From 6acd38b094395e8c8737e0414768f0c716bbb531 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 6 Sep 2021 15:33:55 +0200 Subject: [PATCH] add netflow input dashboards again --- .../1374fe40-1ae8-11e9-9eb0-d1ab52900288.json | 161 +++++++++++++++ .../c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288.json | 80 ++++++++ .../3bc31900-1ae7-11e9-9eb0-d1ab52900288.json | 98 +++++++++ .../44042280-1ae7-11e9-9eb0-d1ab52900288.json | 98 +++++++++ .../846bac40-1ae6-11e9-9eb0-d1ab52900288.json | 124 ++++++++++++ .../8d0c61f0-1ae6-11e9-9eb0-d1ab52900288.json | 124 ++++++++++++ .../b957b010-1ae7-11e9-9eb0-d1ab52900288.json | 153 ++++++++++++++ .../e7c6efa0-1ae8-11e9-9eb0-d1ab52900288.json | 191 ++++++++++++++++++ 8 files changed, 1029 insertions(+) create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/1374fe40-1ae8-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/search/c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/3bc31900-1ae7-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/44042280-1ae7-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/846bac40-1ae6-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/8d0c61f0-1ae6-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/b957b010-1ae7-11e9-9eb0-d1ab52900288.json create mode 100644 x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/e7c6efa0-1ae8-11e9-9eb0-d1ab52900288.json diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/1374fe40-1ae8-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/1374fe40-1ae8-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..ada64e41ad7 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/dashboard/1374fe40-1ae8-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,161 @@ +{ + "attributes": { + "description": "Top N network flows", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 0, + "y": 8 + }, + "panelIndex": "1", + "panelRefName": "panel_1", + "type": "visualization", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_2", + "type": "visualization", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 8 + }, + "panelIndex": "3", + "panelRefName": "panel_3", + "type": "visualization", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "4", + "w": 24, + "x": 0, + "y": 23 + }, + "panelIndex": "4", + "panelRefName": "panel_4", + "type": "visualization", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 15, + "i": "5", + "w": 24, + "x": 24, + "y": 23 + }, + "panelIndex": "5", + "panelRefName": "panel_5", + "type": "visualization", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 8, + "i": "6", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_6", + "type": "visualization", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Filebeat Netflow] Top-N Flows", + "version": 1 + }, + "coreMigrationVersion": "7.15.0", + "id": "1374fe40-1ae8-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "dashboard": "7.15.0" + }, + "references": [ + { + "id": "3bc31900-1ae7-11e9-9eb0-d1ab52900288", + "name": "1:panel_1", + "type": "visualization" + }, + { + "id": "b957b010-1ae7-11e9-9eb0-d1ab52900288", + "name": "2:panel_2", + "type": "visualization" + }, + { + "id": "44042280-1ae7-11e9-9eb0-d1ab52900288", + "name": "3:panel_3", + "type": "visualization" + }, + { + "id": "846bac40-1ae6-11e9-9eb0-d1ab52900288", + "name": "4:panel_4", + "type": "visualization" + }, + { + "id": "8d0c61f0-1ae6-11e9-9eb0-d1ab52900288", + "name": "5:panel_5", + "type": "visualization" + }, + { + "id": "e7c6efa0-1ae8-11e9-9eb0-d1ab52900288", + "name": "6:panel_6", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzgsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/search/c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/search/c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..bee6c4bc30c --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/search/c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "columns": [ + "source.ip", + "destination.ip", + "network.direction", + "network.transport", + "network.bytes" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": false, + "params": { + "query": "netflow_flow", + "type": "phrase" + }, + "type": "phrase", + "value": "netflow_flow" + }, + "query": { + "match": { + "event.action": { + "query": "netflow_flow", + "type": "phrase" + } + } + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Network Flow Search [Filebeat]", + "version": 1 + }, + "coreMigrationVersion": "7.15.0", + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "search": "7.9.3" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzEsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/3bc31900-1ae7-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/3bc31900-1ae7-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..6024e546ba6 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/3bc31900-1ae7-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Port and Transport [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Transport", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Source Port", + "field": "source.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "title": "Source Port and Transport [Filebeat Netflow]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.15.0", + "id": "3bc31900-1ae7-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "visualization": "7.14.0" + }, + "references": [ + { + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzIsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/44042280-1ae7-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/44042280-1ae7-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..1e42e28b705 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/44042280-1ae7-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,98 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Port and Transport [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Transport", + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Destination Port", + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 15 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "distinctColors": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "type": "pie" + }, + "title": "Destination Port and Transport [Filebeat Netflow]", + "type": "pie" + } + }, + "coreMigrationVersion": "7.15.0", + "id": "44042280-1ae7-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "visualization": "7.14.0" + }, + "references": [ + { + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzQsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/846bac40-1ae6-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/846bac40-1ae6-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..f764993def7 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/846bac40-1ae6-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Sources Table [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Duration", + "field": "event.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Source IP", + "field": "source.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Domain", + "field": "source.domain", + "missingBucket": true, + "missingBucketLabel": "", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Sources Table [Filebeat Netflow]", + "type": "table" + } + }, + "coreMigrationVersion": "7.15.0", + "id": "846bac40-1ae6-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "visualization": "7.14.0" + }, + "references": [ + { + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzUsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/8d0c61f0-1ae6-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/8d0c61f0-1ae6-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..448e4720379 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/8d0c61f0-1ae6-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,124 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top Destinations Table [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Packets", + "field": "network.packets" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Duration", + "field": "event.duration" + }, + "schema": "metric", + "type": "sum" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Destination IP", + "field": "destination.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 30 + }, + "schema": "bucket", + "type": "terms" + }, + { + "enabled": true, + "id": "5", + "params": { + "customLabel": "Domain", + "field": "destination.domain", + "missingBucket": true, + "missingBucketLabel": "", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 1 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showToolbar": true, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top Destinations Table [Filebeat Netflow]", + "type": "table" + } + }, + "coreMigrationVersion": "7.15.0", + "id": "8d0c61f0-1ae6-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "visualization": "7.14.0" + }, + "references": [ + { + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzYsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/b957b010-1ae7-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/b957b010-1ae7-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..cf9ff1ecd49 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/b957b010-1ae7-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,153 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "controlledBy": "1547791659064", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": [ + "inbound", + "outbound" + ], + "type": "phrases", + "value": "inbound, outbound" + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "network.direction": "inbound" + } + }, + { + "match_phrase": { + "network.direction": "outbound" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "controlledBy": "1547791714688", + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "flow.locality", + "negate": false, + "params": { + "query": "public", + "type": "phrase" + }, + "type": "phrase", + "value": "public" + }, + "query": { + "match": { + "flow.locality": { + "query": "public", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Flow Selectors [Filebeat Netflow]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "controls": [ + { + "fieldName": "network.direction", + "id": "1547791659064", + "indexPatternRefName": "control_0_index_pattern", + "label": "Network Direction", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + }, + { + "fieldName": "flow.locality", + "id": "1547791714688", + "indexPatternRefName": "control_1_index_pattern", + "label": "Locality", + "options": { + "dynamicOptions": true, + "multiselect": true, + "order": "desc", + "size": 5, + "type": "terms" + }, + "parent": "", + "type": "list" + } + ], + "pinFilters": false, + "updateFiltersOnChange": false, + "useTimeFilter": false + }, + "title": "Flow Selectors [Filebeat Netflow]", + "type": "input_control_vis" + } + }, + "coreMigrationVersion": "7.15.0", + "id": "b957b010-1ae7-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "visualization": "7.14.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "control_1_index_pattern", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzMsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/e7c6efa0-1ae8-11e9-9eb0-d1ab52900288.json b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/e7c6efa0-1ae8-11e9-9eb0-d1ab52900288.json new file mode 100644 index 00000000000..820c43d6277 --- /dev/null +++ b/x-pack/filebeat/input/netflow/_meta/kibana/7/visualization/e7c6efa0-1ae8-11e9-9eb0-d1ab52900288.json @@ -0,0 +1,191 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Flows Over Time [Filebeat Netflow]", + "uiStateJSON": { + "vis": { + "colors": { + "Bytes": "#82B5D8", + "Count": "#052B51", + "Event Count": "#3F2B5B" + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Event Count" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Bytes", + "field": "network.bytes" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "detailedTooltip": true, + "fittingFunction": "zero", + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "isVislibVis": true, + "legendPosition": "top", + "palette": { + "name": "kibana_palette", + "type": "palette" + }, + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Event Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "line", + "valueAxis": "ValueAxis-2" + }, + { + "data": { + "id": "3", + "label": "Bytes" + }, + "drawLinesBetweenPoints": true, + "interpolate": "cardinal", + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "area", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "area", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Bytes" + }, + "type": "value" + }, + { + "id": "ValueAxis-2", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "RightAxis-1", + "position": "right", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Event Count" + }, + "type": "value" + } + ] + }, + "title": "Flows Over Time [Filebeat Netflow]", + "type": "area" + } + }, + "coreMigrationVersion": "7.15.0", + "id": "e7c6efa0-1ae8-11e9-9eb0-d1ab52900288", + "migrationVersion": { + "visualization": "7.14.0" + }, + "references": [ + { + "id": "c1e2ccd0-1ae5-11e9-9eb0-d1ab52900288", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-09-06T13:06:21.081Z", + "version": "WzUyNzcsMV0=" +} \ No newline at end of file