From 5f5ede9bec71adec7b2714097cf019faa20b23b7 Mon Sep 17 00:00:00 2001 From: Edoardo Tenani <526307+endorama@users.noreply.github.com> Date: Thu, 6 Oct 2022 17:04:24 +0200 Subject: [PATCH] [GCP] Move dashboard visualizations to by value (#4214) --- packages/gcp/changelog.yml | 5 + ...-48e12760-cbe4-11ec-b519-85ccf621cbbf.json | 1239 +++--- ...-6041d970-a6ae-11ea-950e-d57608e3aa51.json | 659 +++- ...-76c9e920-e890-11ea-bf8c-d13ebf358a78.json | 850 ++++- ...-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json | 3377 +++++++++-------- ...-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json | 552 ++- ...-9484a4cd-685f-450e-aeaa-728fbdbea20f.json | 3305 ++++++++-------- ...-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json | 724 +++- ...-f40ee870-5e4a-11ea-a4f6-717338406083.json | 886 +++-- ...-057de170-e88d-11ea-bf8c-d13ebf358a78.json | 87 - ...-520c6f10-ec8a-11ea-a0ed-7fe6b565d158.json | 83 - ...-73346db0-e88d-11ea-bf8c-d13ebf358a78.json | 153 - ...-dd835300-e88f-11ea-bf8c-d13ebf358a78.json | 58 - ...-e6933020-e88d-11ea-bf8c-d13ebf358a78.json | 108 - ...-0bd0a6e0-9156-11ea-8180-7b0dacd9df87.json | 70 - ...-2f6b6740-909b-11ea-8180-7b0dacd9df87.json | 71 - ...-3f472ea0-5e47-11ea-a4f6-717338406083.json | 67 - ...-3f4e9040-909d-11ea-8180-7b0dacd9df87.json | 113 - ...-434f69f0-909b-11ea-8180-7b0dacd9df87.json | 71 - ...-43f45ba0-5e4a-11ea-a4f6-717338406083.json | 66 - ...-543dac40-909b-11ea-8180-7b0dacd9df87.json | 71 - ...-5d2f9160-e88e-11ea-bf8c-d13ebf358a78.json | 97 - ...-6958ed10-a6ad-11ea-950e-d57608e3aa51.json | 97 - ...-6f795e70-5e49-11ea-a4f6-717338406083.json | 66 - ...-6f933ef0-9155-11ea-8180-7b0dacd9df87.json | 74 - ...-89513bc0-5e48-11ea-a4f6-717338406083.json | 66 - ...-8d4ddf40-9155-11ea-8180-7b0dacd9df87.json | 70 - ...-95e1f050-5e48-11ea-a4f6-717338406083.json | 66 - ...-9d919d00-5e4d-11ea-a4f6-717338406083.json | 85 - ...-afeb98a0-a6ac-11ea-950e-d57608e3aa51.json | 76 - ...-be27b340-a6ac-11ea-950e-d57608e3aa51.json | 76 - ...-c4e1e090-a6aa-11ea-950e-d57608e3aa51.json | 77 - ...-d5418f80-9156-11ea-8180-7b0dacd9df87.json | 91 - ...-d63465e0-9154-11ea-8180-7b0dacd9df87.json | 74 - ...-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json | 116 - ...-dff87070-9155-11ea-8180-7b0dacd9df87.json | 70 - ...-e562eb50-909a-11ea-8180-7b0dacd9df87.json | 71 - ...-eb891a20-9155-11ea-8180-7b0dacd9df87.json | 70 - ...-eed05d80-a6ac-11ea-950e-d57608e3aa51.json | 77 - ...-ef1508c0-5e4c-11ea-a4f6-717338406083.json | 87 - ...-f86c26f0-a6aa-11ea-950e-d57608e3aa51.json | 77 - packages/gcp/manifest.yml | 4 +- 42 files changed, 6835 insertions(+), 7367 deletions(-) delete mode 100644 packages/gcp/kibana/lens/gcp-057de170-e88d-11ea-bf8c-d13ebf358a78.json delete mode 100644 packages/gcp/kibana/lens/gcp-520c6f10-ec8a-11ea-a0ed-7fe6b565d158.json delete mode 100644 packages/gcp/kibana/lens/gcp-73346db0-e88d-11ea-bf8c-d13ebf358a78.json delete mode 100644 packages/gcp/kibana/lens/gcp-dd835300-e88f-11ea-bf8c-d13ebf358a78.json delete mode 100644 packages/gcp/kibana/lens/gcp-e6933020-e88d-11ea-bf8c-d13ebf358a78.json delete mode 100644 packages/gcp/kibana/visualization/gcp-0bd0a6e0-9156-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-2f6b6740-909b-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-3f472ea0-5e47-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-3f4e9040-909d-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-434f69f0-909b-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-43f45ba0-5e4a-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-543dac40-909b-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-5d2f9160-e88e-11ea-bf8c-d13ebf358a78.json delete mode 100644 packages/gcp/kibana/visualization/gcp-6958ed10-a6ad-11ea-950e-d57608e3aa51.json delete mode 100644 packages/gcp/kibana/visualization/gcp-6f795e70-5e49-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-6f933ef0-9155-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-89513bc0-5e48-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-8d4ddf40-9155-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-95e1f050-5e48-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-9d919d00-5e4d-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-afeb98a0-a6ac-11ea-950e-d57608e3aa51.json delete mode 100644 packages/gcp/kibana/visualization/gcp-be27b340-a6ac-11ea-950e-d57608e3aa51.json delete mode 100644 packages/gcp/kibana/visualization/gcp-c4e1e090-a6aa-11ea-950e-d57608e3aa51.json delete mode 100644 packages/gcp/kibana/visualization/gcp-d5418f80-9156-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-d63465e0-9154-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json delete mode 100644 packages/gcp/kibana/visualization/gcp-dff87070-9155-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-e562eb50-909a-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-eb891a20-9155-11ea-8180-7b0dacd9df87.json delete mode 100644 packages/gcp/kibana/visualization/gcp-eed05d80-a6ac-11ea-950e-d57608e3aa51.json delete mode 100644 packages/gcp/kibana/visualization/gcp-ef1508c0-5e4c-11ea-a4f6-717338406083.json delete mode 100644 packages/gcp/kibana/visualization/gcp-f86c26f0-a6aa-11ea-950e-d57608e3aa51.json diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index 8cee436c6d7..faf03fd2c43 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.13.0" + changes: + - description: Migrate dashboard by values + type: enhancement + link: https://github.com/elastic/integrations/pull/4214 - version: "2.12.1" changes: - description: Remove duplicate fields. diff --git a/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json b/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json index 3576d1e75b3..2dada268897 100644 --- a/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json +++ b/packages/gcp/kibana/dashboard/gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf.json @@ -1,639 +1,644 @@ { - "attributes": { - "description": "Overview of the audit log data from Google Cloud.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.audit" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.audit" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } + "id": "gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNCwxXQ==", + "attributes": { + "description": "Overview of the audit log data from Google Cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.audit" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.audit" + } } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "search", + "gridData": { + "h": 9, + "i": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "w": 48, + "x": 0, + "y": 29 }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "panelIndex": "95ebbda8-9b00-4b23-b116-72569ea031e3", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 9, - "i": "95ebbda8-9b00-4b23-b116-72569ea031e3", - "w": 48, - "x": 0, - "y": 29 + "title": "Audit Event List", + "panelRefName": "panel_95ebbda8-9b00-4b23-b116-72569ea031e3" + }, + { + "version": "7.17.0", + "type": "map", + "gridData": { + "h": 15, + "i": "68d8455e-9e37-48fa-ae7c-ee1022c52dff", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "68d8455e-9e37-48fa-ae7c-ee1022c52dff", + "embeddableConfig": { + "attributes": { + "description": "", + "layerListJSON": "[{\"alpha\":1,\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:gcp.audit\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"indexPatternId\":\"logs-*\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", + "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"settings\":{\"autoFitToDataBounds\":false},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"zoom\":1.97}", + "references": [ + { + "id": "logs-*", + "name": "layer_1_source_index_pattern", + "type": "index-pattern" + } + ], + "title": "Audit Source Locations [Logs GCP]", + "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + }, + "enhancements": {}, + "hiddenLayers": [], + "hidePanelTitles": false, + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 32.1625, + "lon": -48.67493, + "zoom": 1.97 + }, + "openTOCDetails": [] + }, + "title": "Audit Source Locations" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "9f857560-27dd-4dfc-8b9d-814d0877fa0c", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "9f857560-27dd-4dfc-8b9d-814d0877fa0c", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "95ebbda8-9b00-4b23-b116-72569ea031e3", - "panelRefName": "panel_95ebbda8-9b00-4b23-b116-72569ea031e3", - "title": "Audit Event List", - "type": "search", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "layerListJSON": "[{\"alpha\":1,\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"isAutoSelect\":true,\"type\":\"EMS_TMS\"},\"style\":{},\"type\":\"VECTOR_TILE\",\"visible\":true},{\"alpha\":0.75,\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"joins\":[],\"label\":\"Source Locations\",\"maxZoom\":24,\"minZoom\":0,\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:gcp.audit\"},\"sourceDescriptor\":{\"applyGlobalQuery\":true,\"filterByMapBounds\":true,\"geoField\":\"source.geo.location\",\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"scalingType\":\"LIMIT\",\"sortField\":\"\",\"sortOrder\":\"desc\",\"tooltipProperties\":[],\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"indexPatternId\":\"logs-*\"},\"style\":{\"isTimeAware\":true,\"properties\":{\"fillColor\":{\"options\":{\"color\":\"#54B399\"},\"type\":\"STATIC\"},\"icon\":{\"options\":{\"value\":\"marker\"},\"type\":\"STATIC\"},\"iconOrientation\":{\"options\":{\"orientation\":0},\"type\":\"STATIC\"},\"iconSize\":{\"options\":{\"size\":6},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#FFFFFF\"},\"type\":\"STATIC\"},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"labelColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelText\":{\"options\":{\"value\":\"\"},\"type\":\"STATIC\"},\"lineColor\":{\"options\":{\"color\":\"#41937c\"},\"type\":\"STATIC\"},\"lineWidth\":{\"options\":{\"size\":1},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}}},\"type\":\"VECTOR\"},\"type\":\"VECTOR\",\"visible\":true}]", - "mapStateJSON": "{\"center\":{\"lat\":19.94277,\"lon\":0},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"refreshConfig\":{\"interval\":0,\"isPaused\":false},\"settings\":{\"autoFitToDataBounds\":false},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"zoom\":1.97}", - "references": [ - { - "id": "logs-*", - "name": "layer_1_source_index_pattern", - "type": "index-pattern" - } - ], - "title": "Audit Source Locations [Logs GCP]", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" - }, - "enhancements": {}, - "hiddenLayers": [], - "hidePanelTitles": false, - "isLayerTOCOpen": false, - "mapCenter": { - "lat": 32.1625, - "lon": -48.67493, - "zoom": 1.97 + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" }, - "openTOCDetails": [] - }, - "gridData": { - "h": 15, - "i": "68d8455e-9e37-48fa-ae7c-ee1022c52dff", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "68d8455e-9e37-48fa-ae7c-ee1022c52dff", - "title": "Audit Source Locations", - "type": "map", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "drop_partials": false, - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1, - "scaleMetricValues": false, - "timeRange": { - "from": "now-15m", - "to": "now" - }, - "useNormalizedEsInterval": true, - "used_interval": "30d" - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "event.outcome", - "missingBucket": true, - "missingBucketLabel": "[unknown]", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "filter": true, - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "detailedTooltip": true, - "grid": { - "categoryLines": false - }, - "isVislibVis": true, - "labels": { - "show": false - }, - "legendPosition": "right", - "maxLegendLines": 1, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "radiusRatio": 0, - "seriesParams": [ - { - "circlesRadius": 1, - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "thresholdLine": { - "color": "#E7664C", - "show": false, - "style": "full", - "value": 10, - "width": 1 - }, - "times": [], - "truncateLegend": true, - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Audit Events Outcome over time [Logs GCP]", - "type": "histogram", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "9f857560-27dd-4dfc-8b9d-814d0877fa0c", - "w": 24, - "x": 24, - "y": 0 + "useNormalizedEsInterval": true, + "used_interval": "30d" + }, + "schema": "segment", + "type": "date_histogram" }, - "panelIndex": "9f857560-27dd-4dfc-8b9d-814d0877fa0c", - "title": "Audit Events Outcome over time", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "[unknown]", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "event.action", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Audit Event Action [Logs GCP]", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - } - }, - "gridData": { - "h": 14, - "i": "4e8256f8-eb9f-4d9d-8712-f237d7d653f3", - "w": 12, - "x": 0, - "y": 15 - }, - "panelIndex": "4e8256f8-eb9f-4d9d-8712-f237d7d653f3", - "title": "Audit Event Action", - "type": "visualization", - "version": "7.17.0" + "description": "", + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "grid": { + "categoryLines": false + }, + "isVislibVis": true, + "labels": { + "show": false + }, + "legendPosition": "right", + "maxLegendLines": 1, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "radiusRatio": 0, + "seriesParams": [ + { + "circlesRadius": 1, + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "truncateLegend": true, + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user.email", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 15 - }, - "schema": "segment", - "type": "terms" - } - ], - "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "maxFontSize": 30, - "minFontSize": 10, - "orientation": "single", - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "scale": "linear", - "showLabel": true - }, - "title": "Audit Top User Email [Logs GCP]", - "type": "tagcloud", - "uiState": {} - } - }, - "gridData": { - "h": 14, - "i": "c84d3240-c7fe-49cd-9a47-7c4acc95cc3d", - "w": 12, - "x": 12, - "y": 15 + "title": "Audit Events Outcome over time [Logs GCP]", + "type": "histogram", + "uiState": {} + } + }, + "title": "Audit Events Outcome over time" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "4e8256f8-eb9f-4d9d-8712-f237d7d653f3", + "w": 12, + "x": 0, + "y": 15 + }, + "panelIndex": "4e8256f8-eb9f-4d9d-8712-f237d7d653f3", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" }, - "panelIndex": "c84d3240-c7fe-49cd-9a47-7c4acc95cc3d", - "title": "Audit Top User Email", - "type": "visualization", - "version": "7.17.0" + { + "enabled": true, + "id": "2", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "user_agent.name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Audit User Agent [Logs GCP]", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - } - }, - "gridData": { - "h": 14, - "i": "9ba4db1f-9ea5-4bb0-b7d2-afc82a7ca177", - "w": 12, - "x": 24, - "y": 15 - }, - "panelIndex": "9ba4db1f-9ea5-4bb0-b7d2-afc82a7ca177", - "title": "Audit User Agent", - "type": "visualization", - "version": "7.17.0" + "description": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "gcp.audit.resource_name", - "missingBucket": false, - "missingBucketLabel": "Missing", - "order": "desc", - "orderBy": "1", - "otherBucket": false, - "otherBucketLabel": "Other", - "size": 20 - }, - "schema": "segment", - "type": "terms" - } - ], - "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "addLegend": true, - "addTooltip": true, - "distinctColors": true, - "isDonut": true, - "labels": { - "last_level": true, - "show": false, - "truncate": 100, - "values": true - }, - "legendPosition": "right", - "maxLegendLines": 1, - "nestedLegend": false, - "palette": { - "name": "kibana_palette", - "type": "palette" - }, - "truncateLegend": true, - "type": "pie" - }, - "title": "Audit Resource Name [Logs GCP]", - "type": "pie", - "uiState": { - "vis": { - "legendOpen": true - } - } - } - }, - "gridData": { - "h": 14, - "i": "80c40a0a-c2f5-4e8b-9268-fa281d46295d", - "w": 12, - "x": 36, - "y": 15 - }, - "panelIndex": "80c40a0a-c2f5-4e8b-9268-fa281d46295d", - "title": "Audit Resource Name", - "type": "visualization", - "version": "7.17.0" + "title": "Audit Event Action [Logs GCP]", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } } - ], - "timeRestore": false, - "title": "[Logs GCP] Audit", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "gcp-48e12760-cbe4-11ec-b519-85ccf621cbbf", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "name": "95ebbda8-9b00-4b23-b116-72569ea031e3:panel_95ebbda8-9b00-4b23-b116-72569ea031e3", - "type": "search" + } }, - { - "id": "logs-*", - "name": "68d8455e-9e37-48fa-ae7c-ee1022c52dff:layer_1_source_index_pattern", - "type": "index-pattern" + "title": "Audit Event Action" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "c84d3240-c7fe-49cd-9a47-7c4acc95cc3d", + "w": 12, + "x": 12, + "y": 15 }, - { - "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "name": "9f857560-27dd-4dfc-8b9d-814d0877fa0c:search_0", - "type": "search" + "panelIndex": "c84d3240-c7fe-49cd-9a47-7c4acc95cc3d", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user.email", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "maxFontSize": 30, + "minFontSize": 10, + "orientation": "single", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "scale": "linear", + "showLabel": true + }, + "title": "Audit Top User Email [Logs GCP]", + "type": "tagcloud", + "uiState": {} + } }, - { - "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "name": "4e8256f8-eb9f-4d9d-8712-f237d7d653f3:search_0", - "type": "search" + "title": "Audit Top User Email" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "9ba4db1f-9ea5-4bb0-b7d2-afc82a7ca177", + "w": 12, + "x": 24, + "y": 15 }, - { - "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "name": "c84d3240-c7fe-49cd-9a47-7c4acc95cc3d:search_0", - "type": "search" + "panelIndex": "9ba4db1f-9ea5-4bb0-b7d2-afc82a7ca177", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "user_agent.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Audit User Agent [Logs GCP]", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + } }, - { - "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "name": "9ba4db1f-9ea5-4bb0-b7d2-afc82a7ca177:search_0", - "type": "search" + "title": "Audit User Agent" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "80c40a0a-c2f5-4e8b-9268-fa281d46295d", + "w": 12, + "x": 36, + "y": 15 }, - { - "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", - "name": "80c40a0a-c2f5-4e8b-9268-fa281d46295d:search_0", - "type": "search" + "panelIndex": "80c40a0a-c2f5-4e8b-9268-fa281d46295d", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "gcp.audit.resource_name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 20 + }, + "schema": "segment", + "type": "terms" + } + ], + "savedSearchId": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "maxLegendLines": 1, + "nestedLegend": false, + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "truncateLegend": true, + "type": "pie" + }, + "title": "Audit Resource Name [Logs GCP]", + "type": "pie", + "uiState": { + "vis": { + "legendOpen": true + } + } + } }, - { - "id": "gcp-e1a359e5-543d-44c2-ab81-628138719e28", - "name": "tag-gcp-e1a359e5-543d-44c2-ab81-628138719e28", - "type": "tag" - } + "title": "Audit Resource Name" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs GCP] Audit", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "95ebbda8-9b00-4b23-b116-72569ea031e3:panel_95ebbda8-9b00-4b23-b116-72569ea031e3", + "type": "search" + }, + { + "id": "logs-*", + "name": "68d8455e-9e37-48fa-ae7c-ee1022c52dff:layer_1_source_index_pattern", + "type": "index-pattern" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "9f857560-27dd-4dfc-8b9d-814d0877fa0c:search_0", + "type": "search" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "4e8256f8-eb9f-4d9d-8712-f237d7d653f3:search_0", + "type": "search" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "c84d3240-c7fe-49cd-9a47-7c4acc95cc3d:search_0", + "type": "search" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "9ba4db1f-9ea5-4bb0-b7d2-afc82a7ca177:search_0", + "type": "search" + }, + { + "id": "gcp-d88364c0-73a1-11ea-a345-f985c61fe654", + "name": "80c40a0a-c2f5-4e8b-9268-fa281d46295d:search_0", + "type": "search" + }, + { + "id": "gcp-e1a359e5-543d-44c2-ab81-628138719e28", + "name": "tag-gcp-e1a359e5-543d-44c2-ab81-628138719e28", + "type": "tag" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json index 215d32b8523..ed6618e1991 100644 --- a/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json +++ b/packages/gcp/kibana/dashboard/gcp-6041d970-a6ae-11ea-950e-d57608e3aa51.json @@ -1,166 +1,529 @@ { - "attributes": { - "description": "Overview of Google Cloud Load Balancing TCP SSL Proxy Metrics\n\n", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "gcp-6041d970-a6ae-11ea-950e-d57608e3aa51", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNSwxXQ==", + "attributes": { + "description": "Overview of Google Cloud Load Balancing TCP SSL Proxy Metrics\n\n", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 16, + "i": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing TCP SSL Proxy Filters [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "gcp.labels.resource.backend_name", + "id": "1588881306802", + "indexPatternRefName": "control_0_index_pattern", + "label": "Backend Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "gcp.labels.metrics.client_country", + "id": "1588881320708", + "indexPatternRefName": "control_1_index_pattern", + "label": "Client Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "gcp.labels.metrics.proxy_continent", + "id": "1588881383318", + "indexPatternRefName": "control_2_index_pattern", + "label": "Proxy Continent", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "title": "Filters" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 16, + "i": "da16e443-8524-47ea-83e1-6a16250ed61c", + "w": 13, + "x": 10, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1", - "w": 10, - "x": 0, - "y": 0 - }, - "panelIndex": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1", - "panelRefName": "panel_02422b42-6d8c-4924-acc1-0d7f4fb9a1b1", - "title": "Filters", - "type": "visualization", - "version": "7.6.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "da16e443-8524-47ea-83e1-6a16250ed61c", - "w": 13, - "x": 10, - "y": 0 - }, - "panelIndex": "da16e443-8524-47ea-83e1-6a16250ed61c", - "panelRefName": "panel_da16e443-8524-47ea-83e1-6a16250ed61c", - "title": "Open Connections", - "type": "visualization", - "version": "7.6.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "305f8fc3-e763-4b2c-8998-9e0e057ce713", - "w": 13, - "x": 23, - "y": 0 - }, - "panelIndex": "305f8fc3-e763-4b2c-8998-9e0e057ce713", - "panelRefName": "panel_305f8fc3-e763-4b2c-8998-9e0e057ce713", - "title": "Closed Connections", - "type": "visualization", - "version": "7.6.2" + "panelIndex": "da16e443-8524-47ea-83e1-6a16250ed61c", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing TCP SSL Proxy Open Connections [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "bar_color_rules": [ + { + "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "hide_last_value_indicator": true, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": ">=15m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "gcp.loadbalancing.tcp_ssl_proxy.open_connections.value", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "e4fe30c7-906a-4878-bec7-7a78a06d98d0", - "w": 12, - "x": 36, - "y": 0 - }, - "panelIndex": "e4fe30c7-906a-4878-bec7-7a78a06d98d0", - "panelRefName": "panel_e4fe30c7-906a-4878-bec7-7a78a06d98d0", - "title": "New Connections", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Open Connections" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 16, + "i": "305f8fc3-e763-4b2c-8998-9e0e057ce713", + "w": 13, + "x": 23, + "y": 0 + }, + "panelIndex": "305f8fc3-e763-4b2c-8998-9e0e057ce713", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing TCP SSL Proxy Closed Connections [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "bar_color_rules": [ + { + "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "hide_last_value_indicator": true, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, + "metrics": [ + { + "field": "gcp.loadbalancing.tcp_ssl_proxy.closed_connections.value", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "c2bec6ee-96e8-440c-bfa4-6e0def7b0095", - "w": 23, - "x": 0, - "y": 16 - }, - "panelIndex": "c2bec6ee-96e8-440c-bfa4-6e0def7b0095", - "panelRefName": "panel_c2bec6ee-96e8-440c-bfa4-6e0def7b0095", - "title": "Egress Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Closed Connections" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 16, + "i": "e4fe30c7-906a-4878-bec7-7a78a06d98d0", + "w": 12, + "x": 36, + "y": 0 + }, + "panelIndex": "e4fe30c7-906a-4878-bec7-7a78a06d98d0", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing TCP SSL Proxy New Connections [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "bar_color_rules": [ + { + "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "hide_last_value_indicator": true, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": ">=15m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.tcp_ssl_proxy.new_connections.value", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "top_n", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 16, - "i": "fbaeaa8f-262d-41b1-a621-d6dbff52ff59", - "w": 25, - "x": 23, - "y": 16 - }, - "panelIndex": "fbaeaa8f-262d-41b1-a621-d6dbff52ff59", - "panelRefName": "panel_fbaeaa8f-262d-41b1-a621-d6dbff52ff59", - "title": "Ingress Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ], - "timeRestore": false, - "title": "[Metrics GCP] Load Balancing TCP SSL Proxy Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-6041d970-a6ae-11ea-950e-d57608e3aa51", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "gcp-6958ed10-a6ad-11ea-950e-d57608e3aa51", - "name": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1:panel_02422b42-6d8c-4924-acc1-0d7f4fb9a1b1", - "type": "visualization" + } }, - { - "id": "gcp-f86c26f0-a6aa-11ea-950e-d57608e3aa51", - "name": "da16e443-8524-47ea-83e1-6a16250ed61c:panel_da16e443-8524-47ea-83e1-6a16250ed61c", - "type": "visualization" + "title": "New Connections" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 16, + "i": "c2bec6ee-96e8-440c-bfa4-6e0def7b0095", + "w": 23, + "x": 0, + "y": 16 }, - { - "id": "gcp-c4e1e090-a6aa-11ea-950e-d57608e3aa51", - "name": "305f8fc3-e763-4b2c-8998-9e0e057ce713:panel_305f8fc3-e763-4b2c-8998-9e0e057ce713", - "type": "visualization" + "panelIndex": "c2bec6ee-96e8-440c-bfa4-6e0def7b0095", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing TCP SSL Proxy Egress Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "bar_color_rules": [ + { + "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": ">=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.tcp_ssl_proxy.egress.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-eed05d80-a6ac-11ea-950e-d57608e3aa51", - "name": "e4fe30c7-906a-4878-bec7-7a78a06d98d0:panel_e4fe30c7-906a-4878-bec7-7a78a06d98d0", - "type": "visualization" + "title": "Egress Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 16, + "i": "fbaeaa8f-262d-41b1-a621-d6dbff52ff59", + "w": 25, + "x": 23, + "y": 16 }, - { - "id": "gcp-afeb98a0-a6ac-11ea-950e-d57608e3aa51", - "name": "c2bec6ee-96e8-440c-bfa4-6e0def7b0095:panel_c2bec6ee-96e8-440c-bfa4-6e0def7b0095", - "type": "visualization" + "panelIndex": "fbaeaa8f-262d-41b1-a621-d6dbff52ff59", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing TCP SSL Proxy Ingress Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "bar_color_rules": [ + { + "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" + } + ], + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": ">=1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.tcp_ssl_proxy.ingress.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "kibana", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-be27b340-a6ac-11ea-950e-d57608e3aa51", - "name": "fbaeaa8f-262d-41b1-a621-d6dbff52ff59:panel_fbaeaa8f-262d-41b1-a621-d6dbff52ff59", - "type": "visualization" - } + "title": "Ingress Bytes" + } ], - "type": "dashboard", - "updated_at": "2021-08-04T16:31:12.649Z", - "version": "WzM3OTgsMV0=" + "timeRestore": false, + "title": "[Metrics GCP] Load Balancing TCP SSL Proxy Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1:control_0_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1:control_1_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "02422b42-6d8c-4924-acc1-0d7f4fb9a1b1:control_2_index_pattern", + "id": "metrics-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json index d999e3b91f1..e25a5709343 100644 --- a/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json +++ b/packages/gcp/kibana/dashboard/gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78.json @@ -1,164 +1,720 @@ { - "attributes": { - "description": "Overview of Google Cloud Billing Metrics", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { + "id": "gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNiwxXQ==", + "attributes": { + "description": "Overview of Google Cloud Billing Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "2552123b-6ad6-4d63-89c3-0672ab428580", + "w": 8, + "x": 0, + "y": 0 + }, + "panelIndex": "2552123b-6ad6-4d63-89c3-0672ab428580", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Account ID Filter [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "cloud.provider", + "id": "1598550838945", + "indexPatternRefName": "control_0_index_pattern", + "label": "Cloud Provider ", + "options": { + "dynamicOptions": true, + "multiselect": false, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "cloud.account.id", + "id": "1598893530938", + "indexPatternRefName": "control_1_index_pattern", + "label": "Account ID", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "1598550838945", + "type": "list" + }, + { + "fieldName": "gcp.billing.invoice_month", + "id": "1598988595566", + "indexPatternRefName": "control_2_index_pattern", + "label": "Invoice Month", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": { "filter": [], "query": { - "language": "kuery", - "query": "" + "language": "kuery", + "query": "" } + } } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "title": "Filters" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 20, + "i": "2d3d3b79-0656-45c2-b051-4489484b625c", + "w": 10, + "x": 8, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 14, - "i": "2552123b-6ad6-4d63-89c3-0672ab428580", - "w": 8, - "x": 0, - "y": 0 - }, - "panelIndex": "2552123b-6ad6-4d63-89c3-0672ab428580", - "panelRefName": "panel_2552123b-6ad6-4d63-89c3-0672ab428580", - "title": "Filters", - "type": "visualization", - "version": "7.9.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "2d3d3b79-0656-45c2-b051-4489484b625c", - "w": 10, - "x": 8, - "y": 0 - }, - "panelIndex": "2d3d3b79-0656-45c2-b051-4489484b625c", - "panelRefName": "panel_2d3d3b79-0656-45c2-b051-4489484b625c", - "title": "Cost Per Month", - "type": "lens", - "version": "7.9.0" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 20, - "i": "b737e597-cc4d-4437-859c-6d491679599d", - "w": 30, - "x": 18, - "y": 0 - }, - "panelIndex": "b737e597-cc4d-4437-859c-6d491679599d", - "panelRefName": "panel_b737e597-cc4d-4437-859c-6d491679599d", - "title": "Cost Per Project ID", - "type": "lens", - "version": "7.9.0" + "panelIndex": "2d3d3b79-0656-45c2-b051-4489484b625c", + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "e12171da-25a4-41ea-86d3-8fd71205c263": { + "columnOrder": [ + "6011e524-4646-410b-8d1c-06c281e8f7ed", + "f8ab301c-f139-4573-b233-ed8a3f717e24" + ], + "columns": { + "6011e524-4646-410b-8d1c-06c281e8f7ed": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Invoice Month", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "f8ab301c-f139-4573-b233-ed8a3f717e24", + "type": "column" + }, + "orderDirection": "desc", + "size": 12 + }, + "scale": "ordinal", + "sourceField": "gcp.billing.invoice_month" + }, + "f8ab301c-f139-4573-b233-ed8a3f717e24": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Billing Cost", + "operationType": "sum", + "scale": "ratio", + "sourceField": "gcp.billing.total" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "6011e524-4646-410b-8d1c-06c281e8f7ed" + }, + { + "columnId": "f8ab301c-f139-4573-b233-ed8a3f717e24" + } + ], + "layerId": "e12171da-25a4-41ea-86d3-8fd71205c263", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "9eedb0c7-2089-4e0f-af98-721034203aad", - "w": 8, - "x": 0, - "y": 14 - }, - "panelIndex": "9eedb0c7-2089-4e0f-af98-721034203aad", - "panelRefName": "panel_9eedb0c7-2089-4e0f-af98-721034203aad", - "title": "Total Number Of Projects", - "type": "lens", - "version": "7.9.0" + "title": "Total Cost Table [Metrics GCP]", + "visualizationType": "lnsDatatable", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-e12171da-25a4-41ea-86d3-8fd71205c263", + "type": "index-pattern" + } + ] + } + }, + "title": "Cost Per Month" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 20, + "i": "b737e597-cc4d-4437-859c-6d491679599d", + "w": 30, + "x": 18, + "y": 0 + }, + "panelIndex": "b737e597-cc4d-4437-859c-6d491679599d", + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ca843af-63d7-46b9-a719-51a81eebf1f7": { + "columnOrder": [ + "2477291e-9021-4eb2-9fce-8da1ee792c49", + "10b91492-efef-490d-bc7a-c2074b2eae84" + ], + "columns": { + "10b91492-efef-490d-bc7a-c2074b2eae84": { + "dataType": "number", + "isBucketed": false, + "label": "Maximum of gcp.billing.total", + "operationType": "max", + "scale": "ratio", + "sourceField": "gcp.billing.total" + }, + "2477291e-9021-4eb2-9fce-8da1ee792c49": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Cost Per Project ID", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "10b91492-efef-490d-bc7a-c2074b2eae84", + "type": "column" + }, + "orderDirection": "desc", + "size": 20 + }, + "scale": "ordinal", + "sourceField": "gcp.billing.project_id" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "2477291e-9021-4eb2-9fce-8da1ee792c49" + ], + "layerId": "4ca843af-63d7-46b9-a719-51a81eebf1f7", + "layerType": "data", + "legendDisplay": "default", + "metric": "10b91492-efef-490d-bc7a-c2074b2eae84", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a", - "w": 48, - "x": 0, - "y": 20 - }, - "panelIndex": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a", - "panelRefName": "panel_f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a", - "title": "Cost Per Invoice Month", - "type": "lens", - "version": "7.9.0" + "title": "Cost Per Project ID [Metrics GCP]", + "visualizationType": "lnsPie", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", + "type": "index-pattern" + } + ] + } + }, + "title": "Cost Per Project ID" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 6, + "i": "9eedb0c7-2089-4e0f-af98-721034203aad", + "w": 8, + "x": 0, + "y": 14 + }, + "panelIndex": "9eedb0c7-2089-4e0f-af98-721034203aad", + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4cb00ce3-c62e-46f3-90ce-b69c876b9605": { + "columnOrder": [ + "2f66b924-5392-4e5e-93fe-5b23a87068c1" + ], + "columns": { + "2f66b924-5392-4e5e-93fe-5b23a87068c1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "gcp.billing.project_id" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "2f66b924-5392-4e5e-93fe-5b23a87068c1", + "layerId": "4cb00ce3-c62e-46f3-90ce-b69c876b9605", + "layerType": "data" + } }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d", - "w": 48, - "x": 0, - "y": 35 - }, - "panelIndex": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d", - "panelRefName": "panel_991e60a8-68eb-4c2b-ac9a-b553e90dd49d", - "title": "Total Billing Cost", - "type": "lens", - "version": "7.9.0" - } - ], - "timeRestore": false, - "title": "[Metrics GCP] Billing Overview", - "version": 1 - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-76c9e920-e890-11ea-bf8c-d13ebf358a78", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "gcp-5d2f9160-e88e-11ea-bf8c-d13ebf358a78", - "name": "2552123b-6ad6-4d63-89c3-0672ab428580:panel_2552123b-6ad6-4d63-89c3-0672ab428580", - "type": "visualization" + "title": "Total Number Of Projects [Metrics GCP]", + "visualizationType": "lnsMetric", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-4cb00ce3-c62e-46f3-90ce-b69c876b9605", + "type": "index-pattern" + } + ] + } }, - { - "id": "gcp-520c6f10-ec8a-11ea-a0ed-7fe6b565d158", - "name": "2d3d3b79-0656-45c2-b051-4489484b625c:panel_2d3d3b79-0656-45c2-b051-4489484b625c", - "type": "lens" + "title": "Total Number Of Projects" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a", + "w": 48, + "x": 0, + "y": 20 }, - { - "id": "gcp-057de170-e88d-11ea-bf8c-d13ebf358a78", - "name": "b737e597-cc4d-4437-859c-6d491679599d:panel_b737e597-cc4d-4437-859c-6d491679599d", - "type": "lens" + "panelIndex": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a", + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "4ca843af-63d7-46b9-a719-51a81eebf1f7": { + "columnOrder": [ + "e25f49de-f161-4be8-a8fc-519188a7776c", + "b92edf5e-58bc-4382-9cd5-19db2c332c93", + "af747bf6-66e9-4760-bbd8-3dae9c97159d" + ], + "columns": { + "af747bf6-66e9-4760-bbd8-3dae9c97159d": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Billing Cost", + "operationType": "max", + "scale": "ratio", + "sourceField": "gcp.billing.total" + }, + "b92edf5e-58bc-4382-9cd5-19db2c332c93": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Invoice Month", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "size": 5 + }, + "scale": "ordinal", + "sourceField": "gcp.billing.invoice_month" + }, + "e25f49de-f161-4be8-a8fc-519188a7776c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Monthly Cost", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "af747bf6-66e9-4760-bbd8-3dae9c97159d", + "type": "column" + }, + "orderDirection": "desc", + "size": 10 + }, + "scale": "ordinal", + "sourceField": "gcp.billing.project_id" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "fittingFunction": "None", + "layers": [ + { + "accessors": [ + "af747bf6-66e9-4760-bbd8-3dae9c97159d" + ], + "layerId": "4ca843af-63d7-46b9-a719-51a81eebf1f7", + "layerType": "data", + "seriesType": "bar_stacked", + "splitAccessor": "b92edf5e-58bc-4382-9cd5-19db2c332c93", + "xAccessor": "e25f49de-f161-4be8-a8fc-519188a7776c" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked" + } + }, + "title": "Monthly Cost Per Project [Metrics GCP]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", + "type": "index-pattern" + } + ] + } }, - { - "id": "gcp-dd835300-e88f-11ea-bf8c-d13ebf358a78", - "name": "9eedb0c7-2089-4e0f-af98-721034203aad:panel_9eedb0c7-2089-4e0f-af98-721034203aad", - "type": "lens" + "title": "Cost Per Invoice Month" + }, + { + "version": "7.16.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d", + "w": 48, + "x": 0, + "y": 35 }, - { - "id": "gcp-e6933020-e88d-11ea-bf8c-d13ebf358a78", - "name": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a:panel_f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a", - "type": "lens" + "panelIndex": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d", + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "325e60ce-0fbd-42b0-82f6-b10df31fef6c": { + "columnOrder": [ + "faaaaf23-f362-4a00-be9e-8a155208a39e", + "c4bc659c-3e7c-41f2-bc38-32d9edee95e8", + "3041fc1b-ceb8-4188-b55d-d354819f267e" + ], + "columns": { + "3041fc1b-ceb8-4188-b55d-d354819f267e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Billing", + "operationType": "max", + "scale": "ratio", + "sourceField": "gcp.billing.total" + }, + "c4bc659c-3e7c-41f2-bc38-32d9edee95e8": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "faaaaf23-f362-4a00-be9e-8a155208a39e": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Project ID", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "3041fc1b-ceb8-4188-b55d-d354819f267e", + "type": "column" + }, + "orderDirection": "desc", + "size": 10 + }, + "scale": "ordinal", + "sourceField": "gcp.billing.project_id" + } + } + }, + "4ca843af-63d7-46b9-a719-51a81eebf1f7": { + "columnOrder": [ + "1164563d-d2b3-4067-bc7b-d694179182ed", + "10b91492-efef-490d-bc7a-c2074b2eae84" + ], + "columns": { + "10b91492-efef-490d-bc7a-c2074b2eae84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Billing Cost", + "operationType": "sum", + "scale": "ratio", + "sourceField": "gcp.billing.total" + }, + "1164563d-d2b3-4067-bc7b-d694179182ed": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "1d" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "e25f49de-f161-4be8-a8fc-519188a7776c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Cost", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "10b91492-efef-490d-bc7a-c2074b2eae84", + "type": "column" + }, + "orderDirection": "desc", + "size": 15 + }, + "scale": "ordinal", + "sourceField": "gcp.billing.project_id" + } + } + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "fittingFunction": "None", + "layers": [ + { + "accessors": [ + "3041fc1b-ceb8-4188-b55d-d354819f267e" + ], + "layerId": "325e60ce-0fbd-42b0-82f6-b10df31fef6c", + "layerType": "data", + "seriesType": "bar_stacked", + "splitAccessor": "faaaaf23-f362-4a00-be9e-8a155208a39e", + "xAccessor": "c4bc659c-3e7c-41f2-bc38-32d9edee95e8" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked" + } + }, + "title": "Total Cost Bar Chart [Metrics GCP]", + "visualizationType": "lnsXY", + "references": [ + { + "id": "metrics-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-325e60ce-0fbd-42b0-82f6-b10df31fef6c", + "type": "index-pattern" + }, + { + "id": "metrics-*", + "name": "indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", + "type": "index-pattern" + } + ] + } }, - { - "id": "gcp-73346db0-e88d-11ea-bf8c-d13ebf358a78", - "name": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d:panel_991e60a8-68eb-4c2b-ac9a-b553e90dd49d", - "type": "lens" - } + "title": "Total Billing Cost" + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Metrics GCP] Billing Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "2552123b-6ad6-4d63-89c3-0672ab428580:control_0_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "2552123b-6ad6-4d63-89c3-0672ab428580:control_1_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "2552123b-6ad6-4d63-89c3-0672ab428580:control_2_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "2d3d3b79-0656-45c2-b051-4489484b625c:indexpattern-datasource-current-indexpattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "2d3d3b79-0656-45c2-b051-4489484b625c:indexpattern-datasource-layer-e12171da-25a4-41ea-86d3-8fd71205c263", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "b737e597-cc4d-4437-859c-6d491679599d:indexpattern-datasource-current-indexpattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "b737e597-cc4d-4437-859c-6d491679599d:indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "9eedb0c7-2089-4e0f-af98-721034203aad:indexpattern-datasource-current-indexpattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "9eedb0c7-2089-4e0f-af98-721034203aad:indexpattern-datasource-layer-4cb00ce3-c62e-46f3-90ce-b69c876b9605", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a:indexpattern-datasource-current-indexpattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "f4d0ebcb-ac15-4c31-ab57-7f22e0c3e02a:indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d:indexpattern-datasource-current-indexpattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d:indexpattern-datasource-layer-325e60ce-0fbd-42b0-82f6-b10df31fef6c", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "991e60a8-68eb-4c2b-ac9a-b553e90dd49d:indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", + "id": "metrics-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json b/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json index 31b724d2b09..a3d271940ec 100644 --- a/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json +++ b/packages/gcp/kibana/dashboard/gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf.json @@ -1,1749 +1,1754 @@ { - "attributes": { - "description": "Overview of the firewall log data from Google Cloud.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.firewall" + "id": "gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxNywxXQ==", + "attributes": { + "description": "Overview of the firewall log data from Google Cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "11594540-5527-4301-aa08-24093d75d4b4", + "w": 40, + "x": 0, + "y": 0 + }, + "panelIndex": "11594540-5527-4301-aa08-24093d75d4b4", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "# GCP Firewall dashboard", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + } + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "77c85299-e3b8-4338-9113-a3b56ba741c7", + "w": 7, + "x": 0, + "y": 5 + }, + "panelIndex": "77c85299-e3b8-4338-9113-a3b56ba741c7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-3a32ec4e-e826-4732-a33c-af6e11d7218e", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "3a32ec4e-e826-4732-a33c-af6e11d7218e": { + "columnOrder": [ + "3938f412-fdf3-4714-a1d5-a06e36a8128b", + "fc59d35f-50a2-491b-b243-d55c3a2c936b" + ], + "columns": { + "3938f412-fdf3-4714-a1d5-a06e36a8128b": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of cloud.project.id", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "fc59d35f-50a2-491b-b243-d55c3a2c936b", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cloud.project.id" }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.firewall" - } + "fc59d35f-50a2-491b-b243-d55c3a2c936b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "3938f412-fdf3-4714-a1d5-a06e36a8128b" + ], + "layerId": "3a32ec4e-e826-4732-a33c-af6e11d7218e", + "layerType": "data", + "legendDisplay": "default", + "metric": "fc59d35f-50a2-491b-b243-d55c3a2c936b", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "GCP Project" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6", + "w": 7, + "x": 7, + "y": 5 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "# GCP Firewall dashboard", - "openLinksInNewTab": false + "panelIndex": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-2f350b92-4c75-4171-887e-1787cc418027", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "2f350b92-4c75-4171-887e-1787cc418027": { + "columnOrder": [ + "772e05df-b7e8-4757-bcbf-35d17f2faec7", + "e93ea5b6-65da-4993-a462-fb610a41824b" + ], + "columns": { + "772e05df-b7e8-4757-bcbf-35d17f2faec7": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of cloud.region", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e93ea5b6-65da-4993-a462-fb610a41824b", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cloud.region" }, - "title": "", - "type": "markdown", - "uiState": {} + "e93ea5b6-65da-4993-a462-fb610a41824b": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 5, - "i": "11594540-5527-4301-aa08-24093d75d4b4", - "w": 40, - "x": 0, - "y": 0 - }, - "panelIndex": "11594540-5527-4301-aa08-24093d75d4b4", - "type": "visualization", - "version": "7.17.0" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "772e05df-b7e8-4757-bcbf-35d17f2faec7" + ], + "layerId": "2f350b92-4c75-4171-887e-1787cc418027", + "layerType": "data", + "legendDisplay": "default", + "metric": "e93ea5b6-65da-4993-a462-fb610a41824b", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-3a32ec4e-e826-4732-a33c-af6e11d7218e", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "3a32ec4e-e826-4732-a33c-af6e11d7218e": { - "columnOrder": [ - "3938f412-fdf3-4714-a1d5-a06e36a8128b", - "fc59d35f-50a2-491b-b243-d55c3a2c936b" - ], - "columns": { - "3938f412-fdf3-4714-a1d5-a06e36a8128b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of cloud.project.id", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "fc59d35f-50a2-491b-b243-d55c3a2c936b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cloud.project.id" - }, - "fc59d35f-50a2-491b-b243-d55c3a2c936b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "GCP region" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "fe15fb67-185b-426d-a575-86a6570e9b39", + "w": 7, + "x": 14, + "y": 5 + }, + "panelIndex": "fe15fb67-185b-426d-a575-86a6570e9b39", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-654ef7b2-0b28-4fc9-82a4-95e925db36a6", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "654ef7b2-0b28-4fc9-82a4-95e925db36a6": { + "columnOrder": [ + "1ffd51e6-7ef8-4109-ad72-3d5e90bbdb31", + "95c9e43b-8993-46f0-b21f-09a26f940dbb" + ], + "columns": { + "1ffd51e6-7ef8-4109-ad72-3d5e90bbdb31": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of gcp.firewall.rule_details.direction", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "95c9e43b-8993-46f0-b21f-09a26f940dbb", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "3938f412-fdf3-4714-a1d5-a06e36a8128b" - ], - "layerId": "3a32ec4e-e826-4732-a33c-af6e11d7218e", - "layerType": "data", - "legendDisplay": "default", - "metric": "fc59d35f-50a2-491b-b243-d55c3a2c936b", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "gcp.firewall.rule_details.direction" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "77c85299-e3b8-4338-9113-a3b56ba741c7", - "w": 7, - "x": 0, - "y": 5 - }, - "panelIndex": "77c85299-e3b8-4338-9113-a3b56ba741c7", - "title": "GCP Project", - "type": "lens", - "version": "7.17.0" + "95c9e43b-8993-46f0-b21f-09a26f940dbb": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "1ffd51e6-7ef8-4109-ad72-3d5e90bbdb31" + ], + "layerId": "654ef7b2-0b28-4fc9-82a4-95e925db36a6", + "layerType": "data", + "legendDisplay": "default", + "metric": "95c9e43b-8993-46f0-b21f-09a26f940dbb", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-2f350b92-4c75-4171-887e-1787cc418027", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "2f350b92-4c75-4171-887e-1787cc418027": { - "columnOrder": [ - "772e05df-b7e8-4757-bcbf-35d17f2faec7", - "e93ea5b6-65da-4993-a462-fb610a41824b" - ], - "columns": { - "772e05df-b7e8-4757-bcbf-35d17f2faec7": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of cloud.region", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e93ea5b6-65da-4993-a462-fb610a41824b", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cloud.region" - }, - "e93ea5b6-65da-4993-a462-fb610a41824b": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Rule direction" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "5e11178e-7303-48dc-8549-73e80f5c9b2c", + "w": 7, + "x": 21, + "y": 5 + }, + "panelIndex": "5e11178e-7303-48dc-8549-73e80f5c9b2c", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1f9dacfe-adbe-4312-8752-e6ef33190614", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1f9dacfe-adbe-4312-8752-e6ef33190614": { + "columnOrder": [ + "428cb2ae-d9d0-4f84-8771-9045dc7ad6b2", + "513d8907-d730-452a-8949-a1253e54092f" + ], + "columns": { + "428cb2ae-d9d0-4f84-8771-9045dc7ad6b2": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of gcp.firewall.rule_details.action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "513d8907-d730-452a-8949-a1253e54092f", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "772e05df-b7e8-4757-bcbf-35d17f2faec7" - ], - "layerId": "2f350b92-4c75-4171-887e-1787cc418027", - "layerType": "data", - "legendDisplay": "default", - "metric": "e93ea5b6-65da-4993-a462-fb610a41824b", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "gcp.firewall.rule_details.action" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6", - "w": 7, - "x": 7, - "y": 5 - }, - "panelIndex": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6", - "title": "GCP region", - "type": "lens", - "version": "7.17.0" + "513d8907-d730-452a-8949-a1253e54092f": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.firewall\" " + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "428cb2ae-d9d0-4f84-8771-9045dc7ad6b2" + ], + "layerId": "1f9dacfe-adbe-4312-8752-e6ef33190614", + "layerType": "data", + "legendDisplay": "default", + "metric": "513d8907-d730-452a-8949-a1253e54092f", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "pie" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-654ef7b2-0b28-4fc9-82a4-95e925db36a6", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "654ef7b2-0b28-4fc9-82a4-95e925db36a6": { - "columnOrder": [ - "1ffd51e6-7ef8-4109-ad72-3d5e90bbdb31", - "95c9e43b-8993-46f0-b21f-09a26f940dbb" - ], - "columns": { - "1ffd51e6-7ef8-4109-ad72-3d5e90bbdb31": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of gcp.firewall.rule_details.direction", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "95c9e43b-8993-46f0-b21f-09a26f940dbb", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "gcp.firewall.rule_details.direction" - }, - "95c9e43b-8993-46f0-b21f-09a26f940dbb": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "1ffd51e6-7ef8-4109-ad72-3d5e90bbdb31" - ], - "layerId": "654ef7b2-0b28-4fc9-82a4-95e925db36a6", - "layerType": "data", - "legendDisplay": "default", - "metric": "95c9e43b-8993-46f0-b21f-09a26f940dbb", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Rule action" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "735c4030-d5b3-459c-9000-427ca5cb9d70", + "w": 9, + "x": 28, + "y": 5 + }, + "panelIndex": "735c4030-d5b3-459c-9000-427ca5cb9d70", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9c02e90f-5fb4-4c58-9c74-bf76f2b246fc", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9c02e90f-5fb4-4c58-9c74-bf76f2b246fc": { + "columnOrder": [ + "b24ed9f4-2bd9-42fd-8924-f63ad2780146", + "6ce82469-1771-4f1a-96af-1387e676492f" + ], + "columns": { + "6ce82469-1771-4f1a-96af-1387e676492f": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "fe15fb67-185b-426d-a575-86a6570e9b39", - "w": 7, - "x": 14, - "y": 5 - }, - "panelIndex": "fe15fb67-185b-426d-a575-86a6570e9b39", - "title": "Rule direction", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "b24ed9f4-2bd9-42fd-8924-f63ad2780146": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of gcp.firewall.rule_details.ip_port_info.ip_protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6ce82469-1771-4f1a-96af-1387e676492f", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1f9dacfe-adbe-4312-8752-e6ef33190614", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1f9dacfe-adbe-4312-8752-e6ef33190614": { - "columnOrder": [ - "428cb2ae-d9d0-4f84-8771-9045dc7ad6b2", - "513d8907-d730-452a-8949-a1253e54092f" - ], - "columns": { - "428cb2ae-d9d0-4f84-8771-9045dc7ad6b2": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of gcp.firewall.rule_details.action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "513d8907-d730-452a-8949-a1253e54092f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "gcp.firewall.rule_details.action" - }, - "513d8907-d730-452a-8949-a1253e54092f": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } + "orderDirection": "desc", + "otherBucket": false, + "size": 7 + }, + "scale": "ordinal", + "sourceField": "gcp.firewall.rule_details.ip_port_info.ip_protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "b24ed9f4-2bd9-42fd-8924-f63ad2780146" + ], + "layerId": "9c02e90f-5fb4-4c58-9c74-bf76f2b246fc", + "layerType": "data", + "legendDisplay": "default", + "metric": "6ce82469-1771-4f1a-96af-1387e676492f", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Protocols" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "b8028d6f-bf4e-43a0-b19a-65047c757821", + "w": 11, + "x": 37, + "y": 5 + }, + "panelIndex": "b8028d6f-bf4e-43a0-b19a-65047c757821", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-49f72f3e-4ec2-418f-8183-30f7ca58c8e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "49f72f3e-4ec2-418f-8183-30f7ca58c8e7": { + "columnOrder": [ + "9162c285-d838-46ea-99c3-54cf59ec1a1d", + "5783f5fa-33c4-407f-8ee6-b0e7d693e993" + ], + "columns": { + "5783f5fa-33c4-407f-8ee6-b0e7d693e993": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "9162c285-d838-46ea-99c3-54cf59ec1a1d": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Target Tag", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "5783f5fa-33c4-407f-8ee6-b0e7d693e993", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.firewall\" " + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "gcp.firewall.rule_details.target_tag" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.firewall\" " + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "9162c285-d838-46ea-99c3-54cf59ec1a1d" + ], + "layerId": "49f72f3e-4ec2-418f-8183-30f7ca58c8e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "5783f5fa-33c4-407f-8ee6-b0e7d693e993", + "nestedLegend": false, + "numberDisplay": "percent" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Target Tag" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 10, + "i": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296", + "w": 48, + "x": 0, + "y": 16 + }, + "panelIndex": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-942bb851-a16a-4422-afaf-8521bb72644f", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "942bb851-a16a-4422-afaf-8521bb72644f": { + "columnOrder": [ + "ad5cb314-cb12-40c6-a623-d6ffdf0ee027", + "a2c30dbc-5784-423d-a343-177a03140465", + "da23fc0e-33d4-4361-8ddb-67862b6e0951" + ], + "columns": { + "a2c30dbc-5784-423d-a343-177a03140465": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "ad5cb314-cb12-40c6-a623-d6ffdf0ee027": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of gcp.firewall.rule_details.action", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "da23fc0e-33d4-4361-8ddb-67862b6e0951", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "428cb2ae-d9d0-4f84-8771-9045dc7ad6b2" - ], - "layerId": "1f9dacfe-adbe-4312-8752-e6ef33190614", - "layerType": "data", - "legendDisplay": "default", - "metric": "513d8907-d730-452a-8949-a1253e54092f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "gcp.firewall.rule_details.action" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "da23fc0e-33d4-4361-8ddb-67862b6e0951": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.firewall\" " + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 11, - "i": "5e11178e-7303-48dc-8549-73e80f5c9b2c", - "w": 7, - "x": 21, - "y": 5 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "5e11178e-7303-48dc-8549-73e80f5c9b2c", - "title": "Rule action", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9c02e90f-5fb4-4c58-9c74-bf76f2b246fc", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9c02e90f-5fb4-4c58-9c74-bf76f2b246fc": { - "columnOrder": [ - "b24ed9f4-2bd9-42fd-8924-f63ad2780146", - "6ce82469-1771-4f1a-96af-1387e676492f" - ], - "columns": { - "6ce82469-1771-4f1a-96af-1387e676492f": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "b24ed9f4-2bd9-42fd-8924-f63ad2780146": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of gcp.firewall.rule_details.ip_port_info.ip_protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6ce82469-1771-4f1a-96af-1387e676492f", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "size": 7 - }, - "scale": "ordinal", - "sourceField": "gcp.firewall.rule_details.ip_port_info.ip_protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "b24ed9f4-2bd9-42fd-8924-f63ad2780146" - ], - "layerId": "9c02e90f-5fb4-4c58-9c74-bf76f2b246fc", - "layerType": "data", - "legendDisplay": "default", - "metric": "6ce82469-1771-4f1a-96af-1387e676492f", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 11, - "i": "735c4030-d5b3-459c-9000-427ca5cb9d70", - "w": 9, - "x": 28, - "y": 5 + "layers": [ + { + "accessors": [ + "da23fc0e-33d4-4361-8ddb-67862b6e0951" + ], + "layerId": "942bb851-a16a-4422-afaf-8521bb72644f", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "ad5cb314-cb12-40c6-a623-d6ffdf0ee027", + "xAccessor": "a2c30dbc-5784-423d-a343-177a03140465" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "735c4030-d5b3-459c-9000-427ca5cb9d70", - "title": "Protocols", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-49f72f3e-4ec2-418f-8183-30f7ca58c8e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "49f72f3e-4ec2-418f-8183-30f7ca58c8e7": { - "columnOrder": [ - "9162c285-d838-46ea-99c3-54cf59ec1a1d", - "5783f5fa-33c4-407f-8ee6-b0e7d693e993" - ], - "columns": { - "5783f5fa-33c4-407f-8ee6-b0e7d693e993": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "9162c285-d838-46ea-99c3-54cf59ec1a1d": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Target Tag", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "5783f5fa-33c4-407f-8ee6-b0e7d693e993", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "gcp.firewall.rule_details.target_tag" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.firewall\" " - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "9162c285-d838-46ea-99c3-54cf59ec1a1d" - ], - "layerId": "49f72f3e-4ec2-418f-8183-30f7ca58c8e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "5783f5fa-33c4-407f-8ee6-b0e7d693e993", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "donut" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 11, - "i": "b8028d6f-bf4e-43a0-b19a-65047c757821", - "w": 11, - "x": 37, - "y": 5 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "b8028d6f-bf4e-43a0-b19a-65047c757821", - "title": "Target Tag", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-942bb851-a16a-4422-afaf-8521bb72644f", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "942bb851-a16a-4422-afaf-8521bb72644f": { - "columnOrder": [ - "ad5cb314-cb12-40c6-a623-d6ffdf0ee027", - "a2c30dbc-5784-423d-a343-177a03140465", - "da23fc0e-33d4-4361-8ddb-67862b6e0951" - ], - "columns": { - "a2c30dbc-5784-423d-a343-177a03140465": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "ad5cb314-cb12-40c6-a623-d6ffdf0ee027": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of gcp.firewall.rule_details.action", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "da23fc0e-33d4-4361-8ddb-67862b6e0951", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "gcp.firewall.rule_details.action" - }, - "da23fc0e-33d4-4361-8ddb-67862b6e0951": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.firewall\" " - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "da23fc0e-33d4-4361-8ddb-67862b6e0951" - ], - "layerId": "942bb851-a16a-4422-afaf-8521bb72644f", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "ad5cb314-cb12-40c6-a623-d6ffdf0ee027", - "xAccessor": "a2c30dbc-5784-423d-a343-177a03140465" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Firewall events over time" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3", + "w": 24, + "x": 0, + "y": 26 + }, + "panelIndex": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-609d8521-e339-49d2-8564-713fd932c285", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "609d8521-e339-49d2-8564-713fd932c285": { + "columnOrder": [ + "f9145218-da9e-43c9-9e22-c707834256cc", + "426e0fb0-db17-4e02-8fc8-60d472e450f2", + "d2e14e21-2c9b-46b9-8508-288c81cbc712" + ], + "columns": { + "426e0fb0-db17-4e02-8fc8-60d472e450f2": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Priority", + "operationType": "range", + "params": { + "maxBars": "auto", + "ranges": [ + { + "from": 0, + "label": "", + "to": 1000 + } + ], + "type": "histogram" + }, + "scale": "interval", + "sourceField": "gcp.firewall.rule_details.priority" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "d2e14e21-2c9b-46b9-8508-288c81cbc712": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "f9145218-da9e-43c9-9e22-c707834256cc": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "VM", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d2e14e21-2c9b-46b9-8508-288c81cbc712", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cloud.instance.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.firewall\" " + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 10, - "i": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296", - "w": 48, - "x": 0, - "y": 16 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296", - "title": "Firewall events over time", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-609d8521-e339-49d2-8564-713fd932c285", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "609d8521-e339-49d2-8564-713fd932c285": { - "columnOrder": [ - "f9145218-da9e-43c9-9e22-c707834256cc", - "426e0fb0-db17-4e02-8fc8-60d472e450f2", - "d2e14e21-2c9b-46b9-8508-288c81cbc712" - ], - "columns": { - "426e0fb0-db17-4e02-8fc8-60d472e450f2": { - "customLabel": true, - "dataType": "number", - "isBucketed": true, - "label": "Priority", - "operationType": "range", - "params": { - "maxBars": "auto", - "ranges": [ - { - "from": 0, - "label": "", - "to": 1000 - } - ], - "type": "histogram" - }, - "scale": "interval", - "sourceField": "gcp.firewall.rule_details.priority" - }, - "d2e14e21-2c9b-46b9-8508-288c81cbc712": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - }, - "f9145218-da9e-43c9-9e22-c707834256cc": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "VM", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d2e14e21-2c9b-46b9-8508-288c81cbc712", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cloud.instance.name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.firewall\" " - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "d2e14e21-2c9b-46b9-8508-288c81cbc712" - ], - "layerId": "609d8521-e339-49d2-8564-713fd932c285", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "426e0fb0-db17-4e02-8fc8-60d472e450f2", - "xAccessor": "f9145218-da9e-43c9-9e22-c707834256cc" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 13, - "i": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3", - "w": 24, - "x": 0, - "y": 26 + "layers": [ + { + "accessors": [ + "d2e14e21-2c9b-46b9-8508-288c81cbc712" + ], + "layerId": "609d8521-e339-49d2-8564-713fd932c285", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "426e0fb0-db17-4e02-8fc8-60d472e450f2", + "xAccessor": "f9145218-da9e-43c9-9e22-c707834256cc" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3", - "title": "Top VMs", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-1559a734-d79f-47af-95f1-0278d058a38c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "1559a734-d79f-47af-95f1-0278d058a38c": { - "columnOrder": [ - "45e4569d-d389-4118-8079-431dd014760b", - "d7154085-306d-4cf4-89bf-522a2a4dc723" - ], - "columns": { - "45e4569d-d389-4118-8079-431dd014760b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of rule.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d7154085-306d-4cf4-89bf-522a2a4dc723", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "rule.name" - }, - "d7154085-306d-4cf4-89bf-522a2a4dc723": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "Records" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "45e4569d-d389-4118-8079-431dd014760b" - ], - "layerId": "1559a734-d79f-47af-95f1-0278d058a38c", - "layerType": "data", - "legendDisplay": "default", - "metric": "d7154085-306d-4cf4-89bf-522a2a4dc723", - "nestedLegend": false, - "numberDisplay": "percent", - "percentDecimals": 2 - } - ], - "shape": "treemap" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 13, - "i": "c704818b-a568-4142-92f0-3ff09f0fb8e6", - "w": 24, - "x": 24, - "y": 26 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "c704818b-a568-4142-92f0-3ff09f0fb8e6", - "title": "Firewall rules", - "type": "lens", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ced29d00-2d8b-43b9-bcc5-361f940b534c": { - "columnOrder": [ - "3d150b77-0069-4770-8e55-38e152a4e97c", - "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c", - "4ed872b0-f56b-4d53-b5a6-82d6f177fadc" - ], - "columns": { - "3d150b77-0069-4770-8e55-38e152a4e97c": { - "customLabel": true, - "dataType": "number", - "isBucketed": true, - "label": "Destination Port", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.port" - }, - "4ed872b0-f56b-4d53-b5a6-82d6f177fadc": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Events", - "operationType": "count", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "Records" - }, - "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c": { - "customLabel": true, - "dataType": "number", - "isBucketed": true, - "label": "Source IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.port" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.firewall\" " + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Top VMs" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 13, + "i": "c704818b-a568-4142-92f0-3ff09f0fb8e6", + "w": 24, + "x": 24, + "y": 26 + }, + "panelIndex": "c704818b-a568-4142-92f0-3ff09f0fb8e6", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-1559a734-d79f-47af-95f1-0278d058a38c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "1559a734-d79f-47af-95f1-0278d058a38c": { + "columnOrder": [ + "45e4569d-d389-4118-8079-431dd014760b", + "d7154085-306d-4cf4-89bf-522a2a4dc723" + ], + "columns": { + "45e4569d-d389-4118-8079-431dd014760b": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of rule.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d7154085-306d-4cf4-89bf-522a2a4dc723", + "type": "column" }, - "visualization": { - "gridConfig": { - "isCellLabelVisible": false, - "isXAxisLabelVisible": true, - "isYAxisLabelVisible": true, - "type": "lens_heatmap_grid" - }, - "layerId": "ced29d00-2d8b-43b9-bcc5-361f940b534c", - "layerType": "data", - "legend": { - "isVisible": true, - "maxLines": 1, - "position": "right", - "shouldTruncate": true, - "type": "lens_heatmap_legendConfig" - }, - "palette": { - "accessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "name": "negative", - "params": { - "name": "negative", - "rangeMax": 80, - "rangeMin": 0, - "reverse": false, - "stops": [ - { - "color": "#fbddd6", - "stop": 0 - }, - { - "color": "#f3bbaf", - "stop": 20 - }, - { - "color": "#e99a89", - "stop": 40 - }, - { - "color": "#db7965", - "stop": 60 - }, - { - "color": "#cc5642", - "stop": 80 - } - ] - }, - "type": "palette" - }, - "shape": "heatmap", - "title": "Empty Heatmap chart", - "valueAccessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "xAccessor": "3d150b77-0069-4770-8e55-38e152a4e97c", - "yAccessor": "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "rule.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsHeatmap" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "f5d8c4eb-716d-4286-9f82-4cff620b3b11", - "w": 24, - "x": 0, - "y": 39 - }, - "panelIndex": "f5d8c4eb-716d-4286-9f82-4cff620b3b11", - "title": "Events between Ports", - "type": "lens", - "version": "7.17.0" + "d7154085-306d-4cf4-89bf-522a2a4dc723": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "45e4569d-d389-4118-8079-431dd014760b" + ], + "layerId": "1559a734-d79f-47af-95f1-0278d058a38c", + "layerType": "data", + "legendDisplay": "default", + "metric": "d7154085-306d-4cf4-89bf-522a2a4dc723", + "nestedLegend": false, + "numberDisplay": "percent", + "percentDecimals": 2 + } + ], + "shape": "treemap" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "ced29d00-2d8b-43b9-bcc5-361f940b534c": { - "columnOrder": [ - "3d150b77-0069-4770-8e55-38e152a4e97c", - "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c", - "4ed872b0-f56b-4d53-b5a6-82d6f177fadc" - ], - "columns": { - "3d150b77-0069-4770-8e55-38e152a4e97c": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Destination IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.ip" - }, - "4ed872b0-f56b-4d53-b5a6-82d6f177fadc": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Events", - "operationType": "count", - "params": { - "format": { - "id": "number", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "Records" - }, - "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Source IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.firewall\" " + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Firewall rules" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "f5d8c4eb-716d-4286-9f82-4cff620b3b11", + "w": 24, + "x": 0, + "y": 39 + }, + "panelIndex": "f5d8c4eb-716d-4286-9f82-4cff620b3b11", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ced29d00-2d8b-43b9-bcc5-361f940b534c": { + "columnOrder": [ + "3d150b77-0069-4770-8e55-38e152a4e97c", + "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c", + "4ed872b0-f56b-4d53-b5a6-82d6f177fadc" + ], + "columns": { + "3d150b77-0069-4770-8e55-38e152a4e97c": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Destination Port", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "type": "column" }, - "visualization": { - "gridConfig": { - "isCellLabelVisible": false, - "isXAxisLabelVisible": true, - "isYAxisLabelVisible": true, - "type": "lens_heatmap_grid" - }, - "layerId": "ced29d00-2d8b-43b9-bcc5-361f940b534c", - "layerType": "data", - "legend": { - "isVisible": true, - "maxLines": 1, - "position": "right", - "shouldTruncate": true, - "type": "lens_heatmap_legendConfig" - }, - "palette": { - "accessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "name": "negative", - "params": { - "name": "negative", - "rangeMax": 80, - "rangeMin": 0, - "reverse": false, - "stops": [ - { - "color": "#fbddd6", - "stop": 0 - }, - { - "color": "#f3bbaf", - "stop": 20 - }, - { - "color": "#e99a89", - "stop": 40 - }, - { - "color": "#db7965", - "stop": 60 - }, - { - "color": "#cc5642", - "stop": 80 - } - ] - }, - "type": "palette" - }, - "shape": "heatmap", - "title": "Empty Heatmap chart", - "valueAccessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", - "xAccessor": "3d150b77-0069-4770-8e55-38e152a4e97c", - "yAccessor": "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.port" }, - "title": "", - "type": "lens", - "visualizationType": "lnsHeatmap" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 15, - "i": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5", - "w": 24, - "x": 24, - "y": 39 - }, - "panelIndex": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5", - "title": "Events between IPs", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": true, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.firewall" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.firewall" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } + "4ed872b0-f56b-4d53-b5a6-82d6f177fadc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } } + }, + "scale": "ratio", + "sourceField": "Records" }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.domain\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.domain\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" - }, - "title": "[GCP] Sankey Source to Destination domain", - "type": "vega", - "uiState": {} + "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.port" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.firewall\" " + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isYAxisLabelVisible": true, + "type": "lens_heatmap_grid" }, - "gridData": { - "h": 15, - "i": "899f49c0-9400-452b-b833-5b59e3ad0338", - "w": 24, - "x": 0, - "y": 54 - }, - "panelIndex": "899f49c0-9400-452b-b833-5b59e3ad0338", - "title": "Sankey Source to Destination domain", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": true, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.firewall" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.firewall" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.vpc_name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.vpc_name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" - }, - "title": "[GCP] Sankey Source to Destination VPC", - "type": "vega", - "uiState": {} - } + "layerId": "ced29d00-2d8b-43b9-bcc5-361f940b534c", + "layerType": "data", + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "type": "lens_heatmap_legendConfig" }, - "gridData": { - "h": 15, - "i": "6f5213ce-73ea-4438-88e4-b5cb5506a9c9", - "w": 24, - "x": 24, - "y": 54 + "palette": { + "accessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "name": "negative", + "params": { + "name": "negative", + "rangeMax": 80, + "rangeMin": 0, + "reverse": false, + "stops": [ + { + "color": "#fbddd6", + "stop": 0 + }, + { + "color": "#f3bbaf", + "stop": 20 + }, + { + "color": "#e99a89", + "stop": 40 + }, + { + "color": "#db7965", + "stop": 60 + }, + { + "color": "#cc5642", + "stop": 80 + } + ] + }, + "type": "palette" }, - "panelIndex": "6f5213ce-73ea-4438-88e4-b5cb5506a9c9", - "title": "Sankey Source to Destination VPC", - "type": "visualization", - "version": "7.17.0" + "shape": "heatmap", + "title": "Empty Heatmap chart", + "valueAccessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "xAccessor": "3d150b77-0069-4770-8e55-38e152a4e97c", + "yAccessor": "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c" + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Events between Ports" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5", + "w": 24, + "x": 24, + "y": 39 + }, + "panelIndex": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "ced29d00-2d8b-43b9-bcc5-361f940b534c": { + "columnOrder": [ + "3d150b77-0069-4770-8e55-38e152a4e97c", + "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c", + "4ed872b0-f56b-4d53-b5a6-82d6f177fadc" + ], + "columns": { + "3d150b77-0069-4770-8e55-38e152a4e97c": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.ip" }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "", - "interval": "", - "isModelInvalid": false, - "markdown": "[Detection Engine](security/detections)\r\n\r\n[Network overview](security/network/flows)", - "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a{background-color:#07C;color:#fff;padding:8px 12px;height:40px;display:inline-block;font-family:Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;font-weight:400;letter-spacing:-0.005em;font-size:1rem;line-height:1.5;text-decoration:none;border-radius:4px;vertical-align:middle;width:100%;text-align:center}", - "markdown_less": "a {\n background-color: #07C;\n color: #fff;\n padding: 8px 12px;\n height: 40px;\n display: inline-block;\n font-family: Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;\n font-weight: 400;\n letter-spacing: -.005em;\n font-size: 1rem;\n line-height: 1.5;\n text-decoration: none;\n border-radius: 4px;\n vertical-align: middle;\n width: 100%;\n text-align: center;\n}", - "markdown_openLinksInNewTab": 1, - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true + "4ed872b0-f56b-4d53-b5a6-82d6f177fadc": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Events", + "operationType": "count", + "params": { + "format": { + "id": "number", + "params": { + "decimals": 2 + } + } + }, + "scale": "ratio", + "sourceField": "Records" }, - "title": "Nav Buttons", - "type": "metrics", - "uiState": {} + "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.firewall\" " + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isYAxisLabelVisible": true, + "type": "lens_heatmap_grid" }, - "gridData": { - "h": 5, - "i": "fb39f126-e3c2-4ae0-a484-a39accee7efd", - "w": 8, - "x": 40, - "y": 0 + "layerId": "ced29d00-2d8b-43b9-bcc5-361f940b534c", + "layerType": "data", + "legend": { + "isVisible": true, + "maxLines": 1, + "position": "right", + "shouldTruncate": true, + "type": "lens_heatmap_legendConfig" }, - "panelIndex": "fb39f126-e3c2-4ae0-a484-a39accee7efd", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs GCP] Firewall", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "gcp-8a1fb690-cbeb-11ec-b519-85ccf621cbbf", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "77c85299-e3b8-4338-9113-a3b56ba741c7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "77c85299-e3b8-4338-9113-a3b56ba741c7:indexpattern-datasource-layer-3a32ec4e-e826-4732-a33c-af6e11d7218e", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6:indexpattern-datasource-layer-2f350b92-4c75-4171-887e-1787cc418027", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fe15fb67-185b-426d-a575-86a6570e9b39:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fe15fb67-185b-426d-a575-86a6570e9b39:indexpattern-datasource-layer-654ef7b2-0b28-4fc9-82a4-95e925db36a6", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5e11178e-7303-48dc-8549-73e80f5c9b2c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5e11178e-7303-48dc-8549-73e80f5c9b2c:indexpattern-datasource-layer-1f9dacfe-adbe-4312-8752-e6ef33190614", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "735c4030-d5b3-459c-9000-427ca5cb9d70:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "735c4030-d5b3-459c-9000-427ca5cb9d70:indexpattern-datasource-layer-9c02e90f-5fb4-4c58-9c74-bf76f2b246fc", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b8028d6f-bf4e-43a0-b19a-65047c757821:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b8028d6f-bf4e-43a0-b19a-65047c757821:indexpattern-datasource-layer-49f72f3e-4ec2-418f-8183-30f7ca58c8e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296:indexpattern-datasource-layer-942bb851-a16a-4422-afaf-8521bb72644f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3:indexpattern-datasource-layer-609d8521-e339-49d2-8564-713fd932c285", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c704818b-a568-4142-92f0-3ff09f0fb8e6:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "c704818b-a568-4142-92f0-3ff09f0fb8e6:indexpattern-datasource-layer-1559a734-d79f-47af-95f1-0278d058a38c", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f5d8c4eb-716d-4286-9f82-4cff620b3b11:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "palette": { + "accessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "name": "negative", + "params": { + "name": "negative", + "rangeMax": 80, + "rangeMin": 0, + "reverse": false, + "stops": [ + { + "color": "#fbddd6", + "stop": 0 + }, + { + "color": "#f3bbaf", + "stop": 20 + }, + { + "color": "#e99a89", + "stop": 40 + }, + { + "color": "#db7965", + "stop": 60 + }, + { + "color": "#cc5642", + "stop": 80 + } + ] + }, + "type": "palette" + }, + "shape": "heatmap", + "title": "Empty Heatmap chart", + "valueAccessor": "4ed872b0-f56b-4d53-b5a6-82d6f177fadc", + "xAccessor": "3d150b77-0069-4770-8e55-38e152a4e97c", + "yAccessor": "8aa7938e-eccd-4b41-8147-ac09a0ba4b1c" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "f5d8c4eb-716d-4286-9f82-4cff620b3b11:indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", - "type": "index-pattern" + "title": "Events between IPs" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "899f49c0-9400-452b-b833-5b59e3ad0338", + "w": 24, + "x": 0, + "y": 54 }, - { - "id": "logs-*", - "name": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "899f49c0-9400-452b-b833-5b59e3ad0338", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": true, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.domain\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.domain\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination domain", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5:indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", - "type": "index-pattern" + "title": "Sankey Source to Destination domain" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "6f5213ce-73ea-4438-88e4-b5cb5506a9c9", + "w": 24, + "x": 24, + "y": 54 }, - { - "id": "logs-*", - "name": "899f49c0-9400-452b-b833-5b59e3ad0338:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "6f5213ce-73ea-4438-88e4-b5cb5506a9c9", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": true, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.firewall" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.firewall" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.vpc_name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.vpc_name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination VPC", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "6f5213ce-73ea-4438-88e4-b5cb5506a9c9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Sankey Source to Destination VPC" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "fb39f126-e3c2-4ae0-a484-a39accee7efd", + "w": 8, + "x": 40, + "y": 0 }, - { - "id": "gcp-e1a359e5-543d-44c2-ab81-628138719e28", - "name": "tag-gcp-e1a359e5-543d-44c2-ab81-628138719e28", - "type": "tag" + "panelIndex": "fb39f126-e3c2-4ae0-a484-a39accee7efd", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "markdown": "[Detection Engine](security/detections)\r\n\r\n[Network overview](security/network/flows)", + "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a{background-color:#07C;color:#fff;padding:8px 12px;height:40px;display:inline-block;font-family:Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;font-weight:400;letter-spacing:-0.005em;font-size:1rem;line-height:1.5;text-decoration:none;border-radius:4px;vertical-align:middle;width:100%;text-align:center}", + "markdown_less": "a {\n background-color: #07C;\n color: #fff;\n padding: 8px 12px;\n height: 40px;\n display: inline-block;\n font-family: Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;\n font-weight: 400;\n letter-spacing: -.005em;\n font-size: 1rem;\n line-height: 1.5;\n text-decoration: none;\n border-radius: 4px;\n vertical-align: middle;\n width: 100%;\n text-align: center;\n}", + "markdown_openLinksInNewTab": 1, + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "Nav Buttons", + "type": "metrics", + "uiState": {} + } } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs GCP] Firewall", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "77c85299-e3b8-4338-9113-a3b56ba741c7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "77c85299-e3b8-4338-9113-a3b56ba741c7:indexpattern-datasource-layer-3a32ec4e-e826-4732-a33c-af6e11d7218e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0fc7a288-d3c6-4f18-8d0e-ca3c0f66aeb6:indexpattern-datasource-layer-2f350b92-4c75-4171-887e-1787cc418027", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fe15fb67-185b-426d-a575-86a6570e9b39:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fe15fb67-185b-426d-a575-86a6570e9b39:indexpattern-datasource-layer-654ef7b2-0b28-4fc9-82a4-95e925db36a6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5e11178e-7303-48dc-8549-73e80f5c9b2c:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5e11178e-7303-48dc-8549-73e80f5c9b2c:indexpattern-datasource-layer-1f9dacfe-adbe-4312-8752-e6ef33190614", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "735c4030-d5b3-459c-9000-427ca5cb9d70:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "735c4030-d5b3-459c-9000-427ca5cb9d70:indexpattern-datasource-layer-9c02e90f-5fb4-4c58-9c74-bf76f2b246fc", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8028d6f-bf4e-43a0-b19a-65047c757821:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b8028d6f-bf4e-43a0-b19a-65047c757821:indexpattern-datasource-layer-49f72f3e-4ec2-418f-8183-30f7ca58c8e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "63b2dd96-9ce1-43cc-add3-7bc34ff4b296:indexpattern-datasource-layer-942bb851-a16a-4422-afaf-8521bb72644f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e9a02bc3-c20c-4a38-8c75-2db4923c60a3:indexpattern-datasource-layer-609d8521-e339-49d2-8564-713fd932c285", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c704818b-a568-4142-92f0-3ff09f0fb8e6:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c704818b-a568-4142-92f0-3ff09f0fb8e6:indexpattern-datasource-layer-1559a734-d79f-47af-95f1-0278d058a38c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5d8c4eb-716d-4286-9f82-4cff620b3b11:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f5d8c4eb-716d-4286-9f82-4cff620b3b11:indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bfc4e50a-001c-4d8a-9074-8b1c969eabd5:indexpattern-datasource-layer-ced29d00-2d8b-43b9-bcc5-361f940b534c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "899f49c0-9400-452b-b833-5b59e3ad0338:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6f5213ce-73ea-4438-88e4-b5cb5506a9c9:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "gcp-e1a359e5-543d-44c2-ab81-628138719e28", + "name": "tag-gcp-e1a359e5-543d-44c2-ab81-628138719e28", + "type": "tag" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json index e034bbc666f..81a1e9717c8 100644 --- a/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json +++ b/packages/gcp/kibana/dashboard/gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87.json @@ -1,144 +1,438 @@ { - "attributes": { - "description": "Overview of GCP Load Balancing L3 Metrics", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "id": "gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxOCwxXQ==", + "attributes": { + "description": "Overview of GCP Load Balancing L3 Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 6, + "i": "8b86e712-4709-458a-b8e9-40e79305b1aa", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 6, - "i": "8b86e712-4709-458a-b8e9-40e79305b1aa", - "w": 48, - "x": 0, - "y": 0 + "panelIndex": "8b86e712-4709-458a-b8e9-40e79305b1aa", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing L3 Filters [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "gcp.labels.resource.backend_name", + "id": "1588881306802", + "indexPatternRefName": "control_0_index_pattern", + "label": "Backend Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "8b86e712-4709-458a-b8e9-40e79305b1aa", - "panelRefName": "panel_8b86e712-4709-458a-b8e9-40e79305b1aa", - "title": "Filters", - "type": "visualization", - "version": "7.6.2" - }, - { - "embeddableConfig": { - "enhancements": {} + { + "fieldName": "gcp.labels.metrics.client_zone", + "id": "1588881320708", + "indexPatternRefName": "control_1_index_pattern", + "label": "Client Zone", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 15, - "i": "44d18a84-d060-4149-825d-eacc61f946f3", - "w": 24, - "x": 24, - "y": 6 + { + "fieldName": "gcp.labels.metrics.client_network", + "id": "1588881383318", + "indexPatternRefName": "control_2_index_pattern", + "label": "Client Network", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "44d18a84-d060-4149-825d-eacc61f946f3", - "panelRefName": "panel_44d18a84-d060-4149-825d-eacc61f946f3", - "title": "Egress Packets", - "type": "visualization", - "version": "7.6.2" + { + "fieldName": "gcp.labels.metrics.client_subnetwork", + "id": "1588881498842", + "indexPatternRefName": "control_3_index_pattern", + "label": "Client Sub-network", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86", - "w": 24, - "x": 0, - "y": 6 - }, - "panelIndex": "c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86", - "panelRefName": "panel_c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86", - "title": "Egress Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Filters" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "44d18a84-d060-4149-825d-eacc61f946f3", + "w": 24, + "x": 24, + "y": 6 + }, + "panelIndex": "44d18a84-d060-4149-825d-eacc61f946f3", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing L3 Egress Packets [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.l3.internal.egress_packets.count : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.l3.internal.egress_packets.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "c5782327-dc55-466d-97d8-b79618f0b47a", - "w": 24, - "x": 24, - "y": 21 - }, - "panelIndex": "c5782327-dc55-466d-97d8-b79618f0b47a", - "panelRefName": "panel_c5782327-dc55-466d-97d8-b79618f0b47a", - "title": "Ingress Packets", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Egress Packets" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86", + "w": 24, + "x": 0, + "y": 6 + }, + "panelIndex": "c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing L3 Egress Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.l3.internal.egress.bytes : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.l3.internal.egress.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "beaf5f45-5217-4aed-b663-69e5e9ca35c3", - "w": 24, - "x": 0, - "y": 21 - }, - "panelIndex": "beaf5f45-5217-4aed-b663-69e5e9ca35c3", - "panelRefName": "panel_beaf5f45-5217-4aed-b663-69e5e9ca35c3", - "title": "Ingress Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ], - "timeRestore": false, - "title": "[Metrics GCP] Load Balancing L3 Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-8f9c6cc0-909d-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "gcp-3f4e9040-909d-11ea-8180-7b0dacd9df87", - "name": "8b86e712-4709-458a-b8e9-40e79305b1aa:panel_8b86e712-4709-458a-b8e9-40e79305b1aa", - "type": "visualization" + } }, - { - "id": "gcp-2f6b6740-909b-11ea-8180-7b0dacd9df87", - "name": "44d18a84-d060-4149-825d-eacc61f946f3:panel_44d18a84-d060-4149-825d-eacc61f946f3", - "type": "visualization" + "title": "Egress Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "c5782327-dc55-466d-97d8-b79618f0b47a", + "w": 24, + "x": 24, + "y": 21 + }, + "panelIndex": "c5782327-dc55-466d-97d8-b79618f0b47a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing L3 Ingress Packets [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.l3.internal.ingress_packets.count : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.l3.internal.ingress_packets.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-e562eb50-909a-11ea-8180-7b0dacd9df87", - "name": "c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86:panel_c38aeaae-69a7-4a6c-a35a-4bf5c8f70e86", - "type": "visualization" + "title": "Ingress Packets" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "beaf5f45-5217-4aed-b663-69e5e9ca35c3", + "w": 24, + "x": 0, + "y": 21 }, - { - "id": "gcp-543dac40-909b-11ea-8180-7b0dacd9df87", - "name": "c5782327-dc55-466d-97d8-b79618f0b47a:panel_c5782327-dc55-466d-97d8-b79618f0b47a", - "type": "visualization" + "panelIndex": "beaf5f45-5217-4aed-b663-69e5e9ca35c3", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing L3 Ingress Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.l3.internal.ingress.bytes : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.l3.internal.ingress.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.backend_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-434f69f0-909b-11ea-8180-7b0dacd9df87", - "name": "beaf5f45-5217-4aed-b663-69e5e9ca35c3:panel_beaf5f45-5217-4aed-b663-69e5e9ca35c3", - "type": "visualization" - } + "title": "Ingress Bytes" + } ], - "type": "dashboard", - "updated_at": "2021-08-04T16:31:11.683Z", - "version": "WzM3OTIsMV0=" + "timeRestore": false, + "title": "[Metrics GCP] Load Balancing L3 Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "8b86e712-4709-458a-b8e9-40e79305b1aa:control_0_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "8b86e712-4709-458a-b8e9-40e79305b1aa:control_1_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "8b86e712-4709-458a-b8e9-40e79305b1aa:control_2_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "8b86e712-4709-458a-b8e9-40e79305b1aa:control_3_index_pattern", + "id": "metrics-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json b/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json index c7116e8a0cb..2b9d97a0c4e 100644 --- a/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json +++ b/packages/gcp/kibana/dashboard/gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f.json @@ -1,1719 +1,1724 @@ { - "attributes": { - "description": "Overview of the VPC flow log data from Google Cloud.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" + "id": "gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcxOSwxXQ==", + "attributes": { + "description": "Overview of the VPC flow log data from Google Cloud.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "a6977559-b547-4175-a1aa-f59715042492", + "w": 40, + "x": 0, + "y": 0 + }, + "panelIndex": "a6977559-b547-4175-a1aa-f59715042492", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "# Google VPC Flow dashboard", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + } + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "fd65090b-d291-4771-865d-c5fa77a1b2a2", + "w": 8, + "x": 40, + "y": 5 + }, + "panelIndex": "fd65090b-d291-4771-865d-c5fa77a1b2a2", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9622b1fb-f543-4d05-b868-366fa865f9e7": { + "columnOrder": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a5152707-6084-46e1-a5a1-b3eb150a1a05" + ], + "columns": { + "93e747d6-f202-45f4-9813-129bb91a9306": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of gcp.vpcflow.reporter", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" }, - "type": "phrase" + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "gcp.vpcflow.reporter" }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } + "a5152707-6084-46e1-a5a1-b3eb150a1a05": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" } + }, + "incompleteColumns": {} } - ], - "query": { - "language": "kuery", - "query": "" + } } - } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93e747d6-f202-45f4-9813-129bb91a9306" + ], + "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "nestedLegend": false, + "numberDisplay": "value" + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true + "title": "Bytes per reporter" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "4489b109-a7f8-4a9d-b85f-0fe613368eda", + "w": 8, + "x": 0, + "y": 5 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "# Google VPC Flow dashboard", - "openLinksInNewTab": false + "panelIndex": "4489b109-a7f8-4a9d-b85f-0fe613368eda", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9622b1fb-f543-4d05-b868-366fa865f9e7": { + "columnOrder": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a5152707-6084-46e1-a5a1-b3eb150a1a05" + ], + "columns": { + "93e747d6-f202-45f4-9813-129bb91a9306": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of cloud.project.id", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cloud.project.id" }, - "title": "", - "type": "markdown", - "uiState": {} + "a5152707-6084-46e1-a5a1-b3eb150a1a05": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} } - }, - "gridData": { - "h": 5, - "i": "a6977559-b547-4175-a1aa-f59715042492", - "w": 40, - "x": 0, - "y": 0 - }, - "panelIndex": "a6977559-b547-4175-a1aa-f59715042492", - "type": "visualization", - "version": "7.17.0" + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93e747d6-f202-45f4-9813-129bb91a9306" + ], + "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "nestedLegend": false, + "numberDisplay": "value" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9622b1fb-f543-4d05-b868-366fa865f9e7": { - "columnOrder": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a5152707-6084-46e1-a5a1-b3eb150a1a05" - ], - "columns": { - "93e747d6-f202-45f4-9813-129bb91a9306": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of gcp.vpcflow.reporter", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "gcp.vpcflow.reporter" - }, - "a5152707-6084-46e1-a5a1-b3eb150a1a05": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Bytes per project" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "061ff6b2-a70a-42dc-87fd-45d185b277ac", + "w": 8, + "x": 8, + "y": 5 + }, + "panelIndex": "061ff6b2-a70a-42dc-87fd-45d185b277ac", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9622b1fb-f543-4d05-b868-366fa865f9e7": { + "columnOrder": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a5152707-6084-46e1-a5a1-b3eb150a1a05" + ], + "columns": { + "93e747d6-f202-45f4-9813-129bb91a9306": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "93e747d6-f202-45f4-9813-129bb91a9306" - ], - "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "nestedLegend": false, - "numberDisplay": "value" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "fd65090b-d291-4771-865d-c5fa77a1b2a2", - "w": 8, - "x": 40, - "y": 5 - }, - "panelIndex": "fd65090b-d291-4771-865d-c5fa77a1b2a2", - "title": "Bytes per reporter", - "type": "lens", - "version": "7.17.0" + "a5152707-6084-46e1-a5a1-b3eb150a1a05": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93e747d6-f202-45f4-9813-129bb91a9306" + ], + "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "nestedLegend": false, + "numberDisplay": "value" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9622b1fb-f543-4d05-b868-366fa865f9e7": { - "columnOrder": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a5152707-6084-46e1-a5a1-b3eb150a1a05" - ], - "columns": { - "93e747d6-f202-45f4-9813-129bb91a9306": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of cloud.project.id", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cloud.project.id" - }, - "a5152707-6084-46e1-a5a1-b3eb150a1a05": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Bytes per sub-network" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5", + "w": 8, + "x": 16, + "y": 5 + }, + "panelIndex": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9622b1fb-f543-4d05-b868-366fa865f9e7": { + "columnOrder": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a5152707-6084-46e1-a5a1-b3eb150a1a05" + ], + "columns": { + "93e747d6-f202-45f4-9813-129bb91a9306": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of cloud.region", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "93e747d6-f202-45f4-9813-129bb91a9306" - ], - "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "nestedLegend": false, - "numberDisplay": "value" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "cloud.region" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "4489b109-a7f8-4a9d-b85f-0fe613368eda", - "w": 8, - "x": 0, - "y": 5 - }, - "panelIndex": "4489b109-a7f8-4a9d-b85f-0fe613368eda", - "title": "Bytes per project", - "type": "lens", - "version": "7.17.0" + "a5152707-6084-46e1-a5a1-b3eb150a1a05": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93e747d6-f202-45f4-9813-129bb91a9306" + ], + "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "nestedLegend": false, + "numberDisplay": "value" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9622b1fb-f543-4d05-b868-366fa865f9e7": { - "columnOrder": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a5152707-6084-46e1-a5a1-b3eb150a1a05" - ], - "columns": { - "93e747d6-f202-45f4-9813-129bb91a9306": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.name" - }, - "a5152707-6084-46e1-a5a1-b3eb150a1a05": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Bytes per region / zone" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "9714edf3-3894-4567-b8ec-99b863f4fa74", + "w": 8, + "x": 24, + "y": 5 + }, + "panelIndex": "9714edf3-3894-4567-b8ec-99b863f4fa74", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9622b1fb-f543-4d05-b868-366fa865f9e7": { + "columnOrder": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a0ef9781-cada-4dac-a5c6-50b6d36aaace", + "a5152707-6084-46e1-a5a1-b3eb150a1a05" + ], + "columns": { + "93e747d6-f202-45f4-9813-129bb91a9306": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of source.geo.continent_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "93e747d6-f202-45f4-9813-129bb91a9306" - ], - "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "nestedLegend": false, - "numberDisplay": "value" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.geo.continent_name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "061ff6b2-a70a-42dc-87fd-45d185b277ac", - "w": 8, - "x": 8, - "y": 5 - }, - "panelIndex": "061ff6b2-a70a-42dc-87fd-45d185b277ac", - "title": "Bytes per sub-network", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9622b1fb-f543-4d05-b868-366fa865f9e7": { - "columnOrder": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a5152707-6084-46e1-a5a1-b3eb150a1a05" - ], - "columns": { - "93e747d6-f202-45f4-9813-129bb91a9306": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of cloud.region", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "cloud.region" - }, - "a5152707-6084-46e1-a5a1-b3eb150a1a05": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } + "a0ef9781-cada-4dac-a5c6-50b6d36aaace": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.geo.continent_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "93e747d6-f202-45f4-9813-129bb91a9306" - ], - "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "nestedLegend": false, - "numberDisplay": "value" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.continent_name" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5", - "w": 8, - "x": 16, - "y": 5 - }, - "panelIndex": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5", - "title": "Bytes per region / zone", - "type": "lens", - "version": "7.17.0" + "a5152707-6084-46e1-a5a1-b3eb150a1a05": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset : \"gcp.vpcflow\" " + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a0ef9781-cada-4dac-a5c6-50b6d36aaace" + ], + "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "nestedLegend": false, + "numberDisplay": "value" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9622b1fb-f543-4d05-b868-366fa865f9e7": { - "columnOrder": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a0ef9781-cada-4dac-a5c6-50b6d36aaace", - "a5152707-6084-46e1-a5a1-b3eb150a1a05" - ], - "columns": { - "93e747d6-f202-45f4-9813-129bb91a9306": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of source.geo.continent_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.geo.continent_name" - }, - "a0ef9781-cada-4dac-a5c6-50b6d36aaace": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.geo.continent_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.geo.continent_name" - }, - "a5152707-6084-46e1-a5a1-b3eb150a1a05": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "event.dataset : \"gcp.vpcflow\" " + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Bytes Source vs. Destination" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e", + "w": 8, + "x": 32, + "y": 5 + }, + "panelIndex": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "9622b1fb-f543-4d05-b868-366fa865f9e7": { + "columnOrder": [ + "93e747d6-f202-45f4-9813-129bb91a9306", + "a5152707-6084-46e1-a5a1-b3eb150a1a05" + ], + "columns": { + "93e747d6-f202-45f4-9813-129bb91a9306": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.direction", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "type": "column" }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a0ef9781-cada-4dac-a5c6-50b6d36aaace" - ], - "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "nestedLegend": false, - "numberDisplay": "value" - } - ], - "shape": "donut" - } + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.direction" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "9714edf3-3894-4567-b8ec-99b863f4fa74", - "w": 8, - "x": 24, - "y": 5 - }, - "panelIndex": "9714edf3-3894-4567-b8ec-99b863f4fa74", - "title": "Bytes Source vs. Destination", - "type": "lens", - "version": "7.17.0" + "a5152707-6084-46e1-a5a1-b3eb150a1a05": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "groups": [ + "93e747d6-f202-45f4-9813-129bb91a9306" + ], + "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", + "layerType": "data", + "legendDisplay": "default", + "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", + "nestedLegend": false, + "numberDisplay": "value" + } + ], + "shape": "donut" + } }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "9622b1fb-f543-4d05-b868-366fa865f9e7": { - "columnOrder": [ - "93e747d6-f202-45f4-9813-129bb91a9306", - "a5152707-6084-46e1-a5a1-b3eb150a1a05" - ], - "columns": { - "93e747d6-f202-45f4-9813-129bb91a9306": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.direction", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.direction" - }, - "a5152707-6084-46e1-a5a1-b3eb150a1a05": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "93e747d6-f202-45f4-9813-129bb91a9306" - ], - "layerId": "9622b1fb-f543-4d05-b868-366fa865f9e7", - "layerType": "data", - "legendDisplay": "default", - "metric": "a5152707-6084-46e1-a5a1-b3eb150a1a05", - "nestedLegend": false, - "numberDisplay": "value" - } - ], - "shape": "donut" - } + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Bytes per direction" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "289e8233-5d54-49c7-9b3a-30bab73711bb", + "w": 24, + "x": 24, + "y": 46 + }, + "panelIndex": "289e8233-5d54-49c7-9b3a-30bab73711bb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "102a3f02-3222-48bb-8c57-b29990ae1d97": { + "columnOrder": [ + "d25096dc-6121-497e-b444-42e92618a871", + "5cb970e1-fff0-4b8c-8c74-7dc834bd2942", + "0647e623-e5b9-4b20-afdf-eba0badc2297" + ], + "columns": { + "0647e623-e5b9-4b20-afdf-eba0badc2297": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 11, - "i": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e", - "w": 8, - "x": 32, - "y": 5 - }, - "panelIndex": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e", - "title": "Bytes per direction", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "102a3f02-3222-48bb-8c57-b29990ae1d97": { - "columnOrder": [ - "d25096dc-6121-497e-b444-42e92618a871", - "5cb970e1-fff0-4b8c-8c74-7dc834bd2942", - "0647e623-e5b9-4b20-afdf-eba0badc2297" - ], - "columns": { - "0647e623-e5b9-4b20-afdf-eba0badc2297": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - }, - "5cb970e1-fff0-4b8c-8c74-7dc834bd2942": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "d25096dc-6121-497e-b444-42e92618a871": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of source.domain", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0647e623-e5b9-4b20-afdf-eba0badc2297", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.domain" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "0647e623-e5b9-4b20-afdf-eba0badc2297" - ], - "layerId": "102a3f02-3222-48bb-8c57-b29990ae1d97", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "d25096dc-6121-497e-b444-42e92618a871", - "xAccessor": "5cb970e1-fff0-4b8c-8c74-7dc834bd2942" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } + "5cb970e1-fff0-4b8c-8c74-7dc834bd2942": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false - }, - "gridData": { - "h": 7, - "i": "289e8233-5d54-49c7-9b3a-30bab73711bb", - "w": 24, - "x": 24, - "y": 46 - }, - "panelIndex": "289e8233-5d54-49c7-9b3a-30bab73711bb", - "title": "Sum of bytes per source", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "d25096dc-6121-497e-b444-42e92618a871": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of source.domain", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0647e623-e5b9-4b20-afdf-eba0badc2297", + "type": "column" }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "102a3f02-3222-48bb-8c57-b29990ae1d97": { - "columnOrder": [ - "d25096dc-6121-497e-b444-42e92618a871", - "5cb970e1-fff0-4b8c-8c74-7dc834bd2942", - "0647e623-e5b9-4b20-afdf-eba0badc2297" - ], - "columns": { - "0647e623-e5b9-4b20-afdf-eba0badc2297": { - "dataType": "number", - "isBucketed": false, - "label": "Sum of network.bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "network.bytes" - }, - "5cb970e1-fff0-4b8c-8c74-7dc834bd2942": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "d25096dc-6121-497e-b444-42e92618a871": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.domain", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0647e623-e5b9-4b20-afdf-eba0badc2297", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.domain" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "0647e623-e5b9-4b20-afdf-eba0badc2297" - ], - "layerId": "102a3f02-3222-48bb-8c57-b29990ae1d97", - "layerType": "data", - "position": "top", - "seriesType": "bar_stacked", - "showGridlines": false, - "splitAccessor": "d25096dc-6121-497e-b444-42e92618a871", - "xAccessor": "5cb970e1-fff0-4b8c-8c74-7dc834bd2942" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" - }, - "yRightExtent": { - "mode": "full" - } - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.domain" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 8, - "i": "9d413864-ae26-4e79-a93d-df49fbad4913", - "w": 24, - "x": 24, - "y": 53 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "9d413864-ae26-4e79-a93d-df49fbad4913", - "title": "Sum of bytes per destination", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97": { - "columnOrder": [ - "06178db9-8ae7-4706-b479-29aea6be4d75", - "313bb272-53cc-4d90-890e-d0952e9fd07f", - "bbc2b648-d5e5-4ee1-baed-be4d1497e963" - ], - "columns": { - "06178db9-8ae7-4706-b479-29aea6be4d75": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Source AS Org", - "operationType": "terms", - "params": { - "missingBucket": true, - "orderBy": { - "columnId": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "source.as.organization.name" - }, - "313bb272-53cc-4d90-890e-d0952e9fd07f": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Destination AS Org", - "operationType": "terms", - "params": { - "missingBucket": true, - "orderBy": { - "columnId": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 10 - }, - "scale": "ordinal", - "sourceField": "destination.as.organization.name" - }, - "bbc2b648-d5e5-4ee1-baed-be4d1497e963": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total bytes", - "operationType": "sum", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 - } - } - }, - "scale": "ratio", - "sourceField": "network.bytes" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "gridConfig": { - "isCellLabelVisible": false, - "isXAxisLabelVisible": true, - "isYAxisLabelVisible": true, - "type": "lens_heatmap_grid" - }, - "layerId": "8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97", - "layerType": "data", - "legend": { - "isVisible": false, - "maxLines": 2, - "position": "right", - "shouldTruncate": false, - "type": "lens_heatmap_legendConfig" - }, - "palette": { - "accessor": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", - "name": "negative", - "params": { - "name": "negative", - "rangeMax": 80, - "rangeMin": 0, - "reverse": false, - "stops": [ - { - "color": "#fbddd6", - "stop": 0 - }, - { - "color": "#f3bbaf", - "stop": 20 - }, - { - "color": "#e99a89", - "stop": 40 - }, - { - "color": "#db7965", - "stop": 60 - }, - { - "color": "#cc5642", - "stop": 80 - } - ] - }, - "type": "palette" - }, - "shape": "heatmap", - "valueAccessor": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", - "xAccessor": "313bb272-53cc-4d90-890e-d0952e9fd07f", - "yAccessor": "06178db9-8ae7-4706-b479-29aea6be4d75" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsHeatmap" - }, - "enhancements": {}, - "hidePanelTitles": false + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "fcaf1c3c-64a6-47ce-90a2-8226e788c062", - "w": 24, - "x": 24, - "y": 61 + "layers": [ + { + "accessors": [ + "0647e623-e5b9-4b20-afdf-eba0badc2297" + ], + "layerId": "102a3f02-3222-48bb-8c57-b29990ae1d97", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "d25096dc-6121-497e-b444-42e92618a871", + "xAccessor": "5cb970e1-fff0-4b8c-8c74-7dc834bd2942" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "fcaf1c3c-64a6-47ce-90a2-8226e788c062", - "title": "Sum of bytes between source and destination", - "type": "lens", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.as.organization.name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.as.organization.name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" - }, - "title": "[GCP] Sankey Source to Destination subnetwork", - "type": "vega", - "uiState": {} - } + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "eedf536b-4b23-4689-957b-482f4d7a3332", - "w": 24, - "x": 0, - "y": 61 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "eedf536b-4b23-4689-957b-482f4d7a3332", - "title": "Sankey Source to Destination autonomous system (AS) org name", - "type": "visualization", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Sum of bytes per source" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 8, + "i": "9d413864-ae26-4e79-a93d-df49fbad4913", + "w": 24, + "x": 24, + "y": 53 + }, + "panelIndex": "9d413864-ae26-4e79-a93d-df49fbad4913", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "102a3f02-3222-48bb-8c57-b29990ae1d97": { + "columnOrder": [ + "d25096dc-6121-497e-b444-42e92618a871", + "5cb970e1-fff0-4b8c-8c74-7dc834bd2942", + "0647e623-e5b9-4b20-afdf-eba0badc2297" + ], + "columns": { + "0647e623-e5b9-4b20-afdf-eba0badc2297": { + "dataType": "number", + "isBucketed": false, + "label": "Sum of network.bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "network.bytes" }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.domain\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.domain\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + "5cb970e1-fff0-4b8c-8c74-7dc834bd2942": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" }, - "title": "[GCP] Sankey Source to Destination domain", - "type": "vega", - "uiState": {} + "d25096dc-6121-497e-b444-42e92618a871": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.domain", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0647e623-e5b9-4b20-afdf-eba0badc2297", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.domain" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "69f30a2e-79ff-4615-a83f-0aaf9b466ba7", - "w": 24, - "x": 0, - "y": 46 + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "panelIndex": "69f30a2e-79ff-4615-a83f-0aaf9b466ba7", - "title": "Sankey Source to Destination domain", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": true, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.subnetwork_name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.subnetwork_name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" - }, - "title": "[GCP] Sankey Source to Destination subnetwork", - "type": "vega", - "uiState": {} - } + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 }, - "gridData": { - "h": 15, - "i": "0f9ac1ed-f75b-4788-a9fe-9277d5e0551a", - "w": 24, - "x": 0, - "y": 31 + "layers": [ + { + "accessors": [ + "0647e623-e5b9-4b20-afdf-eba0badc2297" + ], + "layerId": "102a3f02-3222-48bb-8c57-b29990ae1d97", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "splitAccessor": "d25096dc-6121-497e-b444-42e92618a871", + "xAccessor": "5cb970e1-fff0-4b8c-8c74-7dc834bd2942" + } + ], + "legend": { + "isVisible": true, + "position": "right" }, - "panelIndex": "0f9ac1ed-f75b-4788-a9fe-9277d5e0551a", - "title": "Sankey Source to Destination subnetwork", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.vpc_name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.vpc_name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" - }, - "title": "[GCP] Sankey Source to Destination VPC", - "type": "vega", - "uiState": {} - } + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "gridData": { - "h": 15, - "i": "4a23ce96-6f3b-4ae0-bec2-dc1594cedef6", - "w": 24, - "x": 24, - "y": 31 + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" }, - "panelIndex": "4a23ce96-6f3b-4ae0-bec2-dc1594cedef6", - "title": "Sankey Source to Destination VPC", - "type": "visualization", - "version": "7.17.0" + "yRightExtent": { + "mode": "full" + } + } }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Sum of bytes per destination" + }, + { + "version": "7.17.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "fcaf1c3c-64a6-47ce-90a2-8226e788c062", + "w": 24, + "x": 24, + "y": 61 + }, + "panelIndex": "fcaf1c3c-64a6-47ce-90a2-8226e788c062", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97": { + "columnOrder": [ + "06178db9-8ae7-4706-b479-29aea6be4d75", + "313bb272-53cc-4d90-890e-d0952e9fd07f", + "bbc2b648-d5e5-4ee1-baed-be4d1497e963" + ], + "columns": { + "06178db9-8ae7-4706-b479-29aea6be4d75": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Source AS Org", + "operationType": "terms", + "params": { + "missingBucket": true, + "orderBy": { + "columnId": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "source.as.organization.name" }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.geo.country_iso_code\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.geo.country_iso_code\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + "313bb272-53cc-4d90-890e-d0952e9fd07f": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Destination AS Org", + "operationType": "terms", + "params": { + "missingBucket": true, + "orderBy": { + "columnId": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "destination.as.organization.name" }, - "title": "[GCP] Sankey Source to Destination country", - "type": "vega", - "uiState": {} - } - }, - "gridData": { - "h": 15, - "i": "8700819e-d34e-4ac8-8b65-e053db64f7b8", - "w": 24, - "x": 0, - "y": 16 - }, - "panelIndex": "8700819e-d34e-4ac8-8b65-e053db64f7b8", - "title": "Sankey Source to Destination country", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": true, - "index": "logs-*", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "gcp.vpcflow" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "gcp.vpcflow" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } + "bbc2b648-d5e5-4ee1-baed-be4d1497e963": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total bytes", + "operationType": "sum", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } } - }, - "description": "", - "params": { - "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.project_id\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.project_id\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -\u003e stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector \u0026\u0026 groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector \u0026\u0026 (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' \u0026#x2192; ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) \u003e 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' \u0026\u0026 datum.grpId, stk2:datum.stack=='stk2' \u0026\u0026 datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" - }, - "title": "[GCP] Sankey Source to Destination project", - "type": "vega", - "uiState": {} + }, + "scale": "ratio", + "sourceField": "network.bytes" + } + }, + "incompleteColumns": {} } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "gridConfig": { + "isCellLabelVisible": false, + "isXAxisLabelVisible": true, + "isYAxisLabelVisible": true, + "type": "lens_heatmap_grid" }, - "gridData": { - "h": 15, - "i": "6d32c209-a24d-4bf4-8651-83a187ed7946", - "w": 24, - "x": 24, - "y": 16 - }, - "panelIndex": "6d32c209-a24d-4bf4-8651-83a187ed7946", - "title": "Sankey Source to Destination project", - "type": "visualization", - "version": "7.17.0" - }, - { - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": true, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "", - "interval": "", - "isModelInvalid": false, - "markdown": "[Detection Engine](security/detections)\r\n\r\n[Network overview](security/network/flows)", - "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a{background-color:#07C;color:#fff;padding:8px 12px;height:40px;display:inline-block;font-family:Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;font-weight:400;letter-spacing:-0.005em;font-size:1rem;line-height:1.5;text-decoration:none;border-radius:4px;vertical-align:middle;width:100%;text-align:center}", - "markdown_less": "a {\n background-color: #07C;\n color: #fff;\n padding: 8px 12px;\n height: 40px;\n display: inline-block;\n font-family: Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;\n font-weight: 400;\n letter-spacing: -.005em;\n font-size: 1rem;\n line-height: 1.5;\n text-decoration: none;\n border-radius: 4px;\n vertical-align: middle;\n width: 100%;\n text-align: center;\n}", - "markdown_openLinksInNewTab": 1, - "markdown_vertical_align": "middle", - "max_lines_legend": 1, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, - "metrics": [ - { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "count" - } - ], - "palette": { - "name": "default", - "type": "palette" - }, - "point_size": 1, - "separate_axis": 0, - "split_mode": "everything", - "stacked": "none", - "time_range_mode": "entire_time_range" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "truncate_legend": 1, - "type": "markdown", - "use_kibana_indexes": true - }, - "title": "Nav Buttons", - "type": "metrics", - "uiState": {} - } + "layerId": "8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97", + "layerType": "data", + "legend": { + "isVisible": false, + "maxLines": 2, + "position": "right", + "shouldTruncate": false, + "type": "lens_heatmap_legendConfig" }, - "gridData": { - "h": 5, - "i": "f3e1d305-2615-45a8-a2a9-ced28af362d1", - "w": 8, - "x": 40, - "y": 0 + "palette": { + "accessor": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", + "name": "negative", + "params": { + "name": "negative", + "rangeMax": 80, + "rangeMin": 0, + "reverse": false, + "stops": [ + { + "color": "#fbddd6", + "stop": 0 + }, + { + "color": "#f3bbaf", + "stop": 20 + }, + { + "color": "#e99a89", + "stop": 40 + }, + { + "color": "#db7965", + "stop": 60 + }, + { + "color": "#cc5642", + "stop": 80 + } + ] + }, + "type": "palette" }, - "panelIndex": "f3e1d305-2615-45a8-a2a9-ced28af362d1", - "type": "visualization", - "version": "7.17.0" - } - ], - "timeRestore": false, - "title": "[Logs GCP] VPC Flow", - "version": 1 - }, - "coreMigrationVersion": "7.17.0", - "id": "gcp-9484a4cd-685f-450e-aeaa-728fbdbea20f", - "migrationVersion": { - "dashboard": "7.17.0" - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fd65090b-d291-4771-865d-c5fa77a1b2a2:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "fd65090b-d291-4771-865d-c5fa77a1b2a2:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4489b109-a7f8-4a9d-b85f-0fe613368eda:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4489b109-a7f8-4a9d-b85f-0fe613368eda:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "061ff6b2-a70a-42dc-87fd-45d185b277ac:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "061ff6b2-a70a-42dc-87fd-45d185b277ac:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9714edf3-3894-4567-b8ec-99b863f4fa74:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9714edf3-3894-4567-b8ec-99b863f4fa74:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "shape": "heatmap", + "valueAccessor": "bbc2b648-d5e5-4ee1-baed-be4d1497e963", + "xAccessor": "313bb272-53cc-4d90-890e-d0952e9fd07f", + "yAccessor": "06178db9-8ae7-4706-b479-29aea6be4d75" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsHeatmap" + }, + "enhancements": {}, + "hidePanelTitles": false }, - { - "id": "logs-*", - "name": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", - "type": "index-pattern" + "title": "Sum of bytes between source and destination" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "eedf536b-4b23-4689-957b-482f4d7a3332", + "w": 24, + "x": 0, + "y": 61 }, - { - "id": "logs-*", - "name": "289e8233-5d54-49c7-9b3a-30bab73711bb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "eedf536b-4b23-4689-957b-482f4d7a3332", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.as.organization.name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.as.organization.name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination subnetwork", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "289e8233-5d54-49c7-9b3a-30bab73711bb:indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", - "type": "index-pattern" + "title": "Sankey Source to Destination autonomous system (AS) org name" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "69f30a2e-79ff-4615-a83f-0aaf9b466ba7", + "w": 24, + "x": 0, + "y": 46 }, - { - "id": "logs-*", - "name": "9d413864-ae26-4e79-a93d-df49fbad4913:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "69f30a2e-79ff-4615-a83f-0aaf9b466ba7", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.domain\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.domain\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination domain", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "9d413864-ae26-4e79-a93d-df49fbad4913:indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", - "type": "index-pattern" + "title": "Sankey Source to Destination domain" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "0f9ac1ed-f75b-4788-a9fe-9277d5e0551a", + "w": 24, + "x": 0, + "y": 31 }, - { - "id": "logs-*", - "name": "fcaf1c3c-64a6-47ce-90a2-8226e788c062:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" + "panelIndex": "0f9ac1ed-f75b-4788-a9fe-9277d5e0551a", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": true, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.subnetwork_name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.subnetwork_name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination subnetwork", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "fcaf1c3c-64a6-47ce-90a2-8226e788c062:indexpattern-datasource-layer-8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97", - "type": "index-pattern" + "title": "Sankey Source to Destination subnetwork" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "4a23ce96-6f3b-4ae0-bec2-dc1594cedef6", + "w": 24, + "x": 24, + "y": 31 }, - { - "id": "logs-*", - "name": "eedf536b-4b23-4689-957b-482f4d7a3332:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "4a23ce96-6f3b-4ae0-bec2-dc1594cedef6", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.vpc_name\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.vpc_name\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination VPC", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "69f30a2e-79ff-4615-a83f-0aaf9b466ba7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Sankey Source to Destination VPC" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "8700819e-d34e-4ac8-8b65-e053db64f7b8", + "w": 24, + "x": 0, + "y": 16 }, - { - "id": "logs-*", - "name": "0f9ac1ed-f75b-4788-a9fe-9277d5e0551a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "8700819e-d34e-4ac8-8b65-e053db64f7b8", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"source.geo.country_iso_code\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"destination.geo.country_iso_code\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination country", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "4a23ce96-6f3b-4ae0-bec2-dc1594cedef6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Sankey Source to Destination country" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "6d32c209-a24d-4bf4-8651-83a187ed7946", + "w": 24, + "x": 24, + "y": 16 }, - { - "id": "logs-*", - "name": "8700819e-d34e-4ac8-8b65-e053db64f7b8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "panelIndex": "6d32c209-a24d-4bf4-8651-83a187ed7946", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": true, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "gcp.vpcflow" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "gcp.vpcflow" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "spec": "{\r\n $schema: https://vega.github.io/schema/vega/v3.0.json\r\n data: [\r\n {\r\n // query ES based on the currently selected time range and filter string\r\n name: rawData\r\n url: {\r\n %context%: true\r\n %timefield%: @timestamp\r\n index: logs*\r\n body: {\r\n size: 0\r\n aggs: {\r\n table: {\r\n composite: {\r\n size: 10000\r\n sources: [\r\n {\r\n stk1: {\r\n terms: {field: \"gcp.source.vpc.project_id\"}\r\n }\r\n }\r\n {\r\n stk2: {\r\n terms: {field: \"gcp.destination.vpc.project_id\"}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n }\r\n // From the result, take just the data we are interested in\r\n format: {property: \"aggregations.table.buckets\"}\r\n // Convert key.stk1 -> stk1 for simpler access below\r\n transform: [\r\n {type: \"formula\", expr: \"datum.key.stk1\", as: \"stk1\"}\r\n {type: \"formula\", expr: \"datum.key.stk2\", as: \"stk2\"}\r\n {type: \"formula\", expr: \"datum.doc_count\", as: \"size\"}\r\n ]\r\n }\r\n {\r\n name: nodes\r\n source: rawData\r\n transform: [\r\n // when a country is selected, filter out unrelated data\r\n {\r\n type: filter\r\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\r\n }\r\n // Set new key for later lookups - identifies each node\r\n {type: \"formula\", expr: \"datum.stk1+datum.stk2\", as: \"key\"}\r\n // instead of each table row, create two new rows,\r\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\r\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\r\n {\r\n type: fold\r\n fields: [\"stk1\", \"stk2\"]\r\n as: [\"stack\", \"grpId\"]\r\n }\r\n // Create a sortkey, different for stk1 and stk2 stacks.\r\n // Space separator ensures proper sort order in some corner cases.\r\n {\r\n type: formula\r\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\r\n as: sortField\r\n }\r\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\r\n // independently for each stack, and ensuring they are in the proper order,\r\n // alphabetical from the top (reversed on the y axis)\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"sortField\", order: \"descending\"}\r\n field: size\r\n }\r\n // calculate vertical center point for each node, used to draw edges\r\n {type: \"formula\", expr: \"(datum.y0+datum.y1)/2\", as: \"yc\"}\r\n ]\r\n }\r\n {\r\n name: groups\r\n source: nodes\r\n transform: [\r\n // combine all nodes into country groups, summing up the doc counts\r\n {\r\n type: aggregate\r\n groupby: [\"stack\", \"grpId\"]\r\n fields: [\"size\"]\r\n ops: [\"sum\"]\r\n as: [\"total\"]\r\n }\r\n // re-calculate the stacking y0,y1 values\r\n {\r\n type: stack\r\n groupby: [\"stack\"]\r\n sort: {field: \"grpId\", order: \"descending\"}\r\n field: total\r\n }\r\n // project y0 and y1 values to screen coordinates\r\n // doing it once here instead of doing it several times in marks\r\n {type: \"formula\", expr: \"scale('y', datum.y0)\", as: \"scaledY0\"}\r\n {type: \"formula\", expr: \"scale('y', datum.y1)\", as: \"scaledY1\"}\r\n // boolean flag if the label should be on the right of the stack\r\n {type: \"formula\", expr: \"datum.stack == 'stk1'\", as: \"rightLabel\"}\r\n // Calculate traffic percentage for this country using \"y\" scale\r\n // domain upper bound, which represents the total traffic\r\n {\r\n type: formula\r\n expr: datum.total/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n {\r\n // This is a temp lookup table with all the 'stk2' stack nodes\r\n name: destinationNodes\r\n source: nodes\r\n transform: [\r\n {type: \"filter\", expr: \"datum.stack == 'stk2'\"}\r\n ]\r\n }\r\n {\r\n name: edges\r\n source: nodes\r\n transform: [\r\n // we only want nodes from the left stack\r\n {type: \"filter\", expr: \"datum.stack == 'stk1'\"}\r\n // find corresponding node from the right stack, keep it as \"target\"\r\n {\r\n type: lookup\r\n from: destinationNodes\r\n key: key\r\n fields: [\"key\"]\r\n as: [\"target\"]\r\n }\r\n // calculate SVG link path between stk1 and stk2 stacks for the node pair\r\n {\r\n type: linkpath\r\n orient: horizontal\r\n shape: diagonal\r\n sourceY: {expr: \"scale('y', datum.yc)\"}\r\n sourceX: {expr: \"scale('x', 'stk1') + bandwidth('x')\"}\r\n targetY: {expr: \"scale('y', datum.target.yc)\"}\r\n targetX: {expr: \"scale('x', 'stk2')\"}\r\n }\r\n // A little trick to calculate the thickness of the line.\r\n // The value needs to be the same as the hight of the node, but scaling\r\n // size to screen's height gives inversed value because screen's Y\r\n // coordinate goes from the top to the bottom, whereas the graph's Y=0\r\n // is at the bottom. So subtracting scaled doc count from screen height\r\n // (which is the \"lower\" bound of the \"y\" scale) gives us the right value\r\n {\r\n type: formula\r\n expr: range('y')[0]-scale('y', datum.size)\r\n as: strokeWidth\r\n }\r\n // Tooltip needs individual link's percentage of all traffic\r\n {\r\n type: formula\r\n expr: datum.size/domain('y')[1]\r\n as: percentage\r\n }\r\n ]\r\n }\r\n ]\r\n scales: [\r\n {\r\n // calculates horizontal stack positioning\r\n name: x\r\n type: band\r\n range: width\r\n domain: [\"stk1\", \"stk2\"]\r\n paddingOuter: 0.05\r\n paddingInner: 0.95\r\n }\r\n {\r\n // this scale goes up as high as the highest y1 value of all nodes\r\n name: y\r\n type: linear\r\n range: height\r\n domain: {data: \"nodes\", field: \"y1\"}\r\n }\r\n {\r\n // use rawData to ensure the colors stay the same when clicking.\r\n name: color\r\n type: ordinal\r\n range: category\r\n domain: {data: \"rawData\", fields: [\"stk1\", \"stk2\"]}\r\n }\r\n {\r\n // this scale is used to map internal ids (stk1, stk2) to stack names\r\n name: stackNames\r\n type: ordinal\r\n range: [\"Source\", \"Destination\"]\r\n domain: [\"stk1\", \"stk2\"]\r\n }\r\n ]\r\n axes: [\r\n {\r\n // x axis should use custom label formatting to print proper stack names\r\n orient: bottom\r\n scale: x\r\n encode: {\r\n labels: {\r\n update: {\r\n text: {scale: \"stackNames\", field: \"value\"}\r\n }\r\n }\r\n }\r\n }\r\n {orient: \"left\", scale: \"y\"}\r\n ]\r\n marks: [\r\n {\r\n // draw the connecting line between stacks\r\n type: path\r\n name: edgeMark\r\n from: {data: \"edges\"}\r\n // this prevents some autosizing issues with large strokeWidth for paths\r\n clip: true\r\n encode: {\r\n update: {\r\n // By default use color of the left node, except when showing traffic\r\n // from just one country, in which case use destination color.\r\n stroke: [\r\n {\r\n test: groupSelector && groupSelector.stack=='stk1'\r\n scale: color\r\n field: stk2\r\n }\r\n {scale: \"color\", field: \"stk1\"}\r\n ]\r\n strokeWidth: {field: \"strokeWidth\"}\r\n path: {field: \"path\"}\r\n // when showing all traffic, and hovering over a country,\r\n // highlight the traffic from that country.\r\n strokeOpacity: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\r\n }\r\n // Ensure that the hover-selected edges show on top\r\n zindex: {\r\n signal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\r\n }\r\n // format tooltip string\r\n tooltip: {\r\n signal: datum.stk1 + ' → ' + datum.stk2 + ' ' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n // Simple mouseover highlighting of a single line\r\n hover: {\r\n strokeOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw stack groups (countries)\r\n type: rect\r\n name: groupMark\r\n from: {data: \"groups\"}\r\n encode: {\r\n enter: {\r\n fill: {scale: \"color\", field: \"grpId\"}\r\n width: {scale: \"x\", band: 1}\r\n }\r\n update: {\r\n x: {scale: \"x\", field: \"stack\"}\r\n y: {field: \"scaledY0\"}\r\n y2: {field: \"scaledY1\"}\r\n fillOpacity: {value: 0.6}\r\n tooltip: {\r\n signal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\r\n }\r\n }\r\n hover: {\r\n fillOpacity: {value: 1}\r\n }\r\n }\r\n }\r\n {\r\n // draw country code labels on the inner side of the stack\r\n type: text\r\n from: {data: \"groups\"}\r\n // don't process events for the labels - otherwise line mouseover is unclean\r\n interactive: false\r\n encode: {\r\n update: {\r\n // depending on which stack it is, position x with some padding\r\n x: {\r\n signal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\r\n }\r\n // middle of the group\r\n yc: {signal: \"(datum.scaledY0 + datum.scaledY1)/2\"}\r\n align: {signal: \"datum.rightLabel ? 'left' : 'right'\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n // only show text label if the group's height is large enough\r\n text: {signal: \"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\"}\r\n }\r\n }\r\n }\r\n {\r\n // Create a \"show all\" button. Shown only when a country is selected.\r\n type: group\r\n data: [\r\n // We need to make the button show only when groupSelector signal is true.\r\n // Each mark is drawn as many times as there are elements in the backing data.\r\n // Which means that if values list is empty, it will not be drawn.\r\n // Here I create a data source with one empty object, and filter that list\r\n // based on the signal value. This can only be done in a group.\r\n {\r\n name: dataForShowAll\r\n values: [{}]\r\n transform: [{type: \"filter\", expr: \"groupSelector\"}]\r\n }\r\n ]\r\n // Set button size and positioning\r\n encode: {\r\n enter: {\r\n xc: {signal: \"width/2\"}\r\n y: {value: 30}\r\n width: {value: 80}\r\n height: {value: 30}\r\n }\r\n }\r\n marks: [\r\n {\r\n // This group is shown as a button with rounded corners.\r\n type: group\r\n // mark name allows signal capturing\r\n name: groupReset\r\n // Only shows button if dataForShowAll has values.\r\n from: {data: \"dataForShowAll\"}\r\n encode: {\r\n enter: {\r\n cornerRadius: {value: 6}\r\n fill: {value: \"#f5f5f5\"}\r\n stroke: {value: \"#c1c1c1\"}\r\n strokeWidth: {value: 2}\r\n // use parent group's size\r\n height: {\r\n field: {group: \"height\"}\r\n }\r\n width: {\r\n field: {group: \"width\"}\r\n }\r\n }\r\n update: {\r\n // groups are transparent by default\r\n opacity: {value: 1}\r\n }\r\n hover: {\r\n opacity: {value: 0.7}\r\n }\r\n }\r\n marks: [\r\n {\r\n type: text\r\n // if true, it will prevent clicking on the button when over text.\r\n interactive: false\r\n encode: {\r\n enter: {\r\n // center text in the paren group\r\n xc: {\r\n field: {group: \"width\"}\r\n mult: 0.5\r\n }\r\n yc: {\r\n field: {group: \"height\"}\r\n mult: 0.5\r\n offset: 2\r\n }\r\n align: {value: \"center\"}\r\n baseline: {value: \"middle\"}\r\n fontWeight: {value: \"bold\"}\r\n text: {value: \"Show All\"}\r\n }\r\n }\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n signals: [\r\n {\r\n // used to highlight traffic to/from the same country\r\n name: groupHover\r\n value: {}\r\n on: [\r\n {\r\n events: @groupMark:mouseover\r\n update: \"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {events: \"mouseout\", update: \"{}\"}\r\n ]\r\n }\r\n // used to filter only the data related to the selected country\r\n {\r\n name: groupSelector\r\n value: false\r\n on: [\r\n {\r\n // Clicking groupMark sets this signal to the filter values\r\n events: @groupMark:click!\r\n update: \"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\"\r\n }\r\n {\r\n // Clicking \"show all\" button, or double-clicking anywhere resets it\r\n events: [\r\n {type: \"click\", markname: \"groupReset\"}\r\n {type: \"dblclick\"}\r\n ]\r\n update: \"false\"\r\n }\r\n ]\r\n }\r\n ]\r\n}" + }, + "title": "[GCP] Sankey Source to Destination project", + "type": "vega", + "uiState": {} + } }, - { - "id": "logs-*", - "name": "6d32c209-a24d-4bf4-8651-83a187ed7946:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" + "title": "Sankey Source to Destination project" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 5, + "i": "f3e1d305-2615-45a8-a2a9-ced28af362d1", + "w": 8, + "x": 40, + "y": 0 }, - { - "id": "gcp-e1a359e5-543d-44c2-ab81-628138719e28", - "name": "tag-gcp-e1a359e5-543d-44c2-ab81-628138719e28", - "type": "tag" + "panelIndex": "f3e1d305-2615-45a8-a2a9-ced28af362d1", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": true, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 1, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "", + "interval": "", + "isModelInvalid": false, + "markdown": "[Detection Engine](security/detections)\r\n\r\n[Network overview](security/network/flows)", + "markdown_css": "#markdown-61ca57f0-469d-11e7-af02-69e470af7417 a{background-color:#07C;color:#fff;padding:8px 12px;height:40px;display:inline-block;font-family:Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;font-weight:400;letter-spacing:-0.005em;font-size:1rem;line-height:1.5;text-decoration:none;border-radius:4px;vertical-align:middle;width:100%;text-align:center}", + "markdown_less": "a {\n background-color: #07C;\n color: #fff;\n padding: 8px 12px;\n height: 40px;\n display: inline-block;\n font-family: Inter UI,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;\n font-weight: 400;\n letter-spacing: -.005em;\n font-size: 1rem;\n line-height: 1.5;\n text-decoration: none;\n border-radius: 4px;\n vertical-align: middle;\n width: 100%;\n text-align: center;\n}", + "markdown_openLinksInNewTab": 1, + "markdown_vertical_align": "middle", + "max_lines_legend": 1, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, + "metrics": [ + { + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "count" + } + ], + "palette": { + "name": "default", + "type": "palette" + }, + "point_size": 1, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "time_range_mode": "entire_time_range" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "truncate_legend": 1, + "type": "markdown", + "use_kibana_indexes": true + }, + "title": "Nav Buttons", + "type": "metrics", + "uiState": {} + } } + } ], - "type": "dashboard" + "timeRestore": false, + "title": "[Logs GCP] VPC Flow", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fd65090b-d291-4771-865d-c5fa77a1b2a2:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fd65090b-d291-4771-865d-c5fa77a1b2a2:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4489b109-a7f8-4a9d-b85f-0fe613368eda:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4489b109-a7f8-4a9d-b85f-0fe613368eda:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "061ff6b2-a70a-42dc-87fd-45d185b277ac:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "061ff6b2-a70a-42dc-87fd-45d185b277ac:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "42eee1cd-e816-4f6e-a700-401e8ff1a2f5:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9714edf3-3894-4567-b8ec-99b863f4fa74:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9714edf3-3894-4567-b8ec-99b863f4fa74:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "efe8857e-d137-4c24-ad83-dd7ddbea8c9e:indexpattern-datasource-layer-9622b1fb-f543-4d05-b868-366fa865f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "289e8233-5d54-49c7-9b3a-30bab73711bb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "289e8233-5d54-49c7-9b3a-30bab73711bb:indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9d413864-ae26-4e79-a93d-df49fbad4913:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9d413864-ae26-4e79-a93d-df49fbad4913:indexpattern-datasource-layer-102a3f02-3222-48bb-8c57-b29990ae1d97", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fcaf1c3c-64a6-47ce-90a2-8226e788c062:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fcaf1c3c-64a6-47ce-90a2-8226e788c062:indexpattern-datasource-layer-8929ffe2-4cf7-40b7-8e2c-1ee52bdd8d97", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eedf536b-4b23-4689-957b-482f4d7a3332:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "69f30a2e-79ff-4615-a83f-0aaf9b466ba7:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0f9ac1ed-f75b-4788-a9fe-9277d5e0551a:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4a23ce96-6f3b-4ae0-bec2-dc1594cedef6:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8700819e-d34e-4ac8-8b65-e053db64f7b8:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6d32c209-a24d-4bf4-8651-83a187ed7946:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "gcp-e1a359e5-543d-44c2-ab81-628138719e28", + "name": "tag-gcp-e1a359e5-543d-44c2-ab81-628138719e28", + "type": "tag" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json index edeb6ffea4e..e50bfe0221d 100644 --- a/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json +++ b/packages/gcp/kibana/dashboard/gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87.json @@ -1,188 +1,570 @@ { - "attributes": { - "description": "Overview of GCP Load Balancing HTTPS Metrics", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true + "id": "gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcyMCwxXQ==", + "attributes": { + "description": "Overview of GCP Load Balancing HTTPS Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 6, + "i": "f89112f9-0f3a-4712-a317-23230cd66213", + "w": 48, + "x": 0, + "y": 0 }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} + "panelIndex": "f89112f9-0f3a-4712-a317-23230cd66213", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Filters [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "controls": [ + { + "fieldName": "gcp.labels.resource.url_map_name", + "id": "1588961027791", + "indexPatternRefName": "control_0_index_pattern", + "label": "URL Map Name", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "gridData": { - "h": 6, - "i": "f89112f9-0f3a-4712-a317-23230cd66213", - "w": 48, - "x": 0, - "y": 0 + { + "fieldName": "gcp.labels.resource.region", + "id": "1588961077426", + "indexPatternRefName": "control_1_index_pattern", + "label": "Region", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" }, - "panelIndex": "f89112f9-0f3a-4712-a317-23230cd66213", - "panelRefName": "panel_f89112f9-0f3a-4712-a317-23230cd66213", - "title": "Filters", - "type": "visualization", - "version": "7.6.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "8f4baaa9-6f4d-40fa-a77f-9f68f83a379c", - "w": 24, - "x": 24, - "y": 6 - }, - "panelIndex": "8f4baaa9-6f4d-40fa-a77f-9f68f83a379c", - "panelRefName": "panel_8f4baaa9-6f4d-40fa-a77f-9f68f83a379c", - "title": "Backend Request Count", - "type": "visualization", - "version": "7.6.2" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "10490530-a766-4f87-824a-3fc18bf2e85b", - "w": 24, - "x": 0, - "y": 6 - }, - "panelIndex": "10490530-a766-4f87-824a-3fc18bf2e85b", - "panelRefName": "panel_10490530-a766-4f87-824a-3fc18bf2e85b", - "title": "Request Count", - "type": "visualization", - "version": "7.6.2" + { + "fieldName": "gcp.labels.metrics.client_country", + "id": "1588961157559", + "indexPatternRefName": "control_2_index_pattern", + "label": "Client Country", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e737b020-eb94-4eb1-b53d-50fa551df648", - "w": 24, - "x": 24, - "y": 21 - }, - "panelIndex": "e737b020-eb94-4eb1-b53d-50fa551df648", - "panelRefName": "panel_e737b020-eb94-4eb1-b53d-50fa551df648", - "title": "Backend Request Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "input_control_vis", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Filters" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "8f4baaa9-6f4d-40fa-a77f-9f68f83a379c", + "w": 24, + "x": 24, + "y": 6 + }, + "panelIndex": "8f4baaa9-6f4d-40fa-a77f-9f68f83a379c", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Backend Request Count [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.backend_request.count : * " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.https.backend_request.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.url_map_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": null, + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "b90db52e-982e-4360-b5ed-71147ba79246", - "w": 24, - "x": 0, - "y": 21 - }, - "panelIndex": "b90db52e-982e-4360-b5ed-71147ba79246", - "panelRefName": "panel_b90db52e-982e-4360-b5ed-71147ba79246", - "title": "Request Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Backend Request Count" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "10490530-a766-4f87-824a-3fc18bf2e85b", + "w": 24, + "x": 0, + "y": 6 + }, + "panelIndex": "10490530-a766-4f87-824a-3fc18bf2e85b", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Request Count [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.request.count : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.request.count : * " + }, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.https.request.count", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.url_map_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": null, + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "a2a5c845-d426-425f-b2e6-e8df6038fd9d", - "w": 24, - "x": 24, - "y": 36 - }, - "panelIndex": "a2a5c845-d426-425f-b2e6-e8df6038fd9d", - "panelRefName": "panel_a2a5c845-d426-425f-b2e6-e8df6038fd9d", - "title": "Backend Response Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Request Count" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "e737b020-eb94-4eb1-b53d-50fa551df648", + "w": 24, + "x": 24, + "y": 21 + }, + "panelIndex": "e737b020-eb94-4eb1-b53d-50fa551df648", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Backend Request Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.backend_request.bytes : * " + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.https.backend_request.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.url_map_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": null, + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "2bf5bf09-e743-4c6d-8251-d12c9c70f273", - "w": 24, - "x": 0, - "y": 36 - }, - "panelIndex": "2bf5bf09-e743-4c6d-8251-d12c9c70f273", - "panelRefName": "panel_2bf5bf09-e743-4c6d-8251-d12c9c70f273", - "title": "Response Bytes", - "type": "visualization", - "version": "7.6.2" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ], - "timeRestore": false, - "title": "[Metrics GCP] Load Balancing HTTPS Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-aa5b8bd0-9157-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "dashboard": "7.15.0" - }, - "references": [ - { - "id": "gcp-d5418f80-9156-11ea-8180-7b0dacd9df87", - "name": "f89112f9-0f3a-4712-a317-23230cd66213:panel_f89112f9-0f3a-4712-a317-23230cd66213", - "type": "visualization" + } + }, + "title": "Backend Request Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "b90db52e-982e-4360-b5ed-71147ba79246", + "w": 24, + "x": 0, + "y": 21 }, - { - "id": "gcp-dff87070-9155-11ea-8180-7b0dacd9df87", - "name": "8f4baaa9-6f4d-40fa-a77f-9f68f83a379c:panel_8f4baaa9-6f4d-40fa-a77f-9f68f83a379c", - "type": "visualization" + "panelIndex": "b90db52e-982e-4360-b5ed-71147ba79246", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Request Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.request.bytes : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.https.request.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.url_map_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": null, + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-6f933ef0-9155-11ea-8180-7b0dacd9df87", - "name": "10490530-a766-4f87-824a-3fc18bf2e85b:panel_10490530-a766-4f87-824a-3fc18bf2e85b", - "type": "visualization" + "title": "Request Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "a2a5c845-d426-425f-b2e6-e8df6038fd9d", + "w": 24, + "x": 24, + "y": 36 }, - { - "id": "gcp-eb891a20-9155-11ea-8180-7b0dacd9df87", - "name": "e737b020-eb94-4eb1-b53d-50fa551df648:panel_e737b020-eb94-4eb1-b53d-50fa551df648", - "type": "visualization" + "panelIndex": "a2a5c845-d426-425f-b2e6-e8df6038fd9d", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Backend Response Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.backend_response.bytes : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.https.backend_response.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.url_map_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": null, + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-8d4ddf40-9155-11ea-8180-7b0dacd9df87", - "name": "b90db52e-982e-4360-b5ed-71147ba79246:panel_b90db52e-982e-4360-b5ed-71147ba79246", - "type": "visualization" + "title": "Backend Response Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "2bf5bf09-e743-4c6d-8251-d12c9c70f273", + "w": 24, + "x": 0, + "y": 36 }, - { - "id": "gcp-0bd0a6e0-9156-11ea-8180-7b0dacd9df87", - "name": "a2a5c845-d426-425f-b2e6-e8df6038fd9d:panel_a2a5c845-d426-425f-b2e6-e8df6038fd9d", - "type": "visualization" + "panelIndex": "2bf5bf09-e743-4c6d-8251-d12c9c70f273", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Load Balancing HTTPS Response Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.response.bytes : * " + }, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "1m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "filter": { + "language": "kuery", + "query": "gcp.loadbalancing.https.response.bytes : * " + }, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.loadbalancing.https.response.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "terms", + "stacked": "none", + "terms_field": "gcp.labels.resource.url_map_name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": null, + "type": "timeseries", + "use_kibana_indexes": false, + "drop_last_bucket": 1 + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } }, - { - "id": "gcp-d63465e0-9154-11ea-8180-7b0dacd9df87", - "name": "2bf5bf09-e743-4c6d-8251-d12c9c70f273:panel_2bf5bf09-e743-4c6d-8251-d12c9c70f273", - "type": "visualization" - } + "title": "Response Bytes" + } ], - "type": "dashboard", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3ODQsMV0=" + "timeRestore": false, + "title": "[Metrics GCP] Load Balancing HTTPS Overview", + "version": 1 + }, + "references": [ + { + "type": "index-pattern", + "name": "f89112f9-0f3a-4712-a317-23230cd66213:control_0_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "f89112f9-0f3a-4712-a317-23230cd66213:control_1_index_pattern", + "id": "metrics-*" + }, + { + "type": "index-pattern", + "name": "f89112f9-0f3a-4712-a317-23230cd66213:control_2_index_pattern", + "id": "metrics-*" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json b/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json index c0c2d391340..6cf73e5311c 100644 --- a/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json +++ b/packages/gcp/kibana/dashboard/gcp-f40ee870-5e4a-11ea-a4f6-717338406083.json @@ -1,232 +1,686 @@ { - "attributes": { - "description": "Overview of GCP Compute Metrics", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { + "id": "gcp-f40ee870-5e4a-11ea-a4f6-717338406083", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2022-09-14T09:47:20.533Z", + "version": "WzcyMSwxXQ==", + "attributes": { + "description": "Overview of GCP Compute Metrics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "7.9.1", + "type": "visualization", + "gridData": { + "h": 17, + "i": "28706ab2-1142-401d-9143-f4176a034c10", + "w": 7, + "x": 0, + "y": 0 + }, + "panelIndex": "28706ab2-1142-401d-9143-f4176a034c10", + "embeddableConfig": { + "enhancements": {} + }, + "title": "Filters", + "panelRefName": "panel_28706ab2-1142-401d-9143-f4176a034c10" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05", + "w": 10, + "x": 7, + "y": 0 + }, + "panelIndex": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Instance Uptime Gauge [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "74a18260-63df-11ea-9543-55b68a4bcad3" + } + ], + "bar_color_rules": [ + { + "id": "77a54c80-63df-11ea-9543-55b68a4bcad3" + } + ], + "drop_last_bucket": 0, + "filter": { + "language": "kuery", + "query": "" + }, + "gauge_color_rules": [ + { + "id": "777371a0-63e0-11ea-9543-55b68a4bcad3", + "value": 0 + } + ], + "gauge_inner_width": 10, + "gauge_max": "", + "gauge_style": "circle", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": ">=5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "filter": { "language": "kuery", "query": "" + }, + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "Average Uptime", + "line_width": 1, + "metrics": [ + { + "denominator": "60", + "field": "gcp.compute.instance.uptime.sec", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "numerator": "gcp.compute.instance.uptime.sec", + "type": "avg", + "values": [ + "60" + ] + }, + { + "id": "81dc6000-63e7-11ea-994d-3b2599babc53", + "script": "params.uptime / 60\n", + "type": "math", + "variables": [ + { + "field": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "85f3bd00-63e7-11ea-994d-3b2599babc53", + "name": "uptime" + } + ] + } + ], + "override_index_pattern": 0, + "point_size": 1, + "separate_axis": 0, + "split_color_mode": "gradient", + "split_mode": "everything", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "time_range_mode": "entire_time_range", + "tooltip_mode": "show_all", + "type": "gauge", + "use_kibana_indexes": false + }, + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } + } }, - "optionsJSON": { - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "28706ab2-1142-401d-9143-f4176a034c10", - "w": 7, - "x": 0, - "y": 0 - }, - "panelIndex": "28706ab2-1142-401d-9143-f4176a034c10", - "panelRefName": "panel_28706ab2-1142-401d-9143-f4176a034c10", - "title": "Filters", - "type": "visualization", - "version": "7.9.1" - }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05", - "w": 10, - "x": 7, - "y": 0 - }, - "panelIndex": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05", - "panelRefName": "panel_2034fcc8-5cd7-4ee8-8c8f-99054f025b05", - "title": "Instance Uptime", - "type": "visualization", - "version": "7.9.1" + "title": "Instance Uptime" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 17, + "i": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f", + "w": 31, + "x": 17, + "y": 0 + }, + "panelIndex": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute CPU Utilization [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "percent", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.compute.instance.cpu.usage.pct", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 17, - "i": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f", - "w": 31, - "x": 17, - "y": 0 - }, - "panelIndex": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f", - "panelRefName": "panel_5f6f2ecd-dcaf-4455-967c-ede6b38f431f", - "title": "CPU Utilization", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "CPU Utilization" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "9c6f36f5-c2b2-40f5-8ee3-af6131168842", + "w": 24, + "x": 0, + "y": 17 + }, + "panelIndex": "9c6f36f5-c2b2-40f5-8ee3-af6131168842", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Read I/O [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.compute.instance.disk.read_ops_count.value", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "9c6f36f5-c2b2-40f5-8ee3-af6131168842", - "w": 24, - "x": 0, - "y": 17 - }, - "panelIndex": "9c6f36f5-c2b2-40f5-8ee3-af6131168842", - "panelRefName": "panel_9c6f36f5-c2b2-40f5-8ee3-af6131168842", - "title": "Read I/O", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Read I/O" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "93906f63-42c9-4f30-9b2c-05041a9e1efe", + "w": 24, + "x": 24, + "y": 17 + }, + "panelIndex": "93906f63-42c9-4f30-9b2c-05041a9e1efe", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Write I/O [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.compute.instance.disk.write_ops_count.value", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "93906f63-42c9-4f30-9b2c-05041a9e1efe", - "w": 24, - "x": 24, - "y": 17 - }, - "panelIndex": "93906f63-42c9-4f30-9b2c-05041a9e1efe", - "panelRefName": "panel_93906f63-42c9-4f30-9b2c-05041a9e1efe", - "title": "Write I/O", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Write I/O" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "e1a4e862-dd00-409f-8746-8a8e4bc82807", + "w": 24, + "x": 0, + "y": 32 + }, + "panelIndex": "e1a4e862-dd00-409f-8746-8a8e4bc82807", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Network Sent Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.compute.instance.network.egress.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "e1a4e862-dd00-409f-8746-8a8e4bc82807", - "w": 24, - "x": 0, - "y": 32 - }, - "panelIndex": "e1a4e862-dd00-409f-8746-8a8e4bc82807", - "panelRefName": "panel_e1a4e862-dd00-409f-8746-8a8e4bc82807", - "title": "Network Sent Bytes", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Network Sent Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", + "w": 24, + "x": 24, + "y": 32 + }, + "panelIndex": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Network Received Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "drop_last_bucket": 0, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.compute.instance.network.ingress.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", - "w": 24, - "x": 24, - "y": 32 - }, - "panelIndex": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", - "panelRefName": "panel_6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", - "title": "Network Received Bytes", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Network Received Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "00689e12-4cb3-49ad-ac33-dbe4279f446e", + "w": 24, + "x": 0, + "y": 47 + }, + "panelIndex": "00689e12-4cb3-49ad-ac33-dbe4279f446e", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Firewall Dropped Bytes [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "3ece14c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "bar_color_rules": [ + { + "id": "3b9c35c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "3b27a200-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "2", + "metrics": [ + { + "field": "gcp.compute.firewall.dropped.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "3", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "type": "timeseries", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "00689e12-4cb3-49ad-ac33-dbe4279f446e", - "w": 24, - "x": 0, - "y": 47 - }, - "panelIndex": "00689e12-4cb3-49ad-ac33-dbe4279f446e", - "panelRefName": "panel_00689e12-4cb3-49ad-ac33-dbe4279f446e", - "title": "Firewall Dropped Bytes", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} + } + } + }, + "title": "Firewall Dropped Bytes" + }, + { + "version": "7.17.0", + "type": "visualization", + "gridData": { + "h": 15, + "i": "901e7bf5-35f5-4c1a-9627-27f6c20d2514", + "w": 24, + "x": 24, + "y": 47 + }, + "panelIndex": "901e7bf5-35f5-4c1a-9627-27f6c20d2514", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "title": "Compute Firewall Dropped Packets [Metrics GCP]", + "description": "", + "uiState": {}, + "params": { + "axis_formatter": "number", + "axis_position": "left", + "axis_scale": "normal", + "background_color_rules": [ + { + "id": "3ece14c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "bar_color_rules": [ + { + "id": "3b9c35c0-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "drop_last_bucket": 0, + "gauge_color_rules": [ + { + "id": "3b27a200-5e4c-11ea-9061-37f24ca5b01f" + } + ], + "gauge_inner_width": 10, + "gauge_style": "half", + "gauge_width": 10, + "hide_last_value_indicator": true, + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "metrics-*", + "interval": "5m", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": "0", + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": "3", + "metrics": [ + { + "field": "gcp.compute.firewall.dropped_packets_count.value", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "avg" + } + ], + "point_size": "2", + "separate_axis": 0, + "split_color_mode": "rainbow", + "split_mode": "terms", + "stacked": "none", + "terms_field": "cloud.instance.name", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + "type": "timeseries" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "", + "time_range_mode": "entire_time_range", + "type": "top_n", + "use_kibana_indexes": false }, - { - "embeddableConfig": { - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "901e7bf5-35f5-4c1a-9627-27f6c20d2514", - "w": 24, - "x": 24, - "y": 47 - }, - "panelIndex": "901e7bf5-35f5-4c1a-9627-27f6c20d2514", - "panelRefName": "panel_901e7bf5-35f5-4c1a-9627-27f6c20d2514", - "title": "Firewall Dropped Packets", - "type": "visualization", - "version": "7.9.1" + "type": "metrics", + "data": { + "aggs": [], + "searchSource": {} } - ], - "timeRestore": false, - "title": "[Metrics GCP] Compute Overview", - "version": 1 - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-f40ee870-5e4a-11ea-a4f6-717338406083", - "migrationVersion": { - "dashboard": "7.14.0" - }, - "references": [ - { - "id": "gcp-3aa96470-5fc4-11ea-a4f6-717338406083", - "name": "28706ab2-1142-401d-9143-f4176a034c10:panel_28706ab2-1142-401d-9143-f4176a034c10", - "type": "visualization" - }, - { - "id": "gcp-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd", - "name": "2034fcc8-5cd7-4ee8-8c8f-99054f025b05:panel_2034fcc8-5cd7-4ee8-8c8f-99054f025b05", - "type": "visualization" - }, - { - "id": "gcp-3f472ea0-5e47-11ea-a4f6-717338406083", - "name": "5f6f2ecd-dcaf-4455-967c-ede6b38f431f:panel_5f6f2ecd-dcaf-4455-967c-ede6b38f431f", - "type": "visualization" - }, - { - "id": "gcp-89513bc0-5e48-11ea-a4f6-717338406083", - "name": "9c6f36f5-c2b2-40f5-8ee3-af6131168842:panel_9c6f36f5-c2b2-40f5-8ee3-af6131168842", - "type": "visualization" - }, - { - "id": "gcp-95e1f050-5e48-11ea-a4f6-717338406083", - "name": "93906f63-42c9-4f30-9b2c-05041a9e1efe:panel_93906f63-42c9-4f30-9b2c-05041a9e1efe", - "type": "visualization" - }, - { - "id": "gcp-6f795e70-5e49-11ea-a4f6-717338406083", - "name": "e1a4e862-dd00-409f-8746-8a8e4bc82807:panel_e1a4e862-dd00-409f-8746-8a8e4bc82807", - "type": "visualization" - }, - { - "id": "gcp-43f45ba0-5e4a-11ea-a4f6-717338406083", - "name": "6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce:panel_6f47ff85-3ec1-4f6f-a63b-1a56f0cfc9ce", - "type": "visualization" - }, - { - "id": "gcp-9d919d00-5e4d-11ea-a4f6-717338406083", - "name": "00689e12-4cb3-49ad-ac33-dbe4279f446e:panel_00689e12-4cb3-49ad-ac33-dbe4279f446e", - "type": "visualization" - }, - { - "id": "gcp-ef1508c0-5e4c-11ea-a4f6-717338406083", - "name": "901e7bf5-35f5-4c1a-9627-27f6c20d2514:panel_901e7bf5-35f5-4c1a-9627-27f6c20d2514", - "type": "visualization" - } + } + }, + "title": "Firewall Dropped Packets" + } ], - "type": "dashboard", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3NzQsMV0=" + "timeRestore": false, + "title": "[Metrics GCP] Compute Overview", + "version": 1 + }, + "references": [ + { + "id": "gcp-3aa96470-5fc4-11ea-a4f6-717338406083", + "name": "28706ab2-1142-401d-9143-f4176a034c10:panel_28706ab2-1142-401d-9143-f4176a034c10", + "type": "visualization" + } + ], + "migrationVersion": { + "dashboard": "7.17.3" + }, + "coreMigrationVersion": "7.17.6" } \ No newline at end of file diff --git a/packages/gcp/kibana/lens/gcp-057de170-e88d-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/lens/gcp-057de170-e88d-11ea-bf8c-d13ebf358a78.json deleted file mode 100644 index a62be39b462..00000000000 --- a/packages/gcp/kibana/lens/gcp-057de170-e88d-11ea-bf8c-d13ebf358a78.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4ca843af-63d7-46b9-a719-51a81eebf1f7": { - "columnOrder": [ - "2477291e-9021-4eb2-9fce-8da1ee792c49", - "10b91492-efef-490d-bc7a-c2074b2eae84" - ], - "columns": { - "10b91492-efef-490d-bc7a-c2074b2eae84": { - "dataType": "number", - "isBucketed": false, - "label": "Maximum of gcp.billing.total", - "operationType": "max", - "scale": "ratio", - "sourceField": "gcp.billing.total" - }, - "2477291e-9021-4eb2-9fce-8da1ee792c49": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Cost Per Project ID", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "10b91492-efef-490d-bc7a-c2074b2eae84", - "type": "column" - }, - "orderDirection": "desc", - "size": 20 - }, - "scale": "ordinal", - "sourceField": "gcp.billing.project_id" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "groups": [ - "2477291e-9021-4eb2-9fce-8da1ee792c49" - ], - "layerId": "4ca843af-63d7-46b9-a719-51a81eebf1f7", - "layerType": "data", - "legendDisplay": "default", - "metric": "10b91492-efef-490d-bc7a-c2074b2eae84", - "nestedLegend": false, - "numberDisplay": "percent" - } - ], - "shape": "pie" - } - }, - "title": "Cost Per Project ID [Metrics GCP]", - "visualizationType": "lnsPie" - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-057de170-e88d-11ea-bf8c-d13ebf358a78", - "migrationVersion": { - "lens": "7.15.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/gcp/kibana/lens/gcp-520c6f10-ec8a-11ea-a0ed-7fe6b565d158.json b/packages/gcp/kibana/lens/gcp-520c6f10-ec8a-11ea-a0ed-7fe6b565d158.json deleted file mode 100644 index 6a75af55fbd..00000000000 --- a/packages/gcp/kibana/lens/gcp-520c6f10-ec8a-11ea-a0ed-7fe6b565d158.json +++ /dev/null @@ -1,83 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "e12171da-25a4-41ea-86d3-8fd71205c263": { - "columnOrder": [ - "6011e524-4646-410b-8d1c-06c281e8f7ed", - "f8ab301c-f139-4573-b233-ed8a3f717e24" - ], - "columns": { - "6011e524-4646-410b-8d1c-06c281e8f7ed": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Invoice Month", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "f8ab301c-f139-4573-b233-ed8a3f717e24", - "type": "column" - }, - "orderDirection": "desc", - "size": 12 - }, - "scale": "ordinal", - "sourceField": "gcp.billing.invoice_month" - }, - "f8ab301c-f139-4573-b233-ed8a3f717e24": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Billing Cost", - "operationType": "sum", - "scale": "ratio", - "sourceField": "gcp.billing.total" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "6011e524-4646-410b-8d1c-06c281e8f7ed" - }, - { - "columnId": "f8ab301c-f139-4573-b233-ed8a3f717e24" - } - ], - "layerId": "e12171da-25a4-41ea-86d3-8fd71205c263", - "layerType": "data" - } - }, - "title": "Total Cost Table [Metrics GCP]", - "visualizationType": "lnsDatatable" - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-520c6f10-ec8a-11ea-a0ed-7fe6b565d158", - "migrationVersion": { - "lens": "7.15.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-e12171da-25a4-41ea-86d3-8fd71205c263", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/gcp/kibana/lens/gcp-73346db0-e88d-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/lens/gcp-73346db0-e88d-11ea-bf8c-d13ebf358a78.json deleted file mode 100644 index 98207850aba..00000000000 --- a/packages/gcp/kibana/lens/gcp-73346db0-e88d-11ea-bf8c-d13ebf358a78.json +++ /dev/null @@ -1,153 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "325e60ce-0fbd-42b0-82f6-b10df31fef6c": { - "columnOrder": [ - "faaaaf23-f362-4a00-be9e-8a155208a39e", - "c4bc659c-3e7c-41f2-bc38-32d9edee95e8", - "3041fc1b-ceb8-4188-b55d-d354819f267e" - ], - "columns": { - "3041fc1b-ceb8-4188-b55d-d354819f267e": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Billing", - "operationType": "max", - "scale": "ratio", - "sourceField": "gcp.billing.total" - }, - "c4bc659c-3e7c-41f2-bc38-32d9edee95e8": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "faaaaf23-f362-4a00-be9e-8a155208a39e": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Project ID", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "3041fc1b-ceb8-4188-b55d-d354819f267e", - "type": "column" - }, - "orderDirection": "desc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "gcp.billing.project_id" - } - } - }, - "4ca843af-63d7-46b9-a719-51a81eebf1f7": { - "columnOrder": [ - "1164563d-d2b3-4067-bc7b-d694179182ed", - "10b91492-efef-490d-bc7a-c2074b2eae84" - ], - "columns": { - "10b91492-efef-490d-bc7a-c2074b2eae84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Billing Cost", - "operationType": "sum", - "scale": "ratio", - "sourceField": "gcp.billing.total" - }, - "1164563d-d2b3-4067-bc7b-d694179182ed": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "1d" - }, - "scale": "interval", - "sourceField": "@timestamp" - }, - "e25f49de-f161-4be8-a8fc-519188a7776c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Cost", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "10b91492-efef-490d-bc7a-c2074b2eae84", - "type": "column" - }, - "orderDirection": "desc", - "size": 15 - }, - "scale": "ordinal", - "sourceField": "gcp.billing.project_id" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "fittingFunction": "None", - "layers": [ - { - "accessors": [ - "3041fc1b-ceb8-4188-b55d-d354819f267e" - ], - "layerId": "325e60ce-0fbd-42b0-82f6-b10df31fef6c", - "layerType": "data", - "seriesType": "bar_stacked", - "splitAccessor": "faaaaf23-f362-4a00-be9e-8a155208a39e", - "xAccessor": "c4bc659c-3e7c-41f2-bc38-32d9edee95e8" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked" - } - }, - "title": "Total Cost Bar Chart [Metrics GCP]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-73346db0-e88d-11ea-bf8c-d13ebf358a78", - "migrationVersion": { - "lens": "7.15.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-325e60ce-0fbd-42b0-82f6-b10df31fef6c", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/gcp/kibana/lens/gcp-dd835300-e88f-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/lens/gcp-dd835300-e88f-11ea-bf8c-d13ebf358a78.json deleted file mode 100644 index 92147debf47..00000000000 --- a/packages/gcp/kibana/lens/gcp-dd835300-e88f-11ea-bf8c-d13ebf358a78.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4cb00ce3-c62e-46f3-90ce-b69c876b9605": { - "columnOrder": [ - "2f66b924-5392-4e5e-93fe-5b23a87068c1" - ], - "columns": { - "2f66b924-5392-4e5e-93fe-5b23a87068c1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "gcp.billing.project_id" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "2f66b924-5392-4e5e-93fe-5b23a87068c1", - "layerId": "4cb00ce3-c62e-46f3-90ce-b69c876b9605", - "layerType": "data" - } - }, - "title": "Total Number Of Projects [Metrics GCP]", - "visualizationType": "lnsMetric" - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-dd835300-e88f-11ea-bf8c-d13ebf358a78", - "migrationVersion": { - "lens": "7.15.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-4cb00ce3-c62e-46f3-90ce-b69c876b9605", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/gcp/kibana/lens/gcp-e6933020-e88d-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/lens/gcp-e6933020-e88d-11ea-bf8c-d13ebf358a78.json deleted file mode 100644 index 502ed7d0f7d..00000000000 --- a/packages/gcp/kibana/lens/gcp-e6933020-e88d-11ea-bf8c-d13ebf358a78.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "attributes": { - "state": { - "datasourceStates": { - "indexpattern": { - "layers": { - "4ca843af-63d7-46b9-a719-51a81eebf1f7": { - "columnOrder": [ - "e25f49de-f161-4be8-a8fc-519188a7776c", - "b92edf5e-58bc-4382-9cd5-19db2c332c93", - "af747bf6-66e9-4760-bbd8-3dae9c97159d" - ], - "columns": { - "af747bf6-66e9-4760-bbd8-3dae9c97159d": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Billing Cost", - "operationType": "max", - "scale": "ratio", - "sourceField": "gcp.billing.total" - }, - "b92edf5e-58bc-4382-9cd5-19db2c332c93": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Invoice Month", - "operationType": "terms", - "params": { - "orderBy": { - "type": "alphabetical" - }, - "orderDirection": "asc", - "size": 5 - }, - "scale": "ordinal", - "sourceField": "gcp.billing.invoice_month" - }, - "e25f49de-f161-4be8-a8fc-519188a7776c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Monthly Cost", - "operationType": "terms", - "params": { - "orderBy": { - "columnId": "af747bf6-66e9-4760-bbd8-3dae9c97159d", - "type": "column" - }, - "orderDirection": "desc", - "size": 10 - }, - "scale": "ordinal", - "sourceField": "gcp.billing.project_id" - } - } - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "fittingFunction": "None", - "layers": [ - { - "accessors": [ - "af747bf6-66e9-4760-bbd8-3dae9c97159d" - ], - "layerId": "4ca843af-63d7-46b9-a719-51a81eebf1f7", - "layerType": "data", - "seriesType": "bar_stacked", - "splitAccessor": "b92edf5e-58bc-4382-9cd5-19db2c332c93", - "xAccessor": "e25f49de-f161-4be8-a8fc-519188a7776c" - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked" - } - }, - "title": "Monthly Cost Per Project [Metrics GCP]", - "visualizationType": "lnsXY" - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-e6933020-e88d-11ea-bf8c-d13ebf358a78", - "migrationVersion": { - "lens": "7.15.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "indexpattern-datasource-layer-4ca843af-63d7-46b9-a719-51a81eebf1f7", - "type": "index-pattern" - } - ], - "type": "lens" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-0bd0a6e0-9156-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-0bd0a6e0-9156-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index dbee870a35d..00000000000 --- a/packages/gcp/kibana/visualization/gcp-0bd0a6e0-9156-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Backend Response Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.backend_response.bytes : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.https.backend_response.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.url_map_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": null, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing HTTPS Backend Response Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-0bd0a6e0-9156-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3OTAsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-2f6b6740-909b-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-2f6b6740-909b-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index e38412e1fec..00000000000 --- a/packages/gcp/kibana/visualization/gcp-2f6b6740-909b-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing L3 Egress Packets [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.l3.internal.egress_packets.count : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.l3.internal.egress_packets.count", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing L3 Egress Packets [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-2f6b6740-909b-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:11.683Z", - "version": "WzM3OTQsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-3f472ea0-5e47-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-3f472ea0-5e47-11ea-a4f6-717338406083.json deleted file mode 100644 index 9534b5c85ad..00000000000 --- a/packages/gcp/kibana/visualization/gcp-3f472ea0-5e47-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute CPU Utilization [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "percent", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.compute.instance.cpu.usage.pct", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Compute CPU Utilization [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-3f472ea0-5e47-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3NzcsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-3f4e9040-909d-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-3f4e9040-909d-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index f81aabbae38..00000000000 --- a/packages/gcp/kibana/visualization/gcp-3f4e9040-909d-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,113 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing L3 Filters [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "gcp.labels.resource.backend_name", - "id": "1588881306802", - "indexPatternRefName": "control_0_index_pattern", - "label": "Backend Name", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.metrics.client_zone", - "id": "1588881320708", - "indexPatternRefName": "control_1_index_pattern", - "label": "Client Zone", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.metrics.client_network", - "id": "1588881383318", - "indexPatternRefName": "control_2_index_pattern", - "label": "Client Network", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.metrics.client_subnetwork", - "id": "1588881498842", - "indexPatternRefName": "control_3_index_pattern", - "label": "Client Sub-network", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Load Balancing L3 Filters [Metrics GCP]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-3f4e9040-909d-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_3_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization", - "updated_at": "2021-08-04T16:31:11.683Z", - "version": "WzM3OTMsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-434f69f0-909b-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-434f69f0-909b-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 6f673c96578..00000000000 --- a/packages/gcp/kibana/visualization/gcp-434f69f0-909b-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing L3 Ingress Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.l3.internal.ingress.bytes : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.l3.internal.ingress.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing L3 Ingress Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-434f69f0-909b-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:11.683Z", - "version": "WzM3OTcsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-43f45ba0-5e4a-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-43f45ba0-5e4a-11ea-a4f6-717338406083.json deleted file mode 100644 index 949d2470c8a..00000000000 --- a/packages/gcp/kibana/visualization/gcp-43f45ba0-5e4a-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Network Received Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.compute.instance.network.ingress.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Compute Network Received Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-43f45ba0-5e4a-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3ODEsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-543dac40-909b-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-543dac40-909b-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 5afd6ce5ef0..00000000000 --- a/packages/gcp/kibana/visualization/gcp-543dac40-909b-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing L3 Ingress Packets [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.l3.internal.ingress_packets.count : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.l3.internal.ingress_packets.count", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing L3 Ingress Packets [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-543dac40-909b-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:11.683Z", - "version": "WzM3OTYsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-5d2f9160-e88e-11ea-bf8c-d13ebf358a78.json b/packages/gcp/kibana/visualization/gcp-5d2f9160-e88e-11ea-bf8c-d13ebf358a78.json deleted file mode 100644 index 49d7087afb2..00000000000 --- a/packages/gcp/kibana/visualization/gcp-5d2f9160-e88e-11ea-bf8c-d13ebf358a78.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Account ID Filter [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "cloud.provider", - "id": "1598550838945", - "indexPatternRefName": "control_0_index_pattern", - "label": "Cloud Provider ", - "options": { - "dynamicOptions": true, - "multiselect": false, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "cloud.account.id", - "id": "1598893530938", - "indexPatternRefName": "control_1_index_pattern", - "label": "Account ID", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "1598550838945", - "type": "list" - }, - { - "fieldName": "gcp.billing.invoice_month", - "id": "1598988595566", - "indexPatternRefName": "control_2_index_pattern", - "label": "Invoice Month", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Account ID Filter [Metrics GCP]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-5d2f9160-e88e-11ea-bf8c-d13ebf358a78", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-6958ed10-a6ad-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/visualization/gcp-6958ed10-a6ad-11ea-950e-d57608e3aa51.json deleted file mode 100644 index c6413cbe0fb..00000000000 --- a/packages/gcp/kibana/visualization/gcp-6958ed10-a6ad-11ea-950e-d57608e3aa51.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Load Balancing TCP SSL Proxy Filters [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "gcp.labels.resource.backend_name", - "id": "1588881306802", - "indexPatternRefName": "control_0_index_pattern", - "label": "Backend Name", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.metrics.client_country", - "id": "1588881320708", - "indexPatternRefName": "control_1_index_pattern", - "label": "Client Country", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.metrics.proxy_continent", - "id": "1588881383318", - "indexPatternRefName": "control_2_index_pattern", - "label": "Proxy Continent", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Load Balancing TCP SSL Proxy Filters [Metrics GCP]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-6958ed10-a6ad-11ea-950e-d57608e3aa51", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-6f795e70-5e49-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-6f795e70-5e49-11ea-a4f6-717338406083.json deleted file mode 100644 index ff34a41cd74..00000000000 --- a/packages/gcp/kibana/visualization/gcp-6f795e70-5e49-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Network Sent Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.compute.instance.network.egress.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Compute Network Sent Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-6f795e70-5e49-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3ODAsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-6f933ef0-9155-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-6f933ef0-9155-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 4f819709ca1..00000000000 --- a/packages/gcp/kibana/visualization/gcp-6f933ef0-9155-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Request Count [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.request.count : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.request.count : * " - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.https.request.count", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.url_map_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": null, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing HTTPS Request Count [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-6f933ef0-9155-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3ODcsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-89513bc0-5e48-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-89513bc0-5e48-11ea-a4f6-717338406083.json deleted file mode 100644 index e57fde7b95d..00000000000 --- a/packages/gcp/kibana/visualization/gcp-89513bc0-5e48-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Read I/O [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.compute.instance.disk.read_ops_count.value", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Compute Read I/O [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-89513bc0-5e48-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3NzgsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-8d4ddf40-9155-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-8d4ddf40-9155-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index e24833f2789..00000000000 --- a/packages/gcp/kibana/visualization/gcp-8d4ddf40-9155-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Request Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.request.bytes : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.https.request.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.url_map_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": null, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing HTTPS Request Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-8d4ddf40-9155-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3ODksMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-95e1f050-5e48-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-95e1f050-5e48-11ea-a4f6-717338406083.json deleted file mode 100644 index 3e1642e36bb..00000000000 --- a/packages/gcp/kibana/visualization/gcp-95e1f050-5e48-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Write I/O [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 0, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.compute.instance.disk.write_ops_count.value", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Compute Write I/O [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-95e1f050-5e48-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3NzksMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-9d919d00-5e4d-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-9d919d00-5e4d-11ea-a4f6-717338406083.json deleted file mode 100644 index 6c0bfe94ed6..00000000000 --- a/packages/gcp/kibana/visualization/gcp-9d919d00-5e4d-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,85 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Firewall Dropped Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "3ece14c0-5e4c-11ea-9061-37f24ca5b01f" - } - ], - "bar_color_rules": [ - { - "id": "3b9c35c0-5e4c-11ea-9061-37f24ca5b01f" - } - ], - "drop_last_bucket": 0, - "gauge_color_rules": [ - { - "id": "3b27a200-5e4c-11ea-9061-37f24ca5b01f" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.compute.firewall.dropped.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Compute Firewall Dropped Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-9d919d00-5e4d-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3ODIsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-afeb98a0-a6ac-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/visualization/gcp-afeb98a0-a6ac-11ea-950e-d57608e3aa51.json deleted file mode 100644 index fb2dbb76b0e..00000000000 --- a/packages/gcp/kibana/visualization/gcp-afeb98a0-a6ac-11ea-950e-d57608e3aa51.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing TCP SSL Proxy Egress Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "bar_color_rules": [ - { - "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "\u003e=1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.tcp_ssl_proxy.egress.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing TCP SSL Proxy Egress Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-afeb98a0-a6ac-11ea-950e-d57608e3aa51", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:12.649Z", - "version": "WzM4MDMsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-be27b340-a6ac-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/visualization/gcp-be27b340-a6ac-11ea-950e-d57608e3aa51.json deleted file mode 100644 index a90cda2d2c2..00000000000 --- a/packages/gcp/kibana/visualization/gcp-be27b340-a6ac-11ea-950e-d57608e3aa51.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing TCP SSL Proxy Ingress Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "bar_color_rules": [ - { - "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "\u003e=1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.tcp_ssl_proxy.ingress.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing TCP SSL Proxy Ingress Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-be27b340-a6ac-11ea-950e-d57608e3aa51", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:12.649Z", - "version": "WzM4MDQsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-c4e1e090-a6aa-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/visualization/gcp-c4e1e090-a6aa-11ea-950e-d57608e3aa51.json deleted file mode 100644 index 29764be17d6..00000000000 --- a/packages/gcp/kibana/visualization/gcp-c4e1e090-a6aa-11ea-950e-d57608e3aa51.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing TCP SSL Proxy Closed Connections [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "bar_color_rules": [ - { - "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "hide_last_value_indicator": true, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "field": "gcp.loadbalancing.tcp_ssl_proxy.closed_connections.value", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Load Balancing TCP SSL Proxy Closed Connections [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-c4e1e090-a6aa-11ea-950e-d57608e3aa51", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:12.649Z", - "version": "WzM4MDEsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-d5418f80-9156-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-d5418f80-9156-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index f7afdeae9dd..00000000000 --- a/packages/gcp/kibana/visualization/gcp-d5418f80-9156-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Filters [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "controls": [ - { - "fieldName": "gcp.labels.resource.url_map_name", - "id": "1588961027791", - "indexPatternRefName": "control_0_index_pattern", - "label": "URL Map Name", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.resource.region", - "id": "1588961077426", - "indexPatternRefName": "control_1_index_pattern", - "label": "Region", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - }, - { - "fieldName": "gcp.labels.metrics.client_country", - "id": "1588961157559", - "indexPatternRefName": "control_2_index_pattern", - "label": "Client Country", - "options": { - "dynamicOptions": true, - "multiselect": true, - "order": "desc", - "size": 5, - "type": "terms" - }, - "parent": "", - "type": "list" - } - ], - "pinFilters": false, - "updateFiltersOnChange": false, - "useTimeFilter": false - }, - "title": "Load Balancing HTTPS Filters [Metrics GCP]", - "type": "input_control_vis" - } - }, - "coreMigrationVersion": "7.15.0", - "id": "gcp-d5418f80-9156-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [ - { - "id": "metrics-*", - "name": "control_0_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_1_index_pattern", - "type": "index-pattern" - }, - { - "id": "metrics-*", - "name": "control_2_index_pattern", - "type": "index-pattern" - } - ], - "type": "visualization" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-d63465e0-9154-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-d63465e0-9154-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 8f834e8f974..00000000000 --- a/packages/gcp/kibana/visualization/gcp-d63465e0-9154-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Response Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.response.bytes : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.response.bytes : * " - }, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.https.response.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.url_map_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": null, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing HTTPS Response Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-d63465e0-9154-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3OTEsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json b/packages/gcp/kibana/visualization/gcp-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json deleted file mode 100644 index 1390eca96f0..00000000000 --- a/packages/gcp/kibana/visualization/gcp-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Instance Uptime Gauge [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "74a18260-63df-11ea-9543-55b68a4bcad3" - } - ], - "bar_color_rules": [ - { - "id": "77a54c80-63df-11ea-9543-55b68a4bcad3" - } - ], - "drop_last_bucket": 0, - "filter": { - "language": "kuery", - "query": "" - }, - "gauge_color_rules": [ - { - "id": "777371a0-63e0-11ea-9543-55b68a4bcad3", - "value": 0 - } - ], - "gauge_inner_width": 10, - "gauge_max": "", - "gauge_style": "circle", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "\u003e=5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": 0.5, - "filter": { - "language": "kuery", - "query": "" - }, - "formatter": "percent", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "Average Uptime", - "line_width": 1, - "metrics": [ - { - "denominator": "60", - "field": "gcp.compute.instance.uptime.sec", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "numerator": "gcp.compute.instance.uptime.sec", - "type": "avg", - "values": [ - "60" - ] - }, - { - "id": "81dc6000-63e7-11ea-994d-3b2599babc53", - "script": "params.uptime / 60\n", - "type": "math", - "variables": [ - { - "field": "61ca57f2-469d-11e7-af02-69e470af7417", - "id": "85f3bd00-63e7-11ea-994d-3b2599babc53", - "name": "uptime" - } - ] - } - ], - "override_index_pattern": 0, - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "everything", - "stacked": "none", - "terms_field": "cloud.instance.name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", - "time_range_mode": "entire_time_range", - "tooltip_mode": "show_all", - "type": "gauge", - "use_kibana_indexes": false - }, - "title": "Compute Instance Uptime Gauge [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-da5bc460-63e1-11ea-b0ac-95d4ecb1fecd", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3NzYsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-dff87070-9155-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-dff87070-9155-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 447bac96c77..00000000000 --- a/packages/gcp/kibana/visualization/gcp-dff87070-9155-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Backend Request Count [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.backend_request.count : * " - }, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.https.backend_request.count", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.url_map_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": null, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing HTTPS Backend Request Count [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-dff87070-9155-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3ODYsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-e562eb50-909a-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-e562eb50-909a-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 0e35c83533d..00000000000 --- a/packages/gcp/kibana/visualization/gcp-e562eb50-909a-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing L3 Egress Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "drop_last_bucket": 1, - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.l3.internal.egress.bytes : * " - }, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.l3.internal.egress.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing L3 Egress Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-e562eb50-909a-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:11.683Z", - "version": "WzM3OTUsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-eb891a20-9155-11ea-8180-7b0dacd9df87.json b/packages/gcp/kibana/visualization/gcp-eb891a20-9155-11ea-8180-7b0dacd9df87.json deleted file mode 100644 index 68e71c59397..00000000000 --- a/packages/gcp/kibana/visualization/gcp-eb891a20-9155-11ea-8180-7b0dacd9df87.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing HTTPS Backend Request Bytes [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "1m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "filter": { - "language": "kuery", - "query": "gcp.loadbalancing.https.backend_request.bytes : * " - }, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.https.backend_request.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "gradient", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.url_map_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": null, - "type": "timeseries", - "use_kibana_indexes": false - }, - "title": "Load Balancing HTTPS Backend Request Bytes [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-eb891a20-9155-11ea-8180-7b0dacd9df87", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:10.632Z", - "version": "WzM3ODgsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-eed05d80-a6ac-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/visualization/gcp-eed05d80-a6ac-11ea-950e-d57608e3aa51.json deleted file mode 100644 index 53ee6870b19..00000000000 --- a/packages/gcp/kibana/visualization/gcp-eed05d80-a6ac-11ea-950e-d57608e3aa51.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing TCP SSL Proxy New Connections [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "bar_color_rules": [ - { - "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "hide_last_value_indicator": true, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "\u003e=15m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "2", - "metrics": [ - { - "field": "gcp.loadbalancing.tcp_ssl_proxy.new_connections.value", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "3", - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Load Balancing TCP SSL Proxy New Connections [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-eed05d80-a6ac-11ea-950e-d57608e3aa51", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:12.649Z", - "version": "WzM4MDIsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-ef1508c0-5e4c-11ea-a4f6-717338406083.json b/packages/gcp/kibana/visualization/gcp-ef1508c0-5e4c-11ea-a4f6-717338406083.json deleted file mode 100644 index 61e2e9586c1..00000000000 --- a/packages/gcp/kibana/visualization/gcp-ef1508c0-5e4c-11ea-a4f6-717338406083.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Compute Firewall Dropped Packets [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "3ece14c0-5e4c-11ea-9061-37f24ca5b01f" - } - ], - "bar_color_rules": [ - { - "id": "3b9c35c0-5e4c-11ea-9061-37f24ca5b01f" - } - ], - "drop_last_bucket": 0, - "gauge_color_rules": [ - { - "id": "3b27a200-5e4c-11ea-9061-37f24ca5b01f" - } - ], - "gauge_inner_width": 10, - "gauge_style": "half", - "gauge_width": 10, - "hide_last_value_indicator": true, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "5m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": "0", - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": "3", - "metrics": [ - { - "field": "gcp.compute.firewall.dropped_packets_count.value", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": "2", - "separate_axis": 0, - "split_color_mode": "rainbow", - "split_mode": "terms", - "stacked": "none", - "terms_field": "cloud.instance.name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "time_range_mode": "entire_time_range", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Compute Firewall Dropped Packets [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-ef1508c0-5e4c-11ea-a4f6-717338406083", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:09.611Z", - "version": "WzM3ODMsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/kibana/visualization/gcp-f86c26f0-a6aa-11ea-950e-d57608e3aa51.json b/packages/gcp/kibana/visualization/gcp-f86c26f0-a6aa-11ea-950e-d57608e3aa51.json deleted file mode 100644 index df0cabe09d9..00000000000 --- a/packages/gcp/kibana/visualization/gcp-f86c26f0-a6aa-11ea-950e-d57608e3aa51.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": {} - }, - "title": "Load Balancing TCP SSL Proxy Open Connections [Metrics GCP]", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [], - "params": { - "axis_formatter": "number", - "axis_position": "left", - "axis_scale": "normal", - "background_color_rules": [ - { - "id": "cd2ddc00-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "bar_color_rules": [ - { - "id": "d26268d0-a6a9-11ea-9765-5f34a0c2e541" - } - ], - "hide_last_value_indicator": true, - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "metrics-*", - "interval": "\u003e=15m", - "isModelInvalid": false, - "series": [ - { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, - "metrics": [ - { - "field": "gcp.loadbalancing.tcp_ssl_proxy.open_connections.value", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "avg" - } - ], - "point_size": 1, - "separate_axis": 0, - "split_color_mode": "kibana", - "split_mode": "terms", - "stacked": "none", - "terms_field": "gcp.labels.resource.backend_name", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", - "type": "timeseries" - } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "", - "type": "top_n", - "use_kibana_indexes": false - }, - "title": "Load Balancing TCP SSL Proxy Open Connections [Metrics GCP]", - "type": "metrics" - } - }, - "coreMigrationVersion": "8.0.0", - "id": "gcp-f86c26f0-a6aa-11ea-950e-d57608e3aa51", - "migrationVersion": { - "visualization": "7.14.0" - }, - "references": [], - "type": "visualization", - "updated_at": "2021-08-04T16:31:12.649Z", - "version": "WzM4MDAsMV0=" -} \ No newline at end of file diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index f24b1eeb10d..eecda9f04ba 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: "2.12.1" +version: "2.13.0" release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration @@ -15,7 +15,7 @@ categories: - google_cloud - cloud conditions: - kibana.version: ^7.17.6 || ^8.3.0 + kibana.version: ^8.3.0 screenshots: - src: /img/filebeat-gcp-audit.png title: filebeat gcp audit