diff --git a/kibana/elastiflow.kibana.json b/kibana/elastiflow.kibana.json index cd97e12..42afa2f 100644 --- a/kibana/elastiflow.kibana.json +++ b/kibana/elastiflow.kibana.json @@ -1,21 +1,4 @@ [ - { - "_id": "ca480720-2fdf-11e7-9d02-3f49bde5c1d5", - "_type": "dashboard", - "_source": { - "title": "Netflow: Flow Records", - "hits": 0, - "description": "", - "panelsJSON": "[{\"col\":4,\"id\":\"6a7e4790-2fe0-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":2,\"row\":2,\"size_x\":9,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"bbac23d0-2fe0-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":3,\"row\":2,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":4,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":4,\"panelIndex\":5,\"type\":\"search\",\"id\":\"0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5\",\"col\":1,\"row\":4,\"columns\":[\"netflow.src_addr\",\"netflow.src_port_name\",\"netflow.dst_addr\",\"netflow.dst_port_name\",\"netflow.protocol_name\",\"netflow.bytes\",\"netflow.packets\"],\"sort\":[\"@timestamp\",\"desc\"]}]", - "optionsJSON": "{\"darkTheme\":false}", - "uiStateJSON": "{\"P-3\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", - "version": 1, - "timeRestore": false, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" - } - } - }, { "_id": "04157d70-6591-11e7-bfc3-d74b7bb89482", "_type": "dashboard", @@ -34,15 +17,15 @@ } }, { - "_id": "310ae6e0-2fdf-11e7-9d02-3f49bde5c1d5", + "_id": "10dd3210-8020-11e7-8a72-651c4183643b", "_type": "dashboard", "_source": { - "title": "Netflow: Conversation Partners", + "title": "Netflow: Conversations", "hits": 0, "description": "", - "panelsJSON": "[{\"col\":1,\"id\":\"a7a47e70-2fde-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":1,\"row\":4,\"size_x\":12,\"size_y\":5,\"type\":\"visualization\"},{\"col\":9,\"id\":\"de9da770-2fcb-11e7-8df8-b363df28ab61\",\"panelIndex\":2,\"row\":2,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"4440e130-2fdd-11e7-afd7-595689f3f18c\",\"panelIndex\":3,\"row\":2,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"4898db90-2fdb-11e7-84e6-333bd21ad9fd\",\"panelIndex\":4,\"row\":2,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":5,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"}]", + "panelsJSON": "[{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":5,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"6d0c50a0-801d-11e7-bcae-4bd056c878e8\",\"panelIndex\":6,\"row\":5,\"size_x\":12,\"size_y\":5,\"type\":\"visualization\"},{\"col\":5,\"id\":\"39b43340-801c-11e7-9d03-efffc8601a27\",\"panelIndex\":7,\"row\":2,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":4,\"size_y\":3,\"panelIndex\":8,\"type\":\"visualization\",\"id\":\"cc28fff0-801f-11e7-8a72-651c4183643b\",\"col\":1,\"row\":2}]", "optionsJSON": "{\"darkTheme\":false}", - "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}}", + "uiStateJSON": "{\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}}", "version": 1, "timeRestore": false, "kibanaSavedObjectMeta": { @@ -51,15 +34,15 @@ } }, { - "_id": "653cf1e0-2fd2-11e7-99ed-49759aed30f5", + "_id": "10584050-6234-11e7-8236-19b4b4941e22", "_type": "dashboard", "_source": { - "title": "Netflow: Overview", + "title": "Netflow: Traffic Analysis", "hits": 0, "description": "", - "panelsJSON": "[{\"col\":1,\"id\":\"de9da770-2fcb-11e7-8df8-b363df28ab61\",\"panelIndex\":12,\"row\":6,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"69f864d0-2fd7-11e7-97a8-85d8d5a99269\",\"panelIndex\":15,\"row\":6,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":17,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"b88a8790-2fd7-11e7-bd03-932d3e38a4ff\",\"panelIndex\":21,\"row\":8,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ac4cbc90-622d-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":22,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"97f430b0-622e-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":23,\"row\":6,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"f6be96c0-622f-11e7-abbc-93bb293f5057\",\"panelIndex\":24,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"3fa5f6f0-2fca-11e7-ab32-99f279b941ef\",\"panelIndex\":25,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"64b144f0-658e-11e7-bfc3-d74b7bb89482\",\"panelIndex\":26,\"row\":8,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"3026fe40-658f-11e7-bfc3-d74b7bb89482\",\"panelIndex\":29,\"row\":8,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"size_x\":4,\"size_y\":2,\"panelIndex\":31,\"type\":\"visualization\",\"id\":\"37a8b330-8019-11e7-af24-27fa1061e1bd\",\"col\":1,\"row\":2},{\"size_x\":4,\"size_y\":2,\"panelIndex\":32,\"type\":\"visualization\",\"id\":\"1c1f5550-801a-11e7-8b60-018ea0aa61a0\",\"col\":5,\"row\":2},{\"size_x\":4,\"size_y\":2,\"panelIndex\":34,\"type\":\"visualization\",\"id\":\"36e56dc0-801a-11e7-8b60-018ea0aa61a0\",\"col\":9,\"row\":2}]", + "panelsJSON": "[{\"col\":7,\"id\":\"6a597070-6233-11e7-aa4b-5f8c56ec33b8\",\"panelIndex\":1,\"row\":22,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":4,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":7,\"id\":\"6c67b990-628c-11e7-95ed-8966ac93bd5a\",\"panelIndex\":5,\"row\":28,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"52279a00-628c-11e7-95ed-8966ac93bd5a\",\"panelIndex\":6,\"row\":28,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2c9567c0-6289-11e7-bcd8-a16ef1d32773\",\"panelIndex\":9,\"row\":22,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"b61f84d0-6289-11e7-bcd8-a16ef1d32773\",\"panelIndex\":10,\"row\":16,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"6ad67290-6289-11e7-bcd8-a16ef1d32773\",\"panelIndex\":11,\"row\":16,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"69f864d0-2fd7-11e7-97a8-85d8d5a99269\",\"panelIndex\":19,\"row\":14,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"b88a8790-2fd7-11e7-bd03-932d3e38a4ff\",\"panelIndex\":20,\"row\":14,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"97f430b0-622e-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":21,\"row\":20,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ac4cbc90-622d-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":22,\"row\":20,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"324b0a00-2fc9-11e7-bd31-a722d271a9cc\",\"panelIndex\":23,\"row\":26,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"9b5d3b80-2fc9-11e7-bd31-a722d271a9cc\",\"panelIndex\":24,\"row\":26,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"8d2cb120-6233-11e7-aa4b-5f8c56ec33b8\",\"panelIndex\":31,\"row\":24,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"99382ab0-6555-11e7-8d48-19b0c51bbbbd\",\"panelIndex\":34,\"row\":30,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"f5f79b00-6555-11e7-b27e-8f8b3770f1df\",\"panelIndex\":35,\"row\":30,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"a13402f0-6557-11e7-a3eb-4b30743c9370\",\"panelIndex\":44,\"row\":24,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"0de63e90-6558-11e7-8547-3d133170b50d\",\"panelIndex\":45,\"row\":18,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"39ecd800-6558-11e7-bea4-0f5fadb995cc\",\"panelIndex\":47,\"row\":18,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"9accd4a0-657a-11e7-8471-e5432f50acbd\",\"panelIndex\":48,\"row\":14,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"b13956f0-657a-11e7-8471-e5432f50acbd\",\"panelIndex\":49,\"row\":14,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"size_x\":2,\"size_y\":2,\"panelIndex\":50,\"type\":\"visualization\",\"id\":\"a2099810-657b-11e7-8471-e5432f50acbd\",\"col\":11,\"row\":20},{\"size_x\":2,\"size_y\":2,\"panelIndex\":51,\"type\":\"visualization\",\"id\":\"c4987cc0-657b-11e7-8471-e5432f50acbd\",\"col\":11,\"row\":26},{\"size_x\":2,\"size_y\":2,\"panelIndex\":52,\"type\":\"visualization\",\"id\":\"b3e2af90-657b-11e7-8471-e5432f50acbd\",\"col\":5,\"row\":26},{\"size_x\":2,\"size_y\":2,\"panelIndex\":53,\"type\":\"visualization\",\"id\":\"82fcfc50-657b-11e7-8471-e5432f50acbd\",\"col\":5,\"row\":20},{\"size_x\":2,\"size_y\":2,\"panelIndex\":54,\"type\":\"visualization\",\"id\":\"1e6fb550-8017-11e7-9e6a-575834c68c0e\",\"col\":5,\"row\":2},{\"size_x\":6,\"size_y\":2,\"panelIndex\":55,\"type\":\"visualization\",\"id\":\"5dd2fc30-801b-11e7-9d03-efffc8601a27\",\"col\":1,\"row\":4},{\"size_x\":4,\"size_y\":2,\"panelIndex\":56,\"type\":\"visualization\",\"id\":\"37a8b330-8019-11e7-af24-27fa1061e1bd\",\"col\":1,\"row\":2},{\"size_x\":6,\"size_y\":2,\"panelIndex\":58,\"type\":\"visualization\",\"id\":\"81969050-801b-11e7-bb2f-971b1cdb8a78\",\"col\":1,\"row\":6},{\"size_x\":2,\"size_y\":2,\"panelIndex\":59,\"type\":\"visualization\",\"id\":\"2e450d90-8017-11e7-9e6a-575834c68c0e\",\"col\":11,\"row\":2},{\"size_x\":4,\"size_y\":2,\"panelIndex\":60,\"type\":\"visualization\",\"id\":\"1c1f5550-801a-11e7-8b60-018ea0aa61a0\",\"col\":7,\"row\":2},{\"size_x\":6,\"size_y\":2,\"panelIndex\":61,\"type\":\"visualization\",\"id\":\"aaf27c20-801b-11e7-9d03-efffc8601a27\",\"col\":7,\"row\":4},{\"size_x\":6,\"size_y\":2,\"panelIndex\":63,\"type\":\"visualization\",\"id\":\"e44e52a0-801b-11e7-bb2f-971b1cdb8a78\",\"col\":7,\"row\":6},{\"size_x\":2,\"size_y\":2,\"panelIndex\":64,\"type\":\"visualization\",\"id\":\"2f7d7110-8018-11e7-9e6a-575834c68c0e\",\"col\":5,\"row\":8},{\"size_x\":4,\"size_y\":2,\"panelIndex\":65,\"type\":\"visualization\",\"id\":\"36e56dc0-801a-11e7-8b60-018ea0aa61a0\",\"col\":1,\"row\":8},{\"size_x\":6,\"size_y\":2,\"panelIndex\":66,\"type\":\"visualization\",\"id\":\"39b43340-801c-11e7-9d03-efffc8601a27\",\"col\":1,\"row\":10},{\"size_x\":6,\"size_y\":2,\"panelIndex\":68,\"type\":\"visualization\",\"id\":\"5d9f4c90-801c-11e7-bb2f-971b1cdb8a78\",\"col\":1,\"row\":12},{\"size_x\":2,\"size_y\":2,\"panelIndex\":69,\"type\":\"visualization\",\"id\":\"1c87a220-801c-11e7-8ad4-bb5faa3d249c\",\"col\":11,\"row\":8},{\"size_x\":4,\"size_y\":2,\"panelIndex\":70,\"type\":\"visualization\",\"id\":\"f2fea250-2fcb-11e7-8df8-b363df28ab61\",\"col\":7,\"row\":8},{\"size_x\":6,\"size_y\":2,\"panelIndex\":71,\"type\":\"visualization\",\"id\":\"71294860-801c-11e7-9d03-efffc8601a27\",\"col\":7,\"row\":10},{\"size_x\":6,\"size_y\":2,\"panelIndex\":73,\"type\":\"visualization\",\"id\":\"92a73240-801c-11e7-bb2f-971b1cdb8a78\",\"col\":7,\"row\":12}]", "optionsJSON": "{\"darkTheme\":false}", - "uiStateJSON": "{}", + "uiStateJSON": "{\"P-48\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-49\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-50\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-51\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-52\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-53\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-54\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-59\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-64\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-27\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-30\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-29\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-26\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-69\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", "version": 1, "timeRestore": false, "kibanaSavedObjectMeta": { @@ -68,15 +51,15 @@ } }, { - "_id": "10dd3210-8020-11e7-8a72-651c4183643b", + "_id": "ca480720-2fdf-11e7-9d02-3f49bde5c1d5", "_type": "dashboard", "_source": { - "title": "Netflow: Conversations", + "title": "Netflow: Flow Records", "hits": 0, "description": "", - "panelsJSON": "[{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":5,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"6d0c50a0-801d-11e7-bcae-4bd056c878e8\",\"panelIndex\":6,\"row\":5,\"size_x\":12,\"size_y\":5,\"type\":\"visualization\"},{\"col\":5,\"id\":\"39b43340-801c-11e7-9d03-efffc8601a27\",\"panelIndex\":7,\"row\":2,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":4,\"size_y\":3,\"panelIndex\":8,\"type\":\"visualization\",\"id\":\"cc28fff0-801f-11e7-8a72-651c4183643b\",\"col\":1,\"row\":2}]", + "panelsJSON": "[{\"col\":4,\"id\":\"6a7e4790-2fe0-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":2,\"row\":2,\"size_x\":9,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"bbac23d0-2fe0-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":3,\"row\":2,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":4,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"size_x\":12,\"size_y\":4,\"panelIndex\":5,\"type\":\"search\",\"id\":\"0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5\",\"col\":1,\"row\":4,\"columns\":[\"netflow.src_addr\",\"netflow.src_port_name\",\"netflow.dst_addr\",\"netflow.dst_port_name\",\"netflow.protocol_name\",\"netflow.bytes\",\"netflow.packets\"],\"sort\":[\"@timestamp\",\"desc\"]}]", "optionsJSON": "{\"darkTheme\":false}", - "uiStateJSON": "{\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}}", + "uiStateJSON": "{\"P-3\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", "version": 1, "timeRestore": false, "kibanaSavedObjectMeta": { @@ -85,15 +68,15 @@ } }, { - "_id": "10584050-6234-11e7-8236-19b4b4941e22", + "_id": "310ae6e0-2fdf-11e7-9d02-3f49bde5c1d5", "_type": "dashboard", "_source": { - "title": "Netflow: Traffic Analysis", + "title": "Netflow: Conversation Partners", "hits": 0, "description": "", - "panelsJSON": "[{\"col\":7,\"id\":\"6a597070-6233-11e7-aa4b-5f8c56ec33b8\",\"panelIndex\":1,\"row\":22,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":4,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":7,\"id\":\"6c67b990-628c-11e7-95ed-8966ac93bd5a\",\"panelIndex\":5,\"row\":28,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"52279a00-628c-11e7-95ed-8966ac93bd5a\",\"panelIndex\":6,\"row\":28,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2c9567c0-6289-11e7-bcd8-a16ef1d32773\",\"panelIndex\":9,\"row\":22,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"b61f84d0-6289-11e7-bcd8-a16ef1d32773\",\"panelIndex\":10,\"row\":16,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"6ad67290-6289-11e7-bcd8-a16ef1d32773\",\"panelIndex\":11,\"row\":16,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"69f864d0-2fd7-11e7-97a8-85d8d5a99269\",\"panelIndex\":19,\"row\":14,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"b88a8790-2fd7-11e7-bd03-932d3e38a4ff\",\"panelIndex\":20,\"row\":14,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"97f430b0-622e-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":21,\"row\":20,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ac4cbc90-622d-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":22,\"row\":20,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"324b0a00-2fc9-11e7-bd31-a722d271a9cc\",\"panelIndex\":23,\"row\":26,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"9b5d3b80-2fc9-11e7-bd31-a722d271a9cc\",\"panelIndex\":24,\"row\":26,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"8d2cb120-6233-11e7-aa4b-5f8c56ec33b8\",\"panelIndex\":31,\"row\":24,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"99382ab0-6555-11e7-8d48-19b0c51bbbbd\",\"panelIndex\":34,\"row\":30,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"f5f79b00-6555-11e7-b27e-8f8b3770f1df\",\"panelIndex\":35,\"row\":30,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"a13402f0-6557-11e7-a3eb-4b30743c9370\",\"panelIndex\":44,\"row\":24,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"0de63e90-6558-11e7-8547-3d133170b50d\",\"panelIndex\":45,\"row\":18,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"39ecd800-6558-11e7-bea4-0f5fadb995cc\",\"panelIndex\":47,\"row\":18,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"9accd4a0-657a-11e7-8471-e5432f50acbd\",\"panelIndex\":48,\"row\":14,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"b13956f0-657a-11e7-8471-e5432f50acbd\",\"panelIndex\":49,\"row\":14,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"size_x\":2,\"size_y\":2,\"panelIndex\":50,\"type\":\"visualization\",\"id\":\"a2099810-657b-11e7-8471-e5432f50acbd\",\"col\":11,\"row\":20},{\"size_x\":2,\"size_y\":2,\"panelIndex\":51,\"type\":\"visualization\",\"id\":\"c4987cc0-657b-11e7-8471-e5432f50acbd\",\"col\":11,\"row\":26},{\"size_x\":2,\"size_y\":2,\"panelIndex\":52,\"type\":\"visualization\",\"id\":\"b3e2af90-657b-11e7-8471-e5432f50acbd\",\"col\":5,\"row\":26},{\"size_x\":2,\"size_y\":2,\"panelIndex\":53,\"type\":\"visualization\",\"id\":\"82fcfc50-657b-11e7-8471-e5432f50acbd\",\"col\":5,\"row\":20},{\"size_x\":2,\"size_y\":2,\"panelIndex\":54,\"type\":\"visualization\",\"id\":\"1e6fb550-8017-11e7-9e6a-575834c68c0e\",\"col\":5,\"row\":2},{\"size_x\":6,\"size_y\":2,\"panelIndex\":55,\"type\":\"visualization\",\"id\":\"5dd2fc30-801b-11e7-9d03-efffc8601a27\",\"col\":1,\"row\":4},{\"size_x\":4,\"size_y\":2,\"panelIndex\":56,\"type\":\"visualization\",\"id\":\"37a8b330-8019-11e7-af24-27fa1061e1bd\",\"col\":1,\"row\":2},{\"size_x\":6,\"size_y\":2,\"panelIndex\":58,\"type\":\"visualization\",\"id\":\"81969050-801b-11e7-bb2f-971b1cdb8a78\",\"col\":1,\"row\":6},{\"size_x\":2,\"size_y\":2,\"panelIndex\":59,\"type\":\"visualization\",\"id\":\"2e450d90-8017-11e7-9e6a-575834c68c0e\",\"col\":11,\"row\":2},{\"size_x\":4,\"size_y\":2,\"panelIndex\":60,\"type\":\"visualization\",\"id\":\"1c1f5550-801a-11e7-8b60-018ea0aa61a0\",\"col\":7,\"row\":2},{\"size_x\":6,\"size_y\":2,\"panelIndex\":61,\"type\":\"visualization\",\"id\":\"aaf27c20-801b-11e7-9d03-efffc8601a27\",\"col\":7,\"row\":4},{\"size_x\":6,\"size_y\":2,\"panelIndex\":63,\"type\":\"visualization\",\"id\":\"e44e52a0-801b-11e7-bb2f-971b1cdb8a78\",\"col\":7,\"row\":6},{\"size_x\":2,\"size_y\":2,\"panelIndex\":64,\"type\":\"visualization\",\"id\":\"2f7d7110-8018-11e7-9e6a-575834c68c0e\",\"col\":5,\"row\":8},{\"size_x\":4,\"size_y\":2,\"panelIndex\":65,\"type\":\"visualization\",\"id\":\"36e56dc0-801a-11e7-8b60-018ea0aa61a0\",\"col\":1,\"row\":8},{\"size_x\":6,\"size_y\":2,\"panelIndex\":66,\"type\":\"visualization\",\"id\":\"39b43340-801c-11e7-9d03-efffc8601a27\",\"col\":1,\"row\":10},{\"size_x\":6,\"size_y\":2,\"panelIndex\":68,\"type\":\"visualization\",\"id\":\"5d9f4c90-801c-11e7-bb2f-971b1cdb8a78\",\"col\":1,\"row\":12},{\"size_x\":2,\"size_y\":2,\"panelIndex\":69,\"type\":\"visualization\",\"id\":\"1c87a220-801c-11e7-8ad4-bb5faa3d249c\",\"col\":11,\"row\":8},{\"size_x\":4,\"size_y\":2,\"panelIndex\":70,\"type\":\"visualization\",\"id\":\"f2fea250-2fcb-11e7-8df8-b363df28ab61\",\"col\":7,\"row\":8},{\"size_x\":6,\"size_y\":2,\"panelIndex\":71,\"type\":\"visualization\",\"id\":\"71294860-801c-11e7-9d03-efffc8601a27\",\"col\":7,\"row\":10},{\"size_x\":6,\"size_y\":2,\"panelIndex\":73,\"type\":\"visualization\",\"id\":\"92a73240-801c-11e7-bb2f-971b1cdb8a78\",\"col\":7,\"row\":12}]", + "panelsJSON": "[{\"col\":1,\"id\":\"a7a47e70-2fde-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":1,\"row\":4,\"size_x\":12,\"size_y\":5,\"type\":\"visualization\"},{\"col\":9,\"id\":\"de9da770-2fcb-11e7-8df8-b363df28ab61\",\"panelIndex\":2,\"row\":2,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"4440e130-2fdd-11e7-afd7-595689f3f18c\",\"panelIndex\":3,\"row\":2,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"4898db90-2fdb-11e7-84e6-333bd21ad9fd\",\"panelIndex\":4,\"row\":2,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":5,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"}]", "optionsJSON": "{\"darkTheme\":false}", - "uiStateJSON": "{\"P-48\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-49\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-50\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-51\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-52\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-53\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-54\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-59\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-64\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-27\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-30\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-29\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-26\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-69\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", + "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}}", "version": 1, "timeRestore": false, "kibanaSavedObjectMeta": { @@ -152,6 +135,23 @@ } } }, + { + "_id": "653cf1e0-2fd2-11e7-99ed-49759aed30f5", + "_type": "dashboard", + "_source": { + "title": "Netflow: Overview", + "hits": 0, + "description": "", + "panelsJSON": "[{\"col\":1,\"id\":\"de9da770-2fcb-11e7-8df8-b363df28ab61\",\"panelIndex\":12,\"row\":6,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"69f864d0-2fd7-11e7-97a8-85d8d5a99269\",\"panelIndex\":15,\"row\":6,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"26e166f0-2fe2-11e7-9d02-3f49bde5c1d5\",\"panelIndex\":17,\"row\":1,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"b88a8790-2fd7-11e7-bd03-932d3e38a4ff\",\"panelIndex\":21,\"row\":8,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ac4cbc90-622d-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":22,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"97f430b0-622e-11e7-b0a5-e9bda2f6d168\",\"panelIndex\":23,\"row\":6,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"f6be96c0-622f-11e7-abbc-93bb293f5057\",\"panelIndex\":24,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"3fa5f6f0-2fca-11e7-ab32-99f279b941ef\",\"panelIndex\":25,\"row\":4,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"64b144f0-658e-11e7-bfc3-d74b7bb89482\",\"panelIndex\":26,\"row\":8,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"3026fe40-658f-11e7-bfc3-d74b7bb89482\",\"panelIndex\":29,\"row\":8,\"size_x\":4,\"size_y\":2,\"type\":\"visualization\"},{\"size_x\":4,\"size_y\":2,\"panelIndex\":31,\"type\":\"visualization\",\"id\":\"37a8b330-8019-11e7-af24-27fa1061e1bd\",\"col\":1,\"row\":2},{\"size_x\":4,\"size_y\":2,\"panelIndex\":32,\"type\":\"visualization\",\"id\":\"1c1f5550-801a-11e7-8b60-018ea0aa61a0\",\"col\":5,\"row\":2},{\"size_x\":4,\"size_y\":2,\"panelIndex\":34,\"type\":\"visualization\",\"id\":\"36e56dc0-801a-11e7-8b60-018ea0aa61a0\",\"col\":9,\"row\":2}]", + "optionsJSON": "{\"darkTheme\":false}", + "uiStateJSON": "{}", + "version": 1, + "timeRestore": false, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" + } + } + }, { "_id": "0d0216f0-2fe0-11e7-9d02-3f49bde5c1d5", "_type": "search", @@ -179,11 +179,11 @@ } }, { - "_id": "6ad67290-6289-11e7-bcd8-a16ef1d32773", + "_id": "0927de10-6556-11e7-b27e-8f8b3770f1df", "_type": "visualization", "_source": { - "title": "Netflow: Types of Service (bytes)", - "visState": "{\"title\":\"Netflow: Types of Service (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.tos:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tos:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Countries (flow records)", + "visState": "{\"title\":\"Netflow: Countries (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip.country_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.country_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -193,11 +193,11 @@ } }, { - "_id": "2c9567c0-6289-11e7-bcd8-a16ef1d32773", + "_id": "99382ab0-6555-11e7-8d48-19b0c51bbbbd", "_type": "visualization", "_source": { - "title": "Netflow: TCP Flags (bytes)", - "visState": "{\"title\":\"Netflow: TCP Flags (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.tcp_flags_label:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tcp_flags_label:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Cities (packets)", + "visState": "{\"title\":\"Netflow: Cities (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip.city_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.city_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -207,11 +207,11 @@ } }, { - "_id": "52279a00-628c-11e7-95ed-8966ac93bd5a", + "_id": "12ca1180-6593-11e7-9bf4-ed832088be20", "_type": "visualization", "_source": { - "title": "Netflow: Countries (bytes)", - "visState": "{\"title\":\"Netflow: Countries (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip.country_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.country_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Egress Interfaces (flow records)", + "visState": "{\"title\":\"Netflow: Egress Interfaces (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.output_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.output_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -221,11 +221,11 @@ } }, { - "_id": "b61f84d0-6289-11e7-bcd8-a16ef1d32773", + "_id": "fd081e50-6556-11e7-be5f-c5cca8dd73b6", "_type": "visualization", "_source": { - "title": "Netflow: VLANs (bytes)", - "visState": "{\"title\":\"Netflow: VLANs (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.vlan:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.vlan:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Source Ports (flow records)", + "visState": "{\"title\":\"Netflow: Source Ports (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.src_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -235,151 +235,151 @@ } }, { - "_id": "735d6c70-628e-11e7-a842-b787fa3508ce", + "_id": "3fa5f6f0-2fca-11e7-ab32-99f279b941ef", "_type": "visualization", "_source": { - "title": "Netflow: Sources (bytes)", - "visState": "{\"title\":\"Netflow: Sources (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.src_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Countries and Cities (bytes)", + "visState": "{\"title\":\"Netflow: Countries and Cities (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "65f3b500-6557-11e7-87c3-994b88f84501", + "_id": "ac4cbc90-622d-11e7-b0a5-e9bda2f6d168", "_type": "visualization", "_source": { - "title": "Netflow: Sources (packets)", - "visState": "{\"title\":\"Netflow: Sources (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.src_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Autonomous Systems (bytes)", + "visState": "{\"title\":\"Netflow: Autonomous Systems (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "0927de10-6556-11e7-b27e-8f8b3770f1df", + "_id": "af23cb20-2fc9-11e7-8224-a900ea73fa5f", "_type": "visualization", "_source": { - "title": "Netflow: Countries (flow records)", - "visState": "{\"title\":\"Netflow: Countries (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip.country_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.country_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Cities (flow records)", + "visState": "{\"title\":\"Netflow: Cities (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "0de63e90-6558-11e7-8547-3d133170b50d", + "_id": "4dc994a0-2fd7-11e7-97a8-85d8d5a99269", "_type": "visualization", "_source": { - "title": "Netflow: Types of Service (packets)", - "visState": "{\"title\":\"Netflow: Types of Service (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.tos:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tos:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Types of Service (flow records)", + "visState": "{\"title\":\"Netflow: Types of Service (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tos\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "a13402f0-6557-11e7-a3eb-4b30743c9370", + "_id": "b13956f0-657a-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: TCP Flags (packets)", - "visState": "{\"title\":\"Netflow: TCP Flags (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.tcp_flags_label:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tcp_flags_label:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: VLAN Count", + "visState": "{\"title\":\"Netflow: VLAN Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.vlan\",\"customLabel\":\"VLANs\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "231fe630-6558-11e7-8547-3d133170b50d", + "_id": "55be8550-655e-11e7-9dda-9f993e2ba58b", "_type": "visualization", "_source": { - "title": "Netflow: Types of Service (flow records)", - "visState": "{\"title\":\"Netflow: Types of Service (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.tos:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tos:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination Count", + "visState": "{\"title\":\"Netflow: Destination Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.dst_addr\",\"customLabel\":\"Destinations\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "daa62090-6557-11e7-a3eb-4b30743c9370", + "_id": "b3e2af90-657b-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: TCP Flags (flow records)", - "visState": "{\"title\":\"Netflow: TCP Flags (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.tcp_flags_label:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tcp_flags_label:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Country Count", + "visState": "{\"title\":\"Netflow: Country Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geoip.country_name\",\"customLabel\":\"Countries\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "39ecd800-6558-11e7-bea4-0f5fadb995cc", + "_id": "bbac23d0-2fe0-11e7-9d02-3f49bde5c1d5", "_type": "visualization", "_source": { - "title": "Netflow: VLANs (packets)", - "visState": "{\"title\":\"Netflow: VLANs (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.vlan:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.vlan:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Flow Records", + "visState": "{\"title\":\"Netflow: Flow Records\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "835e6090-6557-11e7-87c3-994b88f84501", + "_id": "e3ef9130-658a-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Sources (flow records)", - "visState": "{\"title\":\"Netflow: Sources (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.src_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination and Source ASs (bytes)", + "visState": "{\"title\":\"Netflow: Destination and Source ASs (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_dst.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_src.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "99382ab0-6555-11e7-8d48-19b0c51bbbbd", + "_id": "7aaa68d0-658a-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Cities (packets)", - "visState": "{\"title\":\"Netflow: Cities (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip.city_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.city_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination and Source ASs (flow records)", + "visState": "{\"title\":\"Netflow: Destination and Source ASs (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_dst.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_src.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "8c6ce180-657e-11e7-bd38-dd04615e7f62", + "_id": "dcf88c60-6233-11e7-aa4b-5f8c56ec33b8", "_type": "visualization", "_source": { - "title": "Netflow: Destination Autonomous Systems (bytes)", - "visState": "{\"title\":\"Netflow: Destination Autonomous Systems (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip_dst.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_dst.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Autonomous Systems (flow records)", + "visState": "{\"title\":\"Netflow: Autonomous Systems (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flows records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -389,11 +389,11 @@ } }, { - "_id": "4a548ff0-657e-11e7-9748-5d4091219eef", + "_id": "f5f79b00-6555-11e7-b27e-8f8b3770f1df", "_type": "visualization", "_source": { - "title": "Netflow: Source Autonomous Systems (packets)", - "visState": "{\"title\":\"Netflow: Source Autonomous Systems (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip_src.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_src.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Countries (packets)", + "visState": "{\"title\":\"Netflow: Countries (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip.country_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.country_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -403,11 +403,11 @@ } }, { - "_id": "87dbc0a0-657e-11e7-99b6-af4533b21b46", + "_id": "b2d02df0-6556-11e7-a807-e52f264c6cfd", "_type": "visualization", "_source": { - "title": "Netflow: Destination Autonomous Systems (flow records)", - "visState": "{\"title\":\"Netflow: Destination Autonomous Systems (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip_dst.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_dst.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flows records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destinations (flow records)", + "visState": "{\"title\":\"Netflow: Destinations (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.dst_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -417,11 +417,11 @@ } }, { - "_id": "9a4938d0-6592-11e7-b8de-af19b696fa44", + "_id": "43e698c0-657e-11e7-99b6-af4533b21b46", "_type": "visualization", "_source": { - "title": "Netflow: Ingress Interfaces (bytes)", - "visState": "{\"title\":\"Netflow: Ingress Interfaces (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.input_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.input_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Source Autonomous Systems (flow records)", + "visState": "{\"title\":\"Netflow: Source Autonomous Systems (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip_src.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_src.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flows records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -431,11 +431,11 @@ } }, { - "_id": "bfec6260-6592-11e7-9bf4-ed832088be20", + "_id": "836b2010-657e-11e7-9748-5d4091219eef", "_type": "visualization", "_source": { - "title": "Netflow: Ingress Interfaces (flow records)", - "visState": "{\"title\":\"Netflow: Ingress Interfaces (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.input_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.input_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination Autonomous Systems (packets)", + "visState": "{\"title\":\"Netflow: Destination Autonomous Systems (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip_dst.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_dst.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -445,137 +445,137 @@ } }, { - "_id": "e2a7fc60-6592-11e7-8b83-5b2419db46fa", + "_id": "99c1a4a0-2f60-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Ingress Interfaces (packets)", - "visState": "{\"title\":\"Netflow: Ingress Interfaces (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.input_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.input_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Geo Location Heatmap", + "visState": "{\"title\":\"Netflow: Geo Location Heatmap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":\"0.32\",\"heatRadius\":\"24\",\"heatBlur\":\"16\",\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2,\"customLabel\":\"Location\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"mapCenter\":[8.407168163601076,9.4921875]}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "206d6e90-6593-11e7-8b83-5b2419db46fa", + "_id": "d07a2870-2fcc-11e7-9bae-a35d2fe38fc2", "_type": "visualization", "_source": { - "title": "Netflow: Egress Interfaces (packets)", - "visState": "{\"title\":\"Netflow: Egress Interfaces (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.output_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.output_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: IP Version and Protocols (packets)", + "visState": "{\"title\":\"Netflow: IP Version and Protocols (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "12ca1180-6593-11e7-9bf4-ed832088be20", + "_id": "8f35efc0-2fcc-11e7-842d-39925ea8ac40", "_type": "visualization", "_source": { - "title": "Netflow: Egress Interfaces (flow records)", - "visState": "{\"title\":\"Netflow: Egress Interfaces (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.output_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.output_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: IP Version and Protocols (flow records)", + "visState": "{\"title\":\"Netflow: IP Version and Protocols (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "622844d0-6288-11e7-bcd8-a16ef1d32773", + "_id": "691cda40-2fc9-11e7-823a-89e4bb55eaa1", "_type": "visualization", "_source": { - "title": "Netflow: Destination Ports (bytes)", - "visState": "{\"title\":\"Netflow: Destination Ports (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.dst_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Countries (packets)", + "visState": "{\"title\":\"Netflow: Countries (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "5e58cc00-6556-11e7-995a-3584c2c6482c", + "_id": "a2099810-657b-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Destination Ports (flow records)", - "visState": "{\"title\":\"Netflow: Destination Ports (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.dst_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Autonomous System Count", + "visState": "{\"title\":\"Netflow: Autonomous System Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geoip.autonomous_system\",\"customLabel\":\"Autonomous Systems\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "caf2c4b0-6556-11e7-be5f-c5cca8dd73b6", + "_id": "64b144f0-658e-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Source Ports (packets)", - "visState": "{\"title\":\"Netflow: Source Ports (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.src_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Flow Exporters (bytes)", + "visState": "{\"title\":\"Netflow: Flow Exporters (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "91ae4100-6288-11e7-bcd8-a16ef1d32773", + "_id": "a8b68cb0-2fc8-11e7-8d8b-45ec51795dad", "_type": "visualization", "_source": { "title": "Netflow: Source Ports (bytes)", - "visState": "{\"title\":\"Netflow: Source Ports (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.src_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "visState": "{\"title\":\"Netflow: Source Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "fd081e50-6556-11e7-be5f-c5cca8dd73b6", + "_id": "9f113d80-6719-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Source Ports (flow records)", - "visState": "{\"title\":\"Netflow: Source Ports (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.src_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Destinations", + "visState": "{\"title\":\"Netflow: Top Destinations\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "3ee07620-6556-11e7-995a-3584c2c6482c", + "_id": "e2f43d10-6591-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destination Ports (packets)", - "visState": "{\"title\":\"Netflow: Destination Ports (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.dst_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Ingress Interfaces (bytes)", + "visState": "{\"title\":\"Netflow: Ingress Interfaces (bytes)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.input_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "39e3dab0-2fcb-11e7-befb-31e033c79e4e", + "_id": "23d6dc80-2fd6-11e7-bc99-41245d9394f2", "_type": "visualization", "_source": { - "title": "Netflow: Version", - "visState": "{\"title\":\"Netflow: Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations and Ports (bytes)", + "visState": "{\"title\":\"Netflow: Destinations and Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -585,11 +585,11 @@ } }, { - "_id": "1026edb0-2fcc-11e7-842d-39925ea8ac40", + "_id": "ca786e30-622d-11e7-b0a5-e9bda2f6d168", "_type": "visualization", "_source": { - "title": "Netflow: IP Version (flow records)", - "visState": "{\"title\":\"Netflow: IP Version (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}],\"listeners\":{}}", + "title": "Netflow: Autonomous Systems (packets)", + "visState": "{\"title\":\"Netflow: Autonomous Systems (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -599,25 +599,25 @@ } }, { - "_id": "b6a092e0-2fcc-11e7-9bae-a35d2fe38fc2", + "_id": "b88a8790-2fd7-11e7-bd03-932d3e38a4ff", "_type": "visualization", "_source": { - "title": "Netflow: IP Version (packets)", - "visState": "{\"title\":\"Netflow: IP Version (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}],\"listeners\":{}}", + "title": "Netflow: VLANs (bytes)", + "visState": "{\"title\":\"Netflow: VLANs (bytes)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.vlan\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "99e49de0-2fcc-11e7-842d-39925ea8ac40", + "_id": "4f3525d0-2fc7-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Protocols (flow records)", - "visState": "{\"title\":\"Netflow: Protocols (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations (flow records)", + "visState": "{\"title\":\"Netflow: Destinations (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -627,11 +627,11 @@ } }, { - "_id": "3fa5f6f0-2fca-11e7-ab32-99f279b941ef", + "_id": "5fd2fe30-2fc7-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Countries and Cities (bytes)", - "visState": "{\"title\":\"Netflow: Countries and Cities (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations (bytes)", + "visState": "{\"title\":\"Netflow: Destinations (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -641,11 +641,11 @@ } }, { - "_id": "ac4cbc90-622d-11e7-b0a5-e9bda2f6d168", + "_id": "8a52f7a0-2fc7-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous Systems (bytes)", - "visState": "{\"title\":\"Netflow: Autonomous Systems (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", + "title": "Netflow: Sources (packets)", + "visState": "{\"title\":\"Netflow: Sources (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -655,11 +655,11 @@ } }, { - "_id": "af23cb20-2fc9-11e7-8224-a900ea73fa5f", + "_id": "ad5cb080-622e-11e7-b0a5-e9bda2f6d168", "_type": "visualization", "_source": { - "title": "Netflow: Cities (flow records)", - "visState": "{\"title\":\"Netflow: Cities (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", + "title": "Netflow: TCP Flags (packets)", + "visState": "{\"title\":\"Netflow: TCP Flags (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tcp_flags_label\",\"size\":255,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TCP Flags\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -669,11 +669,11 @@ } }, { - "_id": "84e4c9f0-2fd7-11e7-97a8-85d8d5a99269", + "_id": "97f430b0-622e-11e7-b0a5-e9bda2f6d168", "_type": "visualization", "_source": { - "title": "Netflow: Types of Service (packets)", - "visState": "{\"title\":\"Netflow: Types of Service (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tos\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}],\"listeners\":{}}", + "title": "Netflow: TCP Flags (bytes)", + "visState": "{\"title\":\"Netflow: TCP Flags (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tcp_flags_label\",\"size\":255,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TCP Flags\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -683,11 +683,11 @@ } }, { - "_id": "69f864d0-2fd7-11e7-97a8-85d8d5a99269", + "_id": "2aeac270-6230-11e7-84f1-9728c106b1b6", "_type": "visualization", "_source": { - "title": "Netflow: Types of Service (bytes)", - "visState": "{\"title\":\"Netflow: Types of Service (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tos\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}],\"listeners\":{}}", + "title": "Netflow: Locality (packets)", + "visState": "{\"title\":\"Netflow: Locality (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.flow_locality\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -697,12 +697,12 @@ } }, { - "_id": "4dc994a0-2fd7-11e7-97a8-85d8d5a99269", + "_id": "a7a47e70-2fde-11e7-9d02-3f49bde5c1d5", "_type": "visualization", "_source": { - "title": "Netflow: Types of Service (flow records)", - "visState": "{\"title\":\"Netflow: Types of Service (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tos\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Conversation Partners", + "visState": "{\"title\":\"Netflow: Conversation Partners\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -711,25 +711,25 @@ } }, { - "_id": "d297fe60-2fd7-11e7-af27-99e728e71e91", + "_id": "f8731d50-2fd6-11e7-97a8-85d8d5a99269", "_type": "visualization", "_source": { - "title": "Netflow: VLANs (flow records)", - "visState": "{\"title\":\"Netflow: VLANs (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.vlan\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}],\"listeners\":{}}", + "title": "Netflow: Flow Exporters (flow records)", + "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Flow Exporter\",\"field\":\"host\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"title\":\"Netflow: Flow Exporters (flow records)\",\"type\":\"pie\"}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "4440e130-2fdd-11e7-afd7-595689f3f18c", + "_id": "a4ade270-658e-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destinations and Sources (bytes)", - "visState": "{\"title\":\"Netflow: Destinations and Sources (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "title": "Netflow: Direction (bytes)", + "visState": "{\"title\":\"Netflow: Direction (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.direction\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -739,11 +739,11 @@ } }, { - "_id": "55f66b20-2fdd-11e7-afd7-595689f3f18c", + "_id": "4ea0a8d0-658f-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destinations and Sources (packets)", - "visState": "{\"title\":\"Netflow: Destinations and Sources (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "title": "Netflow: Version (flow records)", + "visState": "{\"title\":\"Netflow: Version (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -753,25 +753,25 @@ } }, { - "_id": "7c2cfd10-2fc7-11e7-8936-6f5fd5520124", + "_id": "2f7d7110-8018-11e7-9e6a-575834c68c0e", "_type": "visualization", "_source": { - "title": "Netflow: Sources (bytes)", - "visState": "{\"title\":\"Netflow: Sources (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Service Count", + "visState": "{\"title\":\"Netflow: Service Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.service_name\",\"customLabel\":\"Services\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "9accd4a0-657a-11e7-8471-e5432f50acbd", + "_id": "1e6fb550-8017-11e7-9e6a-575834c68c0e", "_type": "visualization", "_source": { - "title": "Netflow: ToS Count", - "visState": "{\"title\":\"Netflow: ToS Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.tos\",\"customLabel\":\"Types of Service\"}}],\"listeners\":{}}", + "title": "Netflow: Client Count", + "visState": "{\"title\":\"Netflow: Client Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.client_addr\",\"customLabel\":\"Clients\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, @@ -781,11 +781,11 @@ } }, { - "_id": "3277ea90-6578-11e7-8471-e5432f50acbd", + "_id": "2e450d90-8017-11e7-9e6a-575834c68c0e", "_type": "visualization", "_source": { - "title": "Netflow: Source Count", - "visState": "{\"title\":\"Netflow: Source Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.src_addr\",\"customLabel\":\"Sources\"}}],\"listeners\":{}}", + "title": "Netflow: Server Count", + "visState": "{\"title\":\"Netflow: Server Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.server_addr\",\"customLabel\":\"Servers\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, @@ -795,25 +795,25 @@ } }, { - "_id": "b13956f0-657a-11e7-8471-e5432f50acbd", + "_id": "74c85d90-801b-11e7-9880-7be1a59c7d40", "_type": "visualization", "_source": { - "title": "Netflow: VLAN Count", - "visState": "{\"title\":\"Netflow: VLAN Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.vlan\",\"customLabel\":\"VLANs\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Clients (flow records)", + "visState": "{\"title\":\"Netflow: Clients (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.client_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.client_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "55be8550-655e-11e7-9dda-9f993e2ba58b", + "_id": "0edebc40-801b-11e7-b4bd-5b3ceedd298a", "_type": "visualization", "_source": { - "title": "Netflow: Destination Count", - "visState": "{\"title\":\"Netflow: Destination Count\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.dst_addr\",\"customLabel\":\"Destinations\"}}],\"listeners\":{}}", + "title": "Netflow: Services (packets)", + "visState": "{\"title\":\"Netflow: Services (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -823,12 +823,12 @@ } }, { - "_id": "82fcfc50-657b-11e7-8471-e5432f50acbd", + "_id": "be065300-801a-11e7-a69e-1db8cf608fe4", "_type": "visualization", "_source": { - "title": "Netflow: TCP Flags Count", - "visState": "{\"title\":\"Netflow: TCP Flags Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.tcp_flags_label\",\"customLabel\":\"TCP Flag States\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Services (flow records)", + "visState": "{\"title\":\"Netflow: Services (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -837,12 +837,12 @@ } }, { - "_id": "b3e2af90-657b-11e7-8471-e5432f50acbd", + "_id": "df88de80-801f-11e7-8a72-651c4183643b", "_type": "visualization", "_source": { - "title": "Netflow: Country Count", - "visState": "{\"title\":\"Netflow: Country Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geoip.country_name\",\"customLabel\":\"Countries\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Servers and Clients (packets)", + "visState": "{\"title\":\"Netflow: Servers and Clients (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -851,67 +851,67 @@ } }, { - "_id": "c4987cc0-657b-11e7-8471-e5432f50acbd", + "_id": "92a73240-801c-11e7-bb2f-971b1cdb8a78", "_type": "visualization", "_source": { - "title": "Netflow: City Count", - "visState": "{\"title\":\"Netflow: City Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geoip.city_name\",\"customLabel\":\"Cities\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Protocols (packets)", + "visState": "{\"title\":\"Netflow: Protocols (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.protocol_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.protocol_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "bbac23d0-2fe0-11e7-9d02-3f49bde5c1d5", + "_id": "65f3b500-6557-11e7-87c3-994b88f84501", "_type": "visualization", "_source": { - "title": "Netflow: Flow Records", - "visState": "{\"title\":\"Netflow: Flow Records\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Sources (packets)", + "visState": "{\"title\":\"Netflow: Sources (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.src_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "e3ef9130-658a-11e7-bfc3-d74b7bb89482", + "_id": "daa62090-6557-11e7-a3eb-4b30743c9370", "_type": "visualization", "_source": { - "title": "Netflow: Destination and Source ASs (bytes)", - "visState": "{\"title\":\"Netflow: Destination and Source ASs (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_dst.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_src.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}],\"listeners\":{}}", + "title": "Netflow: TCP Flags (flow records)", + "visState": "{\"title\":\"Netflow: TCP Flags (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.tcp_flags_label:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tcp_flags_label:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "7aaa68d0-658a-11e7-bfc3-d74b7bb89482", + "_id": "39ecd800-6558-11e7-bea4-0f5fadb995cc", "_type": "visualization", "_source": { - "title": "Netflow: Destination and Source ASs (flow records)", - "visState": "{\"title\":\"Netflow: Destination and Source ASs (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_dst.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_src.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}],\"listeners\":{}}", + "title": "Netflow: VLANs (packets)", + "visState": "{\"title\":\"Netflow: VLANs (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.vlan:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.vlan:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "6a597070-6233-11e7-aa4b-5f8c56ec33b8", + "_id": "4a548ff0-657e-11e7-9748-5d4091219eef", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous Systems (bytes)", - "visState": "{\"title\":\"Netflow: Autonomous Systems (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Source Autonomous Systems (packets)", + "visState": "{\"title\":\"Netflow: Source Autonomous Systems (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip_src.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_src.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -921,11 +921,11 @@ } }, { - "_id": "dcf88c60-6233-11e7-aa4b-5f8c56ec33b8", + "_id": "206d6e90-6593-11e7-8b83-5b2419db46fa", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous Systems (flow records)", - "visState": "{\"title\":\"Netflow: Autonomous Systems (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flows records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Egress Interfaces (packets)", + "visState": "{\"title\":\"Netflow: Egress Interfaces (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.output_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.output_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -935,11 +935,11 @@ } }, { - "_id": "56a23ac0-628e-11e7-a842-b787fa3508ce", + "_id": "5e58cc00-6556-11e7-995a-3584c2c6482c", "_type": "visualization", "_source": { - "title": "Netflow: Destinations (bytes)", - "visState": "{\"title\":\"Netflow: Destinations (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.dst_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination Ports (flow records)", + "visState": "{\"title\":\"Netflow: Destination Ports (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.dst_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -949,11 +949,11 @@ } }, { - "_id": "a3541940-6556-11e7-a807-e52f264c6cfd", + "_id": "caf2c4b0-6556-11e7-be5f-c5cca8dd73b6", "_type": "visualization", "_source": { - "title": "Netflow: Destinations (packets)", - "visState": "{\"title\":\"Netflow: Destinations (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.dst_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Source Ports (packets)", + "visState": "{\"title\":\"Netflow: Source Ports (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.src_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -963,170 +963,170 @@ } }, { - "_id": "f5f79b00-6555-11e7-b27e-8f8b3770f1df", + "_id": "39e3dab0-2fcb-11e7-befb-31e033c79e4e", "_type": "visualization", "_source": { - "title": "Netflow: Countries (packets)", - "visState": "{\"title\":\"Netflow: Countries (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip.country_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.country_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Version", + "visState": "{\"title\":\"Netflow: Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "b2d02df0-6556-11e7-a807-e52f264c6cfd", + "_id": "1026edb0-2fcc-11e7-842d-39925ea8ac40", "_type": "visualization", "_source": { - "title": "Netflow: Destinations (flow records)", - "visState": "{\"title\":\"Netflow: Destinations (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.dst_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: IP Version (flow records)", + "visState": "{\"title\":\"Netflow: IP Version (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "4a6f6030-6558-11e7-bea4-0f5fadb995cc", + "_id": "99e49de0-2fcc-11e7-842d-39925ea8ac40", "_type": "visualization", "_source": { - "title": "Netflow: VLANs (flow records)", - "visState": "{\"title\":\"Netflow: VLANs (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.vlan:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.vlan:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Protocols (flow records)", + "visState": "{\"title\":\"Netflow: Protocols (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "6c67b990-628c-11e7-95ed-8966ac93bd5a", + "_id": "d297fe60-2fd7-11e7-af27-99e728e71e91", "_type": "visualization", "_source": { - "title": "Netflow: Cities (bytes)", - "visState": "{\"title\":\"Netflow: Cities (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip.city_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.city_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: VLANs (flow records)", + "visState": "{\"title\":\"Netflow: VLANs (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.vlan\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "d9fdbd80-6555-11e7-8d48-19b0c51bbbbd", + "_id": "4440e130-2fdd-11e7-afd7-595689f3f18c", "_type": "visualization", "_source": { - "title": "Netflow: Cities (flow records)", - "visState": "{\"title\":\"Netflow: Cities (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip.city_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.city_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destinations and Sources (bytes)", + "visState": "{\"title\":\"Netflow: Destinations and Sources (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "399c9fe0-657e-11e7-bd38-dd04615e7f62", + "_id": "55f66b20-2fdd-11e7-afd7-595689f3f18c", "_type": "visualization", "_source": { - "title": "Netflow: Source Autonomous Systems (bytes)", - "visState": "{\"title\":\"Netflow: Source Autonomous Systems (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip_src.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_src.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destinations and Sources (packets)", + "visState": "{\"title\":\"Netflow: Destinations and Sources (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "43e698c0-657e-11e7-99b6-af4533b21b46", + "_id": "3277ea90-6578-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Source Autonomous Systems (flow records)", - "visState": "{\"title\":\"Netflow: Source Autonomous Systems (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip_src.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_src.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flows records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Source Count", + "visState": "{\"title\":\"Netflow: Source Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.src_addr\",\"customLabel\":\"Sources\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "836b2010-657e-11e7-9748-5d4091219eef", + "_id": "82fcfc50-657b-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Destination Autonomous Systems (packets)", - "visState": "{\"title\":\"Netflow: Destination Autonomous Systems (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip_dst.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_dst.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: TCP Flags Count", + "visState": "{\"title\":\"Netflow: TCP Flags Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.tcp_flags_label\",\"customLabel\":\"TCP Flag States\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "00248240-6593-11e7-b8de-af19b696fa44", + "_id": "c4987cc0-657b-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Egress Interfaces (bytes)", - "visState": "{\"title\":\"Netflow: Egress Interfaces (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.output_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.output_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: City Count", + "visState": "{\"title\":\"Netflow: City Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geoip.city_name\",\"customLabel\":\"Cities\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "99c1a4a0-2f60-11e7-8936-6f5fd5520124", + "_id": "a3541940-6556-11e7-a807-e52f264c6cfd", "_type": "visualization", "_source": { - "title": "Netflow: Geo Location Heatmap", - "visState": "{\"title\":\"Netflow: Geo Location Heatmap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Heatmap\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":\"0.32\",\"heatRadius\":\"24\",\"heatBlur\":\"16\",\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[15,5],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2,\"customLabel\":\"Location\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"mapCenter\":[8.407168163601076,9.4921875]}", + "title": "Netflow: Destinations (packets)", + "visState": "{\"title\":\"Netflow: Destinations (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.dst_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "d07a2870-2fcc-11e7-9bae-a35d2fe38fc2", + "_id": "4a6f6030-6558-11e7-bea4-0f5fadb995cc", "_type": "visualization", "_source": { - "title": "Netflow: IP Version and Protocols (packets)", - "visState": "{\"title\":\"Netflow: IP Version and Protocols (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", + "title": "Netflow: VLANs (flow records)", + "visState": "{\"title\":\"Netflow: VLANs (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.vlan:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.vlan:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "8f35efc0-2fcc-11e7-842d-39925ea8ac40", + "_id": "d9fdbd80-6555-11e7-8d48-19b0c51bbbbd", "_type": "visualization", "_source": { - "title": "Netflow: IP Version and Protocols (flow records)", - "visState": "{\"title\":\"Netflow: IP Version and Protocols (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", + "title": "Netflow: Cities (flow records)", + "visState": "{\"title\":\"Netflow: Cities (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip.city_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.city_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, @@ -1201,12 +1201,12 @@ } }, { - "_id": "bb8e3d90-2fca-11e7-9fcf-99b4b8159f98", + "_id": "02e25f10-671a-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Countries and Cities (packets)", - "visState": "{\"title\":\"Netflow: Countries and Cities (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Source Ports", + "visState": "{\"title\":\"Netflow: Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -1215,11 +1215,11 @@ } }, { - "_id": "691cda40-2fc9-11e7-823a-89e4bb55eaa1", + "_id": "16438600-2fcb-11e7-befb-31e033c79e4e", "_type": "visualization", "_source": { - "title": "Netflow: Countries (packets)", - "visState": "{\"title\":\"Netflow: Countries (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "title": "Netflow: Direction (flow records)", + "visState": "{\"title\":\"Netflow: Direction (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.direction\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1229,11 +1229,11 @@ } }, { - "_id": "1e7d8770-2fc7-11e7-8936-6f5fd5520124", + "_id": "41a7e3a0-658f-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Sources (flow records)", - "visState": "{\"title\":\"Netflow: Sources (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "title": "Netflow: Version (packets)", + "visState": "{\"title\":\"Netflow: Version (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1243,25 +1243,25 @@ } }, { - "_id": "a2099810-657b-11e7-8471-e5432f50acbd", + "_id": "1fa2c100-6592-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous System Count", - "visState": "{\"title\":\"Netflow: Autonomous System Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"geoip.autonomous_system\",\"customLabel\":\"Autonomous Systems\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Egress Interfaces (flow records)", + "visState": "{\"title\":\"Netflow: Egress Interfaces (flow records)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.output_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "f11380e0-6591-11e7-bfc3-d74b7bb89482", + "_id": "1418ce10-6592-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Ingress Interfaces (packets)", - "visState": "{\"title\":\"Netflow: Ingress Interfaces (packets)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.input_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}],\"listeners\":{}}", + "title": "Netflow: Egress Interfaces (bytes)", + "visState": "{\"title\":\"Netflow: Egress Interfaces (bytes)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.output_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1271,53 +1271,53 @@ } }, { - "_id": "d2a2db30-658a-11e7-bfc3-d74b7bb89482", + "_id": "caea3760-6591-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destination and Source ASs (packets)", - "visState": "{\"title\":\"Netflow: Destination and Source ASs (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_dst.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_src.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}],\"listeners\":{}}", + "title": "Netflow: Ingress Interfaces (flow records)", + "visState": "{\"title\":\"Netflow: Ingress Interfaces (flow records)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.input_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "64b144f0-658e-11e7-bfc3-d74b7bb89482", + "_id": "5c5d6f60-2fdb-11e7-84e6-333bd21ad9fd", "_type": "visualization", "_source": { - "title": "Netflow: Flow Exporters (bytes)", - "visState": "{\"title\":\"Netflow: Flow Exporters (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}", + "title": "Netflow: Destination and Source Ports (packets)", + "visState": "{\"title\":\"Netflow: Destination and Source Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "04990fe0-6592-11e7-bfc3-d74b7bb89482", + "_id": "7f7aac00-2fc8-11e7-8bc1-177080983dbf", "_type": "visualization", "_source": { - "title": "Netflow: Egress Interfaces (packets)", - "visState": "{\"title\":\"Netflow: Egress Interfaces (packets)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.output_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}],\"listeners\":{}}", + "title": "Netflow: Destination Ports (packets)", + "visState": "{\"title\":\"Netflow: Destination Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "8500a670-6579-11e7-8471-e5432f50acbd", + "_id": "71272b10-6579-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Destination Port Count", - "visState": "{\"title\":\"Netflow: Destination Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.dst_port_name\",\"customLabel\":\"Destination Ports\"}}],\"listeners\":{}}", + "title": "Netflow: Source Port Count", + "visState": "{\"title\":\"Netflow: Source Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.src_port_name\",\"customLabel\":\"Source Ports\"}}],\"listeners\":{}}", "uiStateJSON": "{\n \"vis\": {\n \"defaultColors\": {\n \"0 - 100\": \"rgb(0,104,55)\"\n }\n }\n}", "description": "", "version": 1, @@ -1327,11 +1327,11 @@ } }, { - "_id": "47d426a0-2fc8-11e7-8b06-97426538fddd", + "_id": "9f9e54b0-2fd6-11e7-a82c-3146dd695923", "_type": "visualization", "_source": { - "title": "Netflow: Destination Ports (bytes)", - "visState": "{\"title\":\"Netflow: Destination Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", + "title": "Netflow: Sources and Ports (packets)", + "visState": "{\"title\":\"Netflow: Sources and Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1341,25 +1341,25 @@ } }, { - "_id": "44b3cb70-2fd6-11e7-bc99-41245d9394f2", + "_id": "8d2cb120-6233-11e7-aa4b-5f8c56ec33b8", "_type": "visualization", "_source": { - "title": "Netflow: Destinations and Ports (flow records)", - "visState": "{\"title\":\"Netflow: Destinations and Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "title": "Netflow: Autonomous Systems (packets)", + "visState": "{\"title\":\"Netflow: Autonomous Systems (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "de9b3dd0-2fc8-11e7-844c-67b9b101127b", + "_id": "b02faaf0-2fcb-11e7-8df8-b363df28ab61", "_type": "visualization", "_source": { - "title": "Netflow: Source Ports (packets)", - "visState": "{\"title\":\"Netflow: Source Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: IP Version (bytes)", + "visState": "{\"title\":\"Netflow: IP Version (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1369,11 +1369,11 @@ } }, { - "_id": "c6b36620-2fc8-11e7-87d6-cdce05879baf", + "_id": "324b0a00-2fc9-11e7-bd31-a722d271a9cc", "_type": "visualization", "_source": { - "title": "Netflow: Source Ports (flow records)", - "visState": "{\"title\":\"Netflow: Source Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: Countries (bytes)", + "visState": "{\"title\":\"Netflow: Countries (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1383,11 +1383,11 @@ } }, { - "_id": "a8b68cb0-2fc8-11e7-8d8b-45ec51795dad", + "_id": "793a6f00-2fdd-11e7-afd7-595689f3f18c", "_type": "visualization", "_source": { - "title": "Netflow: Source Ports (bytes)", - "visState": "{\"title\":\"Netflow: Source Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations and Sources (flow records)", + "visState": "{\"title\":\"Netflow: Destinations and Sources (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1397,11 +1397,11 @@ } }, { - "_id": "a8eadac0-658c-11e7-bfc3-d74b7bb89482", + "_id": "6702de70-2fca-11e7-8fcd-8dc6c60d4592", "_type": "visualization", "_source": { - "title": "Netflow: Traffic Volume by Destination Port", - "visState": "{\"title\":\"Netflow: Traffic Volume by Destination Port\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Time\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.last_switched\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", + "title": "Netflow: Countries and Cities (flow records)", + "visState": "{\"title\":\"Netflow: Countries and Cities (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1411,11 +1411,11 @@ } }, { - "_id": "c61bd8b0-658c-11e7-bfc3-d74b7bb89482", + "_id": "49a2d6b0-2fc9-11e7-8224-a900ea73fa5f", "_type": "visualization", "_source": { - "title": "Netflow: Traffic Volume by Source Port", - "visState": "{\"title\":\"Netflow: Traffic Volume by Source Port\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Time\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.last_switched\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: Countries (flow records)", + "visState": "{\"title\":\"Netflow: Countries (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1425,11 +1425,11 @@ } }, { - "_id": "b74bbb70-2fd6-11e7-a82c-3146dd695923", + "_id": "36e56dc0-801a-11e7-8b60-018ea0aa61a0", "_type": "visualization", "_source": { - "title": "Netflow: Sources and Ports (flow records)", - "visState": "{\"title\":\"Netflow: Sources and Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "title": "Netflow: Services (bytes)", + "visState": "{\"title\":\"Netflow: Services (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1439,12 +1439,12 @@ } }, { - "_id": "d4a408a0-671a-11e7-b5b8-29fbded8e37c", + "_id": "fa3371f0-801a-11e7-b4bd-5b3ceedd298a", "_type": "visualization", "_source": { - "title": "Netflow: Top Cities", - "visState": "{\"title\":\"Netflow: Top Cities\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":true,\"showTotal\":true,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Country\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.city_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"City\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "title": "Netflow: Servers (packets)", + "visState": "{\"title\":\"Netflow: Servers (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -1453,12 +1453,12 @@ } }, { - "_id": "51006340-671a-11e7-b5b8-29fbded8e37c", + "_id": "1c87a220-801c-11e7-8ad4-bb5faa3d249c", "_type": "visualization", "_source": { - "title": "Netflow: Top Autonomous Systems", - "visState": "{\"title\":\"Netflow: Top Autonomous Systems\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Protocol Count", + "visState": "{\"title\":\"Netflow: Protocol Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.protocol_name\",\"customLabel\":\"Protocols\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -1467,165 +1467,165 @@ } }, { - "_id": "ef7699a0-6719-11e7-b5b8-29fbded8e37c", + "_id": "81969050-801b-11e7-bb2f-971b1cdb8a78", "_type": "visualization", "_source": { - "title": "Netflow: Top Destination Ports", - "visState": "{\"title\":\"Netflow: Top Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Clients (packets)", + "visState": "{\"title\":\"Netflow: Clients (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.client_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.client_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "9f113d80-6719-11e7-b5b8-29fbded8e37c", + "_id": "e44e52a0-801b-11e7-bb2f-971b1cdb8a78", "_type": "visualization", "_source": { - "title": "Netflow: Top Destinations", - "visState": "{\"title\":\"Netflow: Top Destinations\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Servers (packets)", + "visState": "{\"title\":\"Netflow: Servers (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.server_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.server_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "02e25f10-671a-11e7-b5b8-29fbded8e37c", + "_id": "b86f6570-801b-11e7-9880-7be1a59c7d40", "_type": "visualization", "_source": { - "title": "Netflow: Top Source Ports", - "visState": "{\"title\":\"Netflow: Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Servers (flow records)", + "visState": "{\"title\":\"Netflow: Servers (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.server_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.server_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "326fae40-671a-11e7-b5b8-29fbded8e37c", + "_id": "0de63e90-6558-11e7-8547-3d133170b50d", "_type": "visualization", "_source": { - "title": "Netflow: Top Protocols", - "visState": "{\"title\":\"Netflow: Top Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Types of Service (packets)", + "visState": "{\"title\":\"Netflow: Types of Service (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.tos:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tos:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "7e9cb7e0-671a-11e7-b5b8-29fbded8e37c", + "_id": "a13402f0-6557-11e7-a3eb-4b30743c9370", "_type": "visualization", "_source": { - "title": "Netflow: Top Flow Exporters", - "visState": "{\"title\":\"Netflow: Top Flow Exporters\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: TCP Flags (packets)", + "visState": "{\"title\":\"Netflow: TCP Flags (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.tcp_flags_label:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tcp_flags_label:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "b58e1380-6719-11e7-b5b8-29fbded8e37c", + "_id": "231fe630-6558-11e7-8547-3d133170b50d", "_type": "visualization", "_source": { - "title": "Netflow: Top Sources", - "visState": "{\"title\":\"Netflow: Top Sources\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Types of Service (flow records)", + "visState": "{\"title\":\"Netflow: Types of Service (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.tos:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tos:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "16438600-2fcb-11e7-befb-31e033c79e4e", + "_id": "835e6090-6557-11e7-87c3-994b88f84501", "_type": "visualization", "_source": { - "title": "Netflow: Direction (flow records)", - "visState": "{\"title\":\"Netflow: Direction (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.direction\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}],\"listeners\":{}}", + "title": "Netflow: Sources (flow records)", + "visState": "{\"title\":\"Netflow: Sources (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.src_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "6a7e4790-2fe0-11e7-9d02-3f49bde5c1d5", + "_id": "87dbc0a0-657e-11e7-99b6-af4533b21b46", "_type": "visualization", "_source": { - "title": "Netflow: Flow Records", - "visState": "{\"title\":\"Netflow: Flow Records\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Flow Records\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.last_switched\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timeline\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", + "title": "Netflow: Destination Autonomous Systems (flow records)", + "visState": "{\"title\":\"Netflow: Destination Autonomous Systems (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"geoip_dst.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_dst.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flows records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "b2c9a3d0-658e-11e7-bfc3-d74b7bb89482", + "_id": "bfec6260-6592-11e7-9bf4-ed832088be20", "_type": "visualization", "_source": { - "title": "Netflow: Direction (packets)", - "visState": "{\"title\":\"Netflow: Direction (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.direction\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}],\"listeners\":{}}", + "title": "Netflow: Ingress Interfaces (flow records)", + "visState": "{\"title\":\"Netflow: Ingress Interfaces (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.input_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.input_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "41a7e3a0-658f-11e7-bfc3-d74b7bb89482", + "_id": "e2a7fc60-6592-11e7-8b83-5b2419db46fa", "_type": "visualization", "_source": { - "title": "Netflow: Version (packets)", - "visState": "{\"title\":\"Netflow: Version (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", + "title": "Netflow: Ingress Interfaces (packets)", + "visState": "{\"title\":\"Netflow: Ingress Interfaces (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.input_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.input_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "73c37440-658e-11e7-bfc3-d74b7bb89482", + "_id": "3ee07620-6556-11e7-995a-3584c2c6482c", "_type": "visualization", "_source": { - "title": "Netflow: Flow Exporters (packets)", - "visState": "{\"title\":\"Netflow: Flow Exporters (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}", + "title": "Netflow: Destination Ports (packets)", + "visState": "{\"title\":\"Netflow: Destination Ports (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.dst_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "3026fe40-658f-11e7-bfc3-d74b7bb89482", + "_id": "b6a092e0-2fcc-11e7-9bae-a35d2fe38fc2", "_type": "visualization", "_source": { - "title": "Netflow: Version (bytes)", - "visState": "{\"title\":\"Netflow: Version (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", + "title": "Netflow: IP Version (packets)", + "visState": "{\"title\":\"Netflow: IP Version (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1635,67 +1635,67 @@ } }, { - "_id": "1fa2c100-6592-11e7-bfc3-d74b7bb89482", + "_id": "84e4c9f0-2fd7-11e7-97a8-85d8d5a99269", "_type": "visualization", "_source": { - "title": "Netflow: Egress Interfaces (flow records)", - "visState": "{\"title\":\"Netflow: Egress Interfaces (flow records)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.output_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}],\"listeners\":{}}", + "title": "Netflow: Types of Service (packets)", + "visState": "{\"title\":\"Netflow: Types of Service (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tos\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "e2f43d10-6591-11e7-bfc3-d74b7bb89482", + "_id": "69f864d0-2fd7-11e7-97a8-85d8d5a99269", "_type": "visualization", "_source": { - "title": "Netflow: Ingress Interfaces (bytes)", - "visState": "{\"title\":\"Netflow: Ingress Interfaces (bytes)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.input_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}],\"listeners\":{}}", + "title": "Netflow: Types of Service (bytes)", + "visState": "{\"title\":\"Netflow: Types of Service (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tos\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type of Service\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "1418ce10-6592-11e7-bfc3-d74b7bb89482", + "_id": "7c2cfd10-2fc7-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Egress Interfaces (bytes)", - "visState": "{\"title\":\"Netflow: Egress Interfaces (bytes)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.output_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}],\"listeners\":{}}", + "title": "Netflow: Sources (bytes)", + "visState": "{\"title\":\"Netflow: Sources (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "caea3760-6591-11e7-bfc3-d74b7bb89482", + "_id": "9accd4a0-657a-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Ingress Interfaces (flow records)", - "visState": "{\"title\":\"Netflow: Ingress Interfaces (flow records)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.input_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: ToS Count", + "visState": "{\"title\":\"Netflow: ToS Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.tos\",\"customLabel\":\"Types of Service\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "5c5d6f60-2fdb-11e7-84e6-333bd21ad9fd", + "_id": "bb8e3d90-2fca-11e7-9fcf-99b4b8159f98", "_type": "visualization", "_source": { - "title": "Netflow: Destination and Source Ports (packets)", - "visState": "{\"title\":\"Netflow: Destination and Source Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: Countries and Cities (packets)", + "visState": "{\"title\":\"Netflow: Countries and Cities (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1705,11 +1705,11 @@ } }, { - "_id": "264fb270-2fdb-11e7-84e6-333bd21ad9fd", + "_id": "a8eadac0-658c-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destination and Source Ports (flow records)", - "visState": "{\"title\":\"Netflow: Destination and Source Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: Traffic Volume by Destination Port", + "visState": "{\"title\":\"Netflow: Traffic Volume by Destination Port\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Time\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.last_switched\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1719,11 +1719,11 @@ } }, { - "_id": "4898db90-2fdb-11e7-84e6-333bd21ad9fd", + "_id": "b74bbb70-2fd6-11e7-a82c-3146dd695923", "_type": "visualization", "_source": { - "title": "Netflow: Destination and Source Ports (bytes)", - "visState": "{\"title\":\"Netflow: Destination and Source Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", + "title": "Netflow: Sources and Ports (flow records)", + "visState": "{\"title\":\"Netflow: Sources and Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1733,12 +1733,12 @@ } }, { - "_id": "23d6dc80-2fd6-11e7-bc99-41245d9394f2", + "_id": "ef7699a0-6719-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Destinations and Ports (bytes)", - "visState": "{\"title\":\"Netflow: Destinations and Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Destination Ports", + "visState": "{\"title\":\"Netflow: Top Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -1747,25 +1747,25 @@ } }, { - "_id": "6f6d05b0-2fc8-11e7-bf24-57efade8fd83", + "_id": "f11380e0-6591-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destination Ports (flow records)", - "visState": "{\"title\":\"Netflow: Destination Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", + "title": "Netflow: Ingress Interfaces (packets)", + "visState": "{\"title\":\"Netflow: Ingress Interfaces (packets)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.input_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Ingress Interface\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "7f7aac00-2fc8-11e7-8bc1-177080983dbf", + "_id": "d2a2db30-658a-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Destination Ports (packets)", - "visState": "{\"title\":\"Netflow: Destination Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", + "title": "Netflow: Destination and Source ASs (packets)", + "visState": "{\"title\":\"Netflow: Destination and Source ASs (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_dst.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip_src.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source AS\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1775,11 +1775,11 @@ } }, { - "_id": "71272b10-6579-11e7-8471-e5432f50acbd", + "_id": "8500a670-6579-11e7-8471-e5432f50acbd", "_type": "visualization", "_source": { - "title": "Netflow: Source Port Count", - "visState": "{\"title\":\"Netflow: Source Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.src_port_name\",\"customLabel\":\"Source Ports\"}}],\"listeners\":{}}", + "title": "Netflow: Destination Port Count", + "visState": "{\"title\":\"Netflow: Destination Port Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"36\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.dst_port_name\",\"customLabel\":\"Destination Ports\"}}],\"listeners\":{}}", "uiStateJSON": "{\n \"vis\": {\n \"defaultColors\": {\n \"0 - 100\": \"rgb(0,104,55)\"\n }\n }\n}", "description": "", "version": 1, @@ -1789,11 +1789,11 @@ } }, { - "_id": "313a9880-2fd6-11e7-bc99-41245d9394f2", + "_id": "47d426a0-2fc8-11e7-8b06-97426538fddd", "_type": "visualization", "_source": { - "title": "Netflow: Destinations and Ports (packets)", - "visState": "{\"title\":\"Netflow: Destinations and Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "title": "Netflow: Destination Ports (bytes)", + "visState": "{\"title\":\"Netflow: Destination Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1803,11 +1803,11 @@ } }, { - "_id": "8dcbcce0-2fd6-11e7-a82c-3146dd695923", + "_id": "44b3cb70-2fd6-11e7-bc99-41245d9394f2", "_type": "visualization", "_source": { - "title": "Netflow: Sources and Ports (bytes)", - "visState": "{\"title\":\"Netflow: Sources and Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations and Ports (flow records)", + "visState": "{\"title\":\"Netflow: Destinations and Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1817,11 +1817,11 @@ } }, { - "_id": "9f9e54b0-2fd6-11e7-a82c-3146dd695923", + "_id": "de9b3dd0-2fc8-11e7-844c-67b9b101127b", "_type": "visualization", "_source": { - "title": "Netflow: Sources and Ports (packets)", - "visState": "{\"title\":\"Netflow: Sources and Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", + "title": "Netflow: Source Ports (packets)", + "visState": "{\"title\":\"Netflow: Source Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1831,25 +1831,25 @@ } }, { - "_id": "8d2cb120-6233-11e7-aa4b-5f8c56ec33b8", + "_id": "51006340-671a-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous Systems (packets)", - "visState": "{\"title\":\"Netflow: Autonomous Systems (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"geoip.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Autonomous Systems", + "visState": "{\"title\":\"Netflow: Top Autonomous Systems\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "b02faaf0-2fcb-11e7-8df8-b363df28ab61", + "_id": "6f6d05b0-2fc8-11e7-bf24-57efade8fd83", "_type": "visualization", "_source": { - "title": "Netflow: IP Version (bytes)", - "visState": "{\"title\":\"Netflow: IP Version (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Version\"}}],\"listeners\":{}}", + "title": "Netflow: Destination Ports (flow records)", + "visState": "{\"title\":\"Netflow: Destination Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1859,11 +1859,11 @@ } }, { - "_id": "f2fea250-2fcb-11e7-8df8-b363df28ab61", + "_id": "313a9880-2fd6-11e7-bc99-41245d9394f2", "_type": "visualization", "_source": { - "title": "Netflow: Protocols (bytes)", - "visState": "{\"title\":\"Netflow: Protocols (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations and Ports (packets)", + "visState": "{\"title\":\"Netflow: Destinations and Ports (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1873,11 +1873,11 @@ } }, { - "_id": "324b0a00-2fc9-11e7-bd31-a722d271a9cc", + "_id": "f2fea250-2fcb-11e7-8df8-b363df28ab61", "_type": "visualization", "_source": { - "title": "Netflow: Countries (bytes)", - "visState": "{\"title\":\"Netflow: Countries (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "title": "Netflow: Protocols (bytes)", + "visState": "{\"title\":\"Netflow: Protocols (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1887,11 +1887,11 @@ } }, { - "_id": "c6319680-2fc9-11e7-823a-89e4bb55eaa1", + "_id": "af1425a0-2fc7-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Cities (packets)", - "visState": "{\"title\":\"Netflow: Cities (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", + "title": "Netflow: Destinations (packets)", + "visState": "{\"title\":\"Netflow: Destinations (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1901,11 +1901,11 @@ } }, { - "_id": "ca786e30-622d-11e7-b0a5-e9bda2f6d168", + "_id": "1c1f5550-801a-11e7-8b60-018ea0aa61a0", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous Systems (packets)", - "visState": "{\"title\":\"Netflow: Autonomous Systems (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", + "title": "Netflow: Servers (bytes)", + "visState": "{\"title\":\"Netflow: Servers (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1915,11 +1915,11 @@ } }, { - "_id": "f687e140-622d-11e7-b0a5-e9bda2f6d168", + "_id": "47bf0c10-8019-11e7-af24-27fa1061e1bd", "_type": "visualization", "_source": { - "title": "Netflow: Autonomous Systems (flow records)", - "visState": "{\"title\":\"Netflow: Autonomous Systems (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", + "title": "Netflow: Clients (packets)", + "visState": "{\"title\":\"Netflow: Clients (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1929,11 +1929,11 @@ } }, { - "_id": "9b5d3b80-2fc9-11e7-bd31-a722d271a9cc", + "_id": "aa56f4e0-801a-11e7-a69e-1db8cf608fe4", "_type": "visualization", "_source": { - "title": "Netflow: Cities (bytes)", - "visState": "{\"title\":\"Netflow: Cities (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", + "title": "Netflow: Servers (flow records)", + "visState": "{\"title\":\"Netflow: Servers (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1943,11 +1943,11 @@ } }, { - "_id": "e8251d30-2fd7-11e7-a4f6-dbb93cfb4a10", + "_id": "69f4d440-8019-11e7-af24-27fa1061e1bd", "_type": "visualization", "_source": { - "title": "Netflow: VLANs (packets)", - "visState": "{\"title\":\"Netflow: VLANs (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.vlan\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}],\"listeners\":{}}", + "title": "Netflow: Clients (flow records)", + "visState": "{\"title\":\"Netflow: Clients (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -1957,53 +1957,53 @@ } }, { - "_id": "b88a8790-2fd7-11e7-bd03-932d3e38a4ff", + "_id": "37a8b330-8019-11e7-af24-27fa1061e1bd", "_type": "visualization", "_source": { - "title": "Netflow: VLANs (bytes)", - "visState": "{\"title\":\"Netflow: VLANs (bytes)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.vlan\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}],\"listeners\":{}}", + "title": "Netflow: Clients (bytes)", + "visState": "{\"title\":\"Netflow: Clients (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "793a6f00-2fdd-11e7-afd7-595689f3f18c", + "_id": "5d9f4c90-801c-11e7-bb2f-971b1cdb8a78", "_type": "visualization", "_source": { - "title": "Netflow: Destinations and Sources (flow records)", - "visState": "{\"title\":\"Netflow: Destinations and Sources (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "title": "Netflow: Services (packets)", + "visState": "{\"title\":\"Netflow: Services (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.service_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.service_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "af1425a0-2fc7-11e7-8936-6f5fd5520124", + "_id": "4e00e2d0-801c-11e7-9880-7be1a59c7d40", "_type": "visualization", "_source": { - "title": "Netflow: Destinations (packets)", - "visState": "{\"title\":\"Netflow: Destinations (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", + "title": "Netflow: Services (flow records)", + "visState": "{\"title\":\"Netflow: Services (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.service_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.service_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "4f3525d0-2fc7-11e7-8936-6f5fd5520124", + "_id": "eada0e30-801f-11e7-8a72-651c4183643b", "_type": "visualization", "_source": { - "title": "Netflow: Destinations (flow records)", - "visState": "{\"title\":\"Netflow: Destinations (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", + "title": "Netflow: Servers and Clients (flow records)", + "visState": "{\"title\":\"Netflow: Servers and Clients (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2013,11 +2013,11 @@ } }, { - "_id": "5fd2fe30-2fc7-11e7-8936-6f5fd5520124", + "_id": "cc28fff0-801f-11e7-8a72-651c4183643b", "_type": "visualization", "_source": { - "title": "Netflow: Destinations (bytes)", - "visState": "{\"title\":\"Netflow: Destinations (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}}],\"listeners\":{}}", + "title": "Netflow: Servers and Clients (bytes)", + "visState": "{\"title\":\"Netflow: Servers and Clients (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2027,12 +2027,12 @@ } }, { - "_id": "8a52f7a0-2fc7-11e7-8936-6f5fd5520124", + "_id": "2c8fff00-8021-11e7-bcae-4bd056c878e8", "_type": "visualization", "_source": { - "title": "Netflow: Sources (packets)", - "visState": "{\"title\":\"Netflow: Sources (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Countries", + "visState": "{\"title\":\"Netflow: Top Countries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2041,12 +2041,12 @@ } }, { - "_id": "ad5cb080-622e-11e7-b0a5-e9bda2f6d168", + "_id": "f41316d0-8020-11e7-bcae-4bd056c878e8", "_type": "visualization", "_source": { - "title": "Netflow: TCP Flags (packets)", - "visState": "{\"title\":\"Netflow: TCP Flags (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tcp_flags_label\",\"size\":255,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TCP Flags\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Services", + "visState": "{\"title\":\"Netflow: Top Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.service_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2055,12 +2055,12 @@ } }, { - "_id": "97f430b0-622e-11e7-b0a5-e9bda2f6d168", + "_id": "326fae40-671a-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: TCP Flags (bytes)", - "visState": "{\"title\":\"Netflow: TCP Flags (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.tcp_flags_label\",\"size\":255,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TCP Flags\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Protocols", + "visState": "{\"title\":\"Netflow: Top Protocols\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.protocol_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2069,12 +2069,12 @@ } }, { - "_id": "2aeac270-6230-11e7-84f1-9728c106b1b6", + "_id": "b58e1380-6719-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Locality (packets)", - "visState": "{\"title\":\"Netflow: Locality (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.flow_locality\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Locality\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Sources", + "visState": "{\"title\":\"Netflow: Top Sources\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2083,12 +2083,12 @@ } }, { - "_id": "a7a47e70-2fde-11e7-9d02-3f49bde5c1d5", + "_id": "6a7e4790-2fe0-11e7-9d02-3f49bde5c1d5", "_type": "visualization", "_source": { - "title": "Netflow: Conversation Partners", - "visState": "{\"title\":\"Netflow: Conversation Partners\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.dst_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", + "title": "Netflow: Flow Records", + "visState": "{\"title\":\"Netflow: Flow Records\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Flow Records\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.last_switched\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timeline\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2097,11 +2097,11 @@ } }, { - "_id": "6702de70-2fca-11e7-8fcd-8dc6c60d4592", + "_id": "3026fe40-658f-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Countries and Cities (flow records)", - "visState": "{\"title\":\"Netflow: Countries and Cities (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", + "title": "Netflow: Version (bytes)", + "visState": "{\"title\":\"Netflow: Version (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2111,11 +2111,11 @@ } }, { - "_id": "49a2d6b0-2fc9-11e7-8224-a900ea73fa5f", + "_id": "264fb270-2fdb-11e7-84e6-333bd21ad9fd", "_type": "visualization", "_source": { - "title": "Netflow: Countries (flow records)", - "visState": "{\"title\":\"Netflow: Countries (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", + "title": "Netflow: Destination and Source Ports (flow records)", + "visState": "{\"title\":\"Netflow: Destination and Source Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2125,25 +2125,25 @@ } }, { - "_id": "f8731d50-2fd6-11e7-97a8-85d8d5a99269", + "_id": "f687e140-622d-11e7-b0a5-e9bda2f6d168", "_type": "visualization", "_source": { - "title": "Netflow: Flow Exporters (flow records)", - "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Flow Exporter\",\"field\":\"host\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"title\":\"Netflow: Flow Exporters (flow records)\",\"type\":\"pie\"}", + "title": "Netflow: Autonomous Systems (flow records)", + "visState": "{\"title\":\"Netflow: Autonomous Systems (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.autonomous_system\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "a4ade270-658e-11e7-bfc3-d74b7bb89482", + "_id": "9b5d3b80-2fc9-11e7-bd31-a722d271a9cc", "_type": "visualization", "_source": { - "title": "Netflow: Direction (bytes)", - "visState": "{\"title\":\"Netflow: Direction (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.direction\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}],\"listeners\":{}}", + "title": "Netflow: Cities (bytes)", + "visState": "{\"title\":\"Netflow: Cities (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2153,11 +2153,11 @@ } }, { - "_id": "4ea0a8d0-658f-11e7-bfc3-d74b7bb89482", + "_id": "e8251d30-2fd7-11e7-a4f6-dbb93cfb4a10", "_type": "visualization", "_source": { - "title": "Netflow: Version (flow records)", - "visState": "{\"title\":\"Netflow: Version (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}}],\"listeners\":{}}", + "title": "Netflow: VLANs (packets)", + "visState": "{\"title\":\"Netflow: VLANs (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.vlan\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"VLAN\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2167,40 +2167,40 @@ } }, { - "_id": "2f7d7110-8018-11e7-9e6a-575834c68c0e", + "_id": "6d0c50a0-801d-11e7-bcae-4bd056c878e8", "_type": "visualization", "_source": { - "title": "Netflow: Service Count", - "visState": "{\"title\":\"Netflow: Service Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.service_name\",\"customLabel\":\"Services\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Conversations", + "visState": "{\"title\":\"Netflow: Conversations\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "1e6fb550-8017-11e7-9e6a-575834c68c0e", + "_id": "83beab00-801c-11e7-9880-7be1a59c7d40", "_type": "visualization", "_source": { - "title": "Netflow: Client Count", - "visState": "{\"title\":\"Netflow: Client Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.client_addr\",\"customLabel\":\"Clients\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Protocols (flow records)", + "visState": "{\"title\":\"Netflow: Protocols (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.protocol_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.protocol_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "2e450d90-8017-11e7-9e6a-575834c68c0e", + "_id": "ce9157f0-8020-11e7-bcae-4bd056c878e8", "_type": "visualization", "_source": { - "title": "Netflow: Server Count", - "visState": "{\"title\":\"Netflow: Server Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.server_addr\",\"customLabel\":\"Servers\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Top Servers", + "visState": "{\"title\":\"Netflow: Top Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2209,11 +2209,11 @@ } }, { - "_id": "36e56dc0-801a-11e7-8b60-018ea0aa61a0", + "_id": "1e7d8770-2fc7-11e7-8936-6f5fd5520124", "_type": "visualization", "_source": { - "title": "Netflow: Services (bytes)", - "visState": "{\"title\":\"Netflow: Services (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", + "title": "Netflow: Sources (flow records)", + "visState": "{\"title\":\"Netflow: Sources (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2223,54 +2223,54 @@ } }, { - "_id": "1c1f5550-801a-11e7-8b60-018ea0aa61a0", + "_id": "04990fe0-6592-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Servers (bytes)", - "visState": "{\"title\":\"Netflow: Servers (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "title": "Netflow: Egress Interfaces (packets)", + "visState": "{\"title\":\"Netflow: Egress Interfaces (packets)\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.output_snmp\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Egress Interface\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "5dd2fc30-801b-11e7-9d03-efffc8601a27", + "_id": "c6b36620-2fc8-11e7-87d6-cdce05879baf", "_type": "visualization", "_source": { - "title": "Netflow: Clients (bytes)", - "visState": "{\"title\":\"Netflow: Clients (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.client_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.client_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Source Ports (flow records)", + "visState": "{\"title\":\"Netflow: Source Ports (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "74c85d90-801b-11e7-9880-7be1a59c7d40", + "_id": "c61bd8b0-658c-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Clients (flow records)", - "visState": "{\"title\":\"Netflow: Clients (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.client_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.client_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Traffic Volume by Source Port", + "visState": "{\"title\":\"Netflow: Traffic Volume by Source Port\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Time\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Bytes\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Bytes\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.last_switched\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "0edebc40-801b-11e7-b4bd-5b3ceedd298a", + "_id": "d4a408a0-671a-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Services (packets)", - "visState": "{\"title\":\"Netflow: Services (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Cities", + "visState": "{\"title\":\"Netflow: Top Cities\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":true,\"showTotal\":true,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Country\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.city_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"City\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2279,12 +2279,12 @@ } }, { - "_id": "be065300-801a-11e7-a69e-1db8cf608fe4", + "_id": "7e9cb7e0-671a-11e7-b5b8-29fbded8e37c", "_type": "visualization", "_source": { - "title": "Netflow: Services (flow records)", - "visState": "{\"title\":\"Netflow: Services (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", - "uiStateJSON": "{}", + "title": "Netflow: Top Flow Exporters", + "visState": "{\"title\":\"Netflow: Top Flow Exporters\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2293,11 +2293,11 @@ } }, { - "_id": "fa3371f0-801a-11e7-b4bd-5b3ceedd298a", + "_id": "b2c9a3d0-658e-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Servers (packets)", - "visState": "{\"title\":\"Netflow: Servers (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "title": "Netflow: Direction (packets)", + "visState": "{\"title\":\"Netflow: Direction (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.direction\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Direction\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2307,25 +2307,25 @@ } }, { - "_id": "47bf0c10-8019-11e7-af24-27fa1061e1bd", + "_id": "73c37440-658e-11e7-bfc3-d74b7bb89482", "_type": "visualization", "_source": { - "title": "Netflow: Clients (packets)", - "visState": "{\"title\":\"Netflow: Clients (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "title": "Netflow: Flow Exporters (packets)", + "visState": "{\"title\":\"Netflow: Flow Exporters (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Flow Exporter\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "aa56f4e0-801a-11e7-a69e-1db8cf608fe4", + "_id": "4898db90-2fdb-11e7-84e6-333bd21ad9fd", "_type": "visualization", "_source": { - "title": "Netflow: Servers (flow records)", - "visState": "{\"title\":\"Netflow: Servers (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", + "title": "Netflow: Destination and Source Ports (bytes)", + "visState": "{\"title\":\"Netflow: Destination and Source Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.dst_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2335,11 +2335,11 @@ } }, { - "_id": "69f4d440-8019-11e7-af24-27fa1061e1bd", + "_id": "8dcbcce0-2fd6-11e7-a82c-3146dd695923", "_type": "visualization", "_source": { - "title": "Netflow: Clients (flow records)", - "visState": "{\"title\":\"Netflow: Clients (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "title": "Netflow: Sources and Ports (bytes)", + "visState": "{\"title\":\"Netflow: Sources and Ports (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_addr\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.src_port_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2349,11 +2349,11 @@ } }, { - "_id": "37a8b330-8019-11e7-af24-27fa1061e1bd", + "_id": "c6319680-2fc9-11e7-823a-89e4bb55eaa1", "_type": "visualization", "_source": { - "title": "Netflow: Clients (bytes)", - "visState": "{\"title\":\"Netflow: Clients (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "title": "Netflow: Cities (packets)", + "visState": "{\"title\":\"Netflow: Cities (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.city_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2363,12 +2363,12 @@ } }, { - "_id": "1c87a220-801c-11e7-8ad4-bb5faa3d249c", + "_id": "bb92fa50-8020-11e7-bcae-4bd056c878e8", "_type": "visualization", "_source": { - "title": "Netflow: Protocol Count", - "visState": "{\"title\":\"Netflow: Protocol Count\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"fontSize\":\"32\",\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"handleNoResults\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.protocol_name\",\"customLabel\":\"Protocols\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", + "title": "Netflow: Top Clients", + "visState": "{\"title\":\"Netflow: Top Clients\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { @@ -2377,25 +2377,25 @@ } }, { - "_id": "5d9f4c90-801c-11e7-bb2f-971b1cdb8a78", + "_id": "26e166f0-2fe2-11e7-9d02-3f49bde5c1d5", "_type": "visualization", "_source": { - "title": "Netflow: Services (packets)", - "visState": "{\"title\":\"Netflow: Services (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.service_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.service_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Dashboard Navigation", + "visState": "{\"title\":\"Netflow: Dashboard Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Conversations](#/dashboard/10dd3210-8020-11e7-8a72-651c4183643b) | [Top-N](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c) | [Geo Location](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [Autonomous Systems](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Flow Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Analysis](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Raw Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { - "_id": "81969050-801b-11e7-bb2f-971b1cdb8a78", + "_id": "8c6ce180-657e-11e7-bd38-dd04615e7f62", "_type": "visualization", "_source": { - "title": "Netflow: Clients (packets)", - "visState": "{\"title\":\"Netflow: Clients (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.client_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.client_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination Autonomous Systems (bytes)", + "visState": "{\"title\":\"Netflow: Destination Autonomous Systems (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip_dst.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_dst.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2405,11 +2405,11 @@ } }, { - "_id": "e44e52a0-801b-11e7-bb2f-971b1cdb8a78", + "_id": "622844d0-6288-11e7-bcd8-a16ef1d32773", "_type": "visualization", "_source": { - "title": "Netflow: Servers (packets)", - "visState": "{\"title\":\"Netflow: Servers (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.server_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.server_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destination Ports (bytes)", + "visState": "{\"title\":\"Netflow: Destination Ports (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.dst_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2419,11 +2419,11 @@ } }, { - "_id": "71294860-801c-11e7-9d03-efffc8601a27", + "_id": "9a4938d0-6592-11e7-b8de-af19b696fa44", "_type": "visualization", "_source": { - "title": "Netflow: Protocols (bytes)", - "visState": "{\"title\":\"Netflow: Protocols (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.protocol_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.protocol_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Ingress Interfaces (bytes)", + "visState": "{\"title\":\"Netflow: Ingress Interfaces (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.input_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.input_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2433,11 +2433,11 @@ } }, { - "_id": "39b43340-801c-11e7-9d03-efffc8601a27", + "_id": "00248240-6593-11e7-b8de-af19b696fa44", "_type": "visualization", "_source": { - "title": "Netflow: Services (bytes)", - "visState": "{\"title\":\"Netflow: Services (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.service_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.service_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Egress Interfaces (bytes)", + "visState": "{\"title\":\"Netflow: Egress Interfaces (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.output_snmp:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.output_snmp:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2447,11 +2447,11 @@ } }, { - "_id": "aaf27c20-801b-11e7-9d03-efffc8601a27", + "_id": "52279a00-628c-11e7-95ed-8966ac93bd5a", "_type": "visualization", "_source": { - "title": "Netflow: Servers (bytes)", - "visState": "{\"title\":\"Netflow: Servers (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.server_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.server_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Countries (bytes)", + "visState": "{\"title\":\"Netflow: Countries (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip.country_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.country_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2461,11 +2461,11 @@ } }, { - "_id": "4e00e2d0-801c-11e7-9880-7be1a59c7d40", + "_id": "56a23ac0-628e-11e7-a842-b787fa3508ce", "_type": "visualization", "_source": { - "title": "Netflow: Services (flow records)", - "visState": "{\"title\":\"Netflow: Services (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.service_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.service_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Destinations (bytes)", + "visState": "{\"title\":\"Netflow: Destinations (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.dst_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.dst_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2475,11 +2475,11 @@ } }, { - "_id": "b86f6570-801b-11e7-9880-7be1a59c7d40", + "_id": "5dd2fc30-801b-11e7-9d03-efffc8601a27", "_type": "visualization", "_source": { - "title": "Netflow: Servers (flow records)", - "visState": "{\"title\":\"Netflow: Servers (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.server_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.server_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Clients (bytes)", + "visState": "{\"title\":\"Netflow: Clients (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.client_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.client_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2489,67 +2489,67 @@ } }, { - "_id": "6d0c50a0-801d-11e7-bcae-4bd056c878e8", + "_id": "6c67b990-628c-11e7-95ed-8966ac93bd5a", "_type": "visualization", "_source": { - "title": "Netflow: Conversations", - "visState": "{\"title\":\"Netflow: Conversations\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.service_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", + "title": "Netflow: Cities (bytes)", + "visState": "{\"title\":\"Netflow: Cities (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip.city_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.city_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "df88de80-801f-11e7-8a72-651c4183643b", + "_id": "399c9fe0-657e-11e7-bd38-dd04615e7f62", "_type": "visualization", "_source": { - "title": "Netflow: Servers and Clients (packets)", - "visState": "{\"title\":\"Netflow: Servers and Clients (packets)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "title": "Netflow: Source Autonomous Systems (bytes)", + "visState": "{\"title\":\"Netflow: Source Autonomous Systems (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip_src.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip_src.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "eada0e30-801f-11e7-8a72-651c4183643b", + "_id": "6ad67290-6289-11e7-bcd8-a16ef1d32773", "_type": "visualization", "_source": { - "title": "Netflow: Servers and Clients (flow records)", - "visState": "{\"title\":\"Netflow: Servers and Clients (flow records)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "title": "Netflow: Types of Service (bytes)", + "visState": "{\"title\":\"Netflow: Types of Service (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.tos:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tos:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "cc28fff0-801f-11e7-8a72-651c4183643b", + "_id": "91ae4100-6288-11e7-bcd8-a16ef1d32773", "_type": "visualization", "_source": { - "title": "Netflow: Servers and Clients (bytes)", - "visState": "{\"title\":\"Netflow: Servers and Clients (bytes)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", + "title": "Netflow: Source Ports (bytes)", + "visState": "{\"title\":\"Netflow: Source Ports (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.src_port_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_port_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "92a73240-801c-11e7-bb2f-971b1cdb8a78", + "_id": "2c9567c0-6289-11e7-bcd8-a16ef1d32773", "_type": "visualization", "_source": { - "title": "Netflow: Protocols (packets)", - "visState": "{\"title\":\"Netflow: Protocols (packets)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.packets\\\", split=\\\"netflow.protocol_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.protocol_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"packets / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: TCP Flags (bytes)", + "visState": "{\"title\":\"Netflow: TCP Flags (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.tcp_flags_label:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.tcp_flags_label:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2559,11 +2559,11 @@ } }, { - "_id": "83beab00-801c-11e7-9880-7be1a59c7d40", + "_id": "71294860-801c-11e7-9d03-efffc8601a27", "_type": "visualization", "_source": { - "title": "Netflow: Protocols (flow records)", - "visState": "{\"title\":\"Netflow: Protocols (flow records)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", split=\\\"netflow.protocol_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.protocol_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"flow records / sec\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Protocols (bytes)", + "visState": "{\"title\":\"Netflow: Protocols (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.protocol_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.protocol_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, @@ -2573,72 +2573,72 @@ } }, { - "_id": "2c8fff00-8021-11e7-bcae-4bd056c878e8", + "_id": "39b43340-801c-11e7-9d03-efffc8601a27", "_type": "visualization", "_source": { - "title": "Netflow: Top Countries", - "visState": "{\"title\":\"Netflow: Top Countries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.country_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Country\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Services (bytes)", + "visState": "{\"title\":\"Netflow: Services (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.service_name:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.service_name:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "f41316d0-8020-11e7-bcae-4bd056c878e8", + "_id": "aaf27c20-801b-11e7-9d03-efffc8601a27", "_type": "visualization", "_source": { - "title": "Netflow: Top Services", - "visState": "{\"title\":\"Netflow: Top Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.service_name\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Service\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Servers (bytes)", + "visState": "{\"title\":\"Netflow: Servers (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.server_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.server_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "ce9157f0-8020-11e7-bcae-4bd056c878e8", + "_id": "735d6c70-628e-11e7-a842-b787fa3508ce", "_type": "visualization", "_source": { - "title": "Netflow: Top Servers", - "visState": "{\"title\":\"Netflow: Top Servers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.server_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Server\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: Sources (bytes)", + "visState": "{\"title\":\"Netflow: Sources (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.src_addr:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.src_addr:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "bb92fa50-8020-11e7-bcae-4bd056c878e8", + "_id": "b61f84d0-6289-11e7-bcd8-a16ef1d32773", "_type": "visualization", "_source": { - "title": "Netflow: Top Clients", - "visState": "{\"title\":\"Netflow: Top Clients\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"netflow.packets\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Flow Records\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"netflow.client_addr\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Client\"}}],\"listeners\":{}}", - "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", + "title": "Netflow: VLANs (bytes)", + "visState": "{\"title\":\"Netflow: VLANs (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"netflow.vlan:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* netflow.vlan:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", + "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"index\":\"netflow-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }, { - "_id": "26e166f0-2fe2-11e7-9d02-3f49bde5c1d5", + "_id": "6a597070-6233-11e7-aa4b-5f8c56ec33b8", "_type": "visualization", "_source": { - "title": "Netflow: Dashboard Navigation", - "visState": "{\"title\":\"Netflow: Dashboard Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Overview](#/dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5) | [Conversations](#/dashboard/10dd3210-8020-11e7-8a72-651c4183643b) | [Top-N](#/dashboard/0809c1f0-6719-11e7-b5b8-29fbded8e37c) | [Geo Location](#/dashboard/a932b600-2fd2-11e7-99ed-49759aed30f5) | [Autonomous Systems](#/dashboard/d7e31d40-6589-11e7-bfc3-d74b7bb89482) | [Flow Exporters](#/dashboard/04157d70-6591-11e7-bfc3-d74b7bb89482) | [Traffic Analysis](#/dashboard/10584050-6234-11e7-8236-19b4b4941e22) | [Raw Flow Records](#/dashboard/ca480720-2fdf-11e7-9d02-3f49bde5c1d5)\\n***\"},\"aggs\":[],\"listeners\":{}}", + "title": "Netflow: Autonomous Systems (bytes)", + "visState": "{\"title\":\"Netflow: Autonomous Systems (bytes)\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(index=\\\"netflow-*\\\", metric=\\\"sum:netflow.bytes\\\", split=\\\"geoip.autonomous_system:10\\\", kibana=true).scale_interval(1s).fit(mode=scale).if(operator=\\\"lt\\\", if=0, then=0).trim(start=2,end=1).label(regex=\\\"^.* geoip.autonomous_system:(.+) > .*$\\\", label=\\\"$1\\\").lines(width=1, stack=true, fill=1).yaxis(label=\\\"bytes / sec\\\", units=\\\"bytes/s\\\", min=0)\",\"interval\":\"auto\"},\"aggs\":[],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" + "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" } } }