Created
September 24, 2019 11:42
-
-
Save aadel/f32b97ccacfb5bcb55968ab0188e9e4f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "Realtime Log Analytics", | |
| "services": { | |
| "query": { | |
| "idQueue": [ | |
| 1, | |
| 2, | |
| 3, | |
| 4 | |
| ], | |
| "list": { | |
| "0": { | |
| "query": "-agent_str:\\\"-\\\"", | |
| "alias": "", | |
| "color": "#7EB26D", | |
| "id": 0, | |
| "pin": false, | |
| "type": "lucene" | |
| } | |
| }, | |
| "ids": [ | |
| 0 | |
| ] | |
| }, | |
| "filter": { | |
| "idQueue": [ | |
| 1, | |
| 3 | |
| ], | |
| "list": { | |
| "0": { | |
| "from": "NOW-2DAY", | |
| "to": "NOW%2B1DAY", | |
| "field": "_timestamp", | |
| "type": "time", | |
| "fromDateObj": "2019-09-22T11:37:55.899Z", | |
| "toDateObj": "2019-09-24T11:37:55.904Z", | |
| "mandate": "must", | |
| "active": true, | |
| "alias": "", | |
| "id": 0 | |
| }, | |
| "2": { | |
| "type": "field", | |
| "field": "request", | |
| "query": "(%22%2Fapi%2Fsessions%22)", | |
| "mandate": "mustNot", | |
| "active": true, | |
| "alias": "", | |
| "id": 2 | |
| } | |
| }, | |
| "ids": [ | |
| 2, | |
| 0 | |
| ] | |
| } | |
| }, | |
| "rows": [ | |
| { | |
| "title": "Query and Time Window", | |
| "height": "50px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "error": "", | |
| "span": 6, | |
| "editable": true, | |
| "type": "timepicker", | |
| "loadingEditor": false, | |
| "status": "Stable", | |
| "mode": "relative", | |
| "spyable": true, | |
| "time_options": [ | |
| "5m", | |
| "15m", | |
| "1h", | |
| "6h", | |
| "12h", | |
| "24h", | |
| "2d", | |
| "7d", | |
| "30d", | |
| "90d", | |
| "1y", | |
| "5y" | |
| ], | |
| "timespan": "2d", | |
| "timefield": "_timestamp", | |
| "timeformat": "", | |
| "refresh": { | |
| "enable": false, | |
| "interval": 90, | |
| "min": 3 | |
| }, | |
| "filter_id": 0, | |
| "title": "Time Window" | |
| }, | |
| { | |
| "error": false, | |
| "span": 6, | |
| "editable": true, | |
| "spyable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "query", | |
| "label": "Search", | |
| "history": [ | |
| "-agent_str:\\\"-\\\"", | |
| "*" | |
| ], | |
| "remember": 10, | |
| "pinned": true, | |
| "query": "*", | |
| "title": "Search", | |
| "def_type": "" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Filters", | |
| "height": "50px", | |
| "editable": true, | |
| "collapse": true, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "error": false, | |
| "span": 12, | |
| "editable": true, | |
| "spyable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "filtering" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Overview", | |
| "height": "450px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "span": 6, | |
| "editable": true, | |
| "type": "sunburst", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&wt=json&facet=true&facet.pivot=verb_str,response,clientip_str&facet.limit=1000&rows=0", | |
| "custom": "" | |
| }, | |
| "facet_limit": 1000, | |
| "spyable": true, | |
| "show_queries": true, | |
| "title": "S", | |
| "facet_pivot_strings": [ | |
| "verb_str", | |
| "response", | |
| "clientip_str" | |
| ] | |
| }, | |
| { | |
| "span": 6, | |
| "editable": true, | |
| "type": "map", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&rows=0&facet=true&facet.field=country_code2_str&facet.limit=100", | |
| "custom": "" | |
| }, | |
| "mode": "count", | |
| "field": "country_code2_str", | |
| "stats_field": "", | |
| "decimal_points": 0, | |
| "map": "world", | |
| "useNames": false, | |
| "colors": [ | |
| "#A0E2E2", | |
| "#265656" | |
| ], | |
| "size": 100, | |
| "exclude": [], | |
| "spyable": true, | |
| "index_limit": 0, | |
| "show_queries": true, | |
| "title": "Map" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Response", | |
| "height": "250px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "span": 4, | |
| "editable": true, | |
| "type": "bar", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=response&facet.limit=10", | |
| "custom": "", | |
| "ids": [ | |
| 0 | |
| ] | |
| }, | |
| "field": "response", | |
| "size": 10, | |
| "spyable": true, | |
| "show_queries": true, | |
| "title": "R" | |
| }, | |
| { | |
| "span": 4, | |
| "editable": true, | |
| "type": "rangeFacet", | |
| "loadingEditor": false, | |
| "mode": "count", | |
| "time_field": "timestamp", | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.range=bytes&facet.range.start=0&facet.range.end=1001&facet.range.gap=11\n", | |
| "custom": "" | |
| }, | |
| "max_rows": 100000, | |
| "value_field": null, | |
| "fill": 0, | |
| "linewidth": 3, | |
| "auto_int": true, | |
| "resolution": 100, | |
| "interval": 11, | |
| "interval_decimal": 0, | |
| "resolutions": [ | |
| 5, | |
| 10, | |
| 25, | |
| 50, | |
| 75, | |
| 100 | |
| ], | |
| "spyable": true, | |
| "zoomlinks": true, | |
| "bars": true, | |
| "stack": true, | |
| "points": false, | |
| "lines": false, | |
| "lines_smooth": false, | |
| "legend": true, | |
| "x-axis": true, | |
| "y-axis": true, | |
| "percentage": false, | |
| "interactive": true, | |
| "options": true, | |
| "minimum": 0, | |
| "maximum": 1000, | |
| "chart_minimum": "0", | |
| "chart_maximum": "1000", | |
| "tooltip": { | |
| "value_type": "cumulative", | |
| "query_as_alias": false | |
| }, | |
| "showChart": true, | |
| "show_queries": true, | |
| "refresh": { | |
| "enable": false, | |
| "interval": 2 | |
| }, | |
| "title": "Bytes", | |
| "range_field": "bytes" | |
| }, | |
| { | |
| "span": 2, | |
| "editable": true, | |
| "type": "hits", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&stats=true&stats.field=verb_str&stats.field=bytes&stats.field=bytes&stats.field=bytes&stats.field=bytes&wt=json&rows=0\n", | |
| "basic_query": "", | |
| "custom": "" | |
| }, | |
| "style": { | |
| "font-size": "16pt", | |
| "flex-direction": "column" | |
| }, | |
| "arrangement": "vertical", | |
| "chart": "total", | |
| "counter_pos": "above", | |
| "donut": false, | |
| "tilt": false, | |
| "labels": true, | |
| "spyable": true, | |
| "show_queries": true, | |
| "metrics": [ | |
| { | |
| "type": "count", | |
| "field": "verb_str", | |
| "decimalDigits": 0, | |
| "label": "Hits", | |
| "value": "1607" | |
| }, | |
| { | |
| "type": "sum", | |
| "field": "bytes", | |
| "decimalDigits": 0, | |
| "label": "Total bytes transferred", | |
| "value": "9195554" | |
| }, | |
| { | |
| "type": "mean", | |
| "field": "bytes", | |
| "decimalDigits": 2, | |
| "label": "Average bytes per request", | |
| "value": "5722.19" | |
| }, | |
| { | |
| "type": "min", | |
| "field": "bytes", | |
| "decimalDigits": 0, | |
| "label": "Minimum bytes served", | |
| "value": "126" | |
| }, | |
| { | |
| "type": "max", | |
| "field": "bytes", | |
| "decimalDigits": 0, | |
| "label": "Maximum bytes served", | |
| "value": "648338" | |
| } | |
| ], | |
| "refresh": { | |
| "enable": false, | |
| "interval": 2 | |
| }, | |
| "title": "Hits" | |
| }, | |
| { | |
| "span": 2, | |
| "editable": true, | |
| "type": "facet", | |
| "loadingEditor": false, | |
| "status": "Stable", | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=httpversion&facet.field=ident_str&wt=json", | |
| "basic_query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=httpversion&facet.field=ident_str", | |
| "custom": "" | |
| }, | |
| "group": "default", | |
| "style": { | |
| "font-size": "9pt" | |
| }, | |
| "overflow": "min-height", | |
| "fields": [ | |
| "httpversion", | |
| "ident_str" | |
| ], | |
| "spyable": true, | |
| "facet_limit": 10, | |
| "maxnum_facets": 5, | |
| "foundResults": true, | |
| "header_title": "Facet Fields", | |
| "toggle_element": null, | |
| "show_queries": true, | |
| "title": "Facet", | |
| "exportSize": null, | |
| "offset": 0 | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Facets, Histogram and Table", | |
| "height": "250px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "span": 4, | |
| "editable": true, | |
| "type": "terms", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=verb&facet.limit=10&facet.missing=true&f.verb.facet.sort=count", | |
| "custom": "" | |
| }, | |
| "mode": "count", | |
| "field": "verb", | |
| "stats_field": "", | |
| "decimal_points": 0, | |
| "exclude": [], | |
| "missing": false, | |
| "other": false, | |
| "size": 10, | |
| "pages": 10, | |
| "sortBy": "count", | |
| "order": "descending", | |
| "style": { | |
| "font-size": "10pt" | |
| }, | |
| "donut": false, | |
| "tilt": false, | |
| "labels": true, | |
| "logAxis": false, | |
| "arrangement": "horizontal", | |
| "chart": "bar", | |
| "counter_pos": "above", | |
| "exportSize": 100, | |
| "lastColor": "rgb(234,184,57)", | |
| "spyable": true, | |
| "show_queries": true, | |
| "bar_chart_arrangement": "vertical", | |
| "chartColors": [ | |
| "#E24D42" | |
| ], | |
| "refresh": { | |
| "enable": false, | |
| "interval": 2 | |
| }, | |
| "title": "Methods" | |
| }, | |
| { | |
| "span": 8, | |
| "editable": true, | |
| "type": "histogram", | |
| "loadingEditor": false, | |
| "mode": "count", | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.range=_timestamp&facet.range.start=NOW-2DAY&facet.range.end=NOW%2B1DAY&facet.range.gap=%2B30MINUTE\n", | |
| "custom": "" | |
| }, | |
| "max_rows": 100000, | |
| "value_field": null, | |
| "group_field": null, | |
| "auto_int": true, | |
| "resolution": 100, | |
| "interval": "30m", | |
| "intervals": [ | |
| "auto", | |
| "1s", | |
| "1m", | |
| "5m", | |
| "10m", | |
| "30m", | |
| "1h", | |
| "3h", | |
| "12h", | |
| "1d", | |
| "1w", | |
| "1M", | |
| "1y" | |
| ], | |
| "fill": 0, | |
| "linewidth": 3, | |
| "timezone": "browser", | |
| "spyable": true, | |
| "zoomlinks": true, | |
| "bars": true, | |
| "stack": true, | |
| "points": false, | |
| "lines": false, | |
| "legend": true, | |
| "x-axis": true, | |
| "y-axis": true, | |
| "percentage": false, | |
| "interactive": true, | |
| "options": true, | |
| "tooltip": { | |
| "value_type": "cumulative", | |
| "query_as_alias": false | |
| }, | |
| "title": "Event Counts", | |
| "sum_value": false, | |
| "lines_smooth": false, | |
| "show_queries": true, | |
| "refresh": { | |
| "enable": false, | |
| "interval": 2 | |
| } | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Graph", | |
| "height": "250px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "span": 4, | |
| "editable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "terms", | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&wt=json&rows=0&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&facet=true&facet.field=agent&facet.limit=5&facet.missing=true&f.agent.facet.sort=count" | |
| }, | |
| "field": "agent", | |
| "exclude": [], | |
| "missing": false, | |
| "other": false, | |
| "size": 5, | |
| "order": "count", | |
| "style": { | |
| "font-size": "10pt" | |
| }, | |
| "donut": false, | |
| "tilt": false, | |
| "labels": true, | |
| "arrangement": "horizontal", | |
| "chart": "pie", | |
| "counter_pos": "none", | |
| "title": "Message Terms", | |
| "spyable": true, | |
| "time_field": "event_timestamp", | |
| "mode": "count", | |
| "stats_field": "", | |
| "decimal_points": 0, | |
| "pages": 10, | |
| "sortBy": "count", | |
| "logAxis": false, | |
| "exportSize": 100, | |
| "lastColor": "rgb(226,77,66)", | |
| "show_queries": true, | |
| "bar_chart_arrangement": "vertical", | |
| "chartColors": [ | |
| "#0A437C" | |
| ], | |
| "refresh": { | |
| "enable": false, | |
| "interval": 2 | |
| } | |
| }, | |
| { | |
| "span": 8, | |
| "editable": true, | |
| "type": "heatmap", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&wt=json&rows=0&facet=true&facet.pivot=verb,clientip&facet.limit=5&facet.pivot.mincount=0", | |
| "custom": "" | |
| }, | |
| "size": 0, | |
| "row_field": "verb", | |
| "col_field": "clientip", | |
| "row_size": 5, | |
| "color": "lime", | |
| "spyable": true, | |
| "transpose_show": true, | |
| "transposed": false, | |
| "show_queries": true, | |
| "title": "H" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Events", | |
| "height": "650px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "span": 12, | |
| "editable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "table", | |
| "size": 20, | |
| "pages": 5, | |
| "offset": 0, | |
| "sort": [ | |
| "id", | |
| "desc" | |
| ], | |
| "style": { | |
| "font-size": "9pt" | |
| }, | |
| "overflow": "min-height", | |
| "fields": [ | |
| "request", | |
| "response", | |
| "clientip", | |
| "bytes", | |
| "verb", | |
| "message" | |
| ], | |
| "highlight": [], | |
| "sortable": true, | |
| "header": true, | |
| "paging": true, | |
| "spyable": true, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0 | |
| ], | |
| "query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&sort=id desc&wt=json&rows=100", | |
| "basic_query": "q=-agent_str%3A%5C%22-%5C%22&fq=_timestamp:[NOW-2DAY%20TO%20NOW%2B1DAY]&fq=-request:(%22%2Fapi%2Fsessions%22)&sort=id desc" | |
| }, | |
| "field_list": false, | |
| "status": "Stable", | |
| "trimFactor": 300, | |
| "normTimes": true, | |
| "title": "Events", | |
| "time_field": "event_timestamp", | |
| "important_fields": [ | |
| "request_str", | |
| "response", | |
| "path_str" | |
| ], | |
| "saveOption": "json", | |
| "exportSize": 100, | |
| "exportAll": true, | |
| "displayLinkIcon": true, | |
| "imageFields": [], | |
| "imgFieldWidth": "auto", | |
| "imgFieldHeight": "85px", | |
| "show_queries": true, | |
| "maxNumCalcTopFields": 20, | |
| "calcTopFieldValuesFromAllData": false, | |
| "subrowMaxChar": 300, | |
| "subrowOffset": 0, | |
| "refresh": { | |
| "enable": false, | |
| "interval": 2 | |
| } | |
| } | |
| ] | |
| } | |
| ], | |
| "editable": true, | |
| "index": { | |
| "interval": "none", | |
| "pattern": "[logstash-]YYYY.MM.DD", | |
| "default": "_all" | |
| }, | |
| "style": "light", | |
| "failover": false, | |
| "panel_hints": true, | |
| "loader": { | |
| "save_gist": true, | |
| "save_elasticsearch": true, | |
| "save_local": true, | |
| "save_default": true, | |
| "save_temp": true, | |
| "save_temp_ttl_enable": true, | |
| "save_temp_ttl": "30d", | |
| "load_gist": true, | |
| "load_elasticsearch": true, | |
| "load_elasticsearch_size": 20, | |
| "load_local": true, | |
| "hide": false, | |
| "dropdown_collections": false, | |
| "save_as_public": false | |
| }, | |
| "solr": { | |
| "server": "/solr/", | |
| "core_name": "logs", | |
| "core_list": [ | |
| "logs" | |
| ], | |
| "global_params": "" | |
| }, | |
| "username": "guest", | |
| "home": true | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment