http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml deleted file mode 100755 index 4373d14..0000000 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml +++ /dev/null @@ -1,112 +0,0 @@ -<?xml version="1.0"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <!-- kibana.yml --> - <property> - <name>content</name> - <display-name>kibana.yml template</display-name> - <description>This is the jinja template for kibana.yml file</description> - <value> -# Kibana is served by a back end server. This controls which port to use. -server.port: {{ kibana_port }} - -# The host to bind the server to. -# server.host: "0.0.0.0" - -# If you are running kibana behind a proxy, and want to mount it at a path, -# specify that path here. The basePath can't end in a slash. -# server.basePath: "" - -# The maximum payload size in bytes on incoming server requests. -# server.maxPayloadBytes: 1048576 - -# The Elasticsearch instance to use for all your queries. -elasticsearch.url: {{ es_url }} - -# preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false, -# then the host you use to connect to *this* Kibana instance will be sent. -# elasticsearch.preserveHost: true - -# Kibana uses an index in Elasticsearch to store saved searches, visualizations -# and dashboards. It will create a new index if it doesn't already exist. -# kibana.index: ".kibana" - -# The default application to load. -kibana.defaultAppId: "{{ kibana_default_application }}" - -# If your Elasticsearch is protected with basic auth, these are the user credentials -# used by the Kibana server to perform maintenance on the kibana_index at startup. Your Kibana -# users will still need to authenticate with Elasticsearch (which is proxied through -# the Kibana server) -# elasticsearch.username: "user" -# elasticsearch.password: "pass" - -# SSL for outgoing requests from the Kibana Server to the browser (PEM formatted) -# server.ssl.cert: /path/to/your/server.crt -# server.ssl.key: /path/to/your/server.key - -# Optional setting to validate that your Elasticsearch backend uses the same key files (PEM formatted) -# elasticsearch.ssl.cert: /path/to/your/client.crt -# elasticsearch.ssl.key: /path/to/your/client.key - -# If you need to provide a CA certificate for your Elasticsearch instance, put -# the path of the pem file here. -# elasticsearch.ssl.ca: /path/to/your/CA.pem - -# Set to false to have a complete disregard for the validity of the SSL -# certificate. -# elasticsearch.ssl.verify: true - -# Time in milliseconds to wait for elasticsearch to respond to pings, defaults to -# request_timeout setting -# elasticsearch.pingTimeout: 1500 - -# Time in milliseconds to wait for responses from the back end or elasticsearch. -# This must be > 0 -# elasticsearch.requestTimeout: 30000 - -# Time in milliseconds for Elasticsearch to wait for responses from shards. -# Set to 0 to disable. -# elasticsearch.shardTimeout: 0 - -# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying -# elasticsearch.startupTimeout: 5000 - -# Set the path to where you would like the process id file to be created. -# pid.file: /var/run/kibana.pid - -# If you would like to send the log output to a file you can set the path below. -logging.dest: {{ log_dir }}/kibana.log - -# Set this to true to suppress all logging output. -# logging.silent: false - -# Set this to true to suppress all logging output except for error messages. -# logging.quiet: false - -# Set this to true to log all events, including system usage information and all requests. -# logging.verbose: false - </value> - <value-attributes> - <type>content</type> - </value-attributes> - </property> -</configuration>
http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml deleted file mode 100755 index f59109c..0000000 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml +++ /dev/null @@ -1,75 +0,0 @@ -<?xml version="1.0"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<metainfo> - <schemaVersion>2.0</schemaVersion> - <services> - <service> - <name>KIBANA</name> - <displayName>Kibana</displayName> - <comment>Kibana Dashboard</comment> - <version>4.5.1</version> - <components> - <component> - <name>KIBANA_MASTER</name> - <displayName>Kibana Server</displayName> - <category>MASTER</category> - <cardinality>1</cardinality> - <commandScript> - <script>scripts/kibana_master.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - <customCommands> - <customCommand> - <name>LOAD_TEMPLATE</name> - <background>false</background> - <commandScript> - <script>scripts/kibana_master.py</script> - <scriptType>PYTHON</scriptType> - </commandScript> - </customCommand> - </customCommands> - </component> - </components> - <osSpecifics> - <osSpecific> - <osFamily>any</osFamily> - <packages> - <package> - <name>python-elasticsearch</name> - </package> - <package> - <name>kibana-4.5.1</name> - </package> - </packages> - </osSpecific> - </osSpecifics> - <configuration-dependencies> - <config-type>kibana-env</config-type> - <config-type>kibana-site</config-type> - </configuration-dependencies> - <restartRequiredAfterChange>true</restartRequiredAfterChange> - <quickLinksConfigurations> - <quickLinksConfiguration> - <fileName>quicklinks.json</fileName> - <default>true</default> - </quickLinksConfiguration> - </quickLinksConfigurations> - </service> - </services> -</metainfo> http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py deleted file mode 100755 index 8d2bad8..0000000 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# \ No newline at end of file http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p deleted file mode 100644 index efff33d..0000000 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p +++ /dev/null @@ -1,2341 +0,0 @@ -(lp1 -(dp2 -V_score -p3 -F1 -sV_type -p4 -Vindex-pattern -p5 -sV_id -p6 -Vbro* -p7 -sV_source -p8 -(dp9 -Vfields -p10 -V[{"name":"TTLs","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qclass_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"bro_timestamp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"answers","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"prot ocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"host","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"AA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"method","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"query","type":"string","count":0,"s cripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"RA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"RD","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false ,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"response_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_code","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false, "doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rejected","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"ana lyzed":false,"doc_values":true},{"name":"uid","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_depth","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"Z","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enr ichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"user_agent","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"qclass","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"request_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uri","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode_name","type":"string","coun t":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"TC","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"referrer","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":1,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":2,"scripted":false,"indexed":false,"analyzed":false,"doc_values": false}] -p11 -sVtimeFieldName -p12 -Vtimestamp -p13 -sVtitle -p14 -Vbro* -p15 -ssV_index -p16 -V.kibana -p17 -sa(dp18 -V_score -p19 -F1 -sV_type -p20 -Vsearch -p21 -sV_id -p22 -Vsnort-search -p23 -sV_source -p24 -(dp25 -Vsort -p26 -(lp27 -Vtimestamp -p28 -aVdesc -p29 -asVhits -p30 -I0 -sVdescription -p31 -V -sVtitle -p32 -VSnort Alerts -p33 -sVversion -p34 -I1 -sVkibanaSavedObjectMeta -p35 -(dp36 -VsearchSourceJSON -p37 -V{"index":"snort*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}} -p38 -ssVcolumns -p39 -(lp40 -Vmsg -p41 -aVsig_id -p42 -aVip_src_addr -p43 -aVip_src_port -p44 -aVip_dst_addr -p45 -aVip_dst_port -p46 -assV_index -p47 -V.kibana -p48 -sa(dp49 -V_score -p50 -F1 -sV_type -p51 -Vsearch -p52 -sV_id -p53 -Vyaf-search -p54 -sV_source -p55 -(dp56 -Vsort -p57 -(lp58 -Vtimestamp -p59 -aVdesc -p60 -asVhits -p61 -I0 -sVdescription -p62 -V -sVtitle -p63 -VYAF -p64 -sVversion -p65 -I1 -sVkibanaSavedObjectMeta -p66 -(dp67 -VsearchSourceJSON -p68 -V{"index":"yaf*","filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"query_string":{"query":"*","analyze_wildcard":true}}} -p69 -ssVcolumns -p70 -(lp71 -Vip_src_addr -p72 -aVip_src_port -p73 -aVip_dst_addr -p74 -aVip_dst_port -p75 -aVprotocol -p76 -aVduration -p77 -aVpkt -p78 -assV_index -p79 -V.kibana -p80 -sa(dp81 -V_score -p82 -F1 -sV_type -p83 -Vvisualization -p84 -sV_id -p85 -VWelcome -p86 -sV_source -p87 -(dp88 -VvisState -p89 -V{"title":"Welcome to Apache Metron","type":"markdown","params":{"markdown":"This dashboard enables the validation of Apache Metron and the end-to-end functioning of its default sensor suite. The default sensor suite includes [Snort](https://www.snort.org/), [Bro](https://www.bro.org/), and [YAF](https://tools.netsa.cert.org/yaf/). One of Apache Metron's primary goals is to simplify the onboarding of additional sources of telemetry. In a production deployment these default sensors should be replaced with ones applicable to the target environment.\u005cn\u005cnApache Metron enables disparate sources of telemetry to all be viewed under a 'single pane of glass.' Telemetry from each of the default sensors can be searched, aggregated, summarized, and viewed within this dashboard. This dashboard should be used as a springboard upon which to create your own customized dashboards.\u005cn\u005cnThe panels below highlight the volume and variety of events that are currently being consumed by Apache Metron."},"aggs":[],"listeners":{}} -p90 -sVdescription -p91 -V -sVtitle -p92 -VWelcome to Apache Metron -p93 -sVuiStateJSON -p94 -V{} -p95 -sVversion -p96 -I1 -sVkibanaSavedObjectMeta -p97 -(dp98 -VsearchSourceJSON -p99 -V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]} -p100 -sssV_index -p101 -V.kibana -p102 -sa(dp103 -V_score -p104 -F1 -sV_type -p105 -Vvisualization -p106 -sV_id -p107 -VTop-Snort-Alerts-by-Source -p108 -sV_source -p109 -(dp110 -VvisState -p111 -V{"title":"Top Snort Alerts by Source","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Source IP"}}],"listeners":{}} -p112 -sVdescription -p113 -V -sVtitle -p114 -VTop Snort Alerts by Source -p115 -sVuiStateJSON -p116 -V{} -p117 -sVversion -p118 -I1 -sVkibanaSavedObjectMeta -p119 -(dp120 -VsearchSourceJSON -p121 -V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p122 -sssV_index -p123 -V.kibana -p124 -sa(dp125 -V_score -p126 -F1 -sV_type -p127 -Vvisualization -p128 -sV_id -p129 -VWeb-Request-Type -p130 -sV_source -p131 -(dp132 -VvisState -p133 -V{"title":"Web Request Type","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"method","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p134 -sVdescription -p135 -V -sVtitle -p136 -VWeb Request Type -p137 -sVuiStateJSON -p138 -V{} -p139 -sVversion -p140 -I1 -sVsavedSearchId -p141 -Vweb-search -p142 -sVkibanaSavedObjectMeta -p143 -(dp144 -VsearchSourceJSON -p145 -V{"filter":[]} -p146 -sssV_index -p147 -V.kibana -p148 -sa(dp149 -V_score -p150 -F1 -sV_type -p151 -Vconfig -p152 -sV_id -p153 -V4.5.1 -p154 -sV_source -p155 -(dp156 -VbuildNum -p157 -I9892 -sVdefaultIndex -p158 -Vbro* -p159 -ssV_index -p160 -V.kibana -p161 -sa(dp162 -V_score -p163 -F1 -sV_type -p164 -Vvisualization -p165 -sV_id -p166 -VErrors-By-Hostname -p167 -sV_source -p168 -(dp169 -VvisState -p170 -V{\u000a "title": "Errors By Error Type",\u000a "type": "histogram",\u000a "params": {\u000a "addLegend": true,\u000a "addTimeMarker": false,\u000a "addTooltip": true,\u000a "defaultYExtents": false,\u000a "mode": "grouped",\u000a "scale": "linear",\u000a "setYExtents": false,\u000a "shareYAxis": true,\u000a "times": [],\u000a "yAxis": {}\u000a },\u000a "aggs": [\u000a {\u000a "id": "1",\u000a "type": "count",\u000a "schema": "metric",\u000a "params": {\u000a "customLabel": "Count"\u000a }\u000a },\u000a {\u000a "id": "2",\u000a "type": "terms",\u000a "schema": "segment",\u000a "params": {\u000a "field": "hostname",\u000a "size": 5,\u000a "order": "desc",\u000a "orderBy": "1"\u000a }\u000a },\u000a {\u000a "id": "4",\u000a "type": "cardinality",\u000a "schema": "metric",\u000a "params": {\u000a "field": "error_hash",\u000a "customLabel": "Unique Datapoint Count"\u000a }\u000a }\u000a ],\u000a "listeners": {}\u000a} -p171 -sVdescription -p172 -V -sVtitle -p173 -VErrors By Hostname -p174 -sVuiStateJSON -p175 -V{\u000a "vis": {\u000a "colors": {\u000a "Unique Datapoint Count": "#9AC48A",\u000a "Count": "#629E51"\u000a }\u000a }\u000a} -p176 -sVversion -p177 -I1 -sVkibanaSavedObjectMeta -p178 -(dp179 -VsearchSourceJSON -p180 -V{\u000a "index": "error*",\u000a "query": {\u000a "query_string": {\u000a "analyze_wildcard": true,\u000a "query": "*"\u000a }\u000a },\u000a "filter": []\u000a} -p181 -sssV_index -p182 -V.kibana -p183 -sa(dp184 -V_score -p185 -F1 -sV_type -p186 -Vvisualization -p187 -sV_id -p188 -VWeb-Request-Header -p189 -sV_source -p190 -(dp191 -VvisState -p192 -V{"title":"Web Request Header","type":"markdown","params":{"markdown":"The [Bro Network Security Monitor](https://www.bro.org/) is extracting application-level information from raw network packets. In this example, Bro is extracting HTTP(S) requests being made over the network. "},"aggs":[],"listeners":{}} -p193 -sVdescription -p194 -V -sVtitle -p195 -VWeb Request Header -p196 -sVuiStateJSON -p197 -V{} -p198 -sVversion -p199 -I1 -sVkibanaSavedObjectMeta -p200 -(dp201 -VsearchSourceJSON -p202 -V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p203 -sssV_index -p204 -V.kibana -p205 -sa(dp206 -V_score -p207 -F1 -sV_type -p208 -Vvisualization -p209 -sV_id -p210 -VError-Type-Proportion -p211 -sV_source -p212 -(dp213 -VvisState -p214 -V{"title":"Error Type Proportion","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"error_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p215 -sVdescription -p216 -V -sVtitle -p217 -VError Type Proportion -p218 -sVuiStateJSON -p219 -V{} -p220 -sVversion -p221 -I1 -sVkibanaSavedObjectMeta -p222 -(dp223 -VsearchSourceJSON -p224 -V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p225 -sssV_index -p226 -V.kibana -p227 -sa(dp228 -V_score -p229 -F1 -sV_type -p230 -Vvisualization -p231 -sV_id -p232 -VFlow-Duration -p233 -sV_source -p234 -(dp235 -VvisState -p236 -V{"title":"Flow Duration","type":"area","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"smoothLines":false,"scale":"linear","interpolate":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"histogram","schema":"segment","params":{"field":"duration","interval":10,"extended_bounds":{},"customLabel":"Flow Duration (seconds)"}}],"listeners":{}} -p237 -sVdescription -p238 -V -sVtitle -p239 -VFlow Duration -p240 -sVuiStateJSON -p241 -V{"vis":{"legendOpen":false}} -p242 -sVversion -p243 -I1 -sVkibanaSavedObjectMeta -p244 -(dp245 -VsearchSourceJSON -p246 -V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p247 -sssV_index -p248 -V.kibana -p249 -sa(dp250 -V_score -p251 -F1 -sV_type -p252 -Vvisualization -p253 -sV_id -p254 -VErrors-By-Source -p255 -sV_source -p256 -(dp257 -VvisState -p258 -V{"title":"Errors By Source","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source_type","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}}],"listeners":{}} -p259 -sVdescription -p260 -V -sVtitle -p261 -VErrors By Source -p262 -sVuiStateJSON -p263 -V{} -p264 -sVversion -p265 -I1 -sVkibanaSavedObjectMeta -p266 -(dp267 -VsearchSourceJSON -p268 -V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p269 -sssV_index -p270 -V.kibana -p271 -sa(dp272 -V_score -p273 -F1 -sV_type -p274 -Vvisualization -p275 -sV_id -p276 -VEvents -p277 -sV_source -p278 -(dp279 -VvisState -p280 -V{"title":"Events","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","type":"terms","schema":"group","params":{"field":"source:type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p281 -sVdescription -p282 -V -sVtitle -p283 -VEvents -p284 -sVuiStateJSON -p285 -V{"vis":{"legendOpen":false}} -p286 -sVversion -p287 -I1 -sVkibanaSavedObjectMeta -p288 -(dp289 -VsearchSourceJSON -p290 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p291 -sssV_index -p292 -V.kibana -p293 -sa(dp294 -V_score -p295 -F1 -sV_type -p296 -Vvisualization -p297 -sV_id -p298 -VError-Hostname-Proportion -p299 -sV_source -p300 -(dp301 -VvisState -p302 -V{"aggs":[{"id":"1","params":{},"schema":"metric","type":"count"},{"id":"2","params":{"customLabel":"Sensor","field":"hostname","order":"desc","orderBy":"1","size":5},"schema":"segment","type":"terms"}],"listeners":{},"params":{"addLegend":true,"addTooltip":true,"isDonut":false,"shareYAxis":true},"title":"Error Source Proportion","type":"pie"} -p303 -sVdescription -p304 -V -sVtitle -p305 -VError Hostname Proportion -p306 -sVuiStateJSON -p307 -V{"vis":{"colors":{"host":"#629E51","host2":"#9AC48A","hostAnother":"#7EB26D","hostNew":"#B7DBAB"}}} -p308 -sVversion -p309 -I1 -sVkibanaSavedObjectMeta -p310 -(dp311 -VsearchSourceJSON -p312 -V{"index":"error*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]} -p313 -sssV_index -p314 -V.kibana -p315 -sa(dp316 -V_score -p317 -F1 -sV_type -p318 -Vvisualization -p319 -sV_id -p320 -VUnique-Error-Messages -p321 -sV_source -p322 -(dp323 -VvisState -p324 -V{\u000a "title": "Total Unique Error Messages",\u000a "type": "metric",\u000a "params": {\u000a "handleNoResults": true,\u000a "fontSize": 60\u000a },\u000a "aggs": [\u000a {\u000a "id": "1",\u000a "type": "cardinality",\u000a "schema": "metric",\u000a "params": {\u000a "field": "error_hash",\u000a "customLabel": "Unique Error Messages"\u000a }\u000a }\u000a ],\u000a "listeners": {}\u000a} -p325 -sVdescription -p326 -V -sVtitle -p327 -VUnique Error Messages -p328 -sVuiStateJSON -p329 -V{} -p330 -sVversion -p331 -I1 -sVkibanaSavedObjectMeta -p332 -(dp333 -VsearchSourceJSON -p334 -V{\u000a "index": "error*",\u000a "query": {\u000a "query_string": {\u000a "query": "*",\u000a "analyze_wildcard": true\u000a }\u000a },\u000a "filter": []\u000a} -p335 -sssV_index -p336 -V.kibana -p337 -sa(dp338 -V_score -p339 -F1 -sV_type -p340 -Vvisualization -p341 -sV_id -p342 -VErrors-By-Error-Type -p343 -sV_source -p344 -(dp345 -VvisState -p346 -V{\u000a "title": "Errors By Error Type",\u000a "type": "histogram",\u000a "params": {\u000a "addLegend": true,\u000a "addTimeMarker": false,\u000a "addTooltip": true,\u000a "defaultYExtents": false,\u000a "mode": "grouped",\u000a "scale": "linear",\u000a "setYExtents": false,\u000a "shareYAxis": true,\u000a "times": [],\u000a "yAxis": {}\u000a },\u000a "aggs": [\u000a {\u000a "id": "1",\u000a "type": "count",\u000a "schema": "metric",\u000a "params": {\u000a "customLabel": "Count"\u000a }\u000a },\u000a {\u000a "id": "2",\u000a "type": "terms",\u000a "schema": "segment",\u000a "params": {\u000a "field": "error_type",\u000a "size": 5,\u000a "order": "desc",\u000a "orderBy": "1"\u000a }\u000a },\u000a {\u000a "id": "4",\u000a "type": "cardinality",\u000a "schema": "metric",\u000a "params": {\u000a "field": "error_hash",\u000 a "customLabel": "Unique Datapoint Count"\u000a }\u000a }\u000a ],\u000a "listeners": {}\u000a} -p347 -sVdescription -p348 -V -sVtitle -p349 -VErrors By Error Type -p350 -sVuiStateJSON -p351 -V{\u000a "vis": {\u000a "colors": {\u000a "Unique Datapoint Count": "#806EB7",\u000a "Count": "#614D93"\u000a }\u000a }\u000a} -p352 -sVversion -p353 -I1 -sVkibanaSavedObjectMeta -p354 -(dp355 -VsearchSourceJSON -p356 -V{\u000a "index": "error*",\u000a "query": {\u000a "query_string": {\u000a "analyze_wildcard": true,\u000a "query": "*"\u000a }\u000a },\u000a "filter": []\u000a} -p357 -sssV_index -p358 -V.kibana -p359 -sa(dp360 -V_score -p361 -F1 -sV_type -p362 -Vsearch -p363 -sV_id -p364 -VErrors -p365 -sV_source -p366 -(dp367 -Vsort -p368 -(lp369 -Vtimestamp -p370 -aVdesc -p371 -asVhits -p372 -I0 -sVdescription -p373 -V -sVtitle -p374 -VErrors -p375 -sVversion -p376 -I1 -sVkibanaSavedObjectMeta -p377 -(dp378 -VsearchSourceJSON -p379 -V{"index":"error*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}} -p380 -ssVcolumns -p381 -(lp382 -Vfailed_sensor_type -p383 -aVerror_type -p384 -aVexception -p385 -aVhostname -p386 -aVmessage -p387 -aVraw_message -p388 -aVerror_hash -p389 -assV_index -p390 -V.kibana -p391 -sa(dp392 -V_score -p393 -F1 -sV_type -p394 -Vvisualization -p395 -sV_id -p396 -VSnort-Header -p397 -sV_source -p398 -(dp399 -VvisState -p400 -V{"title":"Snort","type":"markdown","params":{"markdown":"[Snort](https://www.snort.org/) is a Network Intrusion Detection System (NIDS) that is being used to generate alerts identifying known bad events. Snort relies on a fixed set of rules that act as signatures for identifying abnormal events."},"aggs":[],"listeners":{}} -p401 -sVdescription -p402 -V -sVtitle -p403 -VSnort -p404 -sVuiStateJSON -p405 -V{} -p406 -sVversion -p407 -I1 -sVkibanaSavedObjectMeta -p408 -(dp409 -VsearchSourceJSON -p410 -V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p411 -sssV_index -p412 -V.kibana -p413 -sa(dp414 -V_score -p415 -F1 -sV_type -p416 -Vvisualization -p417 -sV_id -p418 -VYAF-Flow(s) -p419 -sV_source -p420 -(dp421 -VvisState -p422 -V{"title":"YAF Flows","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}} -p423 -sVdescription -p424 -V -sVtitle -p425 -VYAF Flows -p426 -sVuiStateJSON -p427 -V{} -p428 -sVversion -p429 -I1 -sVkibanaSavedObjectMeta -p430 -(dp431 -VsearchSourceJSON -p432 -V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p433 -sssV_index -p434 -V.kibana -p435 -sa(dp436 -V_score -p437 -F1 -sV_type -p438 -Vvisualization -p439 -sV_id -p440 -VTop-DNS-Query -p441 -sV_source -p442 -(dp443 -VvisState -p444 -V{"title":"Top DNS Query","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}} -p445 -sVdescription -p446 -V -sVtitle -p447 -VTop DNS Query -p448 -sVuiStateJSON -p449 -V{} -p450 -sVversion -p451 -I1 -sVkibanaSavedObjectMeta -p452 -(dp453 -VsearchSourceJSON -p454 -V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p455 -sssV_index -p456 -V.kibana -p457 -sa(dp458 -V_score -p459 -F1 -sV_type -p460 -Vvisualization -p461 -sV_id -p462 -VEvent-Types -p463 -sV_source -p464 -(dp465 -VvisState -p466 -V{"title":"Event Sources","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source:type","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}} -p467 -sVdescription -p468 -V -sVtitle -p469 -VEvent Sources -p470 -sVuiStateJSON -p471 -V{} -p472 -sVversion -p473 -I1 -sVkibanaSavedObjectMeta -p474 -(dp475 -VsearchSourceJSON -p476 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p477 -sssV_index -p478 -V.kibana -p479 -sa(dp480 -V_score -p481 -F1 -sV_type -p482 -Vvisualization -p483 -sV_id -p484 -VTotal-Events -p485 -sV_source -p486 -(dp487 -VvisState -p488 -V{"title":"Event Count","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Events"}}],"listeners":{}} -p489 -sVdescription -p490 -V -sVtitle -p491 -VEvent Count -p492 -sVuiStateJSON -p493 -V{} -p494 -sVversion -p495 -I1 -sVkibanaSavedObjectMeta -p496 -(dp497 -VsearchSourceJSON -p498 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p499 -sssV_index -p500 -V.kibana -p501 -sa(dp502 -V_score -p503 -F1 -sV_type -p504 -Vvisualization -p505 -sV_id -p506 -VUnique-Location(s) -p507 -sV_source -p508 -(dp509 -VvisState -p510 -V{"title":"Geo-IP Locations","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"enrichments:geo:ip_src_addr:locID","customLabel":"Unique Location(s)"}}],"listeners":{}} -p511 -sVdescription -p512 -V -sVtitle -p513 -VGeo-IP Locations -p514 -sVuiStateJSON -p515 -V{} -p516 -sVversion -p517 -I1 -sVkibanaSavedObjectMeta -p518 -(dp519 -VsearchSourceJSON -p520 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p521 -sssV_index -p522 -V.kibana -p523 -sa(dp524 -V_score -p525 -F1 -sV_type -p526 -Vvisualization -p527 -sV_id -p528 -VTop-Alerts-By-Host -p529 -sV_source -p530 -(dp531 -VvisState -p532 -V{"title":"Top Alerts By Host","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}},{"id":"3","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Destination"}}],"listeners":{}} -p533 -sVdescription -p534 -V -sVtitle -p535 -VTop Alerts By Host -p536 -sVuiStateJSON -p537 -V{} -p538 -sVversion -p539 -I1 -sVsavedSearchId -p540 -Vsnort-search -p541 -sVkibanaSavedObjectMeta -p542 -(dp543 -VsearchSourceJSON -p544 -V{"filter":[]} -p545 -sssV_index -p546 -V.kibana -p547 -sa(dp548 -V_score -p549 -F1 -sV_type -p550 -Vvisualization -p551 -sV_id -p552 -VTotal-Error-Messages -p553 -sV_source -p554 -(dp555 -VvisState -p556 -V{"title":"Total Errored Messages","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Total Error Messages"}}],"listeners":{}} -p557 -sVdescription -p558 -V -sVtitle -p559 -VTotal Error Messages -p560 -sVuiStateJSON -p561 -V{} -p562 -sVversion -p563 -I1 -sVkibanaSavedObjectMeta -p564 -(dp565 -VsearchSourceJSON -p566 -V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p567 -sssV_index -p568 -V.kibana -p569 -sa(dp570 -V_score -p571 -F1 -sV_type -p572 -Vvisualization -p573 -sV_id -p574 -VErrors-By-Source-Type -p575 -sV_source -p576 -(dp577 -VvisState -p578 -V{\u000a "title": "Errors By Source Type",\u000a "type": "histogram",\u000a "params": {\u000a "shareYAxis": true,\u000a "addTooltip": true,\u000a "addLegend": true,\u000a "scale": "linear",\u000a "mode": "grouped",\u000a "times": [],\u000a "addTimeMarker": false,\u000a "defaultYExtents": false,\u000a "setYExtents": false,\u000a "yAxis": {}\u000a },\u000a "aggs": [\u000a {\u000a "id": "1",\u000a "type": "count",\u000a "schema": "metric",\u000a "params": {\u000a "customLabel": "Count"\u000a }\u000a },\u000a {\u000a "id": "2",\u000a "type": "terms",\u000a "schema": "segment",\u000a "params": {\u000a "field": "failed_sensor_type",\u000a "size": 5,\u000a "order": "desc",\u000a "orderBy": "1"\u000a }\u000a },\u000a {\u000a "id": "4",\u000a "type": "cardinality",\u000a "schema": "metric",\u000a "params": {\u000a "field": "error_ha sh",\u000a "customLabel": "Unique Datapoint Count"\u000a }\u000a }\u000a ],\u000a "listeners": {}\u000a} -p579 -sVdescription -p580 -V -sVtitle -p581 -VErrors By Source Type -p582 -sVuiStateJSON -p583 -V{\u000a "vis": {\u000a "colors": {\u000a "Unique Datapoint Count": "#0A50A1",\u000a "Count": "#5195CE"\u000a }\u000a }\u000a} -p584 -sVversion -p585 -I1 -sVkibanaSavedObjectMeta -p586 -(dp587 -VsearchSourceJSON -p588 -V{\u000a "index": "error*",\u000a "query": {\u000a "query_string": {\u000a "analyze_wildcard": true,\u000a "query": "*"\u000a }\u000a },\u000a "filter": []\u000a} -p589 -sssV_index -p590 -V.kibana -p591 -sa(dp592 -V_score -p593 -F1 -sV_type -p594 -Vvisualization -p595 -sV_id -p596 -VError-Histogram-By-Sensor-Type -p597 -sV_source -p598 -(dp599 -VvisState -p600 -V{"title":"Error Histogram By Sensor Type","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"grouped","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}},{"id":"3","type":"terms","schema":"group","params":{"field":"failed_sensor_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p601 -sVdescription -p602 -V -sVtitle -p603 -VError Histogram By Sensor Type -p604 -sVuiStateJSON -p605 -V{} -p606 -sVversion -p607 -I1 -sVsavedSearchId -p608 -VErrors -p609 -sVkibanaSavedObjectMeta -p610 -(dp611 -VsearchSourceJSON -p612 -V{"filter":[]} -p613 -sssV_index -p614 -V.kibana -p615 -sa(dp616 -V_score -p617 -F1 -sV_type -p618 -Vdashboard -p619 -sV_id -p620 -VMetron-Dashboard -p621 -sV_source -p622 -(dp623 -Vhits -p624 -I0 -sVtimeRestore -p625 -I00 -sVdescription -p626 -V -sVtitle -p627 -VMetron Dashboard -p628 -sVuiStateJSON -p629 -V{"P-23":{"spy":{"mode":{"name":null,"fill":false}}},"P-34":{"vis":{"legendOpen":false}}} -p630 -sVpanelsJSON -p631 -V[{"col":1,"id":"Welcome","panelIndex":30,"row":1,"size_x":11,"size_y":2,"type":"visualization"},{"col":1,"id":"Total-Events","panelIndex":6,"row":3,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Events","panelIndex":16,"row":3,"size_x":8,"size_y":4,"type":"visualization"},{"col":1,"id":"Event-Types","panelIndex":15,"row":5,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Location-Header","panelIndex":24,"row":7,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Unique-Location(s)","panelIndex":23,"row":9,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Flow-Locations","panelIndex":32,"row":7,"size_x":8,"size_y":6,"type":"visualization"},{"col":1,"id":"Country","panelIndex":8,"row":11,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flows-Header","panelIndex":27,"row":13,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flow(s)","panelIndex":21,"row":15,"size_x":3,"size_y":2,"type":"visualization"},{"col" :4,"columns":["ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port","protocol","duration","pkt"],"id":"yaf-search","panelIndex":20,"row":13,"size_x":8,"size_y":6,"sort":["duration","desc"],"type":"search"},{"col":1,"id":"Flow-Duration","panelIndex":31,"row":17,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Snort-Header","panelIndex":25,"row":19,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["msg","sig_id","ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port"],"id":"snort-search","panelIndex":3,"row":19,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Snort-Alert-Types","panelIndex":10,"row":21,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Top-Alerts-By-Host","panelIndex":19,"row":23,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Header","panelIndex":26,"row":25,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["method","host","uri","referrer","user_agent","i p_src_addr","ip_dst_addr"],"id":"web-search","panelIndex":4,"row":25,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"HTTP(S)-Requests","panelIndex":17,"row":27,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"DNS-Requests-Header","panelIndex":29,"row":31,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["query","qtype_name","answers","ip_src_addr","ip_dst_addr"],"id":"dns-search","panelIndex":5,"row":31,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"DNS-Request(s)","panelIndex":14,"row":33,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Type","panelIndex":33,"row":29,"size_x":3,"size_y":2,"type":"visualization"}] -p632 -sVoptionsJSON -p633 -V{"darkTheme":false} -p634 -sVversion -p635 -I1 -sVkibanaSavedObjectMeta -p636 -(dp637 -VsearchSourceJSON -p638 -V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]} -p639 -sssV_index -p640 -V.kibana -p641 -sa(dp642 -V_score -p643 -F1 -sV_type -p644 -Vindex-pattern -p645 -sV_id -p646 -Vsnort* -p647 -sV_source -p648 -(dp649 -Vfields -p650 -V[{"name":"msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dgmlen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpack","type":"string","count":0,"scripted":false,"indexed":true,"analyze d":true,"doc_values":false},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scr ipted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethlen","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threat:triage:level","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type" :"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_rev","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"ethsrc ","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpseq","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpwindow","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tos","type":"n umber","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethdst","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":" is_alert","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ttl","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iplen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_generator","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:city","t ype":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}] -p651 -sVtimeFieldName -p652 -Vtimestamp -p653 -sVtitle -p654 -Vsnort* -p655 -ssV_index -p656 -V.kibana -p657 -sa(dp658 -V_score -p659 -F1 -sV_type -p660 -Vindex-pattern -p661 -sV_id -p662 -Vyaf* -p663 -sV_source -p664 -(dp665 -Vfields -p666 -V[{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"isn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"rpkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"strin g","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"app","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"oct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"sc ripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"start_time","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"riflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string"," count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type": "number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"duration","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"pkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ruflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"roct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_value s":true},{"name":"sp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end-reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"risn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_time","type":"date","count" :0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}] -p667 -sVtimeFieldName -p668 -Vtimestamp -p669 -sVtitle -p670 -Vyaf* -p671 -ssV_index -p672 -V.kibana -p673 -sa(dp674 -V_score -p675 -F1 -sV_type -p676 -Vsearch -p677 -sV_id -p678 -Vweb-search -p679 -sV_source -p680 -(dp681 -Vsort -p682 -(lp683 -Vtimestamp -p684 -aVdesc -p685 -asVhits -p686 -I0 -sVdescription -p687 -V -sVtitle -p688 -VWeb Requests -p689 -sVversion -p690 -I1 -sVkibanaSavedObjectMeta -p691 -(dp692 -VsearchSourceJSON -p693 -V{"index":"bro*","query":{"query_string":{"query":"protocol: http OR protocol: https","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}} -p694 -ssVcolumns -p695 -(lp696 -Vmethod -p697 -aVhost -p698 -aVuri -p699 -aVreferrer -p700 -aVip_src_addr -p701 -aVip_dst_addr -p702 -assV_index -p703 -V.kibana -p704 -sa(dp705 -V_score -p706 -F1 -sV_type -p707 -Vvisualization -p708 -sV_id -p709 -VLocation-Header -p710 -sV_source -p711 -(dp712 -VvisState -p713 -V{"title":"Enrichment","type":"markdown","params":{"markdown":"Apache Metron can perform real-time enrichment of telemetry data as it is consumed. To highlight this feature, all of the IP address fields collected from the default sensor suite were used to perform geo-ip lookups. This data was then used to pinpoint each location on the map."},"aggs":[],"listeners":{}} -p714 -sVdescription -p715 -V -sVtitle -p716 -VEnrichment -p717 -sVuiStateJSON -p718 -V{} -p719 -sVversion -p720 -I1 -sVkibanaSavedObjectMeta -p721 -(dp722 -VsearchSourceJSON -p723 -V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p724 -sssV_index -p725 -V.kibana -p726 -sa(dp727 -V_score -p728 -F1 -sV_type -p729 -Vvisualization -p730 -sV_id -p731 -VSnort-Alert-Types -p732 -sV_source -p733 -(dp734 -VvisState -p735 -V{"title":"Snort Alert Types","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"sig_id","customLabel":"Alert Type(s)"}}],"listeners":{}} -p736 -sVdescription -p737 -V -sVtitle -p738 -VSnort Alert Types -p739 -sVuiStateJSON -p740 -V{} -p741 -sVversion -p742 -I1 -sVkibanaSavedObjectMeta -p743 -(dp744 -VsearchSourceJSON -p745 -V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p746 -sssV_index -p747 -V.kibana -p748 -sa(dp749 -V_score -p750 -F1 -sV_type -p751 -Vvisualization -p752 -sV_id -p753 -VFrequent-DNS-Queries -p754 -sV_source -p755 -(dp756 -VvisState -p757 -V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p758 -sVdescription -p759 -V -sVtitle -p760 -VFrequent DNS Requests -p761 -sVuiStateJSON -p762 -V{} -p763 -sVversion -p764 -I1 -sVkibanaSavedObjectMeta -p765 -(dp766 -VsearchSourceJSON -p767 -V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p768 -sssV_index -p769 -V.kibana -p770 -sa(dp771 -V_score -p772 -F1 -sV_type -p773 -Vvisualization -p774 -sV_id -p775 -VDNS-Request(s) -p776 -sV_source -p777 -(dp778 -VvisState -p779 -V{"title":"DNS Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}} -p780 -sVdescription -p781 -V -sVtitle -p782 -VDNS Requests -p783 -sVuiStateJSON -p784 -V{} -p785 -sVversion -p786 -I1 -sVsavedSearchId -p787 -Vdns-search -p788 -sVkibanaSavedObjectMeta -p789 -(dp790 -VsearchSourceJSON -p791 -V{"filter":[]} -p792 -sssV_index -p793 -V.kibana -p794 -sa(dp795 -V_score -p796 -F1 -sV_type -p797 -Vvisualization -p798 -sV_id -p799 -VHTTP(S)-Requests -p800 -sV_source -p801 -(dp802 -VvisState -p803 -V{"title":"Web Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}} -p804 -sVdescription -p805 -V -sVtitle -p806 -VWeb Requests -p807 -sVuiStateJSON -p808 -V{} -p809 -sVversion -p810 -I1 -sVsavedSearchId -p811 -Vweb-search -p812 -sVkibanaSavedObjectMeta -p813 -(dp814 -VsearchSourceJSON -p815 -V{"filter":[]} -p816 -sssV_index -p817 -V.kibana -p818 -sa(dp819 -V_score -p820 -F1 -sV_type -p821 -Vvisualization -p822 -sV_id -p823 -VErrors-Over-Time -p824 -sV_source -p825 -(dp826 -VvisState -p827 -V{\u000a "title": "Error Over Time",\u000a "type": "line",\u000a "params": {\u000a "shareYAxis": true,\u000a "addTooltip": true,\u000a "addLegend": true,\u000a "showCircles": true,\u000a "smoothLines": false,\u000a "interpolate": "linear",\u000a "scale": "linear",\u000a "drawLinesBetweenPoints": true,\u000a "radiusRatio": 9,\u000a "times": [],\u000a "addTimeMarker": true,\u000a "defaultYExtents": false,\u000a "setYExtents": false,\u000a "yAxis": {\u000a "min": 0\u000a }\u000a },\u000a "aggs": [\u000a {\u000a "id": "1",\u000a "type": "count",\u000a "schema": "metric",\u000a "params": {}\u000a },\u000a {\u000a "id": "2",\u000a "type": "date_histogram",\u000a "schema": "segment",\u000a "params": {\u000a "field": "timestamp",\u000a "interval": "auto",\u000a "customInterval": "2h",\u000a "min_doc_count": 1,\u000a "extended_bounds": {}\u000a }\u00 0a }\u000a ],\u000a "listeners": {}\u000a} -p828 -sVdescription -p829 -V -sVtitle -p830 -VErrors Over Time -p831 -sVuiStateJSON -p832 -V{} -p833 -sVversion -p834 -I1 -sVkibanaSavedObjectMeta -p835 -(dp836 -VsearchSourceJSON -p837 -V{\u000a "index": "error*",\u000a "query": {\u000a "query_string": {\u000a "query": "*",\u000a "analyze_wildcard": true\u000a }\u000a },\u000a "filter": []\u000a} -p838 -sssV_index -p839 -V.kibana -p840 -sa(dp841 -V_score -p842 -F1 -sV_type -p843 -Vvisualization -p844 -sV_id -p845 -VError-Source-Proportion -p846 -sV_source -p847 -(dp848 -VvisState -p849 -V{\u000a "title": "Sensor Type Proportion",\u000a "type": "pie",\u000a "params": {\u000a "shareYAxis": true,\u000a "addTooltip": true,\u000a "addLegend": true,\u000a "isDonut": false\u000a },\u000a "aggs": [\u000a {\u000a "id": "1",\u000a "type": "count",\u000a "schema": "metric",\u000a "params": {}\u000a },\u000a {\u000a "id": "2",\u000a "type": "terms",\u000a "schema": "segment",\u000a "params": {\u000a "field": "failed_sensor_type",\u000a "size": 5,\u000a "order": "desc",\u000a "orderBy": "1",\u000a "customLabel": "Sensor"\u000a }\u000a }\u000a ],\u000a "listeners": {}\u000a} -p850 -sVdescription -p851 -V -sVtitle -p852 -VError Source Proportion -p853 -sVuiStateJSON -p854 -V{} -p855 -sVversion -p856 -I1 -sVkibanaSavedObjectMeta -p857 -(dp858 -VsearchSourceJSON -p859 -V{\u000a "index": "error*",\u000a "query": {\u000a "query_string": {\u000a "query": "*",\u000a "analyze_wildcard": true\u000a }\u000a },\u000a "filter": []\u000a} -p860 -sssV_index -p861 -V.kibana -p862 -sa(dp863 -V_score -p864 -F1 -sV_type -p865 -Vindex-pattern -p866 -sV_id -p867 -Verror* -p868 -sV_source -p869 -(dp870 -Vfields -p871 -V[{"name":"exception","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"stack","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"error_hash","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"raw_message","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"message","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"failed_sensor_type","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"hostname","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":1,"scripted":false,"indexed":true ,"analyzed":true,"doc_values":false},{"name":"error_type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"error_fields","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"raw_message_bytes","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"timestamp","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}] -p872 -sVtimeFieldName -p873 -Vtimestamp -p874 -sVtitle -p875 -Verror* -p876 -ssV_index -p877 -V.kibana -p878 -sa(dp879 -V_score -p880 -F1 -sV_type -p881 -Vvisualization -p882 -sV_id -p883 -VError-Date-Histogram -p884 -sV_source -p885 -(dp886 -VvisState -p887 -V{"title":"New Visualization","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}}],"listeners":{}} -p888 -sVdescription -p889 -V -sVtitle -p890 -VError Date Histogram -p891 -sVuiStateJSON -p892 -V{} -p893 -sVversion -p894 -I1 -sVsavedSearchId -p895 -VErrors -p896 -sVkibanaSavedObjectMeta -p897 -(dp898 -VsearchSourceJSON -p899 -V{"filter":[]} -p900 -sssV_index -p901 -V.kibana -p902 -sa(dp903 -V_score -p904 -F1 -sV_type -p905 -Vdashboard -p906 -sV_id -p907 -VMetron-Error-Dashboard -p908 -sV_source -p909 -(dp910 -Vhits -p911 -I0 -sVtimeRestore -p912 -I00 -sVdescription -p913 -V -sVtitle -p914 -VMetron Error Dashboard -p915 -sVuiStateJSON -p916 -V{"P-2":{"vis":{"legendOpen":true}},"P-23":{"vis":{"colors":{"amb3.service.consul":"#629E51","host":"#629E51","host2":"#9AC48A","hostAnother":"#7EB26D","hostNew":"#B7DBAB"}}},"P-3":{"vis":{"colors":{"fourth":"#1F78C1","new_error":"#BADFF4","test_error":"#82B5D8"}}},"P-5":{"vis":{"colors":{"another_new_parser_error":"#806EB7","new_parser_error":"#AEA2E0","parser_error":"#614D93"}}}} -p917 -sVpanelsJSON -p918 -V[{"col":5,"id":"Errors-By-Error-Type","panelIndex":2,"row":9,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Source-Proportion","panelIndex":3,"row":9,"size_x":4,"size_y":3,"type":"visualization"},{"col":5,"id":"Errors-By-Source-Type","panelIndex":4,"row":12,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Type-Proportion","panelIndex":5,"row":12,"size_x":4,"size_y":3,"type":"visualization"},{"col":8,"id":"Unique-Error-Messages","panelIndex":19,"row":1,"size_x":4,"size_y":2,"type":"visualization"},{"col":3,"id":"Total-Error-Messages","panelIndex":20,"row":1,"size_x":4,"size_y":2,"type":"visualization"},{"col":5,"id":"Errors-By-Hostname","panelIndex":22,"row":15,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Hostname-Proportion","panelIndex":23,"row":15,"size_x":4,"size_y":3,"type":"visualization"},{"col":1,"columns":["failed_sensor_type","error_type","exception","hostname","message","raw_message","error_hash"],"id":"Errors"," panelIndex":25,"row":18,"size_x":12,"size_y":7,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Error-Histogram-By-Sensor-Type","panelIndex":27,"row":3,"size_x":12,"size_y":3,"type":"visualization"},{"id":"Unique-Error-Histogram-By-Sensor-Type","type":"visualization","panelIndex":28,"size_x":12,"size_y":3,"col":1,"row":6}] -p919 -sVoptionsJSON -p920 -V{"darkTheme":false} -p921 -sVversion -p922 -I1 -sVkibanaSavedObjectMeta -p923 -(dp924 -VsearchSourceJSON -p925 -V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]} -p926 -sssV_index -p927 -V.kibana -p928 -sa(dp929 -V_score -p930 -F1 -sV_type -p931 -Vconfig -p932 -sV_id -p933 -V4.5.3 -p934 -sV_source -p935 -(dp936 -VbuildNum -p937 -I9892 -sVdefaultIndex -p938 -Vbro* -p939 -ssV_index -p940 -V.kibana -p941 -sa(dp942 -V_score -p943 -F1 -sV_type -p944 -Vsearch -p945 -sV_id -p946 -Vdns-search -p947 -sV_source -p948 -(dp949 -Vsort -p950 -(lp951 -Vtimestamp -p952 -aVdesc -p953 -asVhits -p954 -I0 -sVdescription -p955 -V -sVtitle -p956 -VDNS Requests -p957 -sVversion -p958 -I1 -sVkibanaSavedObjectMeta -p959 -(dp960 -VsearchSourceJSON -p961 -V{"index":"bro*","query":{"query_string":{"query":"protocol: dns","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}} -p962 -ssVcolumns -p963 -(lp964 -Vquery -p965 -aVqtype_name -p966 -aVanswers -p967 -aVip_src_addr -p968 -aVip_dst_addr -p969 -assV_index -p970 -V.kibana -p971 -sa(dp972 -V_score -p973 -F1 -sV_type -p974 -Vvisualization -p975 -sV_id -p976 -VDNS-Requests-Header -p977 -sV_source -p978 -(dp979 -VvisState -p980 -V{"aggs":[],"listeners":{},"params":{"markdown":"[Bro](https://www.bro.org/) is extracting DNS requests and responses being made over the network. Understanding who is making those requests, the frequency, and types can provide a deep understanding of the actors present on the network."},"title":"DNS Requests","type":"markdown"} -p981 -sVdescription -p982 -V -sVtitle -p983 -VDNS Requests -p984 -sVuiStateJSON -p985 -V{} -p986 -sVversion -p987 -I1 -sVkibanaSavedObjectMeta -p988 -(dp989 -VsearchSourceJSON -p990 -V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]} -p991 -sssV_index -p992 -V.kibana -p993 -sa(dp994 -V_score -p995 -F1 -sV_type -p996 -Vvisualization -p997 -sV_id -p998 -VYAF-Flows-Header -p999 -sV_source -p1000 -(dp1001 -VvisState -p1002 -V{"title":"YAF","type":"markdown","params":{"markdown":"[YAF](https://tools.netsa.cert.org/yaf/yaf.html) can be used to generate Netflow-like flow records. These flow records provide significant visibility of the actors communicating over the target network."},"aggs":[],"listeners":{}} -p1003 -sVdescription -p1004 -V -sVtitle -p1005 -VYAF -p1006 -sVuiStateJSON -p1007 -V{} -p1008 -sVversion -p1009 -I1 -sVkibanaSavedObjectMeta -p1010 -(dp1011 -VsearchSourceJSON -p1012 -V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]} -p1013 -sssV_index -p1014 -V.kibana -p1015 -sa(dp1016 -V_score -p1017 -F1 -sV_type -p1018 -Vvisualization -p1019 -sV_id -p1020 -VTop-5-Exceptions -p1021 -sV_source -p1022 -(dp1023 -VvisState -p1024 -V{"title":"Top-5 Exceptions","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"exception","size":5,"order":"desc","orderBy":"1","customLabel":"Exceptions"}}],"listeners":{}} -p1025 -sVdescription -p1026 -V -sVtitle -p1027 -VTop-5 Exceptions -p1028 -sVuiStateJSON -p1029 -V{} -p1030 -sVversion -p1031 -I1 -sVkibanaSavedObjectMeta -p1032 -(dp1033 -VsearchSourceJSON -p1034 -V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p1035 -sssV_index -p1036 -V.kibana -p1037 -sa(dp1038 -V_score -p1039 -F1 -sV_type -p1040 -Vvisualization -p1041 -sV_id -p1042 -VFrequent-DNS-Requests -p1043 -sV_source -p1044 -(dp1045 -VvisState -p1046 -V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1","customLabel":"DNS Query"}}],"listeners":{}} -p1047 -sVdescription -p1048 -V -sVtitle -p1049 -VFrequent DNS Requests -p1050 -sVuiStateJSON -p1051 -V{} -p1052 -sVversion -p1053 -I1 -sVkibanaSavedObjectMeta -p1054 -(dp1055 -VsearchSourceJSON -p1056 -V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p1057 -sssV_index -p1058 -V.kibana -p1059 -sa(dp1060 -V_score -p1061 -F1 -sV_type -p1062 -Vvisualization -p1063 -sV_id -p1064 -VCountry -p1065 -sV_source -p1066 -(dp1067 -VvisState -p1068 -V{"title":"By Country","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"enrichments:geo:ip_src_addr:country","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p1069 -sVdescription -p1070 -V -sVtitle -p1071 -VBy Country -p1072 -sVuiStateJSON -p1073 -V{} -p1074 -sVversion -p1075 -I1 -sVkibanaSavedObjectMeta -p1076 -(dp1077 -VsearchSourceJSON -p1078 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p1079 -sssV_index -p1080 -V.kibana -p1081 -sa(dp1082 -V_score -p1083 -F1 -sV_type -p1084 -Vvisualization -p1085 -sV_id -p1086 -VTop-Destinations -p1087 -sV_source -p1088 -(dp1089 -VvisState -p1090 -V{"title":"Top Destinations","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Destination IP"}}],"listeners":{}} -p1091 -sVdescription -p1092 -V -sVtitle -p1093 -VTop Destinations -p1094 -sVuiStateJSON -p1095 -V{} -p1096 -sVversion -p1097 -I1 -sVkibanaSavedObjectMeta -p1098 -(dp1099 -VsearchSourceJSON -p1100 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p1101 -sssV_index -p1102 -V.kibana -p1103 -sa(dp1104 -V_score -p1105 -F1 -sV_type -p1106 -Vvisualization -p1107 -sV_id -p1108 -VUnusual-Referrers -p1109 -sV_source -p1110 -(dp1111 -VvisState -p1112 -V{"title":"Unusual Referrers","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"significant_terms","schema":"bucket","params":{"field":"referrer","size":5,"customLabel":"Top 5 Unusual Referrers"}}],"listeners":{}} -p1113 -sVdescription -p1114 -V -sVtitle -p1115 -VUnusual Referrers -p1116 -sVuiStateJSON -p1117 -V{} -p1118 -sVversion -p1119 -I1 -sVsavedSearchId -p1120 -Vweb-search -p1121 -sVkibanaSavedObjectMeta -p1122 -(dp1123 -VsearchSourceJSON -p1124 -V{"filter":[]} -p1125 -sssV_index -p1126 -V.kibana -p1127 -sa(dp1128 -V_score -p1129 -F1 -sV_type -p1130 -Vvisualization -p1131 -sV_id -p1132 -VUnique-Error-Histogram-By-Sensor-Type -p1133 -sV_source -p1134 -(dp1135 -VvisState -p1136 -V{"title":"Error Histogram By Sensor Type","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"grouped","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"error_hash"}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}},{"id":"3","type":"terms","schema":"group","params":{"field":"failed_sensor_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}} -p1137 -sVdescription -p1138 -V -sVtitle -p1139 -VUnique Error Histogram By Sensor Type -p1140 -sVuiStateJSON -p1141 -V{} -p1142 -sVversion -p1143 -I1 -sVsavedSearchId -p1144 -VErrors -p1145 -sVkibanaSavedObjectMeta -p1146 -(dp1147 -VsearchSourceJSON -p1148 -V{"filter":[]} -p1149 -sssV_index -p1150 -V.kibana -p1151 -sa(dp1152 -V_score -p1153 -F1 -sV_type -p1154 -Vvisualization -p1155 -sV_id -p1156 -VFlow-Locations -p1157 -sV_source -p1158 -(dp1159 -VvisState -p1160 -V{"title":"Flow Locations","type":"tile_map","params":{"mapType":"Scaled Circle Markers","isDesaturated":true,"addTooltip":true,"heatMaxZoom":16,"heatMinOpacity":0.1,"heatRadius":25,"heatBlur":15,"heatNormalizeData":true,"wms":{"enabled":true,"url":"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer","options":{"version":"1.3.0","layers":"0","format":"image/png","transparent":true,"attribution":"Maps provided by USGS","styles":""}}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"geohash_grid","schema":"segment","params":{"field":"enrichments:geo:ip_dst_addr:location_point","autoPrecision":true,"precision":2}}],"listeners":{}} -p1161 -sVdescription -p1162 -V -sVtitle -p1163 -VFlow Locations -p1164 -sVuiStateJSON -p1165 -V{} -p1166 -sVversion -p1167 -I1 -sVkibanaSavedObjectMeta -p1168 -(dp1169 -VsearchSourceJSON -p1170 -V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]} -p1171 -sssV_index -p1172 -V.kibana -p1173 -sa. \ No newline at end of file http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py deleted file mode 100755 index f0903ac..0000000 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/python -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -from elasticsearch import Elasticsearch -from elasticsearch.helpers import bulk -import cPickle as pickle -import argparse, sys, os.path -import errno -import os - - -class DashboardIndex(object): - - def __init__(self, host='localhost', port=9200, url_prefix='', timeout=10, **kwargs): - """ - :arg host: hostname of the node (default: localhost) - :arg port: port to use (integer, default: 9200) - :arg url_prefix: optional url prefix for elasticsearch - :arg timeout: default timeout in seconds (float, default: 10) - """ - self.es = Elasticsearch([{'host':host,'port': port, 'url_prefix': url_prefix, 'timeout':timeout}]) - - def get(self): - """ - Get .kibana index from Elasticsearch - """ - dotkibana = self.es.search(index='.kibana', size = 100) - return dotkibana['hits']['hits'] - - def load(self,filespec): - """ - Save Index data on local filesystem - :args filespec: path/filename for saved file - """ - data=[] - with open(filespec,'rb') as fp: - data = pickle.load(fp) - return data - - def save(self,filename,data): - """ - Save Index data on local filesystem - :args filespec: path/filename for saved file - """ - with open(filename,'wb') as fp: - pickle.dump(data,fp) - - def put(self,data): - """ - Bulk write data to Elasticsearch - :args data: data to be written (note: index name is specified in data) - """ - bulk(self.es,data) - - def main(self,args): - - if args.save: - print("running save with host:%s on port %d, filespec: %s" % (args.hostname, args.port, args.filespec)) - self.save(filename=args.filespec,data=di.get()) - else: - """ - Loads Kibana Dashboard definition from disk and replaces .kibana on index - :args filespec: path/filename for saved file - """ - if not os.path.isfile(args.filespec): - raise IOError( - errno.ENOENT, os.strerror(errno.ENOENT), args.filespec) - self.es.indices.delete(index='.kibana', ignore=[400, 404]) - self.put(data=di.load(filespec=args.filespec)) - -if __name__ == '__main__': - - parser = argparse.ArgumentParser() - parser.add_argument("hostname", help="ES Hostname or IP", type=str) - parser.add_argument("port", help="ES Port", type=int) - parser.add_argument("filespec", help="file to be pushed from or saved to", type=str) - parser.add_argument("-s","--save", help="run in SAVE mode - .kibana will be read and saved to filespec",action="store_true") - args = parser.parse_args() - di = DashboardIndex(host=args.hostname,port=args.port) - di.main(args)
