From 02d29c6f9eff1d97c1dbfa9bf14c3175023c4de5 Mon Sep 17 00:00:00 2001 From: Lukas Olson Date: Thu, 21 Mar 2019 13:34:21 -0700 Subject: [PATCH] Default Beats Kibana dashboards to KQL instead of Lucene (#11268) Closes https://github.com/elastic/beats/issues/10969. In Kibana as of 7.0, the default query language is no longer Lucene, but KQL (Kibana Query Language). This PR updates all of the JSON objects to use the new language, and modifies any existing queries to the new syntax (if needed - most of them stayed the same). --- .../auditbeat-kernel-executions.json | 12 +- .../dashboard/auditbeat-kernel-overview.json | 6 +- .../7/dashboard/auditbeat-kernel-sockets.json | 18 +- .../7/dashboard/auditbeat-file-integrity.json | 99 +- .../kibana/7/dashboard/Filebeat-apache.json | 17 +- .../kibana/7/dashboard/Filebeat-auditd.json | 35 +- .../dashboard/Filebeat-haproxy-overview.json | 10 +- .../dashboard/Filebeat-icinga-debug-log.json | 13 +- .../7/dashboard/Filebeat-icinga-main-log.json | 11 +- .../Filebeat-icinga-startup-errors.json | 16 +- .../kibana/7/dashboard/Filebeat-iis.json | 14 +- .../7/dashboard/Filebeat-Kafka-overview.json | 10 +- .../7/dashboard/Filebeat-logstash-log.json | 8 +- .../dashboard/Filebeat-logstash-slowlog.json | 12 +- .../dashboard/Filebeat-Mongodb-overview.json | 8 +- .../kibana/7/dashboard/Filebeat-mysql.json | 17 +- .../7/dashboard/Filebeat-nats-overview.json | 20 +- .../7/dashboard/Filebeat-nginx-logs.json | 17 +- .../7/dashboard/Filebeat-nginx-overview.json | 854 +++++++++--------- .../7/dashboard/osquery-compliance.json | 22 +- .../kibana/7/dashboard/osquery-rootkit.json | 8 +- .../Filebeat-Postgresql-overview.json | 6 +- .../Filebeat-Postgresql-slowlogs.json | 11 +- .../kibana/7/dashboard/Filebeat-redis.json | 34 +- .../Filebeat-auth-sudo-commands.json | 21 +- .../Filebeat-new-users-and-groups.json | 21 +- .../Filebeat-ssh-login-attempts.json | 27 +- .../kibana/7/dashboard/Filebeat-syslog.json | 13 +- .../dashboard/Filebeat-traefik-overview.json | 37 +- .../7/dashboard/Journalbeat-overview.json | 10 +- libbeat/dashboards/modify_json_test.go | 4 +- libbeat/kibana/testdata/beat-6.json | 2 +- libbeat/kibana/testdata/fields.yml | 10 +- .../dashboard/Metricbeat-apache-overview.json | 13 +- .../dashboard/Metricbeat-docker-overview.json | 29 +- .../dashboard/Metricbeat-golang-overview.json | 63 +- .../dashboard/Metricbeat-haproxy-backend.json | 2 +- .../Metricbeat-haproxy-frontend.json | 2 +- .../Metricbeat-haproxy-http-backend.json | 2 +- .../Metricbeat-haproxy-http-frontend.json | 2 +- .../Metricbeat-haproxy-http-server.json | 2 +- .../Metricbeat-haproxy-overview.json | 2 +- .../Metricbeat-haproxy-visualizations.json | 8 +- .../dashboard/Metricbeat-kafka-overview.json | 4 +- .../Metricbeat-kubernetes-apiserver.json | 2 +- .../Metricbeat-kubernetes-overview.json | 86 +- .../Metricbeat-mongodb-overview.json | 13 +- .../dashboard/Metricbeat-mysql-overview.json | 9 +- .../7/dashboard/Metricbeat-nats-overview.json | 26 +- .../dashboard/metricbeat-nginx-overview.json | 2 +- .../Metricbeat-rabbitmq-overview.json | 13 +- .../dashboard/Metricbeat-redis-overview.json | 17 +- .../Metricbeat-containers-overview.json | 45 +- .../7/dashboard/Metricbeat-host-overview.json | 168 +--- .../dashboard/Metricbeat-system-overview.json | 96 +- .../dashboard/Metricbeat-uwsgi-overview.json | 4 +- .../dashboard/metricbeat-windows-service.json | 14 +- .../Metricbeat-zookeeper-overview.json | 12 +- .../7/dashboard/Packetbeat-cassandra.json | 81 +- .../kibana/7/dashboard/Packetbeat-dhcpv4.json | 4 +- .../7/dashboard/Packetbeat-dns-overview.json | 25 +- .../7/dashboard/Packetbeat-dns-tunneling.json | 13 +- .../kibana/7/dashboard/Packetbeat-flows.json | 28 +- .../kibana/7/dashboard/Packetbeat-http.json | 39 +- .../7/dashboard/Packetbeat-mongodb.json | 33 +- .../kibana/7/dashboard/Packetbeat-mysql.json | 41 +- .../kibana/7/dashboard/Packetbeat-nfs.json | 31 +- .../7/dashboard/Packetbeat-overview.json | 45 +- .../kibana/7/dashboard/Packetbeat-pgsql.json | 36 +- .../kibana/7/dashboard/Packetbeat-thrift.json | 32 +- .../kibana/7/dashboard/Packetbeat-tls.json | 89 +- packetbeat/docs/filtering.asciidoc | 4 +- .../7/dashboard/Winlogbeat-overview.json | 43 +- .../auditbeat-system-host-dashboard.json | 2 +- .../auditbeat-system-login-dashboard.json | 16 +- .../auditbeat-system-overview-dashboard.json | 32 +- .../auditbeat-system-package-dashboard.json | 16 +- .../auditbeat-system-process-dashboard.json | 18 +- .../auditbeat-system-socket-dashboard.json | 24 +- .../auditbeat-system-user-dashboard.json | 16 +- .../filebeat-network-flows-top-n.json | 16 +- .../Metricbeat-mssql-performance.json | 12 +- .../Metricbeat-mssql-transaction_log.json | 18 +- 83 files changed, 1040 insertions(+), 1733 deletions(-) diff --git a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-executions.json b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-executions.json index 6fe85f307d8..765e625b878 100644 --- a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-executions.json +++ b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-executions.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -63,7 +63,7 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -115,7 +115,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -231,8 +231,8 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -258,7 +258,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-overview.json b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-overview.json index fcad7083c3f..452017e32a6 100644 --- a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-overview.json +++ b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-overview.json @@ -82,7 +82,7 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -191,7 +191,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -218,7 +218,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-sockets.json b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-sockets.json index 5df146f0413..00681daf5ff 100644 --- a/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-sockets.json +++ b/auditbeat/module/auditd/_meta/kibana/7/dashboard/auditbeat-kernel-sockets.json @@ -35,7 +35,7 @@ } ], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -129,7 +129,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -223,7 +223,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -388,7 +388,7 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -545,7 +545,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -652,7 +652,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -782,7 +782,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -809,8 +809,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } diff --git a/auditbeat/module/file_integrity/_meta/kibana/7/dashboard/auditbeat-file-integrity.json b/auditbeat/module/file_integrity/_meta/kibana/7/dashboard/auditbeat-file-integrity.json index 3031ed31941..97e11626c35 100644 --- a/auditbeat/module/file_integrity/_meta/kibana/7/dashboard/auditbeat-file-integrity.json +++ b/auditbeat/module/file_integrity/_meta/kibana/7/dashboard/auditbeat-file-integrity.json @@ -8,14 +8,8 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -114,14 +108,8 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -253,14 +241,8 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -315,14 +297,8 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -377,15 +353,9 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", + "language": "kuery", "query": "event.action:updated OR event.action:attributes_modified" } - } - } } }, "savedSearchId": "a380a060-cb44-11e7-9835-2f31fe08873b-ecs", @@ -540,8 +510,8 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" } } }, @@ -639,14 +609,8 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -744,14 +708,8 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -835,15 +793,9 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", + "language": "kuery", "query": "event.action:deleted" } - } - } } }, "savedSearchId": "a380a060-cb44-11e7-9835-2f31fe08873b-ecs", @@ -897,15 +849,9 @@ "filter": [], "index": "auditbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "default_field": "*", + "language": "kuery", "query": "event.action:created" } - } - } } }, "savedSearchId": "a380a060-cb44-11e7-9835-2f31fe08873b-ecs", @@ -992,7 +938,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1019,13 +965,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/apache/_meta/kibana/7/dashboard/Filebeat-apache.json b/filebeat/module/apache/_meta/kibana/7/dashboard/Filebeat-apache.json index 565551631cd..0459a890331 100644 --- a/filebeat/module/apache/_meta/kibana/7/dashboard/Filebeat-apache.json +++ b/filebeat/module/apache/_meta/kibana/7/dashboard/Filebeat-apache.json @@ -448,11 +448,9 @@ }, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:apache.error" } - } } }, "sort": [ @@ -494,11 +492,9 @@ }, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:apache.access" } - } } }, "sort": [ @@ -521,13 +517,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/auditd/_meta/kibana/7/dashboard/Filebeat-auditd.json b/filebeat/module/auditd/_meta/kibana/7/dashboard/Filebeat-auditd.json index 4c8e9d8111c..e45db5bb334 100644 --- a/filebeat/module/auditd/_meta/kibana/7/dashboard/Filebeat-auditd.json +++ b/filebeat/module/auditd/_meta/kibana/7/dashboard/Filebeat-auditd.json @@ -8,10 +8,8 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -63,11 +61,9 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.action:EXECVE" } - } } }, "title": "Top Exec Commands [Filebeat Auditd] ECS", @@ -156,10 +152,8 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -232,10 +226,8 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -295,10 +287,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:auditd.log" - } }, "version": true } @@ -323,13 +313,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/haproxy/_meta/kibana/7/dashboard/Filebeat-haproxy-overview.json b/filebeat/module/haproxy/_meta/kibana/7/dashboard/Filebeat-haproxy-overview.json index bb605e9a680..66fe61ed6cd 100644 --- a/filebeat/module/haproxy/_meta/kibana/7/dashboard/Filebeat-haproxy-overview.json +++ b/filebeat/module/haproxy/_meta/kibana/7/dashboard/Filebeat-haproxy-overview.json @@ -8,7 +8,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -72,7 +72,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -136,7 +136,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -219,7 +219,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -361,7 +361,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-debug-log.json b/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-debug-log.json index cb05cb4f74e..281bea5dfa7 100644 --- a/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-debug-log.json +++ b/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-debug-log.json @@ -211,8 +211,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -237,13 +237,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-main-log.json b/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-main-log.json index 835c015de58..bc3dba222bd 100644 --- a/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-main-log.json +++ b/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-main-log.json @@ -142,7 +142,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -235,13 +235,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-startup-errors.json b/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-startup-errors.json index 5a4799e7037..0a26774f97b 100644 --- a/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-startup-errors.json +++ b/filebeat/module/icinga/_meta/kibana/7/dashboard/Filebeat-icinga-startup-errors.json @@ -76,13 +76,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "log.level:critical" - } - } }, "version": true } @@ -107,13 +102,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/iis/_meta/kibana/7/dashboard/Filebeat-iis.json b/filebeat/module/iis/_meta/kibana/7/dashboard/Filebeat-iis.json index ef507875a55..205467e7b60 100644 --- a/filebeat/module/iis/_meta/kibana/7/dashboard/Filebeat-iis.json +++ b/filebeat/module/iis/_meta/kibana/7/dashboard/Filebeat-iis.json @@ -8,7 +8,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -75,7 +75,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -203,7 +203,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -275,7 +275,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -347,7 +347,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -475,7 +475,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -550,7 +550,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/kafka/_meta/kibana/7/dashboard/Filebeat-Kafka-overview.json b/filebeat/module/kafka/_meta/kibana/7/dashboard/Filebeat-Kafka-overview.json index 6abfc572c16..252eaa7670b 100644 --- a/filebeat/module/kafka/_meta/kibana/7/dashboard/Filebeat-Kafka-overview.json +++ b/filebeat/module/kafka/_meta/kibana/7/dashboard/Filebeat-Kafka-overview.json @@ -140,8 +140,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "_exists_:kafka.log.trace.class" + "language": "kuery", + "query": "kafka.log.trace.class:*" }, "version": true } @@ -225,8 +225,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -377,7 +377,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-log.json b/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-log.json index 7bae7158ff2..3c7c93bc7b4 100644 --- a/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-log.json +++ b/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-log.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -60,7 +60,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -249,7 +249,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -275,7 +275,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-slowlog.json b/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-slowlog.json index 9311f33ad24..2975ad68224 100644 --- a/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-slowlog.json +++ b/filebeat/module/logstash/_meta/kibana/7/dashboard/Filebeat-logstash-slowlog.json @@ -71,7 +71,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -95,7 +95,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -148,7 +148,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -275,7 +275,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -440,7 +440,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -466,7 +466,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/mongodb/_meta/kibana/7/dashboard/Filebeat-Mongodb-overview.json b/filebeat/module/mongodb/_meta/kibana/7/dashboard/Filebeat-Mongodb-overview.json index bce38f2b3a7..e3978aca6be 100644 --- a/filebeat/module/mongodb/_meta/kibana/7/dashboard/Filebeat-Mongodb-overview.json +++ b/filebeat/module/mongodb/_meta/kibana/7/dashboard/Filebeat-Mongodb-overview.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -71,7 +71,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "log.level: F or log.level: W" }, "version": true @@ -105,7 +105,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "log.level: *" }, "version": true @@ -131,7 +131,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/mysql/_meta/kibana/7/dashboard/Filebeat-mysql.json b/filebeat/module/mysql/_meta/kibana/7/dashboard/Filebeat-mysql.json index 8ac1322da08..4d92705711f 100644 --- a/filebeat/module/mysql/_meta/kibana/7/dashboard/Filebeat-mysql.json +++ b/filebeat/module/mysql/_meta/kibana/7/dashboard/Filebeat-mysql.json @@ -414,8 +414,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -618,8 +618,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -644,13 +644,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json b/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json index ee758f0a3bc..3d6311c6721 100644 --- a/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json +++ b/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json @@ -8,7 +8,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -130,7 +130,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "service.type: nats" } } @@ -249,7 +249,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -368,7 +368,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -480,7 +480,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "service.type: nats" } } @@ -538,7 +538,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "service.type: nats" } } @@ -596,7 +596,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -654,7 +654,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "service.type: nats" } } @@ -774,7 +774,7 @@ "filter": [], "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "service.type: nats" } } @@ -913,7 +913,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-logs.json b/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-logs.json index 8c75d52dfc5..b25c6da5482 100644 --- a/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-logs.json +++ b/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-logs.json @@ -27,8 +27,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "event.module:nginx AND _exists_:message" + "language": "kuery", + "query": "event.module:nginx AND message:*" }, "version": true } @@ -73,8 +73,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "event.module:nginx AND _exists_:url.original" + "language": "kuery", + "query": "event.module:nginx AND url.original:*" }, "version": true } @@ -200,13 +200,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-overview.json b/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-overview.json index 2841bfcd99e..af3f0024867 100644 --- a/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-overview.json +++ b/filebeat/module/nginx/_meta/kibana/7/dashboard/Filebeat-nginx-overview.json @@ -2,690 +2,676 @@ "objects": [ { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], - "index": "filebeat-*", + "filter": [], + "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } - }, - "title": "Browsers breakdown [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Browsers breakdown [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { "aggs": [ { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", "type": "count" - }, + }, { - "enabled": true, - "id": "2", + "enabled": true, + "id": "2", "params": { - "field": "user_agent.name", - "order": "desc", - "orderBy": "1", + "field": "user_agent.name", + "order": "desc", + "orderBy": "1", "size": 5 - }, - "schema": "segment", + }, + "schema": "segment", "type": "terms" - }, + }, { - "enabled": true, - "id": "3", + "enabled": true, + "id": "3", "params": { - "field": "nginx.access.user_agent.major", - "order": "desc", - "orderBy": "1", + "field": "nginx.access.user_agent.major", + "order": "desc", + "orderBy": "1", "size": 5 - }, - "schema": "segment", + }, + "schema": "segment", "type": "terms" } - ], - "listeners": {}, + ], + "listeners": {}, "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "legendPosition": "bottom", + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", "shareYAxis": true - }, - "title": "Nginx Access Browsers ECS", + }, + "title": "Nginx Access Browsers ECS", "type": "pie" } - }, - "id": "Nginx-Access-Browsers-ecs", - "type": "visualization", + }, + "id": "Nginx-Access-Browsers-ecs", + "type": "visualization", "version": 1 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], - "index": "filebeat-*", + "filter": [], + "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } - }, - "title": "Operating systems breakdown [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Operating systems breakdown [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { "aggs": [ { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", "type": "count" - }, + }, { - "enabled": true, - "id": "2", + "enabled": true, + "id": "2", "params": { - "field": "user_agent.os.name", - "order": "desc", - "orderBy": "1", + "field": "user_agent.os.name", + "order": "desc", + "orderBy": "1", "size": 5 - }, - "schema": "segment", + }, + "schema": "segment", "type": "terms" - }, + }, { - "enabled": true, - "id": "3", + "enabled": true, + "id": "3", "params": { - "field": "nginx.access.user_agent.os_major", - "order": "desc", - "orderBy": "1", + "field": "nginx.access.user_agent.os_major", + "order": "desc", + "orderBy": "1", "size": 5 - }, - "schema": "segment", + }, + "schema": "segment", "type": "terms" } - ], - "listeners": {}, + ], + "listeners": {}, "params": { - "addLegend": true, - "addTooltip": true, - "isDonut": true, - "legendPosition": "bottom", + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "legendPosition": "bottom", "shareYAxis": true - }, - "title": "Nginx Access OSes ECS", + }, + "title": "Nginx Access OSes ECS", "type": "pie" } - }, - "id": "Nginx-Access-OSes-ecs", - "type": "visualization", + }, + "id": "Nginx-Access-OSes-ecs", + "type": "visualization", "version": 1 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [] } - }, - "savedSearchId": "Filebeat-Nginx-module-ecs", - "title": "Access Map [Filebeat Nginx] ECS", + }, + "savedSearchId": "Filebeat-Nginx-module-ecs", + "title": "Access Map [Filebeat Nginx] ECS", "uiStateJSON": { "mapCenter": [ - 12.039320557540572, + 12.039320557540572, -0.17578125 ] - }, - "version": 1, + }, + "version": 1, "visState": { "aggs": [ { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", "type": "count" - }, + }, { - "enabled": true, - "id": "2", + "enabled": true, + "id": "2", "params": { - "autoPrecision": true, + "autoPrecision": true, "field": "source.geo.location" - }, - "schema": "segment", + }, + "schema": "segment", "type": "geohash_grid" } - ], - "listeners": {}, + ], + "listeners": {}, "params": { - "addTooltip": true, - "heatBlur": 15, - "heatMaxZoom": 16, - "heatMinOpacity": 0.1, - "heatNormalizeData": true, - "heatRadius": 25, - "isDesaturated": true, - "legendPosition": "bottomright", + "addTooltip": true, + "heatBlur": 15, + "heatMaxZoom": 16, + "heatMinOpacity": 0.1, + "heatNormalizeData": true, + "heatRadius": 25, + "isDesaturated": true, + "legendPosition": "bottomright", "mapCenter": [ - 15, + 15, 5 - ], - "mapType": "Scaled Circle Markers", - "mapZoom": 2, + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, "wms": { - "enabled": false, + "enabled": false, "options": { - "attribution": "Maps provided by USGS", - "format": "image/png", - "layers": "0", - "styles": "", - "transparent": true, + "attribution": "Maps provided by USGS", + "format": "image/png", + "layers": "0", + "styles": "", + "transparent": true, "version": "1.3.0" - }, + }, "url": "https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer" } - }, - "title": "Nginx Access Map ECS", + }, + "title": "Nginx Access Map ECS", "type": "tile_map" } - }, - "id": "Nginx-Access-Map-ecs", - "type": "visualization", + }, + "id": "Nginx-Access-Map-ecs", + "type": "visualization", "version": 1 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": {} - }, - "title": "Response codes over time [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Response codes over time [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { - "aggs": [], + "aggs": [], "params": { - "axis_formatter": "number", - "axis_position": "left", - "filter": "event.module:nginx AND fileset.name:access", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "filebeat-*", - "interval": "auto", - "legend_position": "bottom", + "axis_formatter": "number", + "axis_position": "left", + "filter": "event.module:nginx AND fileset.name:access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", "series": [ { - "axis_position": "right", - "chart_type": "bar", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, + "axis_position": "right", + "chart_type": "bar", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, "metrics": [ { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", "type": "count" } - ], - "point_size": 1, - "seperate_axis": 0, + ], + "point_size": 1, + "seperate_axis": 0, "split_filters": [ { - "color": "#68BC00", - "filter": "http.response.status_code:[200 TO 299]", - "id": "5acdc750-a29d-11e7-a062-a1c3587f4874", + "color": "#68BC00", + "filter": "http.response.status_code:[200 TO 299]", + "id": "5acdc750-a29d-11e7-a062-a1c3587f4874", "label": "200s" - }, + }, { - "color": "rgba(252,196,0,1)", - "filter": "http.response.status_code:[300 TO 399]", - "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874", + "color": "rgba(252,196,0,1)", + "filter": "http.response.status_code:[300 TO 399]", + "id": "6efd2ae0-a29d-11e7-a062-a1c3587f4874", "label": "300s" - }, + }, { - "color": "rgba(211,49,21,1)", - "filter": "http.response.status_code:[400 TO 499]", - "id": "76089a90-a29d-11e7-a062-a1c3587f4874", + "color": "rgba(211,49,21,1)", + "filter": "http.response.status_code:[400 TO 499]", + "id": "76089a90-a29d-11e7-a062-a1c3587f4874", "label": "400s" - }, + }, { - "color": "rgba(171,20,158,1)", - "filter": "http.response.status_code:[500 TO 599]", - "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874", + "color": "rgba(171,20,158,1)", + "filter": "http.response.status_code:[500 TO 599]", + "id": "7c7929d0-a29d-11e7-a062-a1c3587f4874", "label": "500s" } - ], - "split_mode": "filters", - "stacked": "stacked", - "terms_field": "http.response.status_code", + ], + "split_mode": "filters", + "stacked": "stacked", + "terms_field": "http.response.status_code", "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", "type": "timeseries" - }, - "title": "Response codes over time [Filebeat Nginx] ECS", + }, + "title": "Response codes over time [Filebeat Nginx] ECS", "type": "metrics" } - }, - "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs", - "type": "visualization", + }, + "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs", + "type": "visualization", "version": 7 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": {} - }, - "title": "Top pages [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Top pages [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { - "aggs": [], + "aggs": [], "params": { - "axis_formatter": "number", - "axis_position": "left", + "axis_formatter": "number", + "axis_position": "left", "bar_color_rules": [ { "id": "6252c320-a1f5-11e7-92ba-5d0b8663aece" } - ], - "filter": "event.module:nginx AND fileset.name:access", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "filebeat-*", - "interval": "auto", + ], + "filter": "event.module:nginx AND fileset.name:access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", "series": [ { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, "metrics": [ { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", "type": "count" } - ], - "point_size": 1, - "seperate_axis": 0, - "split_mode": "terms", - "stacked": "none", - "terms_field": "url.original", - "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "url.original", + "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417", "value_template": "" } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", "type": "top_n" - }, - "title": "Top pages [Filebeat Nginx] ECS", + }, + "title": "Top pages [Filebeat Nginx] ECS", "type": "metrics" } - }, - "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs", - "type": "visualization", + }, + "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs", + "type": "visualization", "version": 3 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": {} - }, - "title": "Errors over time [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Errors over time [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { - "aggs": [], + "aggs": [], "params": { - "axis_formatter": "number", - "axis_position": "left", - "filter": "event.module:nginx AND fileset.name:error", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "filebeat-*", - "interval": "auto", - "legend_position": "bottom", + "axis_formatter": "number", + "axis_position": "left", + "filter": "event.module:nginx AND fileset.name:error", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", "series": [ { - "axis_position": "right", - "chart_type": "bar", - "color": "rgba(211,49,21,1)", - "fill": 0.5, - "formatter": "number", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "line_width": 1, + "axis_position": "right", + "chart_type": "bar", + "color": "rgba(211,49,21,1)", + "fill": 0.5, + "formatter": "number", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "line_width": 1, "metrics": [ { - "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", "type": "count" } - ], - "point_size": 1, - "seperate_axis": 0, - "split_mode": "terms", - "stacked": "none", - "terms_field": "log.level", + ], + "point_size": 1, + "seperate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "log.level", "terms_order_by": "61ca57f2-469d-11e7-af02-69e470af7417" } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", "type": "timeseries" - }, - "title": "Errors over time [Filebeat Nginx] ECS", + }, + "title": "Errors over time [Filebeat Nginx] ECS", "type": "metrics" } - }, - "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs", - "type": "visualization", + }, + "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs", + "type": "visualization", "version": 5 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": {} - }, - "title": "Data Volume [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Data Volume [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { - "aggs": [], + "aggs": [], "params": { - "axis_formatter": "number", - "axis_position": "left", - "filter": "event.module: nginx AND fileset.name: access", - "id": "61ca57f0-469d-11e7-af02-69e470af7417", - "index_pattern": "filebeat-*", - "interval": "auto", - "legend_position": "bottom", + "axis_formatter": "number", + "axis_position": "left", + "filter": "event.module: nginx AND fileset.name: access", + "id": "61ca57f0-469d-11e7-af02-69e470af7417", + "index_pattern": "filebeat-*", + "interval": "auto", + "legend_position": "bottom", "series": [ { - "axis_position": "right", - "chart_type": "line", - "color": "#68BC00", - "fill": 0.5, - "formatter": "bytes", - "id": "61ca57f1-469d-11e7-af02-69e470af7417", - "label": "", - "line_width": 1, + "axis_position": "right", + "chart_type": "line", + "color": "#68BC00", + "fill": 0.5, + "formatter": "bytes", + "id": "61ca57f1-469d-11e7-af02-69e470af7417", + "label": "", + "line_width": 1, "metrics": [ { - "field": "http.response.body.bytes", - "id": "61ca57f2-469d-11e7-af02-69e470af7417", + "field": "http.response.body.bytes", + "id": "61ca57f2-469d-11e7-af02-69e470af7417", "type": "sum" } - ], - "point_size": 1, - "seperate_axis": 0, + ], + "point_size": 1, + "seperate_axis": 0, "split_filters": [ { - "color": "#68BC00", - "filter": "http.response.status_code:[200 TO 299]", - "id": "7c343c20-a29e-11e7-a062-a1c3587f4874", + "color": "#68BC00", + "filter": "http.response.status_code:[200 TO 299]", + "id": "7c343c20-a29e-11e7-a062-a1c3587f4874", "label": "200s" } - ], - "split_mode": "everything", - "stacked": "none", + ], + "split_mode": "everything", + "stacked": "none", "terms_field": null } - ], - "show_grid": 1, - "show_legend": 1, - "time_field": "@timestamp", + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", "type": "timeseries" - }, - "title": "Data Volume [Filebeat Nginx] ECS", + }, + "title": "Data Volume [Filebeat Nginx] ECS", "type": "metrics" } - }, - "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs", - "type": "visualization", + }, + "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs", + "type": "visualization", "version": 2 - }, + }, { "attributes": { - "description": "", + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": {} - }, - "title": "Dashboards [Filebeat Nginx] ECS", - "uiStateJSON": {}, - "version": 1, + }, + "title": "Dashboards [Filebeat Nginx] ECS", + "uiStateJSON": {}, + "version": 1, "visState": { - "aggs": [], + "aggs": [], "params": { - "fontSize": 12, + "fontSize": 12, "markdown": "[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)" - }, - "title": "Dashboards [Filebeat Nginx] ECS", + }, + "title": "Dashboards [Filebeat Nginx] ECS", "type": "markdown" } - }, - "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", - "type": "visualization", + }, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", + "type": "visualization", "version": 1 - }, + }, { "attributes": { "columns": [ - "url.original", - "http.request.method", - "http.response.status_code", - "http.request.referrer", + "url.original", + "http.request.method", + "http.response.status_code", + "http.request.referrer", "http.response.body.bytes" - ], - "description": "", - "hits": 0, + ], + "description": "", + "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [], "highlight": { "fields": { "*": {} - }, - "fragment_size": 2147483647, + }, + "fragment_size": 2147483647, "post_tags": [ "@/kibana-highlighted-field@" - ], + ], "pre_tags": [ "@kibana-highlighted-field@" - ], + ], "require_field_match": false - }, - "highlightAll": true, - "index": "filebeat-*", + }, + "highlightAll": true, + "index": "filebeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "event.module:nginx" - } - } - }, + "language": "kuery", + "query": "event.module:nginx" + }, "version": true } - }, + }, "sort": [ - "@timestamp", + "@timestamp", "desc" - ], - "title": "Nginx logs [Filebeat Nginx] ECS", + ], + "title": "Nginx logs [Filebeat Nginx] ECS", "version": 1 - }, - "id": "Filebeat-Nginx-module-ecs", - "type": "search", + }, + "id": "Filebeat-Nginx-module-ecs", + "type": "search", "version": 2 - }, + }, { "attributes": { - "description": "Dashboard for the Filebeat Nginx module", - "hits": 0, + "description": "Dashboard for the Filebeat Nginx module", + "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], - "highlightAll": true, + "filter": [], + "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } - }, + "language": "kuery", + "query": "" + }, "version": true } - }, + }, "optionsJSON": { "darkTheme": false - }, + }, "panelsJSON": [ { - "col": 10, - "id": "Nginx-Access-Browsers-ecs", - "panelIndex": 3, - "row": 12, - "size_x": 3, - "size_y": 3, + "col": 10, + "id": "Nginx-Access-Browsers-ecs", + "panelIndex": 3, + "row": 12, + "size_x": 3, + "size_y": 3, "type": "visualization" - }, + }, { - "col": 7, - "id": "Nginx-Access-OSes-ecs", - "panelIndex": 4, - "row": 12, - "size_x": 3, - "size_y": 3, + "col": 7, + "id": "Nginx-Access-OSes-ecs", + "panelIndex": 4, + "row": 12, + "size_x": 3, + "size_y": 3, "type": "visualization" - }, + }, { - "col": 1, - "id": "Nginx-Access-Map-ecs", - "panelIndex": 8, - "row": 2, - "size_x": 12, - "size_y": 4, + "col": 1, + "id": "Nginx-Access-Map-ecs", + "panelIndex": 8, + "row": 2, + "size_x": 12, + "size_y": 4, "type": "visualization" - }, + }, { - "col": 1, - "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs", - "panelIndex": 13, - "row": 6, - "size_x": 12, - "size_y": 3, + "col": 1, + "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs", + "panelIndex": 13, + "row": 6, + "size_x": 12, + "size_y": 3, "type": "visualization" - }, + }, { - "col": 7, - "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs", - "panelIndex": 14, - "row": 9, - "size_x": 6, - "size_y": 3, + "col": 7, + "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs", + "panelIndex": 14, + "row": 9, + "size_x": 6, + "size_y": 3, "type": "visualization" - }, + }, { - "col": 1, - "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs", - "panelIndex": 15, - "row": 9, - "size_x": 6, - "size_y": 3, + "col": 1, + "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs", + "panelIndex": 15, + "row": 9, + "size_x": 6, + "size_y": 3, "type": "visualization" - }, + }, { - "col": 1, - "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs", - "panelIndex": 16, - "row": 12, - "size_x": 6, - "size_y": 3, + "col": 1, + "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs", + "panelIndex": 16, + "row": 12, + "size_x": 6, + "size_y": 3, "type": "visualization" - }, + }, { - "col": 1, - "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", - "panelIndex": 17, - "row": 1, - "size_x": 12, - "size_y": 1, + "col": 1, + "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs", + "panelIndex": 17, + "row": 1, + "size_x": 12, + "size_y": 1, "type": "visualization" } - ], - "timeRestore": false, - "title": "[Filebeat Nginx] Overview ECS", + ], + "timeRestore": false, + "title": "[Filebeat Nginx] Overview ECS", "uiStateJSON": { "P-4": { "vis": { "legendOpen": true } - }, + }, "P-8": { "mapBounds": { "bottom_right": { - "lat": -7.362466865535738, + "lat": -7.362466865535738, "lon": 245.39062500000003 - }, + }, "top_left": { - "lat": 77.07878389624943, + "lat": 77.07878389624943, "lon": -245.74218750000003 } - }, + }, "mapCenter": [ - 50.51342652633956, + 50.51342652633956, -0.17578125 - ], + ], "mapCollar": { "bottom_right": { - "lat": -49.583095, + "lat": -49.583095, "lon": 180 - }, + }, "top_left": { - "lat": 90, + "lat": 90, "lon": -180 - }, + }, "zoom": 2 - }, + }, "mapZoom": 2 } - }, + }, "version": 1 - }, - "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs", - "type": "dashboard", + }, + "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs", + "type": "dashboard", "version": 6 } - ], + ], "version": "6.0.0-beta2" } diff --git a/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-compliance.json b/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-compliance.json index 0642a853b46..55f205759ef 100644 --- a/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-compliance.json +++ b/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-compliance.json @@ -42,8 +42,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -67,7 +67,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -174,8 +174,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -199,7 +199,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -312,7 +312,7 @@ } ], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -459,8 +459,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -519,7 +519,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -546,7 +546,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-rootkit.json b/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-rootkit.json index 17b5b234e55..0ceb7c9e8a7 100644 --- a/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-rootkit.json +++ b/filebeat/module/osquery/_meta/kibana/7/dashboard/osquery-rootkit.json @@ -31,7 +31,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -97,7 +97,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -267,7 +267,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -294,7 +294,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json index 375fc4d56d1..ad349eece92 100644 --- a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json +++ b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json @@ -106,8 +106,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -257,7 +257,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json index af7add6a6ee..d5203c91d0d 100644 --- a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json +++ b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json @@ -7,7 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene" + "language": "kuery", + "query": "" } } }, @@ -168,8 +169,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "event.duration:>30000000" + "language": "kuery", + "query": "event.duration>30000000" }, "version": true } @@ -201,7 +202,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "event.duration:*" }, "version": true @@ -227,7 +228,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "postgresql.log.query:*" }, "version": true diff --git a/filebeat/module/redis/_meta/kibana/7/dashboard/Filebeat-redis.json b/filebeat/module/redis/_meta/kibana/7/dashboard/Filebeat-redis.json index 4cd6acabd6e..931f2cbf962 100644 --- a/filebeat/module/redis/_meta/kibana/7/dashboard/Filebeat-redis.json +++ b/filebeat/module/redis/_meta/kibana/7/dashboard/Filebeat-redis.json @@ -9,13 +9,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:redis.log" - } - } }, "version": true } @@ -82,13 +77,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:redis.log" - } - } }, "version": true } @@ -292,8 +282,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -450,13 +440,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:redis.slowlog" - } - } }, "version": true } @@ -481,13 +466,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-auth-sudo-commands.json b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-auth-sudo-commands.json index d17f7526b2e..a1a216b87d2 100644 --- a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-auth-sudo-commands.json +++ b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-auth-sudo-commands.json @@ -76,10 +76,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "_exists_:system.auth.sudo.error" - } + "language": "kuery", + "query": "system.auth.sudo.error:*" } } }, @@ -255,10 +253,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "_exists_:system.auth.sudo" - } + "language": "kuery", + "query": "system.auth.sudo:*" } } }, @@ -282,13 +278,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-new-users-and-groups.json b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-new-users-and-groups.json index 327a4e3c093..85f53dc3f8b 100644 --- a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-new-users-and-groups.json +++ b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-new-users-and-groups.json @@ -519,10 +519,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "_exists_:system.auth.useradd" - } + "language": "kuery", + "query": "system.auth.useradd:*" } } }, @@ -551,10 +549,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "_exists_:system.auth.groupadd" - } + "language": "kuery", + "query": "system.auth.groupadd:*" } } }, @@ -578,13 +574,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-ssh-login-attempts.json b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-ssh-login-attempts.json index 0a7b456771c..9536b53fc0f 100644 --- a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-ssh-login-attempts.json +++ b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-ssh-login-attempts.json @@ -9,11 +9,9 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.action:Accepted" } - } } }, "title": "Successful SSH logins [Filebeat System] ECS", @@ -169,11 +167,9 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.action:Failed OR event.action:Invalid" } - } } }, "title": "SSH users of failed login attempts [Filebeat System] ECS", @@ -225,11 +221,9 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.action:Failed OR event.action:Invalid" } - } } }, "title": "SSH failed login attempts source locations [Filebeat System] ECS", @@ -316,10 +310,8 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "event.dataset:system.auth AND _exists_:event.action" - } + "language": "kuery", + "query": "event.dataset:system.auth AND event.action:*" } } }, @@ -366,13 +358,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-syslog.json b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-syslog.json index cd137b4c410..2af4dc6453b 100644 --- a/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-syslog.json +++ b/filebeat/module/system/_meta/kibana/7/dashboard/Filebeat-syslog.json @@ -159,11 +159,9 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:system.syslog" } - } } }, "sort": [ @@ -209,13 +207,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/filebeat/module/traefik/_meta/kibana/7/dashboard/Filebeat-traefik-overview.json b/filebeat/module/traefik/_meta/kibana/7/dashboard/Filebeat-traefik-overview.json index 7edb0d63278..f293620863a 100644 --- a/filebeat/module/traefik/_meta/kibana/7/dashboard/Filebeat-traefik-overview.json +++ b/filebeat/module/traefik/_meta/kibana/7/dashboard/Filebeat-traefik-overview.json @@ -8,10 +8,8 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -76,10 +74,8 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -220,10 +216,8 @@ "filter": [], "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -309,11 +303,9 @@ }, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.dataset:traefik.access" } - } } }, "title": "Sent Byte Size [Filebeat Traefik] ECS", @@ -477,11 +469,9 @@ }, "index": "filebeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:traefik" } - } } }, "sort": [ @@ -501,17 +491,12 @@ "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [ - { + "filter": [], "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } - ] - } }, "optionsJSON": { "darkTheme": false diff --git a/journalbeat/_meta/kibana/7/dashboard/Journalbeat-overview.json b/journalbeat/_meta/kibana/7/dashboard/Journalbeat-overview.json index 86a18d6ccbe..eb3a584bd16 100644 --- a/journalbeat/_meta/kibana/7/dashboard/Journalbeat-overview.json +++ b/journalbeat/_meta/kibana/7/dashboard/Journalbeat-overview.json @@ -8,7 +8,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -103,8 +103,8 @@ "highlightAll": true, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", - "query": "syslog.facility:0 AND syslog.priority:\\u003c4" + "language": "kuery", + "query": "syslog.facility:0 AND syslog.priority<4" }, "version": true } @@ -147,7 +147,7 @@ "highlightAll": true, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", + "language": "kuery", "query": "syslog.facility:4" }, "version": true @@ -190,7 +190,7 @@ "highlightAll": true, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/libbeat/dashboards/modify_json_test.go b/libbeat/dashboards/modify_json_test.go index 6874c5ba194..d7e54827ba8 100644 --- a/libbeat/dashboards/modify_json_test.go +++ b/libbeat/dashboards/modify_json_test.go @@ -53,13 +53,13 @@ func TestReplaceStringInDashboard(t *testing.T) { { content: common.MapStr{ "kibanaSavedObjectMeta": map[string]interface{}{ - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"beat.name:\\\"CHANGEME_HOSTNAME\\\"\",\"language\":\"lucene\"}}"}}, + "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"beat.name:\\\"CHANGEME_HOSTNAME\\\"\",\"language\":\"kuery\"}}"}}, old: "CHANGEME_HOSTNAME", new: "hostname.local", expected: common.MapStr{ "kibanaSavedObjectMeta": map[string]interface{}{ - "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"beat.name:\\\"hostname.local\\\"\",\"language\":\"lucene\"}}"}}, + "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"beat.name:\\\"hostname.local\\\"\",\"language\":\"kuery\"}}"}}, }, } diff --git a/libbeat/kibana/testdata/beat-6.json b/libbeat/kibana/testdata/beat-6.json index a58173ffad3..8fa5ad28cf1 100644 --- a/libbeat/kibana/testdata/beat-6.json +++ b/libbeat/kibana/testdata/beat-6.json @@ -2,7 +2,7 @@ "objects": [ { "attributes": { - "fieldFormatMap": "{\"long\":{\"id\":\"url\",\"params\":{\"inputFormat\":\"string\",\"labelTemplate\":\"long template\",\"outputFormat\":\"float\",\"outputPrecision\":5,\"urlTemplate\":\"_a=(query:(language:lucene,query:'context.app.name:\\\"{{value}}\\\"'))\"}},\"alias\":{\"id\":\"url\",\"params\":{\"inputFormat\":\"string\",\"labelTemplate\":\"long template\",\"outputFormat\":\"float\",\"outputPrecision\":5,\"urlTemplate\":\"_a=(query:(language:lucene,query:'context.app.name:\\\"{{value}}\\\"'))\"}}}", + "fieldFormatMap": "{\"long\":{\"id\":\"url\",\"params\":{\"inputFormat\":\"string\",\"labelTemplate\":\"long template\",\"outputFormat\":\"float\",\"outputPrecision\":5,\"urlTemplate\":\"_a=(query:(language:kuery,query:'context.app.name:\\\"{{value}}\\\"'))\"}},\"alias\":{\"id\":\"url\",\"params\":{\"inputFormat\":\"string\",\"labelTemplate\":\"long template\",\"outputFormat\":\"float\",\"outputPrecision\":5,\"urlTemplate\":\"_a=(query:(language:kuery,query:'context.app.name:\\\"{{value}}\\\"'))\"}}}", "fields": "[{\"aggregatable\":true,\"analyzed\":false,\"count\":0,\"doc_values\":true,\"indexed\":true,\"name\":\"long\",\"scripted\":false,\"searchable\":true,\"type\":\"number\"},{\"aggregatable\":false,\"analyzed\":false,\"count\":0,\"doc_values\":true,\"indexed\":true,\"name\":\"multifield_field\",\"scripted\":false,\"searchable\":true,\"type\":\"string\"},{\"aggregatable\":true,\"analyzed\":false,\"count\":0,\"doc_values\":true,\"indexed\":true,\"name\":\"multifield_field.keyword\",\"scripted\":false,\"searchable\":true,\"type\":\"string\"},{\"aggregatable\":false,\"analyzed\":false,\"count\":0,\"doc_values\":false,\"indexed\":false,\"name\":\"_id\",\"scripted\":false,\"searchable\":false,\"type\":\"string\"},{\"aggregatable\":true,\"analyzed\":false,\"count\":0,\"doc_values\":false,\"indexed\":false,\"name\":\"_type\",\"scripted\":false,\"searchable\":true,\"type\":\"string\"},{\"aggregatable\":false,\"analyzed\":false,\"count\":0,\"doc_values\":false,\"indexed\":false,\"name\":\"_index\",\"scripted\":false,\"searchable\":false,\"type\":\"string\"},{\"aggregatable\":false,\"analyzed\":false,\"count\":0,\"doc_values\":false,\"indexed\":false,\"name\":\"_score\",\"scripted\":false,\"searchable\":false,\"type\":\"number\"},{\"aggregatable\":false,\"analyzed\":false,\"count\":0,\"doc_values\":false,\"indexed\":false,\"name\":\"blob\",\"scripted\":false,\"searchable\":false,\"type\":\"binary\"},{\"aggregatable\":true,\"analyzed\":false,\"count\":0,\"doc_values\":true,\"indexed\":true,\"name\":\"alias\",\"scripted\":false,\"searchable\":true,\"type\":\"number\"}]", "timeFieldName": "@timestamp", "title": "beat-*", diff --git a/libbeat/kibana/testdata/fields.yml b/libbeat/kibana/testdata/fields.yml index 7de76298eaa..246d1072961 100644 --- a/libbeat/kibana/testdata/fields.yml +++ b/libbeat/kibana/testdata/fields.yml @@ -1,7 +1,7 @@ - key: test title: Test fields.yml kibana: - source_filters: + source_filters: - user.name - url.* fields: @@ -13,17 +13,17 @@ type: text - name: long - type: long + type: long format: url input_format: string - output_format: float + output_format: float output_precision: 5 label_template: "long template" url_template: - min_version: 5.0.0 value: "_a=(query:(query_string:(analyze_wildcard:!t,query:'error.grouping_key:%22{{value}}%22')))" - min_version: 6.0.0 - value: "_a=(query:(language:lucene,query:'context.app.name:\"{{value}}\"'))" + value: "_a=(query:(language:kuery,query:'context.app.name:\"{{value}}\"'))" - name: alias type: alias @@ -32,7 +32,7 @@ - key: with source filter title: Test kibana: - source_filters: + source_filters: - user.email fields: - name: multifield_field diff --git a/metricbeat/module/apache/_meta/kibana/7/dashboard/Metricbeat-apache-overview.json b/metricbeat/module/apache/_meta/kibana/7/dashboard/Metricbeat-apache-overview.json index 05fd491afe0..70bc6f01dcd 100644 --- a/metricbeat/module/apache/_meta/kibana/7/dashboard/Metricbeat-apache-overview.json +++ b/metricbeat/module/apache/_meta/kibana/7/dashboard/Metricbeat-apache-overview.json @@ -636,11 +636,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module: apache" } - } } }, "sort": [ @@ -663,13 +661,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/docker/_meta/kibana/7/dashboard/Metricbeat-docker-overview.json b/metricbeat/module/docker/_meta/kibana/7/dashboard/Metricbeat-docker-overview.json index 1d8faa43ed7..45857eabff5 100644 --- a/metricbeat/module/docker/_meta/kibana/7/dashboard/Metricbeat-docker-overview.json +++ b/metricbeat/module/docker/_meta/kibana/7/dashboard/Metricbeat-docker-overview.json @@ -367,11 +367,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:docker AND metricset.name:cpu" } - } } }, "title": "CPU usage [Metricbeat Docker] ECS", @@ -530,11 +528,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:docker AND metricset.name:memory" } - } } }, "title": "Memory usage [Metricbeat Docker] ECS", @@ -690,11 +686,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:docker AND metricset.name:network" } - } } }, "title": "Network IO [Metricbeat Docker] ECS", @@ -864,11 +858,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:docker" } - } } }, "sort": [ @@ -888,16 +880,11 @@ "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [ - { + "filter": [], "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } - } - ], + "language": "kuery", + "query": "" + }, "highlightAll": true, "version": true } diff --git a/metricbeat/module/golang/_meta/kibana/7/dashboard/Metricbeat-golang-overview.json b/metricbeat/module/golang/_meta/kibana/7/dashboard/Metricbeat-golang-overview.json index 8761996a326..df7a3fcb1dd 100644 --- a/metricbeat/module/golang/_meta/kibana/7/dashboard/Metricbeat-golang-overview.json +++ b/metricbeat/module/golang/_meta/kibana/7/dashboard/Metricbeat-golang-overview.json @@ -7,13 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -41,13 +36,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -75,13 +65,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -109,13 +94,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -143,13 +123,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -177,13 +152,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -213,13 +183,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-backend.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-backend.json index 8e63c868b7b..76f6a25be5c 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-backend.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-backend.json @@ -9,7 +9,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-frontend.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-frontend.json index 83f91be2ecd..cdc97a3c1a3 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-frontend.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-frontend.json @@ -9,7 +9,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-backend.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-backend.json index 24a8cd5f448..4bbc8b9ca79 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-backend.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-backend.json @@ -9,7 +9,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-frontend.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-frontend.json index 8be2d4cced9..dc44cd2255c 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-frontend.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-frontend.json @@ -9,7 +9,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-server.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-server.json index 5d59ab73099..56e2abefbec 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-server.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-http-server.json @@ -9,7 +9,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-overview.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-overview.json index 3a0af4d69f2..c3803a48dbb 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-overview.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-overview.json @@ -9,7 +9,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-visualizations.json b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-visualizations.json index 0c89814c26a..78332e26515 100644 --- a/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-visualizations.json +++ b/metricbeat/module/haproxy/_meta/kibana/7/dashboard/Metricbeat-haproxy-visualizations.json @@ -240,7 +240,7 @@ "id": "978f2660-4735-11e8-b619-8f82b8185e96" } ], - "drilldown_url": "../app/kibana#/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs?_a=(query:(language:lucene,query:'haproxy.stat.service_name:\"{{ key }}\"'))", + "drilldown_url": "../app/kibana#/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.service_name:\"{{ key }}\"'))", "filter": "haproxy.stat.component_type:(2 OR 3)", "id": "61ca57f0-469d-11e7-af02-69e470af7417", "index_pattern": "metricbeat-*", @@ -1159,7 +1159,7 @@ "id": "50830800-47d9-11e8-9db9-274c7a5e25e4" } ], - "drilldown_url": "../app/kibana#/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs?_a=(query:(language:lucene,query:'haproxy.stat.service_name:\"{{ key }}\"'))", + "drilldown_url": "../app/kibana#/dashboard/8cc50a50-47e0-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.service_name:\"{{ key }}\"'))", "filter": "", "id": "61ca57f0-469d-11e7-af02-69e470af7417", "ignore_global_filter": 0, @@ -1227,7 +1227,7 @@ "id": "4aeddd40-47dc-11e8-9db9-274c7a5e25e4" } ], - "drilldown_url": "../app/kibana#/dashboard/0836a4b0-47bd-11e8-bc13-1397384faad3-ecs?_a=(query:(language:lucene,query:'haproxy.stat.proxy.name:\"{{ key }}\"'))", + "drilldown_url": "../app/kibana#/dashboard/0836a4b0-47bd-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.proxy.name:\"{{ key }}\"'))", "id": "61ca57f0-469d-11e7-af02-69e470af7417", "index_pattern": "metricbeat-*", "interval": "auto", @@ -1291,7 +1291,7 @@ "id": "b81d8640-47dc-11e8-9a25-99b107967d82" } ], - "drilldown_url": "../app/kibana#/dashboard/e9057ae0-47c5-11e8-bc13-1397384faad3-ecs?_a=(query:(language:lucene,query:'haproxy.stat.proxy.name:\"{{ key }}\"'))", + "drilldown_url": "../app/kibana#/dashboard/e9057ae0-47c5-11e8-bc13-1397384faad3-ecs?_a=(query:(language:kuery,query:'haproxy.stat.proxy.name:\"{{ key }}\"'))", "id": "61ca57f0-469d-11e7-af02-69e470af7417", "index_pattern": "metricbeat-*", "interval": "auto", diff --git a/metricbeat/module/kafka/_meta/kibana/7/dashboard/Metricbeat-kafka-overview.json b/metricbeat/module/kafka/_meta/kibana/7/dashboard/Metricbeat-kafka-overview.json index c86935cd7a4..51d276089ff 100644 --- a/metricbeat/module/kafka/_meta/kibana/7/dashboard/Metricbeat-kafka-overview.json +++ b/metricbeat/module/kafka/_meta/kibana/7/dashboard/Metricbeat-kafka-overview.json @@ -494,7 +494,7 @@ ], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -560,7 +560,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-apiserver.json b/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-apiserver.json index ae02bfe3ea9..6e59ef91f53 100644 --- a/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-apiserver.json +++ b/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-apiserver.json @@ -266,7 +266,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-overview.json b/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-overview.json index 788394b8111..5396af8467a 100644 --- a/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-overview.json +++ b/metricbeat/module/kubernetes/_meta/kibana/7/dashboard/Metricbeat-kubernetes-overview.json @@ -7,12 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -80,9 +76,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -207,9 +202,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -288,9 +282,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -372,12 +365,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -504,9 +493,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -599,9 +587,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -694,9 +681,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -775,9 +761,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -858,12 +843,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -944,9 +925,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -1027,12 +1007,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1100,9 +1076,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -1187,13 +1162,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/mongodb/_meta/kibana/7/dashboard/Metricbeat-mongodb-overview.json b/metricbeat/module/mongodb/_meta/kibana/7/dashboard/Metricbeat-mongodb-overview.json index c7e78a01221..1fdd15196bf 100644 --- a/metricbeat/module/mongodb/_meta/kibana/7/dashboard/Metricbeat-mongodb-overview.json +++ b/metricbeat/module/mongodb/_meta/kibana/7/dashboard/Metricbeat-mongodb-overview.json @@ -1099,11 +1099,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:mongodb" } - } } }, "sort": [ @@ -1126,13 +1124,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/mysql/_meta/kibana/7/dashboard/Metricbeat-mysql-overview.json b/metricbeat/module/mysql/_meta/kibana/7/dashboard/Metricbeat-mysql-overview.json index 93f84529c01..8acfa464fdc 100644 --- a/metricbeat/module/mysql/_meta/kibana/7/dashboard/Metricbeat-mysql-overview.json +++ b/metricbeat/module/mysql/_meta/kibana/7/dashboard/Metricbeat-mysql-overview.json @@ -531,13 +531,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json b/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json index da25f98f318..7ff6121a2f6 100644 --- a/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json +++ b/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json @@ -8,7 +8,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -137,7 +137,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -203,7 +203,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -269,7 +269,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -335,7 +335,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -524,7 +524,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -731,7 +731,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -850,7 +850,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -991,7 +991,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1110,7 +1110,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1251,7 +1251,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1370,7 +1370,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1490,7 +1490,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/nginx/_meta/kibana/7/dashboard/metricbeat-nginx-overview.json b/metricbeat/module/nginx/_meta/kibana/7/dashboard/metricbeat-nginx-overview.json index 6bcb9219353..ba0af75e029 100644 --- a/metricbeat/module/nginx/_meta/kibana/7/dashboard/metricbeat-nginx-overview.json +++ b/metricbeat/module/nginx/_meta/kibana/7/dashboard/metricbeat-nginx-overview.json @@ -382,7 +382,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/rabbitmq/_meta/kibana/7/dashboard/Metricbeat-rabbitmq-overview.json b/metricbeat/module/rabbitmq/_meta/kibana/7/dashboard/Metricbeat-rabbitmq-overview.json index e6517467a5a..2bd4b044025 100644 --- a/metricbeat/module/rabbitmq/_meta/kibana/7/dashboard/Metricbeat-rabbitmq-overview.json +++ b/metricbeat/module/rabbitmq/_meta/kibana/7/dashboard/Metricbeat-rabbitmq-overview.json @@ -359,11 +359,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:rabbitmq" } - } } }, "sort": [ @@ -386,13 +384,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/redis/_meta/kibana/7/dashboard/Metricbeat-redis-overview.json b/metricbeat/module/redis/_meta/kibana/7/dashboard/Metricbeat-redis-overview.json index 1efa33513f0..7ab339ad910 100644 --- a/metricbeat/module/redis/_meta/kibana/7/dashboard/Metricbeat-redis-overview.json +++ b/metricbeat/module/redis/_meta/kibana/7/dashboard/Metricbeat-redis-overview.json @@ -683,11 +683,9 @@ }, "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "event.module:redis" } - } } }, "sort": [ @@ -707,16 +705,11 @@ "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [ - { + "filter": [], "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } - } - ], + "language": "kuery", + "query": "" + }, "highlightAll": true, "version": true } diff --git a/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-containers-overview.json b/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-containers-overview.json index af128666072..75bfe06ab6f 100644 --- a/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-containers-overview.json +++ b/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-containers-overview.json @@ -8,13 +8,8 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -125,13 +120,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -160,13 +150,8 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -368,13 +353,8 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -467,13 +447,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-host-overview.json b/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-host-overview.json index 3094b6247de..cc59f16e9dc 100644 --- a/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-host-overview.json +++ b/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-host-overview.json @@ -7,9 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -133,12 +132,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -238,9 +233,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -364,12 +358,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -491,12 +481,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -565,12 +551,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -651,12 +633,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -819,12 +797,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -936,12 +910,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1012,12 +982,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1132,12 +1098,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1220,12 +1182,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1350,12 +1308,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1480,12 +1434,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1565,13 +1515,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1599,12 +1544,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1687,9 +1628,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -1773,12 +1713,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1883,12 +1819,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1972,12 +1904,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -2042,12 +1970,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -2113,10 +2037,8 @@ "filter": [], "index": "metricbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -2225,7 +2147,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "host.name:\"CHANGEME_HOSTNAME\"" }, "version": true diff --git a/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-system-overview.json b/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-system-overview.json index 267175eeb06..2b4106f75e1 100644 --- a/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-system-overview.json +++ b/metricbeat/module/system/_meta/kibana/7/dashboard/Metricbeat-system-overview.json @@ -7,13 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -42,13 +37,8 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -131,12 +121,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -168,7 +154,7 @@ "value": 0.85 } ], - "drilldown_url": "../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(query_string:(analyze_wildcard:!t,query:'host.name:\"{{key}}\"')))", + "drilldown_url": "../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\"{{key}}\"'))", "filter": "", "id": "31e5afa0-1b1c-11e7-b09e-037021c4f8df", "index_pattern": "metricbeat-*", @@ -218,12 +204,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -255,7 +237,7 @@ "value": 0.85 } ], - "drilldown_url": "../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(query_string:(analyze_wildcard:!t,query:'host.name:\"{{key}}\"')))", + "drilldown_url": "../app/kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\"{{key}}\"'))", "filter": "", "id": "31e5afa0-1b1c-11e7-b09e-037021c4f8df", "index_pattern": "metricbeat-*", @@ -306,13 +288,8 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -412,12 +389,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -542,12 +515,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -672,12 +641,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -782,12 +747,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -870,12 +831,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -992,13 +949,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/metricbeat/module/uwsgi/_meta/kibana/7/dashboard/Metricbeat-uwsgi-overview.json b/metricbeat/module/uwsgi/_meta/kibana/7/dashboard/Metricbeat-uwsgi-overview.json index 8be3fc93f42..49cd8c6f6c6 100644 --- a/metricbeat/module/uwsgi/_meta/kibana/7/dashboard/Metricbeat-uwsgi-overview.json +++ b/metricbeat/module/uwsgi/_meta/kibana/7/dashboard/Metricbeat-uwsgi-overview.json @@ -101,7 +101,7 @@ "highlightAll": true, "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "event.module: uwsgi" }, "version": true @@ -127,7 +127,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/windows/_meta/kibana/7/dashboard/metricbeat-windows-service.json b/metricbeat/module/windows/_meta/kibana/7/dashboard/metricbeat-windows-service.json index c5d8f012d2f..23e0fb6afb4 100644 --- a/metricbeat/module/windows/_meta/kibana/7/dashboard/metricbeat-windows-service.json +++ b/metricbeat/module/windows/_meta/kibana/7/dashboard/metricbeat-windows-service.json @@ -8,7 +8,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -186,7 +186,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -256,7 +256,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -326,7 +326,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -480,7 +480,7 @@ } ], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -629,7 +629,7 @@ "highlightAll": true, "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -655,7 +655,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/metricbeat/module/zookeeper/_meta/kibana/7/dashboard/Metricbeat-zookeeper-overview.json b/metricbeat/module/zookeeper/_meta/kibana/7/dashboard/Metricbeat-zookeeper-overview.json index b310e8c1aaf..6f6725d2679 100644 --- a/metricbeat/module/zookeeper/_meta/kibana/7/dashboard/Metricbeat-zookeeper-overview.json +++ b/metricbeat/module/zookeeper/_meta/kibana/7/dashboard/Metricbeat-zookeeper-overview.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -69,7 +69,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -131,7 +131,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -193,7 +193,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -301,7 +301,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -403,7 +403,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-cassandra.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-cassandra.json index 1e05fc32df6..a8f3c2a4cf8 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-cassandra.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-cassandra.json @@ -8,10 +8,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -78,10 +76,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -136,10 +132,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -280,10 +274,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -349,10 +341,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -419,10 +409,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -496,10 +484,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -573,10 +559,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -661,10 +645,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -743,13 +725,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -854,13 +831,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -944,13 +916,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dhcpv4.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dhcpv4.json index 07ec987ea88..465dd064e35 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dhcpv4.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dhcpv4.json @@ -299,7 +299,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -534,7 +534,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-overview.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-overview.json index 6e7b98a1d17..e405997a9d1 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-overview.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-overview.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -103,7 +103,7 @@ "filter": [], "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -254,13 +254,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -365,7 +360,7 @@ }, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -451,7 +446,7 @@ }, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -523,7 +518,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -699,7 +694,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -830,7 +825,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -856,7 +851,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-tunneling.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-tunneling.json index 060b6869a00..af6a32a08d5 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-tunneling.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-dns-tunneling.json @@ -152,7 +152,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -311,14 +311,9 @@ "filter": [], "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "type:dns" } - } - } } }, "title": "Top Domains by Data Volume ECS", @@ -449,7 +444,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -476,7 +471,7 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", + "language": "kuery", "query": "NOT dns.question.type:PTR" }, "version": true diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-flows.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-flows.json index 94457a40ee1..1f28f6bf919 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-flows.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-flows.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -154,13 +154,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -190,7 +185,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -320,7 +315,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -467,7 +462,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -596,13 +591,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "type: flow" - } - } }, "version": true } @@ -628,8 +618,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-http.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-http.json index ec5b2bd0635..c5f32d9438a 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-http.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-http.json @@ -170,13 +170,8 @@ }, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "http.response.status_code: [300 TO *]" - } - } + "language": "kuery", + "query": "http.response.status_code >= 300" } } }, @@ -365,7 +360,7 @@ }, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -513,13 +508,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -549,7 +539,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -614,7 +604,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -698,7 +688,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -802,8 +792,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -829,13 +819,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mongodb.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mongodb.json index 3059b71ff10..1d63607382d 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mongodb.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mongodb.json @@ -7,13 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1091,8 +1086,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -1166,13 +1161,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1246,13 +1236,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "request: \"writeConcern w 0\"" - } - } }, "version": true } @@ -1278,8 +1263,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mysql.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mysql.json index 65a0672a894..7fd2a0cdfe7 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mysql.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-mysql.json @@ -277,13 +277,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -742,12 +737,7 @@ "filters": [ { "input": { - "query": { - "query_string": { - "analyze_wildcard": true, "query": "method: SELECT" - } - } } }, { @@ -930,13 +920,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1008,13 +993,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1040,13 +1020,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-nfs.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-nfs.json index 698cd6f84c2..5530e30965e 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-nfs.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-nfs.json @@ -796,13 +796,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -878,13 +873,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1006,13 +996,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1038,8 +1023,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-overview.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-overview.json index 592341242be..ac4d8eb6e0c 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-overview.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-overview.json @@ -159,7 +159,7 @@ ], "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -767,13 +767,8 @@ "filter": [], "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1011,13 +1006,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -1211,7 +1201,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1384,8 +1374,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -1463,7 +1453,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1568,7 +1558,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1642,7 +1632,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1691,13 +1681,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1723,8 +1708,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-pgsql.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-pgsql.json index d33eae63988..77022b5a8d7 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-pgsql.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-pgsql.json @@ -7,13 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -621,12 +616,7 @@ "filters": [ { "input": { - "query": { - "query_string": { - "analyze_wildcard": true, "query": "method: SELECT" - } - } } }, { @@ -954,8 +944,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" }, "version": true } @@ -1027,13 +1017,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1059,13 +1044,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-thrift.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-thrift.json index 92761197e56..26569a1081f 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-thrift.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-thrift.json @@ -7,13 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -504,13 +499,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "type: thrift" - } - } }, "version": true } @@ -608,13 +598,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, + "language": "kuery", "query": "type: thrift" - } - } }, "version": true } @@ -640,13 +625,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-tls.json b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-tls.json index a3563dd1f13..c076d0f3523 100644 --- a/packetbeat/_meta/kibana/7/dashboard/Packetbeat-tls.json +++ b/packetbeat/_meta/kibana/7/dashboard/Packetbeat-tls.json @@ -7,13 +7,8 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -43,7 +38,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -204,7 +199,7 @@ ], "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -285,13 +280,8 @@ ], "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -370,7 +360,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -425,7 +415,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -480,7 +470,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -535,7 +525,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -601,7 +591,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -684,7 +674,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -766,7 +756,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -834,7 +824,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -927,7 +917,7 @@ } ], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1072,13 +1062,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1126,13 +1111,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1180,13 +1160,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1234,13 +1209,8 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } @@ -1288,7 +1258,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1354,7 +1324,7 @@ "highlightAll": true, "index": "packetbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1381,13 +1351,8 @@ "filter": [], "highlightAll": true, "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" }, "version": true } diff --git a/packetbeat/docs/filtering.asciidoc b/packetbeat/docs/filtering.asciidoc index 2c4a1edf272..ee1735259db 100644 --- a/packetbeat/docs/filtering.asciidoc +++ b/packetbeat/docs/filtering.asciidoc @@ -147,14 +147,14 @@ type: mysql AND method: INSERT AND status: Error ------------------------------------------------- -Lucene also supports parentheses to group sub-queries. +Kibana Query Language (KQL) also supports parentheses to group sub-queries. To search for either INSERT or UPDATE queries with a response time greater than or equal to 30ms: [source,yaml] --------------------------------------------------------------------------- -(method: INSERT OR method: UPDATE) AND event.duration: [30000000 TO *] +(method: INSERT OR method: UPDATE) AND event.duration >= 30000000 --------------------------------------------------------------------------- diff --git a/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json b/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json index 8e0d457e481..c6af3d3a991 100644 --- a/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json +++ b/winlogbeat/_meta/kibana/7/dashboard/Winlogbeat-overview.json @@ -8,10 +8,8 @@ "searchSourceJSON": { "filter": [], "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -137,8 +135,8 @@ "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", - "query": "*" + "language": "kuery", + "query": "" } } }, @@ -340,10 +338,8 @@ "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } + "language": "kuery", + "query": "" } } }, @@ -389,13 +385,8 @@ "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -503,13 +494,8 @@ "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, @@ -617,13 +603,8 @@ "filter": [], "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { - "language": "lucene", - "query": { - "query_string": { - "analyze_wildcard": true, - "query": "*" - } - } + "language": "kuery", + "query": "" } } }, diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-host-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-host-dashboard.json index a8934c0cc6c..c3294edb8bb 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-host-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-host-dashboard.json @@ -673,7 +673,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-login-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-login-dashboard.json index f663f846bc5..9f0962a44c1 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-login-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-login-dashboard.json @@ -35,7 +35,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -127,7 +127,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -244,7 +244,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -371,7 +371,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -472,7 +472,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -626,7 +626,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -761,7 +761,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -793,7 +793,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-overview-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-overview-dashboard.json index 24c0db47fe6..9f9caede566 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-overview-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-overview-dashboard.json @@ -128,7 +128,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -221,7 +221,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -314,7 +314,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -407,7 +407,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -500,7 +500,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -702,7 +702,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -819,7 +819,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -937,7 +937,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1055,7 +1055,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1173,7 +1173,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1291,7 +1291,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1409,7 +1409,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1527,7 +1527,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1869,7 +1869,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -1894,7 +1894,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -2083,7 +2083,7 @@ } ], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-package-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-package-dashboard.json index 4d6ba67e0f9..c34fc4dbc16 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-package-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-package-dashboard.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -66,7 +66,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -185,7 +185,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -413,7 +413,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -504,7 +504,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -657,7 +657,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -710,7 +710,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -781,7 +781,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-process-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-process-dashboard.json index d66cc3f5f2b..eb2f14e8ac5 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-process-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-process-dashboard.json @@ -35,7 +35,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -154,7 +154,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -272,7 +272,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -373,7 +373,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -536,7 +536,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -682,7 +682,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -781,7 +781,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -852,7 +852,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -884,7 +884,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-socket-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-socket-dashboard.json index 5e5453ac6e0..8c026219dd3 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-socket-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-socket-dashboard.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -66,7 +66,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -185,7 +185,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -303,7 +303,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -395,7 +395,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -494,7 +494,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -547,7 +547,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -693,7 +693,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -791,7 +791,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -889,7 +889,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -987,7 +987,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -1058,7 +1058,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-user-dashboard.json b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-user-dashboard.json index b1da37ad033..6c9bf47ca93 100644 --- a/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-user-dashboard.json +++ b/x-pack/auditbeat/module/system/_meta/kibana/7/dashboard/auditbeat-system-user-dashboard.json @@ -35,7 +35,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -154,7 +154,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -272,7 +272,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -363,7 +363,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -454,7 +454,7 @@ ], "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -608,7 +608,7 @@ "highlightAll": true, "index": "auditbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -743,7 +743,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -775,7 +775,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json index 87aff4a1f13..a2a47fdd5cc 100644 --- a/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/filebeat-network-flows-top-n.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -153,7 +153,7 @@ } ], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -216,7 +216,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -298,7 +298,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -410,7 +410,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -522,7 +522,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -733,7 +733,7 @@ "highlightAll": true, "index": "filebeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" }, "version": true @@ -759,7 +759,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-performance.json b/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-performance.json index b65a2604be4..4d99733002e 100644 --- a/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-performance.json +++ b/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-performance.json @@ -8,7 +8,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -136,7 +136,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -264,7 +264,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -392,7 +392,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -525,7 +525,7 @@ "filter": [], "index": "metricbeat-*", "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -656,7 +656,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } diff --git a/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-transaction_log.json b/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-transaction_log.json index d9954220128..b195ad3c4dc 100644 --- a/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-transaction_log.json +++ b/x-pack/metricbeat/module/mssql/_meta/kibana/7/dashboard/Metricbeat-mssql-transaction_log.json @@ -7,7 +7,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -78,7 +78,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -143,7 +143,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -208,7 +208,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -273,7 +273,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -338,7 +338,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -403,7 +403,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -468,7 +468,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } } @@ -520,7 +520,7 @@ "searchSourceJSON": { "filter": [], "query": { - "language": "lucene", + "language": "kuery", "query": "" } }