replace TSVBs with metric visualizations

kibana/dashboards/4f6f3440-6d62-11e7-8ddb-e71eb260f4a3.json

@@ -4,7 +4,7 @@
     {
       "id": "4f6f3440-6d62-11e7-8ddb-e71eb260f4a3",
       "type": "dashboard",
-      "version": 3,
+      "version": 1,
       "attributes": {
         "hits": 0,
         "timeRestore": false,

kibana/dashboards/AV6-POJSDwoBUzALqKAg.json

@@ -4,7 +4,7 @@
     {
       "id": "AV6-PHKnDwoBUzALqJ_c",
       "type": "visualization",
-      "version": 3,
+      "version": 1,
       "attributes": {
         "title": "Help",
         "visState": "{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack!  This is our implementation of the Elastic Stack on Security Onion.  The Elastic Stack consists of three primary components:\\n- Elasticsearch\\n- Logstash\\n- Kibana\\n\\nElasticsearch is the database that stores the logs, Logstash is used to collect and enrich logs before storing them in Elasticsearch, and Kibana is the web interface for visualizing those logs that you're looking at right now.\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar.  This contains links such as:\\n- Discover\\n- Visualize\\n- Dashboard\\n- Timelion\\n- Dev Tools\\n- Management\\n- Squert\\n- Logout\\n\\nThe first six of those links are within Kibana itself.  If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert.  You will not be required to authenticate to Squert since you have already authenticated to Apache.\\n\\nClicking the `Logout` link in Squert or Kibana will log you out of your Apache session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as NIDS Alerts, Bro HTTP logs, Syslog, etc.\\n\\n## Dashboards\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors.  Clicking one of the links in the Navigation Panel will take you to another dashboard with information relating to that particular log type.  These dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n## Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked.  These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked.  This hyperlink will start a new Kibana search for that particular UID.  In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked.  This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type.  This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log.  \\n\\nPreviously, in Squert, you could pivot from an IP address to ELSA.  That pivot has been removed and replaced with a pivot to Kibana.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/wiki/Elastic\",\"type\":\"markdown\"},\"aggs\":[],\"listeners\":{}}",
@@ -24,7 +24,7 @@
     {
       "id": "b3b449d0-3429-11e7-9d52-4f090484f59e",
       "type": "visualization",
-      "version": 107,
+      "version": 53,
       "attributes": {
         "title": "Navigation",
         "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/app/kibana#/dashboard/94b52620-342a-11e7-9d52-4f090484f59e)   \\n[Help](/app/kibana#/dashboard/AV6-POJSDwoBUzALqKAg)   \\n\\n**Alert Data:**\\n\\n[Bro Notices](/app/kibana#/dashboard/01600fb0-34e4-11e7-9669-7f1d3242b798)   \\n[ElastAlert](/app/kibana#/dashboard/1d98d620-7dce-11e7-846a-150cdcaf3374)   \\n[HIDS](/app/kibana#/dashboard/0de7a390-3644-11e7-a6f7-4f44d7bf1c33)   \\n[NIDS](/app/kibana#/dashboard/7f27a830-34e5-11e7-9669-7f1d3242b798)      \\n\\n**Bro Hunting:**   \\n\\n   [Connections](/app/kibana#/dashboard/e0a34b90-34e6-11e7-9118-45bd317f0ca4)   \\n[DCE/RPC](/app/kibana#/dashboard/46582d50-3af2-11e7-a83b-b1b4da7d15f4)   \\n[DHCP](/app/kibana#/dashboard/85348270-357b-11e7-ac34-8965f6420c51)  \\n[DNP3](/app/kibana#/dashboard/2fdf5bf0-3581-11e7-98ef-19df58fe538b)  \\n[DNS](/app/kibana#/dashboard/ebf5ec90-34bf-11e7-9b32-bb903919ead9)  \\n[Files](/app/kibana#/dashboard/2d315d80-3582-11e7-98ef-19df58fe538b)    \\n[FTP](/app/kibana#/dashboard/27f3b380-3583-11e7-a588-05992195c551)   \\n[HTTP](/app/kibana#/dashboard/230134a0-34c6-11e7-8360-0b86c90983fd)  \\n[Intel](/app/kibana#/dashboard/468022c0-3583-11e7-a588-05992195c551)  \\n[IRC](/app/kibana#/dashboard/56a34ce0-3583-11e7-a588-05992195c551)  \\n[Kerberos](/app/kibana#/dashboard/6b0d4870-3583-11e7-a588-05992195c551)  \\n[Modbus](/app/kibana#/dashboard/70c005f0-3583-11e7-a588-05992195c551)  \\n[MySQL](/app/kibana#/dashboard/7929f430-3583-11e7-a588-05992195c551)  \\n[NTLM](/app/kibana#/dashboard/022713e0-3ab0-11e7-a83b-b1b4da7d15f4)   \\n[PE](/app/kibana#/dashboard/8a10e380-3583-11e7-a588-05992195c551)  \\n[RADIUS](/app/kibana#/dashboard/90b246c0-3583-11e7-a588-05992195c551)  \\n[RDP](/app/kibana#/dashboard/97f8c3a0-3583-11e7-a588-05992195c551)  \\n[RFB](/app/kibana#/dashboard/9ef20ae0-3583-11e7-a588-05992195c551)  \\n[SIP](/app/kibana#/dashboard/ad3c0830-\\n3583-11e7-a588-05992195c551)   \\n[SMB](/app/kibana#/dashboard/b3a53710-3aaa-11e7-8b17-0d8709b02c80)     \\n[SMTP](/app/kibana#/dashboard/b10a9c60-3583-11e7-a588-05992195c551)  \\n[SNMP](/app/kibana#/dashboard/b65c2710-3583-11e7-a588-05992195c551)  \\n[Software](/app/kibana#/dashboard/c2c99c30-3583-11e7-a588-05992195c551)  \\n[SSH](/app/kibana#/dashboard/c6ccfc00-3583-11e7-a588-05992195c551)  \\n[SSL](/app/kibana#/dashboard/cca67b60-3583-11e7-a588-05992195c551)  \\n[Syslog](/app/kibana#/dashboard/c4bbe040-76b3-11e7-ba96-cba76a1e264d)   \\n[Tunnels](/app/kibana#/dashboard/d7b54ae0-3583-11e7-a588-05992195c551)  \\n[Weird](/app/kibana#/dashboard/de2da250-3583-11e7-a588-05992195c551)  \\n[X.509](/app/kibana#/dashboard/e5aa7170-3583-11e7-a588-05992195c551)  \\n\\n**Host Hunting:**   \\n\\n[Autoruns](/app/kibana#/dashboard/61d43810-6d62-11e7-8ddb-e71eb260f4a3)   \\n[Beats](/app/kibana#/dashboard/AWBLNS3CRuBloj96jxub)  \\n[OSSEC](/app/kibana#/dashboard/3a457d70-3583-11e7-a588-05992195c551)    \\n[Sysmon](/app/kibana#/dashboard/6d189680-6d62-11e7-8ddb-e71eb260f4a3)      \\n\\n**Other:**   \\n   \\n[Domain Stats](/app/kibana#/dashboard/AWAi6wvxAvKNGEbUWO_j)  \\n[Firewall](/app/kibana#/dashboard/50173bd0-3582-11e7-98ef-19df58fe538b)   \\n[Frequency](/app/kibana#/dashboard/AWAi5k4jAvKNGEbUWFis)  \\n[Stats](/app/kibana#/dashboard/130017f0-46ce-11e7-946f-1bfb1be7c36b)   \\n[Syslog](/app/kibana#/dashboard/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\"},\"aggs\":[],\"listeners\":{}}",
@@ -44,7 +44,7 @@
     {
       "id": "AV6-POJSDwoBUzALqKAg",
       "type": "dashboard",
-      "version": 3,
+      "version": 1,
       "attributes": {
         "title": "Help",
         "hits": 0,