d84-67fa5c7bdaf3\",\"title\":\"Top Event Sources\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"b580d134-a5e0-4550-9aeb-c6f4fab07ae9\",\"w\":12,\"x\":24,\"y\":16},\"panelIndex\":\"b580d134-a5e0-4550-9aeb-c6f4fab07ae9\",\"title\":\"Event Category\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"d097c4dc-bd4f-4789-a18e-93fcf034a73e\",\"w\":12,\"x\":36,\"y\":16},\"panelIndex\":\"d097c4dc-bd4f-4789-a18e-93fcf034a73e\",\"title\":\"Event By Region\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"2a5da7e5-6536-4f01-8110-a20829ac0409\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"2a5da7e5-6536-4f01-8110-a20829ac0409\",\"title\":\"Top Users\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"22ca4fe6-c0f7-4206-8b90-44b9bccf2623\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"22ca4fe6-c0f7-4206-8b90-44b9bccf2623\",\"title\":\"Top Source IPs\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"782dc2e3-49c6-43a6-b384-38cd38d0af52\",\"w\":12,\"x\":0,\"y\":49},\"panelIndex\":\"782dc2e3-49c6-43a6-b384-38cd38d0af52\",\"title\":\"EC2 Change Event Count\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"d3ee49b2-4822-4c29-95cf-34c2d895d0f8\",\"w\":12,\"x\":12,\"y\":49},\"panelIndex\":\"d3ee49b2-4822-4c29-95cf-34c2d895d0f8\",\"title\":\"EC2 Changed By\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"8220a178-d566-425d-a7bf-7b0a6e510ad7\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"8220a178-d566-425d-a7bf-7b0a6e510ad7\",\"title\":\"Top EC2 Change Events\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":17,\"i\":\"03cd460b-e704-493b-b593-e17bc5acc00d\",\"w\":48,\"x\":0,\"y\":64},\"panelIndex\":\"03cd460b-e704-493b-b593-e17bc5acc00d\",\"title\":\"Error Events\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"logs-cloudtrail-dashboard Flint","version":1},"id":"a300a524-bb91-4a03-b0b1-5ddfd61e5154","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"3cdd8cd4-5113-4706-913d-0634a76c3092","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"e61107ab-83be-4cd2-b4ea-ebeeb828f08f","name":"panel_0","type":"visualization"},{"id":"cdd3f173-1420-471b-9231-ffb5f98658c6","name":"panel_1","type":"visualization"},{"id":"585d0a6b-7ab7-4d85-8288-9569ce009c90","name":"panel_2","type":"visualization"},{"id":"269d3145-1572-44f0-942a-4e149a7af942","name":"panel_3","type":"visualization"},{"id":"474e4340-55dd-42db-93f5-b1965ecfa7ed","name":"panel_4","type":"visualization"},{"id":"468dd8cb-f7a5-4de8-ae50-4226f1879130","name":"panel_5","type":"visualization"},{"id":"945b30a0-a58f-453e-9873-be43f03d149c","name":"panel_6","type":"visualization"},{"id":"c9e463e4-a260-49c9-80b1-d7b92874bca0","name":"panel_7","type":"visualization"},{"id":"13306aeb-5518-4221-a808-78e42223cfb3","name":"panel_8","type":"visualization"},{"id":"a22bfb77-df20-4573-af83-a99e9546d11f","name":"panel_9","type":"visualization"},{"id":"e953d901-7ec7-4751-92e8-bdaf60cefe3f","name":"panel_10","type":"visualization"},{"id":"4bc4a220-a77a-4b00-8bae-cdda13b7f5a3","name":"panel_11","type":"visualization"},{"id":"be9f9af3-f8fe-4bc5-9a04-6d461bcb2cf2","name":"panel_12","type":"visualization"},{"id":"2cd5af97-4163-4f22-9faa-cfdff3ca3fae","name":"panel_13","type":"search"}],"type":"dashboard","updated_at":"2024-04-16T17:29:51.221Z","version":"WzI3NDYsMV0="} +{"attributes":{"fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.AuthenticationMethod\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.AuthenticationMethod.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.AuthenticationMethod\"}}},{\"count\":0,\"name\":\"additionalEventData.CipherSuite\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.CipherSuite.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.CipherSuite\"}}},{\"count\":0,\"name\":\"additionalEventData.SSEApplied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.SSEApplied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.SSEApplied\"}}},{\"count\":0,\"name\":\"additionalEventData.SignatureVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.SignatureVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.SignatureVersion\"}}},{\"count\":0,\"name\":\"additionalEventData.bytesTransferredIn\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"additionalEventData.bytesTransferredOut\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"additionalEventData.x-amz-id-2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"additionalEventData.x-amz-id-2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"additionalEventData.x-amz-id-2\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.apiVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.cloudtrail.awsRegion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":2,\"name\":\"errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"errorCode\"}}},{\"count\":2,\"name\":\"errorMessage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"errorMessage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"errorMessage\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.eventCategory\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"eventID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"eventID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"eventID\"}}},{\"count\":2,\"name\":\"aws.cloudtrail.eventName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"aws.cloudtrail.eventSource\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.eventTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.eventType\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.eventVersion\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"managementEvent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"readOnly\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"recipientAccountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"recipientAccountId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"recipientAccountId\"}}},{\"count\":0,\"name\":\"requestID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"requestID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"requestID\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameter.endTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameter.startTime\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.Host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.Host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.Host\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Event\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Filter.S3Key.FilterRule.Value\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.QueueConfiguration.Queue\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.xmlns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.xmlns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.NotificationConfiguration.xmlns\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aRN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aRN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.aRN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.accelerate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.accelerate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.accelerate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.acl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.acl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.acl\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedOptions.indices.query.bool.max_clause_count\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedOptions.indices.query.bool.max_clause_count.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.advancedOptions.indices.query.bool.max_clause_count\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedSecurityOptions.masterUserOptions.masterUserARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.advancedSecurityOptions.masterUserOptions.masterUserARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.advancedSecurityOptions.masterUserOptions.masterUserARN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aggregateField\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.aggregateField.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.aggregateField\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.architectures\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.architectures.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.architectures\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.DelaySeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.DelaySeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.DelaySeconds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MaximumMessageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MaximumMessageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.MaximumMessageSize\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MessageRetentionPeriod\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.MessageRetentionPeriod.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.MessageRetentionPeriod\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.ReceiveMessageWaitTimeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.ReceiveMessageWaitTimeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.ReceiveMessageWaitTimeSeconds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.RedrivePolicy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.RedrivePolicy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.RedrivePolicy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.VisibilityTimeout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.attribute.VisibilityTimeout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.attribute.VisibilityTimeout\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.bucketName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.bucketName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.bucketName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Bucket\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Bucket.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.code.s3Bucket\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.code.s3Key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.code.s3Key\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextEquals.aws:lambda:FunctionArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextEquals.aws:lambda:FunctionArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextEquals.aws:lambda:FunctionArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextSubset.domainARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextSubset.domainARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.constraints.encryptionContextSubset.domainARN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.cors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.cors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.cors\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.description\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.documentName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.documentName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.documentName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainNames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.domainNames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.domainNames\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.dryRun\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.durationSeconds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryption\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryption.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryption\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionAlgorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionAlgorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionAlgorithm\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:cloudtrail:arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:cloudtrail:arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:cloudtrail:arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:kinesis:arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:kinesis:arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:kinesis:arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:lambda:FunctionArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:lambda:FunctionArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:lambda:FunctionArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:s3:arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:s3:arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.aws:s3:arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.domainARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.encryptionContext.domainARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.encryptionContext.domainARN\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.engineVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.engineVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.engineVersion\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.externalId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.externalId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.externalId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.eventStatusCodes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.eventStatusCodes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filter.eventStatusCodes\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.startTimes.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filter.startTimes.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filter.startTimes.from\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filterSet.items.name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.valueSet.items.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filterSet.items.valueSet.items.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filterSet.items.valueSet.items.value\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filters.name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.values\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.filters.values.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.filters.values\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.functionName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.functionName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.functionName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.granteePrincipal\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.granteePrincipal.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.granteePrincipal\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.groupSet.items.groupId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.groupSet.items.groupId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.groupSet.items.groupId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.handler\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.handler.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.handler\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.includeAllInstances\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instanceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instanceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.instanceType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instancesSet.items.instanceId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.instancesSet.items.instanceId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.instancesSet.items.instanceId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.interactive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.itemsPerPage\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.key\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.keyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keySpec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.keySpec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.keySpec\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.layers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.layers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.layers\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.lifecycle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.lifecycle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.lifecycle\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.locale\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.locale.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.locale\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logGroupName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logGroupName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.logGroupName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logStreamName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logStreamName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.logStreamName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logging\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.logging.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.logging\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.maxResults\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.memorySize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notification\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notification.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.notification\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notificationFilter.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.notificationFilter.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.notificationFilter.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.numberOfBytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.object-lock\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.object-lock.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.object-lock\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.operations\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.operations.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.operations\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.parameters.commands\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.parameters.commands.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.parameters.commands\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.policy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.policyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.policyName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.publicAccessBlock\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.publicAccessBlock.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.publicAccessBlock\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.publish\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.queueName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.queueName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.queueName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.replication\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.replication.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.replication\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.requestPayer\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.requestPayment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.requestPayment\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.retiringPrincipal\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.retiringPrincipal.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.retiringPrincipal\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.role\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.role.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.role\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.roleArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.roleName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleSessionName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.roleSessionName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.roleSessionName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.runtime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.runtime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.runtime\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.securityGroupIdSet.items.groupId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.securityGroupIdSet.items.groupId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.securityGroupIdSet.items.groupId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.stackName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.stackName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.stackName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.subnetId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetSet.items.subnetId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.subnetSet.items.subnetId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.subnetSet.items.subnetId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tagging\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tagging.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tagging\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:logical-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:logical-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:logical-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.tags.aws:cloudformation:stack-name\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.targetGroupArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.targetGroupArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.targetGroupArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.timeout\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.uUID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.uUID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.uUID\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.versioning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.versioning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.versioning\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.vpcConfig.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcConfig.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.vpcConfig.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcSet.items.vpcId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.vpcSet.items.vpcId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.vpcSet.items.vpcId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.website\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.website.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.website\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-acl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-acl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-acl\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-aws-kms-key-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-aws-kms-key-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-aws-kms-key-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-context\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-context.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption-context\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.requestParameters.x-amz-server-side-encryption\"}}},{\"count\":0,\"name\":\"resources.ARN\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resources.ARN.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resources.ARN\"}}},{\"count\":0,\"name\":\"resources.accountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resources.accountId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resources.accountId\"}}},{\"count\":0,\"name\":\"resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resources.type\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.architectures\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.architectures.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.architectures\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.assumedRoleUser.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.assumedRoleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.assumedRoleUser.assumedRoleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.assumedRoleUser.assumedRoleId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.certificateArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.certificateArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.certificateSummaryList.certificateArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.certificateSummaryList.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.certificateSummaryList.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.codeSha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.codeSha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.codeSha256\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.codeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchLogGroupName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchLogGroupName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchLogGroupName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.cloudWatchOutputConfig.cloudWatchOutputEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.commandId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.commandId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.commandId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.comment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.comment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.comment\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.completedCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.deliveryTimedOutCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.documentName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.documentVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.documentVersion\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.errorCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.expiresAfter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.expiresAfter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.expiresAfter\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.interactive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxConcurrency\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxConcurrency.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.maxConcurrency\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxErrors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.maxErrors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.maxErrors\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.notificationConfig.notificationType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3BucketName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3BucketName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.outputS3BucketName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3KeyPrefix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3KeyPrefix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.outputS3KeyPrefix\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3Region\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.outputS3Region.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.outputS3Region\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.parameters.commands\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.parameters.commands.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.parameters.commands\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.requestedDateTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.requestedDateTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.requestedDateTime\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.serviceRole\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.serviceRole.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.serviceRole\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.status\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.statusDetails\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.statusDetails.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.command.statusDetails\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.targetCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.command.timeoutSeconds\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.accessKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.accessKeyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.credentials.accessKeyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.expiration\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.expiration.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.credentials.expiration\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.sessionToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.credentials.sessionToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.credentials.sessionToken\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.description\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.accessPolicies.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.fielddata.cache.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.fielddata.cache.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.fielddata.cache.size\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.query.bool.max_clause_count\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.query.bool.max_clause_count.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.indices.query.bool.max_clause_count\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.override_main_response_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.override_main_response_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.override_main_response_version\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.options.anonymousAuthEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.options.internalUserDatabaseEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.advancedSecurityOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.desiredState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.desiredState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.desiredState\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.rollbackOnDisable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.rollbackOnDisable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.options.rollbackOnDisable\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.autoTuneOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.coldStorageOptions.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.dedicatedMasterEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.instanceType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.warmEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.options.zoneAwarenessEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.clusterConfig.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.cognitoOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.customEndpointEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.enforceHTTPS\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.tLSSecurityPolicy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.tLSSecurityPolicy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.options.tLSSecurityPolicy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.domainEndpointOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.eBSEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.options.volumeType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.eBSOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.kmsKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.kmsKeyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.options.kmsKeyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.encryptionAtRestOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.engineVersion.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.logPublishingOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.nodeToNodeEncryptionOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.options.automatedSnapshotStartHour\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.snapshotOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.availabilityZones\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.availabilityZones.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.availabilityZones\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.vPCId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.vPCId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.options.vPCId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.domainConfig.vPCOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.accessPolicies.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.fielddata.cache.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.fielddata.cache.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.fielddata.cache.size\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.query.bool.max_clause_count\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.query.bool.max_clause_count.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.indices.query.bool.max_clause_count\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.override_main_response_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.override_main_response_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.override_main_response_version\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.options.rest.action.multi.allow_explicit_index\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.options.anonymousAuthEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.options.internalUserDatabaseEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.advancedSecurityOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.desiredState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.desiredState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.desiredState\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.rollbackOnDisable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.rollbackOnDisable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.options.rollbackOnDisable\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.autoTuneOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.cognitoOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.customEndpointEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.enforceHTTPS\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.tLSSecurityPolicy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.tLSSecurityPolicy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.options.tLSSecurityPolicy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.domainEndpointOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.eBSEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.options.volumeType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.eBSOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.coldStorageOptions.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.dedicatedMasterEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceCount\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.instanceType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.warmEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.options.zoneAwarenessEnabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchClusterConfig.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.options\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.options.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.options\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.elasticsearchVersion.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.kmsKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.kmsKeyId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.options.kmsKeyId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.encryptionAtRestOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.cloudWatchLogsLogGroupArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.cloudWatchLogsLogGroupArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.cloudWatchLogsLogGroupArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.AUDIT_LOGS.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.cloudWatchLogsLogGroupArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.cloudWatchLogsLogGroupArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.cloudWatchLogsLogGroupArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.options.ES_APPLICATION_LOGS.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.logPublishingOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.options.enabled\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.nodeToNodeEncryptionOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.options.automatedSnapshotStartHour\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.snapshotOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.availabilityZones\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.availabilityZones.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.availabilityZones\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.vPCId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.vPCId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.options.vPCId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.creationDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.creationDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.creationDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.pendingDeletion\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateDate\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.elasticsearchDomainConfig.vPCOptions.status.updateVersion\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionArn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionArn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.functionArn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.functionName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.functionName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.grantId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.grantId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.grantId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.handler\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.handler.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.handler\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.isOpenSearchDomain\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.lastModified\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.layers.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.codeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.layers.uncompressedCodeSize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.memorySize\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.notificationFilter.domainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.notificationFilter.domainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.notificationFilter.domainName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.packageType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.packageType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.packageType\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.queueUrl\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.queueUrl.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.queueUrl\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.revisionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.revisionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.revisionId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.role\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.role.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.role\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.runtime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.runtime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.runtime\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.state\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.stateReason\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReasonCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.stateReasonCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.stateReasonCode\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.timeout\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.tracingConfig.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.tracingConfig.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.tracingConfig.mode\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.securityGroupIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.securityGroupIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.vpcConfig.securityGroupIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.subnetIds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.subnetIds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.vpcConfig.subnetIds\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.vpcId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.vpcConfig.vpcId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.vpcConfig.vpcId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-aws-kms-key-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-aws-kms-key-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-aws-kms-key-id\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-context\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-context.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption-context\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.responseElements.x-amz-server-side-encryption\"}}},{\"count\":0,\"name\":\"sessionCredentialFromConsole\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"sessionCredentialFromConsole.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sessionCredentialFromConsole\"}}},{\"count\":0,\"name\":\"sharedEventID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"sharedEventID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sharedEventID\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.sourceIPAddress\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"tlsDetails.cipherSuite\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"tlsDetails.cipherSuite.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tlsDetails.cipherSuite\"}}},{\"count\":0,\"name\":\"tlsDetails.clientProvidedHostHeader\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"tlsDetails.clientProvidedHostHeader.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tlsDetails.clientProvidedHostHeader\"}}},{\"count\":0,\"name\":\"tlsDetails.tlsVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"tlsDetails.tlsVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tlsDetails.tlsVersion\"}}},{\"count\":1,\"name\":\"userAgent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"userAgent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"userAgent\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accessKeyId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accessKeyId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.accessKeyId\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.accountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accountId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.accountId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.arn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.invokedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.invokedBy\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.invokedBy\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.principalId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.accountId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.principalId\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.creationDate\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\"}}},{\"count\":1,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\"}}},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"aws.cloudtrail.userIdentity.type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"aws.cloudtrail.userIdentity.type\"}}},{\"count\":0,\"name\":\"vpcEndpointId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"vpcEndpointId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"vpcEndpointId\"}}}]","timeFieldName":"@timestamp","title":"flint_zeroetl_default_aws_cloudtrail_fix_run_2__*"},"id":"aed4445f-5671-438b-b3b2-2468006429d1","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcxOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"logs-cloudtrail-Global Control","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Global Control\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1637912766383\",\"fieldName\":\"aws.cloudtrail.awsRegion\",\"parent\":\"\",\"label\":\"Region\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"f42cfb98-27e1-434e-927b-de1907ba5cba","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event History","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event History\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"f5f4527d-62ee-48d2-aa12-10d47e40b11c","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event by Account ID","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event by Account ID\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.accountId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"7a20c29b-ff97-4cd4-af16-450e9f96d8d4","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Total Event Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Total Event Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event Count\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"dfee096e-fad8-4c8d-82a7-f9325e7c38e8","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Event Names","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Event Names\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Name\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"de6e7b5a-8970-4ae7-afa1-a3edc0b2e669","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Event Sources","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Event Sources\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventSource\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"997e892b-c1a9-42fb-96c3-0b669efa03ae","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event Category\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventCategory\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"c825ce38-c725-4aaa-b03b-39f0306157e7","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Event By Region","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Event By Region\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.awsRegion\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"e07dc8c8-5abd-414b-a6fd-0695d52c9920","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Users","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Name\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.accountId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Account Id\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"5eb80660-1c78-46f9-a173-8c102e7b668e","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not aws.cloudtrail.sourceIPAddress:*.amazon*.com* AWS*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"logs-cloudtrail-Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top Source IPs\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.sourceIPAddress\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"41c41703-9751-4440-a93d-2fcea36125be","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzcyOSwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"not (aws.cloudtrail.eventName: Get* Describe* List* Head*)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"logs-cloudtrail-Change Events","version":1},"id":"e815cca3-eb52-4605-bc30-906c8eb8e5ee","migrationVersion":{"search":"7.9.3"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-05-22T19:22:49.289Z","version":"WzczMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.cloudtrail.eventSource: ec2* and aws.cloudtrail.eventName: (RunInstances or TerminateInstances or RunInstances or StopInstances)\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"logs-cloudtrail-EC2 Instance Changes","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-EC2 Instance Changes\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"eea115ee-02a9-405d-9be3-9ba135c595d5","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"e815cca3-eb52-4605-bc30-906c8eb8e5ee","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzczMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.cloudtrail.eventSource: ec2*\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"logs-cloudtrail-EC2 Changed By","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"logs-cloudtrail-EC2 Changed By\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"ddf08d6c-f4c9-4947-9b8a-6f6f6e0b6569","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"e815cca3-eb52-4605-bc30-906c8eb8e5ee","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzczMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"aws.cloudtrail.eventSource:ec2*\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"logs-cloudtrail-Top EC2 Change Events","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"logs-cloudtrail-Top EC2 Change Events\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"aws.cloudtrail.eventName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"422cb3a5-10cd-43bd-9154-883ac18da770","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"e815cca3-eb52-4605-bc30-906c8eb8e5ee","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2024-05-22T19:22:49.289Z","version":"WzczMywxXQ=="} +{"attributes":{"columns":["errorCode","errorMessage","aws.cloudtrail.eventName","aws.cloudtrail.eventSource","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn","aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type","aws.cloudtrail.awsRegion","aws.cloudtrail.sourceIPAddress","userAgent","aws.cloudtrail.userIdentity.accountId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"errorCode:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"logs-cloudtrail-Error Events","version":1},"id":"5857f588-f435-4397-86ea-f4e054f84478","migrationVersion":{"search":"7.9.3"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2024-05-22T19:22:49.289Z","version":"WzczNCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"controlledBy\":\"1637912766383\",\"disabled\":false,\"key\":\"aws.cloudtrail.awsRegion\",\"negate\":false,\"params\":{\"query\":\"us-west-2\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"aws.cloudtrail.awsRegion\":\"us-west-2\"}}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":7,\"i\":\"f41fba39-1664-460f-9b7f-2da72a45eea9\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"f41fba39-1664-460f-9b7f-2da72a45eea9\",\"title\":\"Global Control\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"f00cf363-a72e-4ef7-9e87-527d86ae8be2\",\"w\":24,\"x\":12,\"y\":0},\"panelIndex\":\"f00cf363-a72e-4ef7-9e87-527d86ae8be2\",\"title\":\"Event History\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":16,\"i\":\"19a014c4-0fec-40bc-914d-b985b2b84c1b\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"19a014c4-0fec-40bc-914d-b985b2b84c1b\",\"title\":\"Event by Account ID\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"ef438b13-4c77-48b9-8ae0-c28ae717e0ac\",\"w\":12,\"x\":0,\"y\":7},\"panelIndex\":\"ef438b13-4c77-48b9-8ae0-c28ae717e0ac\",\"title\":\"Total Event Count\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"22948727-ec80-4cd2-9bae-c76889332504\",\"w\":12,\"x\":0,\"y\":16},\"panelIndex\":\"22948727-ec80-4cd2-9bae-c76889332504\",\"title\":\"Top Event Names\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"f9525bf2-311b-4767-8d84-67fa5c7bdaf3\",\"w\":12,\"x\":12,\"y\":16},\"panelIndex\":\"f9525bf2-311b-4767-8d84-67fa5c7bdaf3\",\"title\":\"Top Event Sources\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"b580d134-a5e0-4550-9aeb-c6f4fab07ae9\",\"w\":12,\"x\":24,\"y\":16},\"panelIndex\":\"b580d134-a5e0-4550-9aeb-c6f4fab07ae9\",\"title\":\"Event Category\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":18,\"i\":\"d097c4dc-bd4f-4789-a18e-93fcf034a73e\",\"w\":12,\"x\":36,\"y\":16},\"panelIndex\":\"d097c4dc-bd4f-4789-a18e-93fcf034a73e\",\"title\":\"Event By Region\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"2a5da7e5-6536-4f01-8110-a20829ac0409\",\"w\":24,\"x\":0,\"y\":34},\"panelIndex\":\"2a5da7e5-6536-4f01-8110-a20829ac0409\",\"title\":\"Top Users\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"22ca4fe6-c0f7-4206-8b90-44b9bccf2623\",\"w\":24,\"x\":24,\"y\":34},\"panelIndex\":\"22ca4fe6-c0f7-4206-8b90-44b9bccf2623\",\"title\":\"Top Source IPs\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"782dc2e3-49c6-43a6-b384-38cd38d0af52\",\"w\":12,\"x\":0,\"y\":49},\"panelIndex\":\"782dc2e3-49c6-43a6-b384-38cd38d0af52\",\"title\":\"EC2 Change Event Count\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"d3ee49b2-4822-4c29-95cf-34c2d895d0f8\",\"w\":12,\"x\":12,\"y\":49},\"panelIndex\":\"d3ee49b2-4822-4c29-95cf-34c2d895d0f8\",\"title\":\"EC2 Changed By\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"8220a178-d566-425d-a7bf-7b0a6e510ad7\",\"w\":24,\"x\":24,\"y\":49},\"panelIndex\":\"8220a178-d566-425d-a7bf-7b0a6e510ad7\",\"title\":\"Top EC2 Change Events\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":17,\"i\":\"03cd460b-e704-493b-b593-e17bc5acc00d\",\"w\":48,\"x\":0,\"y\":64},\"panelIndex\":\"03cd460b-e704-493b-b593-e17bc5acc00d\",\"title\":\"Error Events\",\"version\":\"2.13.0\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"logs-cloudtrail-dashboard Flint","version":1},"id":"d74820b9-634e-4667-b1a1-d4c29d1e4fd2","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"aed4445f-5671-438b-b3b2-2468006429d1","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"f42cfb98-27e1-434e-927b-de1907ba5cba","name":"panel_0","type":"visualization"},{"id":"f5f4527d-62ee-48d2-aa12-10d47e40b11c","name":"panel_1","type":"visualization"},{"id":"7a20c29b-ff97-4cd4-af16-450e9f96d8d4","name":"panel_2","type":"visualization"},{"id":"dfee096e-fad8-4c8d-82a7-f9325e7c38e8","name":"panel_3","type":"visualization"},{"id":"de6e7b5a-8970-4ae7-afa1-a3edc0b2e669","name":"panel_4","type":"visualization"},{"id":"997e892b-c1a9-42fb-96c3-0b669efa03ae","name":"panel_5","type":"visualization"},{"id":"c825ce38-c725-4aaa-b03b-39f0306157e7","name":"panel_6","type":"visualization"},{"id":"e07dc8c8-5abd-414b-a6fd-0695d52c9920","name":"panel_7","type":"visualization"},{"id":"5eb80660-1c78-46f9-a173-8c102e7b668e","name":"panel_8","type":"visualization"},{"id":"41c41703-9751-4440-a93d-2fcea36125be","name":"panel_9","type":"visualization"},{"id":"eea115ee-02a9-405d-9be3-9ba135c595d5","name":"panel_10","type":"visualization"},{"id":"ddf08d6c-f4c9-4947-9b8a-6f6f6e0b6569","name":"panel_11","type":"visualization"},{"id":"422cb3a5-10cd-43bd-9154-883ac18da770","name":"panel_12","type":"visualization"},{"id":"5857f588-f435-4397-86ea-f4e054f84478","name":"panel_13","type":"search"}],"type":"dashboard","updated_at":"2024-05-22T19:22:49.289Z","version":"WzczNSwxXQ=="} {"exportedCount":17,"missingRefCount":0,"missingReferences":[]} diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-1.0.0.sql index 1f8715840..ed2ac53b0 100644 --- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-1.0.0.sql +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-1.0.0.sql @@ -1,51 +1,50 @@ CREATE MATERIALIZED VIEW {table_name}__mview AS SELECT - rec.userIdentity.type AS `aws.cloudtrail.userIdentity.type`, - rec.userIdentity.principalId AS `aws.cloudtrail.userIdentity.principalId`, - rec.userIdentity.arn AS `aws.cloudtrail.userIdentity.arn`, - rec.userIdentity.accountId AS `aws.cloudtrail.userIdentity.accountId`, - rec.userIdentity.invokedBy AS `aws.cloudtrail.userIdentity.invokedBy`, - rec.userIdentity.accessKeyId AS `aws.cloudtrail.userIdentity.accessKeyId`, - rec.userIdentity.userName AS `aws.cloudtrail.userIdentity.userName`, - rec.userIdentity.sessionContext.attributes.mfaAuthenticated AS `aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated`, - CAST(rec.userIdentity.sessionContext.attributes.creationDate AS TIMESTAMP) AS `aws.cloudtrail.userIdentity.sessionContext.attributes.creationDate`, - rec.userIdentity.sessionContext.sessionIssuer.type AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type`, - rec.userIdentity.sessionContext.sessionIssuer.principalId AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId`, - rec.userIdentity.sessionContext.sessionIssuer.arn AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn`, - rec.userIdentity.sessionContext.sessionIssuer.accountId AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId`, - rec.userIdentity.sessionContext.sessionIssuer.userName AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName`, - rec.userIdentity.sessionContext.ec2RoleDelivery AS `aws.cloudtrail.userIdentity.sessionContext.ec2RoleDelivery`, + userIdentity.type AS `aws.cloudtrail.userIdentity.type`, + userIdentity.principalId AS `aws.cloudtrail.userIdentity.principalId`, + userIdentity.arn AS `aws.cloudtrail.userIdentity.arn`, + userIdentity.accountId AS `aws.cloudtrail.userIdentity.accountId`, + userIdentity.invokedBy AS `aws.cloudtrail.userIdentity.invokedBy`, + userIdentity.accessKeyId AS `aws.cloudtrail.userIdentity.accessKeyId`, + userIdentity.userName AS `aws.cloudtrail.userIdentity.userName`, + userIdentity.sessionContext.attributes.mfaAuthenticated AS `aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated`, + CAST( userIdentity.sessionContext.attributes.creationDate AS TIMESTAMP) AS `aws.cloudtrail.userIdentity.sessionContext.attributes.creationDate`, + userIdentity.sessionContext.sessionIssuer.type AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type`, + userIdentity.sessionContext.sessionIssuer.principalId AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId`, + userIdentity.sessionContext.sessionIssuer.arn AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn`, + userIdentity.sessionContext.sessionIssuer.accountId AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId`, + userIdentity.sessionContext.sessionIssuer.userName AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName`, + userIdentity.sessionContext.ec2RoleDelivery AS `aws.cloudtrail.userIdentity.sessionContext.ec2RoleDelivery`, - rec.eventVersion AS `aws.cloudtrail.eventVersion`, - CAST(rec.eventTime AS TIMESTAMP) AS `@timestamp`, - rec.eventSource AS `aws.cloudtrail.eventSource`, - rec.eventName AS `aws.cloudtrail.eventName`, - rec.eventCategory AS `aws.cloudtrail.eventCategory`, - rec.eventType AS `aws.cloudtrail.eventType`, - rec.eventId AS `aws.cloudtrail.eventId`, + eventVersion AS `aws.cloudtrail.eventVersion`, + CAST( eventTime AS TIMESTAMP) AS `@timestamp`, + eventSource AS `aws.cloudtrail.eventSource`, + eventName AS `aws.cloudtrail.eventName`, + eventCategory AS `aws.cloudtrail.eventCategory`, + eventType AS `aws.cloudtrail.eventType`, + eventId AS `aws.cloudtrail.eventId`, - rec.awsRegion AS `aws.cloudtrail.awsRegion`, - rec.sourceIPAddress AS `aws.cloudtrail.sourceIPAddress`, - rec.userAgent AS `aws.cloudtrail.userAgent`, - rec.errorCode AS `errorCode`, - rec.errorMessage AS `errorMessage`, - rec.requestParameters AS `aws.cloudtrail.requestParameter`, - rec.responseElements AS `aws.cloudtrail.responseElements`, - rec.additionalEventData AS `aws.cloudtrail.additionalEventData`, - rec.requestId AS `aws.cloudtrail.requestId`, - rec.resources AS `aws.cloudtrail.resources`, - rec.apiVersion AS `aws.cloudtrail.apiVersion`, - rec.readOnly AS `aws.cloudtrail.readOnly`, - rec.recipientAccountId AS `aws.cloudtrail.recipientAccountId`, - rec.serviceEventDetails AS `aws.cloudtrail.serviceEventDetails`, - rec.sharedEventId AS `aws.cloudtrail.sharedEventId`, - rec.vpcEndpointId AS `aws.cloudtrail.vpcEndpointId`, - rec.tlsDetails.tlsVersion AS `aws.cloudtrail.tlsDetails.tls_version`, - rec.tlsDetails.cipherSuite AS `aws.cloudtrail.tlsDetailscipher_suite`, - rec.tlsDetails.clientProvidedHostHeader AS `aws.cloudtrail.tlsDetailsclient_provided_host_header` + awsRegion AS `aws.cloudtrail.awsRegion`, + sourceIPAddress AS `aws.cloudtrail.sourceIPAddress`, + userAgent AS `aws.cloudtrail.userAgent`, + errorCode AS `errorCode`, + errorMessage AS `errorMessage`, + requestParameters AS `aws.cloudtrail.requestParameter`, + responseElements AS `aws.cloudtrail.responseElements`, + additionalEventData AS `aws.cloudtrail.additionalEventData`, + requestId AS `aws.cloudtrail.requestId`, + resources AS `aws.cloudtrail.resources`, + apiVersion AS `aws.cloudtrail.apiVersion`, + readOnly AS `aws.cloudtrail.readOnly`, + recipientAccountId AS `aws.cloudtrail.recipientAccountId`, + serviceEventDetails AS `aws.cloudtrail.serviceEventDetails`, + sharedEventId AS `aws.cloudtrail.sharedEventId`, + vpcEndpointId AS `aws.cloudtrail.vpcEndpointId`, + tlsDetails.tlsVersion AS `aws.cloudtrail.tlsDetails.tls_version`, + tlsDetails.cipherSuite AS `aws.cloudtrail.tlsDetailscipher_suite`, + tlsDetails.clientProvidedHostHeader AS `aws.cloudtrail.tlsDetailsclient_provided_host_header` FROM {table_name} - LATERAL VIEW explode(Records) myTable AS rec WITH ( auto_refresh = true, refresh_interval = '15 Minute', diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-records-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-records-1.0.0.sql new file mode 100644 index 000000000..579bcbd83 --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_mv_cloud-trail-records-1.0.0.sql @@ -0,0 +1,55 @@ +CREATE MATERIALIZED VIEW {table_name}__mview AS +SELECT + rec.userIdentity.type AS `aws.cloudtrail.userIdentity.type`, + rec.userIdentity.principalId AS `aws.cloudtrail.userIdentity.principalId`, + rec.userIdentity.arn AS `aws.cloudtrail.userIdentity.arn`, + rec.userIdentity.accountId AS `aws.cloudtrail.userIdentity.accountId`, + rec.userIdentity.invokedBy AS `aws.cloudtrail.userIdentity.invokedBy`, + rec.userIdentity.accessKeyId AS `aws.cloudtrail.userIdentity.accessKeyId`, + rec.userIdentity.userName AS `aws.cloudtrail.userIdentity.userName`, + rec.userIdentity.sessionContext.attributes.mfaAuthenticated AS `aws.cloudtrail.userIdentity.sessionContext.attributes.mfaAuthenticated`, + CAST(rec.userIdentity.sessionContext.attributes.creationDate AS TIMESTAMP) AS `aws.cloudtrail.userIdentity.sessionContext.attributes.creationDate`, + rec.userIdentity.sessionContext.sessionIssuer.type AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.type`, + rec.userIdentity.sessionContext.sessionIssuer.principalId AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.principalId`, + rec.userIdentity.sessionContext.sessionIssuer.arn AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.arn`, + rec.userIdentity.sessionContext.sessionIssuer.accountId AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.accountId`, + rec.userIdentity.sessionContext.sessionIssuer.userName AS `aws.cloudtrail.userIdentity.sessionContext.sessionIssuer.userName`, + rec.userIdentity.sessionContext.ec2RoleDelivery AS `aws.cloudtrail.userIdentity.sessionContext.ec2RoleDelivery`, + + rec.eventVersion AS `aws.cloudtrail.eventVersion`, + CAST(rec.eventTime AS TIMESTAMP) AS `@timestamp`, + rec.eventSource AS `aws.cloudtrail.eventSource`, + rec.eventName AS `aws.cloudtrail.eventName`, + rec.eventCategory AS `aws.cloudtrail.eventCategory`, + rec.eventType AS `aws.cloudtrail.eventType`, + rec.eventId AS `aws.cloudtrail.eventId`, + + rec.awsRegion AS `aws.cloudtrail.awsRegion`, + rec.sourceIPAddress AS `aws.cloudtrail.sourceIPAddress`, + rec.userAgent AS `aws.cloudtrail.userAgent`, + rec.errorCode AS `errorCode`, + rec.errorMessage AS `errorMessage`, + rec.requestParameters AS `aws.cloudtrail.requestParameter`, + rec.responseElements AS `aws.cloudtrail.responseElements`, + rec.additionalEventData AS `aws.cloudtrail.additionalEventData`, + rec.requestId AS `aws.cloudtrail.requestId`, + rec.resources AS `aws.cloudtrail.resources`, + rec.apiVersion AS `aws.cloudtrail.apiVersion`, + rec.readOnly AS `aws.cloudtrail.readOnly`, + rec.recipientAccountId AS `aws.cloudtrail.recipientAccountId`, + rec.serviceEventDetails AS `aws.cloudtrail.serviceEventDetails`, + rec.sharedEventId AS `aws.cloudtrail.sharedEventId`, + rec.vpcEndpointId AS `aws.cloudtrail.vpcEndpointId`, + rec.tlsDetails.tlsVersion AS `aws.cloudtrail.tlsDetails.tls_version`, + rec.tlsDetails.cipherSuite AS `aws.cloudtrail.tlsDetailscipher_suite`, + rec.tlsDetails.clientProvidedHostHeader AS `aws.cloudtrail.tlsDetailsclient_provided_host_header` +FROM + {table_name} + LATERAL VIEW explode(Records) explodedCloudTrailsTable AS rec +WITH ( + auto_refresh = true, + refresh_interval = '15 Minute', + checkpoint_location = '{s3_checkpoint_location}', + watermark_delay = '1 Minute', + extra_options = '{ "{table_name}": { "maxFilesPerTrigger": "10" }}' + ) diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_skipping_index-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_skipping_index-1.0.0.sql index 8345bc489..224a16488 100644 --- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_skipping_index-1.0.0.sql +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_skipping_index-1.0.0.sql @@ -1,13 +1,13 @@ CREATE SKIPPING INDEX ON {table_name} ( - rec.userIdentity.principalId BLOOM_FILTER, - rec.userIdentity.accountId BLOOM_FILTER, - rec.userIdentity.userName BLOOM_FILTER, - rec.sourceIPAddress BLOOM_FILTER, - rec.eventId BLOOM_FILTER, - rec.userIdentity.type VALUE_SET, - rec.eventName VALUE_SET, - rec.eventType VALUE_SET, - rec.awsRegion VALUE_SET + `userIdentity.principalId` BLOOM_FILTER, + `userIdentity.accountId` BLOOM_FILTER, + `userIdentity.userName` BLOOM_FILTER, + `sourceIPAddress` BLOOM_FILTER, + `eventId` BLOOM_FILTER, + `userIdentity.type` VALUE_SET, + `eventName` VALUE_SET, + `eventType` VALUE_SET, + `awsRegion` VALUE_SET ) WITH ( auto_refresh = true, refresh_interval = '15 Minutes', diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-1.0.0.sql index 0ca7fd0ae..66ed54f31 100644 --- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-1.0.0.sql +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-1.0.0.sql @@ -1,5 +1,4 @@ -CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} ( - Records ARRAY - >> -) USING json -LOCATION '{s3_bucket_location}' +) +USING json OPTIONS ( - compression='gzip', - recursivefilelookup='true' + PATH '{s3_bucket_location}', + recursivefilelookup='true', + multiline 'true' ) diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-records-1.0.0.sql b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-records-1.0.0.sql new file mode 100644 index 000000000..f5c78ccab --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/create_table_cloud-trail-records-1.0.0.sql @@ -0,0 +1,67 @@ +CREATE EXTERNAL TABLE IF NOT EXISTS {table_name} ( + Records ARRAY, + sessionIssuer:STRUCT< + type:STRING, + principalId:STRING, + arn:STRING, + accountId:STRING, + userName:STRING + >, + ec2RoleDelivery:STRING, + webIdFederationData:MAP + > + >, + eventTime STRING, + eventSource STRING, + eventName STRING, + awsRegion STRING, + sourceIPAddress STRING, + userAgent STRING, + errorCode STRING, + errorMessage STRING, + requestParameters STRING, + responseElements STRING, + additionalEventData STRING, + requestId STRING, + eventId STRING, + resources ARRAY>, + eventType STRING, + apiVersion STRING, + readOnly STRING, + recipientAccountId STRING, + serviceEventDetails STRING, + sharedEventId STRING, + vpcEndpointId STRING, + eventCategory STRING, + tlsDetails STRUCT< + tlsVersion:STRING, + cipherSuite:STRING, + clientProvidedHostHeader:STRING + > + >> +) +USING json +LOCATION '{s3_bucket_location}' +OPTIONS ( + compression='gzip', + recursivefilelookup='true', + multiline 'true' +) diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson index d580b8193..8a26da4c8 100644 --- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-1.0.0.ndjson @@ -1,5 +1,5 @@ -{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"CloudTrail_Error_and_No_MFA_Events","query":"SELECT rec.userIdentity.type, rec.userIdentity.principalId, rec.userIdentity.accountId, rec.userIdentity.userName, rec.eventName, rec.eventType, rec.eventId, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, rec.errorMessage, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="} -{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Recent_Security_Risk_Events","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="} -{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number_recent_Security_issues","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="} -{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Critical_Resource_Access_Events","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.resources, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE (rec.eventName LIKE '%Modify%' OR rec.eventName LIKE '%Delete%' OR rec.eventName LIKE '%Put%' OR rec.eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="} +{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"CloudTrail_Error_and_No_MFA_Events","query":"SELECT userIdentity.type, userIdentity.principalId, userIdentity.accountId, userIdentity.userName, eventName, eventType, eventId, awsRegion, sourceIPAddress, errorCode, errorMessage, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE errorCode IS NOT NULL AND userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="} +{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Recent_Security_Risk_Events","query":"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="} +{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number_recent_Security_issues","query":"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, errorCode, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE errorCode IS NOT NULL AND userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="} +{"attributes":{"createdTimeMs":1713290175174,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Critical_Resource_Access_Events","query":"SELECT userIdentity.userName, eventName, awsRegion, sourceIPAddress, resources, CAST(eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} WHERE (eventName LIKE '%Modify%' OR eventName LIKE '%Delete%' OR eventName LIKE '%Put%' OR eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692d","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="} {"exportedCount":7,"missingRefCount":0,"missingReferences":[]} diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson new file mode 100644 index 000000000..42e5338de --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/assets/example_queries-records-1.0.0.ndjson @@ -0,0 +1,5 @@ +{"attributes":{"createdTimeMs":1713289099101,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"CloudTrail_Error_and_No_MFA_Events","query":"SELECT rec.userIdentity.type, rec.userIdentity.principalId, rec.userIdentity.accountId, rec.userIdentity.userName, rec.eventName, rec.eventType, rec.eventId, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, rec.errorMessage, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 10;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"CloudTrail Error & No MFA Events","version":1},"id":"1d07d010-fc18-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:52:30.414Z","version":"WzI3NTEsMV0="} +{"attributes":{"createdTimeMs":1713293044079,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Recent_Security_Risk_Events","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.sourceIPAddress NOT LIKE '192.168.%.%' ORDER BY event_timestamp DESC LIMIT 50;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Recent Security Risk Events","version":1},"id":"4c6b8820-fc21-11ee-ab45-d3075d0510e6","references":[],"type":"observability-search","updated_at":"2024-04-16T18:44:47.956Z","version":"WzI4MzAsMV0="} +{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Number_recent_Security_issues","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.errorCode, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE rec.errorCode IS NOT NULL AND rec.userIdentity.sessionContext.attributes.mfaAuthenticated = 'false' ORDER BY event_timestamp DESC LIMIT 5;","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Number of recent Security issues","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692c","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="} +{"attributes":{"createdTimeMs":1713290175184,"savedQuery":{"data_sources":"[{\"name\":\"mys3\",\"type\":\"s3glue\",\"label\":\"mys3\",\"value\":\"mys3\"}]","description":"","name":"Critical_Resource_Access_Events","query":"SELECT rec.userIdentity.userName, rec.eventName, rec.awsRegion, rec.sourceIPAddress, rec.resources, CAST(rec.eventTime AS TIMESTAMP) AS event_timestamp FROM {table_name} LATERAL VIEW explode(Records) myTable AS rec WHERE (rec.eventName LIKE '%Modify%' OR rec.eventName LIKE '%Delete%' OR rec.eventName LIKE '%Put%' OR rec.eventName LIKE '%Post%') ORDER BY event_timestamp DESC LIMIT 10;\n","query_lang":"SQL","selected_date_range":{"end":"now","start":"now-15m","text":""},"selected_fields":{"text":"","tokens":[]},"selected_timestamp":{"name":"","type":"timestamp"}},"title":"Critical Resource Access Events","version":1},"id":"9e6a9b40-fc1a-11ee-99c9-43e5dbd0692d","references":[],"type":"observability-search","updated_at":"2024-04-16T17:56:15.220Z","version":"WzI3NTIsMV0="} +{"exportedCount":7,"missingRefCount":0,"missingReferences":[]} diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/aws_cloudtrail-1.0.0.json b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/aws_cloudtrail-1.0.0.json index 4eb06e16c..173c0a9cb 100644 --- a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/aws_cloudtrail-1.0.0.json +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/aws_cloudtrail-1.0.0.json @@ -9,12 +9,6 @@ "author": "OpenSearch", "sourceUrl": "https://github.com/opensearch-project/dashboards-observability/tree/main/server/adaptors/integrations/__data__/repository/aws_cloudtrail/info", "workflows": [ - { - "name": "queries", - "label": "Queries (recommended)", - "description": "Tables and pre-written queries for quickly getting insights on your data.", - "enabled_by_default": true - }, { "name": "dashboards", "label": "Dashboards & Visualizations", @@ -23,9 +17,15 @@ }, { "name": "dashboards-flint", - "label": "Dashboards & Visualizations adapted to Flint", + "label": "Dashboards & Visualizations & sample queries adapted to Flint", "description": "Dashboards and visualizations adapted to Flint S3 datasource that enable you to easily visualize data residing on S3", "enabled_by_default": false + }, + { + "name": "dashboards-flint-records", + "label": "Dashboards & Visualizations & sample queries adapted to Flint (Multi-Records Protocol)", + "description": "Dashboards and visualizations adapted to Flint S3 datasource that enable you to easily visualize data residing on S3 (Multi-Records Protocol)", + "enabled_by_default": true } ], "statics": { @@ -60,46 +60,67 @@ ], "assets": [ { - "name": "aws_cloudtrail", - "version": "1.0.0", - "extension": "ndjson", - "type": "savedObjectBundle", - "workflows": ["dashboards"] - }, - { - "name": "aws_cloudtrail-flint", + "name": "create_table_cloud-trail", "version": "1.0.0", - "extension": "ndjson", - "type": "savedObjectBundle", + "extension": "sql", + "type": "query", "workflows": ["dashboards-flint"] }, { - "name": "create_skipping_index", + "name": "create_table_cloud-trail-records", "version": "1.0.0", "extension": "sql", "type": "query", - "workflows": ["queries"] + "workflows": ["dashboards-flint-records"] }, { - "name": "example_queries", + "name": "create_skipping_index", "version": "1.0.0", - "extension": "ndjson", - "type": "savedObjectBundle", - "workflows": ["queries"] + "extension": "sql", + "type": "query", + "workflows": ["dashboards-flint"] }, { - "name": "create_table_cloud-trail", + "name": "create_mv_cloud-trail", "version": "1.0.0", "extension": "sql", "type": "query", "workflows": ["dashboards-flint"] }, { - "name": "create_mv_cloud-trail", + "name": "create_mv_cloud-trail-records", "version": "1.0.0", "extension": "sql", "type": "query", + "workflows": ["dashboards-flint-records"] + }, + { + "name": "aws_cloudtrail", + "version": "1.0.0", + "extension": "ndjson", + "type": "savedObjectBundle", + "workflows": ["dashboards"] + }, + { + "name": "aws_cloudtrail-flint", + "version": "1.0.0", + "extension": "ndjson", + "type": "savedObjectBundle", + "workflows": ["dashboards-flint","dashboards-flint-records"] + }, + { + "name": "example_queries", + "version": "1.0.0", + "extension": "ndjson", + "type": "savedObjectBundle", "workflows": ["dashboards-flint"] + }, + { + "name": "example_queries-records", + "version": "1.0.0", + "extension": "ndjson", + "type": "savedObjectBundle", + "workflows": ["dashboards-flint-records"] } ], "sampleData": { diff --git a/server/adaptors/integrations/__data__/repository/aws_cloudtrail/data/raw-sample.json b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/data/raw-sample.json new file mode 100644 index 000000000..5ef41d5aa --- /dev/null +++ b/server/adaptors/integrations/__data__/repository/aws_cloudtrail/data/raw-sample.json @@ -0,0 +1,44 @@ +{ + "eventVersion": "1.08", + "userIdentity": { + "type": "AssumedRole", + "principalId": "***:Palisade-UDD", + "arn": "arn***/assumed-role/AwsSecurityAudit/Palisade", + "accountId": "700***", + "accessKeyId": "ASIA2***", + "sessionContext": { + "sessionIssuer": { + "type": "Role", + "principalId": "***45X7ON", + "arn": "arn***/AwsSecurityAudit", + "accountId": "700***", + "userName": "AwsSecurityAudit" + }, + "webIdFederationData": {}, + "attributes": { + "creationDate": "2024-05-22T06:35:53Z", + "mfaAuthenticated": "false" + } + } + }, + "eventTime": "2024-05-22T06:35:54Z", + "eventSource": "es.amazonaws.com", + "eventName": "ListDomainNames", + "awsRegion": "ap-northeast-1", + "sourceIPAddress": "30.*.0.210", + "userAgent": "Boto3/1.34.108 md/Botocore#1.34.108 md/internal ua/2.0 os/linux#5.10.215-203.850.amzn2.x86_64 md/arch#x86_64 lang/python#3.8.19 md/pyimpl#CPython exec-env/AWS_ECS_FARGATE cfg/retry-mode#standard Botocore/1.34.108", + "requestParameters": null, + "responseElements": null, + "requestID": "8567e078-0cd7-433e-91c3-d75639736545", + "eventID": "07d7cb7a-597b-4420-8f83-32180384417c", + "readOnly": true, + "eventType": "AwsApiCall", + "managementEvent": true, + "recipientAccountId": "700***", + "eventCategory": "Management", + "tlsDetails": { + "tlsVersion": "TLSv1.3", + "cipherSuite": "TLS_AES_128_GCM_SHA256", + "clientProvidedHostHeader": "es.ap-northeast-1.amazonaws.com" + } +}