From 74ec5199a64768cc359b17600f9e91671c26815b Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Wed, 21 Mar 2018 16:07:20 -0600 Subject: [PATCH 01/26] Added support table with visualizations and search table --- resources/dashboards/Support-Dashboard.json | 17 +++++++++++++ resources/searches/Support-Table.json | 25 +++++++++++++++++++ .../Top-Applications-By-Metadata.json | 15 +++++++++++ ...p-Applications-By-Session-(histogram).json | 15 +++++++++++ .../Top-Applications-By-Session-(pie).json | 15 +++++++++++ .../Top-DestIP-By-Metadata-impact-(pie).json | 15 +++++++++++ .../Top-DestIP-By-Session-(pie).json | 15 +++++++++++ .../Top-SrcIP-By-Metadata-impact(pie).json | 15 +++++++++++ .../Top-SrcIP-By-Session(pie).json | 15 +++++++++++ 9 files changed, 147 insertions(+) create mode 100644 resources/dashboards/Support-Dashboard.json create mode 100644 resources/searches/Support-Table.json create mode 100644 resources/visualizations/Top-Applications-By-Metadata.json create mode 100644 resources/visualizations/Top-Applications-By-Session-(histogram).json create mode 100644 resources/visualizations/Top-Applications-By-Session-(pie).json create mode 100644 resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json create mode 100644 resources/visualizations/Top-DestIP-By-Session-(pie).json create mode 100644 resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json create mode 100644 resources/visualizations/Top-SrcIP-By-Session(pie).json diff --git a/resources/dashboards/Support-Dashboard.json b/resources/dashboards/Support-Dashboard.json new file mode 100644 index 0000000000000..1917709ce43b2 --- /dev/null +++ b/resources/dashboards/Support-Dashboard.json @@ -0,0 +1,17 @@ +[ + { + "_id": "Support-Dashbboard", + "_type": "dashboard", + "_source": { + "title": "Support Dashbboard", + "hits": 0, + "description": "", + "panelsJSON": "[{\"id\":\"Top-Applications-By-Sessions-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":1},{\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":3},{\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":1},{\"id\":\"Top-Applications-By-Packet-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":3},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1},{\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":5},{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":5,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]}]", + "version": 2, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + } + } + } +] diff --git a/resources/searches/Support-Table.json b/resources/searches/Support-Table.json new file mode 100644 index 0000000000000..0529792596f52 --- /dev/null +++ b/resources/searches/Support-Table.json @@ -0,0 +1,25 @@ +[ + { + "_id": "Support-Table", + "_type": "search", + "_source": { + "title": "Support Table", + "description": "", + "hits": 0, + "columns": [ + "Application", + "SrcIP", + "DestIP", + "Duration" + ], + "sort": [ + "TimeUpdated", + "asc" + ], + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-Applications-By-Metadata.json b/resources/visualizations/Top-Applications-By-Metadata.json new file mode 100644 index 0000000000000..94743d22e0069 --- /dev/null +++ b/resources/visualizations/Top-Applications-By-Metadata.json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-Applications-By-Metadata-impact-(pie)", + "_type": "visualization", + "_source": { + "title": "Top Applications By Metadata impact (pie)", + "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-Applications-By-Session-(histogram).json b/resources/visualizations/Top-Applications-By-Session-(histogram).json new file mode 100644 index 0000000000000..d4179236e4a33 --- /dev/null +++ b/resources/visualizations/Top-Applications-By-Session-(histogram).json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-Applications-By-Sessions-(histogram)", + "_type": "visualization", + "_source": { + "title": "Top Applications By Sessions (histogram)", + "visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytesDelta\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"3-orderAgg\",\"type\":\"cardinality\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"Session\"}}}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-Applications-By-Session-(pie).json b/resources/visualizations/Top-Applications-By-Session-(pie).json new file mode 100644 index 0000000000000..36e302ddfe682 --- /dev/null +++ b/resources/visualizations/Top-Applications-By-Session-(pie).json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-Applications-By-Sessions-(pie)", + "_type": "visualization", + "_source": { + "title": "Top Applications By Sessions (pie)", + "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json b/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json new file mode 100644 index 0000000000000..19f4f76e34245 --- /dev/null +++ b/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-DestIP-By-Metadata-Impact-(pie)", + "_type": "visualization", + "_source": { + "title": "Top DestIP By Metadata Impact (pie)", + "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-DestIP-By-Session-(pie).json b/resources/visualizations/Top-DestIP-By-Session-(pie).json new file mode 100644 index 0000000000000..67c6c10ef56cb --- /dev/null +++ b/resources/visualizations/Top-DestIP-By-Session-(pie).json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-DestIP-By-Session-(pie)", + "_type": "visualization", + "_source": { + "title": "Top DestIP By Session (pie)", + "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json new file mode 100644 index 0000000000000..2860a31627a85 --- /dev/null +++ b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-SrcIP-By-Metadata-Impact-(pie)", + "_type": "visualization", + "_source": { + "title": "Top SrcIP By Metadata Impact (pie)", + "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] diff --git a/resources/visualizations/Top-SrcIP-By-Session(pie).json b/resources/visualizations/Top-SrcIP-By-Session(pie).json new file mode 100644 index 0000000000000..aa0258712a6a8 --- /dev/null +++ b/resources/visualizations/Top-SrcIP-By-Session(pie).json @@ -0,0 +1,15 @@ +[ + { + "_id": "Top-SrcIP-By-Session-(pie)", + "_type": "visualization", + "_source": { + "title": "Top SrcIP By Session (pie)", + "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description": "", + "version": 1, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } + } + } +] From ff5cd4ea3cd3f421e8b698661ed93ce1b52f22e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:46:51 -0600 Subject: [PATCH 02/26] corrected dashboard json syntax and format --- resources/dashboards/Support-Dashboard.json | 30 ++++++++++----------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/resources/dashboards/Support-Dashboard.json b/resources/dashboards/Support-Dashboard.json index 1917709ce43b2..cdd4e5d295179 100644 --- a/resources/dashboards/Support-Dashboard.json +++ b/resources/dashboards/Support-Dashboard.json @@ -1,17 +1,15 @@ -[ - { - "_id": "Support-Dashbboard", - "_type": "dashboard", - "_source": { - "title": "Support Dashbboard", - "hits": 0, - "description": "", - "panelsJSON": "[{\"id\":\"Top-Applications-By-Sessions-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":1},{\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":3},{\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":1},{\"id\":\"Top-Applications-By-Packet-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":3},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1},{\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":5},{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":5,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]}]", - "version": 2, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" +{ + "_id":"Support-Dashbboard", + "_type":"dashboard", + "_source":{ + "title":"Support Dashbboard", + "hits":0, + "description":"", + "panelsJSON":"[{\"id\":\"Top-Applications-By-Sessions-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":1},{\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":3},{\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":1},{\"id\":\"Top-Applications-By-Packet-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":3},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1},{\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":5},{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":5,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]}]", + "version":2, + "timeRestore":false, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" } - } - } -] + } +} From 6972062c4e8f64214d4d785f4f19889a714dd6d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:48:31 -0600 Subject: [PATCH 03/26] search: corrected json syntax and formatting --- resources/searches/Support-Table.json | 42 +++++++++++++-------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/resources/searches/Support-Table.json b/resources/searches/Support-Table.json index 0529792596f52..21d5b259ba232 100644 --- a/resources/searches/Support-Table.json +++ b/resources/searches/Support-Table.json @@ -1,25 +1,23 @@ -[ - { - "_id": "Support-Table", - "_type": "search", - "_source": { - "title": "Support Table", - "description": "", - "hits": 0, - "columns": [ - "Application", - "SrcIP", - "DestIP", - "Duration" +{ + "_id":"Support-Table", + "_type":"search", + "_source":{ + "title":"Support Table", + "description":"", + "hits":0, + "columns":[ + "Application", + "SrcIP", + "DestIP", + "Duration" ], - "sort": [ - "TimeUpdated", - "asc" + "sort":[ + "TimeUpdated", + "asc" ], - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}" + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}" } - } - } -] + } +} From f511eacf21776f9f42a5641ede26e2d23b07d74b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:49:34 -0600 Subject: [PATCH 04/26] top-applications-by-metadata: corrected json --- .../Top-Applications-By-Metadata.json | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/resources/visualizations/Top-Applications-By-Metadata.json b/resources/visualizations/Top-Applications-By-Metadata.json index 94743d22e0069..738e3b219d318 100644 --- a/resources/visualizations/Top-Applications-By-Metadata.json +++ b/resources/visualizations/Top-Applications-By-Metadata.json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-Applications-By-Metadata-impact-(pie)", - "_type": "visualization", - "_source": { - "title": "Top Applications By Metadata impact (pie)", - "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-Applications-By-Metadata-impact-(pie)", + "_type":"visualization", + "_source":{ + "title":"Top Applications By Metadata impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} From df147fdb7186d33cf9e855f5a96fa0b56ad3b8f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:50:41 -0600 Subject: [PATCH 05/26] top-applications-by-session (histogram): fixed json --- ...p-Applications-By-Session-(histogram).json | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/resources/visualizations/Top-Applications-By-Session-(histogram).json b/resources/visualizations/Top-Applications-By-Session-(histogram).json index d4179236e4a33..979faad8099a5 100644 --- a/resources/visualizations/Top-Applications-By-Session-(histogram).json +++ b/resources/visualizations/Top-Applications-By-Session-(histogram).json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-Applications-By-Sessions-(histogram)", - "_type": "visualization", - "_source": { - "title": "Top Applications By Sessions (histogram)", - "visState": "{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytesDelta\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"3-orderAgg\",\"type\":\"cardinality\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"Session\"}}}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-Applications-By-Sessions-(histogram)", + "_type":"visualization", + "_source":{ + "title":"Top Applications By Sessions (histogram)", + "visState":"{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytesDelta\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"3-orderAgg\",\"type\":\"cardinality\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"Session\"}}}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} From 76f449a9aea44f502c80773095666be3799a6dd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:51:36 -0600 Subject: [PATCH 06/26] Top-Applications-by-Sessions(pie): fixed json --- .../Top-Applications-By-Session-(pie).json | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/resources/visualizations/Top-Applications-By-Session-(pie).json b/resources/visualizations/Top-Applications-By-Session-(pie).json index 36e302ddfe682..1a60d670c2ff2 100644 --- a/resources/visualizations/Top-Applications-By-Session-(pie).json +++ b/resources/visualizations/Top-Applications-By-Session-(pie).json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-Applications-By-Sessions-(pie)", - "_type": "visualization", - "_source": { - "title": "Top Applications By Sessions (pie)", - "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-Applications-By-Sessions-(pie)", + "_type":"visualization", + "_source":{ + "title":"Top Applications By Sessions (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} From 4cae65c65b82680d22e7958ea7a1e885e3d432b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:52:25 -0600 Subject: [PATCH 07/26] Top-DestIP-By-metadata-impact(json) --- .../Top-DestIP-By-Metadata-impact-(pie).json | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json b/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json index 19f4f76e34245..786014981e74f 100644 --- a/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json +++ b/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-DestIP-By-Metadata-Impact-(pie)", - "_type": "visualization", - "_source": { - "title": "Top DestIP By Metadata Impact (pie)", - "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-DestIP-By-Metadata-Impact-(pie)", + "_type":"visualization", + "_source":{ + "title":"Top DestIP By Metadata Impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} From 9d0c5eed2dd8826e6fa3c359e2aeaab0164eacbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Thu, 22 Mar 2018 09:53:13 -0600 Subject: [PATCH 08/26] Top-DestIP-By-Session(pie): fixed json --- .../Top-DestIP-By-Session-(pie).json | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/resources/visualizations/Top-DestIP-By-Session-(pie).json b/resources/visualizations/Top-DestIP-By-Session-(pie).json index 67c6c10ef56cb..a72c9f55ef7a3 100644 --- a/resources/visualizations/Top-DestIP-By-Session-(pie).json +++ b/resources/visualizations/Top-DestIP-By-Session-(pie).json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-DestIP-By-Session-(pie)", - "_type": "visualization", - "_source": { - "title": "Top DestIP By Session (pie)", - "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-DestIP-By-Session-(pie)", + "_type":"visualization", + "_source":{ + "title":"Top DestIP By Session (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} From 39c8605f3df5c03bb4c32e6247e85807942502b3 Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Fri, 23 Mar 2018 00:28:08 -0600 Subject: [PATCH 09/26] fixed formatting --- resources/dashboards/Support-Dashboard.json | 15 ----------- .../Top-SrcIP-By-Metadata-impact(pie).json | 26 +++++++++---------- .../Top-SrcIP-By-Session(pie).json | 26 +++++++++---------- 3 files changed, 24 insertions(+), 43 deletions(-) delete mode 100644 resources/dashboards/Support-Dashboard.json diff --git a/resources/dashboards/Support-Dashboard.json b/resources/dashboards/Support-Dashboard.json deleted file mode 100644 index cdd4e5d295179..0000000000000 --- a/resources/dashboards/Support-Dashboard.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "_id":"Support-Dashbboard", - "_type":"dashboard", - "_source":{ - "title":"Support Dashbboard", - "hits":0, - "description":"", - "panelsJSON":"[{\"id\":\"Top-Applications-By-Sessions-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":1},{\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":3},{\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":1},{\"id\":\"Top-Applications-By-Packet-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":3},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1},{\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":3,\"col\":1,\"row\":5},{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":3,\"col\":7,\"row\":5,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]}]", - "version":2, - "timeRestore":false, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" - } - } -} diff --git a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json index 2860a31627a85..1efbdb9698d7b 100644 --- a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json +++ b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-SrcIP-By-Metadata-Impact-(pie)", - "_type": "visualization", - "_source": { - "title": "Top SrcIP By Metadata Impact (pie)", - "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-SrcIP-By-Metadata-Impact-(pie)", + "_type":"visualization", + "_source":{ + "title":"Top SrcIP By Metadata Impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} \ No newline at end of file diff --git a/resources/visualizations/Top-SrcIP-By-Session(pie).json b/resources/visualizations/Top-SrcIP-By-Session(pie).json index aa0258712a6a8..9976728751ed7 100644 --- a/resources/visualizations/Top-SrcIP-By-Session(pie).json +++ b/resources/visualizations/Top-SrcIP-By-Session(pie).json @@ -1,15 +1,13 @@ -[ - { - "_id": "Top-SrcIP-By-Session-(pie)", - "_type": "visualization", - "_source": { - "title": "Top SrcIP By Session (pie)", - "visState": "{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description": "", - "version": 1, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" +{ + "_id":"Top-SrcIP-By-Session-(pie)", + "_type":"visualization", + "_source":{ + "title":"Top SrcIP By Session (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } - } - } -] + } +} \ No newline at end of file From 28bc91ab6fa0b1c2ea18cd0a5b1817dd7d42eb50 Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Fri, 23 Mar 2018 00:31:09 -0600 Subject: [PATCH 10/26] updated --- resources/dashboards/Support-Dashboard-What.json | 15 +++++++++++++++ resources/dashboards/Support-Dashboard-Who.json | 15 +++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 resources/dashboards/Support-Dashboard-What.json create mode 100644 resources/dashboards/Support-Dashboard-Who.json diff --git a/resources/dashboards/Support-Dashboard-What.json b/resources/dashboards/Support-Dashboard-What.json new file mode 100644 index 0000000000000..1e2d67be0c0cf --- /dev/null +++ b/resources/dashboards/Support-Dashboard-What.json @@ -0,0 +1,15 @@ +{ + "_id":"Support-Dashbboard-What", + "_type":"dashboard", + "_source":{ + "title":"Support Dashbboard - What", + "hits":0, + "description":"", + "panelsJSON":"[{\"col\":10,\"id\":\"Top-Applications-By-Sessions-(pie)\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Packet-Count\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", + "version":2, + "timeRestore":false, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + } + } +} \ No newline at end of file diff --git a/resources/dashboards/Support-Dashboard-Who.json b/resources/dashboards/Support-Dashboard-Who.json new file mode 100644 index 0000000000000..67cb944ffc660 --- /dev/null +++ b/resources/dashboards/Support-Dashboard-Who.json @@ -0,0 +1,15 @@ +{ + "_id":"Support-Dashbboard-Who", + "_type":"dashboard", + "_source":{ + "title":"Support Dashbboard - Who", + "hits":0, + "description":"", + "panelsJSON":"[{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]", + "version":2, + "timeRestore":false, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" + } + } +} \ No newline at end of file From 8d2ff95d4a7995b5466a7f8d292bf64d4a6d67dd Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Fri, 23 Mar 2018 15:24:11 -0600 Subject: [PATCH 11/26] Who --> Where --- ...port-Dashboard-Who.json => Support-Dashboard-Where.json} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename resources/dashboards/{Support-Dashboard-Who.json => Support-Dashboard-Where.json} (92%) diff --git a/resources/dashboards/Support-Dashboard-Who.json b/resources/dashboards/Support-Dashboard-Where.json similarity index 92% rename from resources/dashboards/Support-Dashboard-Who.json rename to resources/dashboards/Support-Dashboard-Where.json index 67cb944ffc660..c027e0f453260 100644 --- a/resources/dashboards/Support-Dashboard-Who.json +++ b/resources/dashboards/Support-Dashboard-Where.json @@ -1,8 +1,8 @@ { - "_id":"Support-Dashbboard-Who", + "_id":"Support-Dashbboard-Where", "_type":"dashboard", "_source":{ - "title":"Support Dashbboard - Who", + "title":"Support Dashbboard - Where", "hits":0, "description":"", "panelsJSON":"[{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]", @@ -12,4 +12,4 @@ "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" } } -} \ No newline at end of file +} From 42188c459f1e0c64ae199c1f2ed2e7c81c6df3d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:48:04 -0600 Subject: [PATCH 12/26] Update Support-Dashboard-What.json --- .../dashboards/Support-Dashboard-What.json | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/resources/dashboards/Support-Dashboard-What.json b/resources/dashboards/Support-Dashboard-What.json index 1e2d67be0c0cf..5dadb5f22ba70 100644 --- a/resources/dashboards/Support-Dashboard-What.json +++ b/resources/dashboards/Support-Dashboard-What.json @@ -1,15 +1,11 @@ { - "_id":"Support-Dashbboard-What", - "_type":"dashboard", - "_source":{ - "title":"Support Dashbboard - What", - "hits":0, - "description":"", - "panelsJSON":"[{\"col\":10,\"id\":\"Top-Applications-By-Sessions-(pie)\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Packet-Count\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", - "version":2, - "timeRestore":false, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" - } + "title":"Support Dashbboard - What", + "hits":0, + "description":"", + "panelsJSON":"[{\"col\":10,\"id\":\"Top-Applications-By-Sessions-(pie)\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Packet-Count\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", + "version":2, + "timeRestore":false, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" } -} \ No newline at end of file +} From 6e4458c9016391fe38e8dce8ff69b574909cb9f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:48:43 -0600 Subject: [PATCH 13/26] Update Support-Dashboard-Where.json --- .../dashboards/Support-Dashboard-Where.json | 20 ++++++++----------- 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/resources/dashboards/Support-Dashboard-Where.json b/resources/dashboards/Support-Dashboard-Where.json index c027e0f453260..156463761fa90 100644 --- a/resources/dashboards/Support-Dashboard-Where.json +++ b/resources/dashboards/Support-Dashboard-Where.json @@ -1,15 +1,11 @@ { - "_id":"Support-Dashbboard-Where", - "_type":"dashboard", - "_source":{ - "title":"Support Dashbboard - Where", - "hits":0, - "description":"", - "panelsJSON":"[{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]", - "version":2, - "timeRestore":false, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" - } + "title":"Support Dashbboard - Where", + "hits":0, + "description":"", + "panelsJSON":"[{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]", + "version":2, + "timeRestore":false, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}" } } From d9d4ce9e6fbf32828baec8196feaa7693d3de2c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:55:58 -0600 Subject: [PATCH 14/26] Update Support-Table.json --- resources/searches/Support-Table.json | 36 ++++++++++++--------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/resources/searches/Support-Table.json b/resources/searches/Support-Table.json index 21d5b259ba232..8f30d4b1b375d 100644 --- a/resources/searches/Support-Table.json +++ b/resources/searches/Support-Table.json @@ -1,23 +1,19 @@ { - "_id":"Support-Table", - "_type":"search", - "_source":{ - "title":"Support Table", - "description":"", - "hits":0, - "columns":[ - "Application", - "SrcIP", - "DestIP", - "Duration" - ], - "sort":[ - "TimeUpdated", - "asc" - ], - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}" - } + "title":"Support Table", + "description":"", + "hits":0, + "columns":[ + "Application", + "SrcIP", + "DestIP", + "Duration" + ], + "sort":[ + "TimeUpdated", + "asc" + ], + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"fragment_size\":2147483647},\"filter\":[]}" } } From 4b4e1e3a008caa732abc0421cdc98b809248e80b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:57:02 -0600 Subject: [PATCH 15/26] Update Top-Applications-By-Metadata.json --- .../Top-Applications-By-Metadata.json | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/resources/visualizations/Top-Applications-By-Metadata.json b/resources/visualizations/Top-Applications-By-Metadata.json index 738e3b219d318..7c1fd6672ccd4 100644 --- a/resources/visualizations/Top-Applications-By-Metadata.json +++ b/resources/visualizations/Top-Applications-By-Metadata.json @@ -1,13 +1,9 @@ { - "_id":"Top-Applications-By-Metadata-impact-(pie)", - "_type":"visualization", - "_source":{ - "title":"Top Applications By Metadata impact (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top Applications By Metadata impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } From 94ec90de7eeaaa1665b8126e5a41bf221d1e3f0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:57:35 -0600 Subject: [PATCH 16/26] Update Top-Applications-By-Session-(histogram).json --- .../Top-Applications-By-Session-(histogram).json | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/resources/visualizations/Top-Applications-By-Session-(histogram).json b/resources/visualizations/Top-Applications-By-Session-(histogram).json index 979faad8099a5..235f004273bd0 100644 --- a/resources/visualizations/Top-Applications-By-Session-(histogram).json +++ b/resources/visualizations/Top-Applications-By-Session-(histogram).json @@ -1,13 +1,9 @@ { - "_id":"Top-Applications-By-Sessions-(histogram)", - "_type":"visualization", - "_source":{ - "title":"Top Applications By Sessions (histogram)", - "visState":"{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytesDelta\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"3-orderAgg\",\"type\":\"cardinality\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"Session\"}}}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top Applications By Sessions (histogram)", + "visState":"{\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"TotalBytesDelta\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"custom\",\"orderAgg\":{\"id\":\"3-orderAgg\",\"type\":\"cardinality\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"Session\"}}}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"TimeUpdated\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } From 2847b04986e555346dd963f032b3aa92b46c4979 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:58:09 -0600 Subject: [PATCH 17/26] Update Top-Applications-By-Session-(pie).json --- .../Top-Applications-By-Session-(pie).json | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/resources/visualizations/Top-Applications-By-Session-(pie).json b/resources/visualizations/Top-Applications-By-Session-(pie).json index 1a60d670c2ff2..e61c5b3078457 100644 --- a/resources/visualizations/Top-Applications-By-Session-(pie).json +++ b/resources/visualizations/Top-Applications-By-Session-(pie).json @@ -1,13 +1,9 @@ { - "_id":"Top-Applications-By-Sessions-(pie)", - "_type":"visualization", - "_source":{ - "title":"Top Applications By Sessions (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top Applications By Sessions (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } From bf5cedc662f9cb399ef35be934bb958d73c4a2cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:59:11 -0600 Subject: [PATCH 18/26] Update Top-DestIP-By-Metadata-impact-(pie).json --- .../Top-DestIP-By-Metadata-impact-(pie).json | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json b/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json index 786014981e74f..9a9a1a55292ef 100644 --- a/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json +++ b/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json @@ -1,13 +1,9 @@ { - "_id":"Top-DestIP-By-Metadata-Impact-(pie)", - "_type":"visualization", - "_source":{ - "title":"Top DestIP By Metadata Impact (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top DestIP By Metadata Impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } From cb3699f6b2faa0365a86a514f653d38d33405e33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 14:59:49 -0600 Subject: [PATCH 19/26] Update Top-DestIP-By-Session-(pie).json --- .../Top-DestIP-By-Session-(pie).json | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/resources/visualizations/Top-DestIP-By-Session-(pie).json b/resources/visualizations/Top-DestIP-By-Session-(pie).json index a72c9f55ef7a3..f5dfe0c862d1f 100644 --- a/resources/visualizations/Top-DestIP-By-Session-(pie).json +++ b/resources/visualizations/Top-DestIP-By-Session-(pie).json @@ -1,13 +1,9 @@ { - "_id":"Top-DestIP-By-Session-(pie)", - "_type":"visualization", - "_source":{ - "title":"Top DestIP By Session (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top DestIP By Session (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"DestIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } From 3c50b22a96d6410dae2dfd0c94c1a2e0885aface Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 15:00:27 -0600 Subject: [PATCH 20/26] Update Top-SrcIP-By-Metadata-impact(pie).json --- .../Top-SrcIP-By-Metadata-impact(pie).json | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json index 1efbdb9698d7b..fc9f624dffd19 100644 --- a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json +++ b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json @@ -1,13 +1,9 @@ { - "_id":"Top-SrcIP-By-Metadata-Impact-(pie)", - "_type":"visualization", - "_source":{ - "title":"Top SrcIP By Metadata Impact (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top SrcIP By Metadata Impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } -} \ No newline at end of file +} From 6d1d0406b417251731b9863cab3184331348e18f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kjell=20Hedstr=C3=B6m?= Date: Mon, 26 Mar 2018 15:01:02 -0600 Subject: [PATCH 21/26] Update Top-SrcIP-By-Session(pie).json --- .../Top-SrcIP-By-Session(pie).json | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/resources/visualizations/Top-SrcIP-By-Session(pie).json b/resources/visualizations/Top-SrcIP-By-Session(pie).json index 9976728751ed7..d3864cc77faf5 100644 --- a/resources/visualizations/Top-SrcIP-By-Session(pie).json +++ b/resources/visualizations/Top-SrcIP-By-Session(pie).json @@ -1,13 +1,9 @@ { - "_id":"Top-SrcIP-By-Session-(pie)", - "_type":"visualization", - "_source":{ - "title":"Top SrcIP By Session (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } + "title":"Top SrcIP By Session (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"Session\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } -} \ No newline at end of file +} From 2487d82251292366a95fe17380ff75778c45cece Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Mon, 26 Mar 2018 15:50:49 -0600 Subject: [PATCH 22/26] corrected name --- .../Top-SrcIP-By-Metadata-impact(pie).json | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json diff --git a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json b/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json deleted file mode 100644 index fc9f624dffd19..0000000000000 --- a/resources/visualizations/Top-SrcIP-By-Metadata-impact(pie).json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "title":"Top SrcIP By Metadata Impact (pie)", - "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", - "description":"", - "version":1, - "kibanaSavedObjectMeta":{ - "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" - } -} From 9f4f7b47fc659e22af7bad5e43313c05cdd5a7ab Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Mon, 26 Mar 2018 15:58:13 -0600 Subject: [PATCH 23/26] renamed --- ...ie).json => Top-DestIP-By-Metadata-Impact-(pie).json} | 0 .../Top-SrcIP-By-Metadata-Impact-(pie).json | 9 +++++++++ ...Session(pie).json => Top-SrcIP-By-Session-(pie).json} | 0 3 files changed, 9 insertions(+) rename resources/visualizations/{Top-DestIP-By-Metadata-impact-(pie).json => Top-DestIP-By-Metadata-Impact-(pie).json} (100%) create mode 100644 resources/visualizations/Top-SrcIP-By-Metadata-Impact-(pie).json rename resources/visualizations/{Top-SrcIP-By-Session(pie).json => Top-SrcIP-By-Session-(pie).json} (100%) diff --git a/resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json b/resources/visualizations/Top-DestIP-By-Metadata-Impact-(pie).json similarity index 100% rename from resources/visualizations/Top-DestIP-By-Metadata-impact-(pie).json rename to resources/visualizations/Top-DestIP-By-Metadata-Impact-(pie).json diff --git a/resources/visualizations/Top-SrcIP-By-Metadata-Impact-(pie).json b/resources/visualizations/Top-SrcIP-By-Metadata-Impact-(pie).json new file mode 100644 index 0000000000000..fc9f624dffd19 --- /dev/null +++ b/resources/visualizations/Top-SrcIP-By-Metadata-Impact-(pie).json @@ -0,0 +1,9 @@ +{ + "title":"Top SrcIP By Metadata Impact (pie)", + "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"SrcIP\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", + "description":"", + "version":1, + "kibanaSavedObjectMeta":{ + "searchSourceJSON":"{\"index\":\"[network_]YYYY_MM_DD\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + } +} diff --git a/resources/visualizations/Top-SrcIP-By-Session(pie).json b/resources/visualizations/Top-SrcIP-By-Session-(pie).json similarity index 100% rename from resources/visualizations/Top-SrcIP-By-Session(pie).json rename to resources/visualizations/Top-SrcIP-By-Session-(pie).json From 0ff5520104c2379380e913fbcf341f8cc85cdea8 Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Mon, 26 Mar 2018 16:04:46 -0600 Subject: [PATCH 24/26] renamed --- resources/dashboards/Support-Dashboard-What.json | 2 +- ...data.json => Top-Applications-By-Metadata-Impact-(pie).json} | 0 ...gram).json => Top-Applications-By-Sessions-(histogram).json} | 0 ...ssion-(pie).json => Top-Applications-By-Sessions-(pie).json} | 0 4 files changed, 1 insertion(+), 1 deletion(-) rename resources/visualizations/{Top-Applications-By-Metadata.json => Top-Applications-By-Metadata-Impact-(pie).json} (100%) rename resources/visualizations/{Top-Applications-By-Session-(histogram).json => Top-Applications-By-Sessions-(histogram).json} (100%) rename resources/visualizations/{Top-Applications-By-Session-(pie).json => Top-Applications-By-Sessions-(pie).json} (100%) diff --git a/resources/dashboards/Support-Dashboard-What.json b/resources/dashboards/Support-Dashboard-What.json index 5dadb5f22ba70..e175f87b6404a 100644 --- a/resources/dashboards/Support-Dashboard-What.json +++ b/resources/dashboards/Support-Dashboard-What.json @@ -2,7 +2,7 @@ "title":"Support Dashbboard - What", "hits":0, "description":"", - "panelsJSON":"[{\"col\":10,\"id\":\"Top-Applications-By-Sessions-(pie)\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Top-Applications-By-Metadata-impact-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Packet-Count\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", + "panelsJSON":"[{\"col\":10,\"id\":\"Top-Applications-By-Sessions-(pie)\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Top-Applications-By-Metadata-Impact-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Packet-Count\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", "version":2, "timeRestore":false, "kibanaSavedObjectMeta":{ diff --git a/resources/visualizations/Top-Applications-By-Metadata.json b/resources/visualizations/Top-Applications-By-Metadata-Impact-(pie).json similarity index 100% rename from resources/visualizations/Top-Applications-By-Metadata.json rename to resources/visualizations/Top-Applications-By-Metadata-Impact-(pie).json diff --git a/resources/visualizations/Top-Applications-By-Session-(histogram).json b/resources/visualizations/Top-Applications-By-Sessions-(histogram).json similarity index 100% rename from resources/visualizations/Top-Applications-By-Session-(histogram).json rename to resources/visualizations/Top-Applications-By-Sessions-(histogram).json diff --git a/resources/visualizations/Top-Applications-By-Session-(pie).json b/resources/visualizations/Top-Applications-By-Sessions-(pie).json similarity index 100% rename from resources/visualizations/Top-Applications-By-Session-(pie).json rename to resources/visualizations/Top-Applications-By-Sessions-(pie).json From 61275a20640473cb3fb0287b16290b1c7d17f3e9 Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Fri, 6 Apr 2018 15:37:18 -0600 Subject: [PATCH 25/26] impact -> Impact --- .../Top-Applications-By-Metadata-Impact-(pie).json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/visualizations/Top-Applications-By-Metadata-Impact-(pie).json b/resources/visualizations/Top-Applications-By-Metadata-Impact-(pie).json index 7c1fd6672ccd4..53a99f037bc5b 100644 --- a/resources/visualizations/Top-Applications-By-Metadata-Impact-(pie).json +++ b/resources/visualizations/Top-Applications-By-Metadata-Impact-(pie).json @@ -1,5 +1,5 @@ { - "title":"Top Applications By Metadata impact (pie)", + "title":"Top Applications By Metadata Impact (pie)", "visState":"{\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"JSONSize\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Application\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "description":"", "version":1, From 7ce3dc4521e7deeca40fc6a051767f47488a8c08 Mon Sep 17 00:00:00 2001 From: Kjell Hedstrom Date: Fri, 6 Apr 2018 15:38:37 -0600 Subject: [PATCH 26/26] bboard -> board --- resources/dashboards/Support-Dashboard-What.json | 2 +- resources/dashboards/Support-Dashboard-Where.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/dashboards/Support-Dashboard-What.json b/resources/dashboards/Support-Dashboard-What.json index e175f87b6404a..750c9ee33ba2b 100644 --- a/resources/dashboards/Support-Dashboard-What.json +++ b/resources/dashboards/Support-Dashboard-What.json @@ -1,5 +1,5 @@ { - "title":"Support Dashbboard - What", + "title":"Support Dashboard - What", "hits":0, "description":"", "panelsJSON":"[{\"col\":10,\"id\":\"Top-Applications-By-Sessions-(pie)\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Top-Applications-By-Metadata-Impact-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Bandwidth-(pie)\",\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Top-Applications-By-Packet-Count\",\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Top-Applications-By-Sessions-(histogram)\",\"row\":1,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"}]", diff --git a/resources/dashboards/Support-Dashboard-Where.json b/resources/dashboards/Support-Dashboard-Where.json index 156463761fa90..40798770fd115 100644 --- a/resources/dashboards/Support-Dashboard-Where.json +++ b/resources/dashboards/Support-Dashboard-Where.json @@ -1,5 +1,5 @@ { - "title":"Support Dashbboard - Where", + "title":"Support Dashboard - Where", "hits":0, "description":"", "panelsJSON":"[{\"id\":\"Support-Table\",\"type\":\"search\",\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":1,\"columns\":[\"Application\",\"SrcIP\",\"DestIP\",\"Duration\"],\"sort\":[\"TimeUpdated\",\"asc\"]},{\"id\":\"Top-SrcIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":1},{\"id\":\"Top-DestIP-By-Metadata-Impact-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":7,\"row\":3},{\"id\":\"Top-DestIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":3},{\"id\":\"Top-SrcIP-By-Session-(pie)\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]",