Skip to content

Instantly share code, notes, and snippets.

@andrewkroh
Last active September 1, 2022 21:42
Show Gist options
  • Save andrewkroh/59f04b802400fe5a9fd361915ac03699 to your computer and use it in GitHub Desktop.
Save andrewkroh/59f04b802400fe5a9fd361915ac03699 to your computer and use it in GitHub Desktop.
Bash script to dump wireguard peers to JSON
#!/usr/bin/env bash
# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Description:
# This script executes the 'wg show all dump' command and converts output
# to NDJSON.
set -euo pipefail
column_names=(
"interface"
"public_key"
"preshared_key"
"endpoint"
"allowed_ips"
"latest_handshake"
"bytes_received"
"bytes_sent"
"persistent_keepalive"
)
# Store last value in order to convert byte counters to gauges.
declare -A last_bytes_received
declare -A last_bytes_sent
declare diff_from_last
function difference_bytes_received() {
local public_key=$1
local current_value=$2
local last
if [ ${last_bytes_received[${public_key}]+_} ]; then
last=${last_bytes_received[${public_key}]}
diff_from_last=$((current_value-last))
else
diff_from_last=-1
fi
last_bytes_received+=([${public_key}]=$current_value)
}
function difference_bytes_sent() {
local public_key=$1
local current_value=$2
local last
if [ ${last_bytes_sent[${public_key}]+_} ]; then
last=${last_bytes_sent[${public_key}]}
diff_from_last=$((current_value-last))
else
diff_from_last=-1
fi
last_bytes_sent+=([${public_key}]=$current_value)
}
while true; do
timestamp="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
tsv_dump=$(wg show all dump)
# Iterate over each line in the output.
while read -r line; do
# Split the tab separated line and write the elements into 'array'.
IFS=$'\t' read -r -a array <<<"$line"
# These line represents the local interface.
if [ ${#array[@]} == 5 ]; then
port=${array[3]}
# These lines represent the peers.
elif [ ${#array[@]} == 9 ]; then
public_key=${array[1]}
bytes_received=${array[6]}
bytes_sent=${array[7]}
# Convert counters to gauges.
difference_bytes_received "$public_key" "$bytes_received"
array[6]=$diff_from_last
difference_bytes_sent "$public_key" "$bytes_sent"
array[7]=$diff_from_last
# Don't report data on the first execution.
if [ $diff_from_last == -1 ]; then continue; fi
# Output JSON event.
json='{'
json+="\"timestamp\":\"${timestamp}\","
for i in "${!array[@]}"; do
# Redact any pre-shared keys.
if [ $i == 2 ]; then
continue
fi
json+="\"${column_names[$i]}\":\"${array[$i]}\","
done
json+="\"port\":${port}"
json+='}'
echo "$json"
fi
done <<<"$tsv_dump"
sleep 30
done
---
description: Process JSON logs from wireguard-logger.
processors:
- set:
field: event.ingested
value: "{{{_ingest.timestamp}}}"
- json:
field: message
target_field: wireguard
- set:
field: event.module
value: wireguard
- set:
field: event.dataset
value: wireguard.peers
- set:
field: network.transport
value: udp
- date:
field: wireguard.timestamp
formats:
- ISO8601
- dissect:
if: ctx.wireguard.endpoint.startsWith('[')
field: wireguard.endpoint
pattern: "[%{source.ip}]:%{source.port}"
- dissect:
if: "!ctx.wireguard.endpoint.startsWith('[')"
field: wireguard.endpoint
pattern: "%{source.ip}:%{source.port}"
ignore_failure: true
- set:
if: ctx?.source?.ip != null && ctx.source.ip.contains(':')
field: network.type
value: ipv6
- set:
if: ctx?.source?.ip != null && !ctx.source.ip.contains(':')
field: network.type
value: ipv4
- convert:
field: source.port
type: long
ignore_missing: true
- convert:
field: wireguard.port
target_field: destination.port
type: long
- convert:
field: wireguard.bytes_received
target_field: source.bytes
type: long
- convert:
field: wireguard.bytes_sent
target_field: destination.bytes
type: long
- date:
field: wireguard.latest_handshake
target_field: wireguard.latest_handshake
formats:
- UNIX
- split:
field: wireguard.allowed_ips
separator: ', '
- geoip:
if: ctx?.source?.geo == null
field: source.ip
target_field: source.geo
ignore_missing: true
- geoip:
if: ctx?.destination?.geo == null
field: destination.ip
target_field: destination.geo
ignore_missing: true
- geoip:
database_file: GeoLite2-ASN.mmdb
field: source.ip
target_field: source.as
properties:
- asn
- organization_name
ignore_missing: true
- geoip:
database_file: GeoLite2-ASN.mmdb
field: destination.ip
target_field: destination.as
properties:
- asn
- organization_name
ignore_missing: true
- rename:
field: source.as.asn
target_field: source.as.number
ignore_missing: true
- rename:
field: source.as.organization_name
target_field: source.as.organization.name
ignore_missing: true
- rename:
field: destination.as.asn
target_field: destination.as.number
ignore_missing: true
- rename:
field: destination.as.organization_name
target_field: destination.as.organization.name
ignore_missing: true
- script:
lang: painless
tag: destination-ip-from-host-ip
if: ctx?.host?.ip != null && ctx?.network?.type != null
description: Set destination.ip to the first IP in host.ip that matches the network.type.
source: |
def isIPv4 = ctx.network.type == "ipv4" ? true : false;
for (ip in ctx.host.ip) {
// IPv4
if (isIPv4 && !ip.contains(':')) {
ctx.destination.ip = ip;
break;
// IPv6
} else if (!isIPv4 && ip.contains(':')) {
ctx.destination.ip = ip;
break;
}
}
- community_id:
ignore_failure: true
- script:
lang: painless
tag: calc-network-bytes
description: Sum source.bytes and destination.bytes to network.bytes.
source: |
ctx.network.bytes = ctx.source.bytes + ctx.destination.bytes;
- script:
lang: painless
tag: is-active-flag
description: Compute whether peer is active based on latest handshake.
source: |
def ts = Instant.parse(ctx['@timestamp']);
def latest_handshake = Instant.parse(ctx.wireguard.latest_handshake);
def elapsed = ChronoUnit.SECONDS.between(latest_handshake, ts);
ctx.wireguard.is_active = elapsed < 360;
- append:
if: ctx?.source?.ip != null
field: related.ip
value: '{{{source.ip}}}'
allow_duplicates: false
- append:
if: ctx?.destination?.ip != null
field: related.ip
value: '{{{destination.ip}}}'
allow_duplicates: false
- script:
lang: painless
tag: allowed-ip-to-related-ip
description: Append allowed IPs (without the range) to related.ip.
source: |
def ips = [];
for (cidr in ctx.wireguard.allowed_ips) {
def idx = cidr.indexOf('/');
if (idx == -1) { continue }
def ip = cidr.substring(0, idx);
ips.add(ip);
}
if (ctx?.related == null) {
ctx['related'] = [:];
}
if (ctx?.related?.ip == null) {
ctx['related']['ip'] = ips;
} else {
ctx.related.ip.addAll(ips);
}
on_failure:
- append:
field: error.message
value:
- error in [{{_ingest.on_failure_processor_type}}] processor{{#_ingest.on_failure_processor_tag}}
with tag [{{_ingest.on_failure_processor_tag }}]{{/_ingest.on_failure_processor_tag}}
{{ _ingest.on_failure_message }}
{"attributes":{"fieldAttrs":"{\"systemd.unit\":{\"count\":2},\"wireguard.is_active\":{\"count\":4},\"wireguard.last_seen\":{\"count\":3},\"wireguard.public_key\":{\"count\":2},\"source.as.organization.name\":{\"count\":1},\"source.ip\":{\"count\":1},\"wireguard.endpoint\":{\"count\":3},\"destination.geo.location\":{\"count\":1},\"source.geo.location\":{\"count\":1},\"destination.ip\":{\"count\":1},\"error.message\":{\"count\":1},\"wireguard.latest_handshake\":{\"count\":1},\"network.bytes\":{\"count\":1},\"source.user.full_name\":{\"count\":1}}","fieldFormatMap":"{\"source.bytes\":{\"id\":\"bytes\"},\"destination.bytes\":{\"id\":\"bytes\"}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"journalbeat-*"},"coreMigrationVersion":"7.12.1","id":"43817430-93c1-11ea-9474-d5854a544239","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-05-04T19:06:34.087Z","version":"WzExMDAwOSwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"wireguard.is_active\",\"negate\":false,\"params\":{\"query\":true},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"wireguard.is_active\":true}}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.12.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":12,\"i\":\"5473fb71-4b31-4d7a-9868-c09fdcc8bae0\"},\"panelIndex\":\"5473fb71-4b31-4d7a-9868-c09fdcc8bae0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b\":{\"columns\":{\"a5549ce1-c48a-4905-84ce-7874757c138b\":{\"label\":\"Public Key\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"wireguard.public_key\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a595dce7-17d9-4a3d-be4b-cc85097a7535\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"8c328dc7-c0b5-48bd-8387-9b116f73778d\":{\"label\":\"City\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.city_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":true},\"customLabel\":true},\"d93e66d1-9b61-47fa-b964-2cac3b71f821\":{\"label\":\"Region\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.geo.region_iso_code\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":true},\"customLabel\":true},\"a595dce7-17d9-4a3d-be4b-cc85097a7535\":{\"label\":\"source.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"source.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"75b6891c-fae3-472b-b0b1-4ff69e034686\":{\"label\":\"destination.bytes\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"destination.bytes\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"543bc1e7-114f-4c65-9e8b-56f85f33a273\":{\"label\":\"Active\",\"dataType\":\"boolean\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"wireguard.is_active\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"74737048-293a-4975-ab3b-5501a5d9d089\":{\"label\":\"Network\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"source.as.organization.name\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"3539767d-4cef-4744-a376-51cc20ac0550\":{\"label\":\"User\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"source.user.full_name\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"70f4de0d-4cce-4940-83aa-9e70fddb060a\":{\"label\":\"Latest Handshake\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"wireguard.latest_handshake\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"18e2dfa5-fc22-4dbe-b9b7-ba53a2c5d578\":{\"label\":\"Public IP\",\"dataType\":\"ip\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"source.ip\",\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"a5549ce1-c48a-4905-84ce-7874757c138b\",\"d93e66d1-9b61-47fa-b964-2cac3b71f821\",\"8c328dc7-c0b5-48bd-8387-9b116f73778d\",\"3539767d-4cef-4744-a376-51cc20ac0550\",\"74737048-293a-4975-ab3b-5501a5d9d089\",\"a595dce7-17d9-4a3d-be4b-cc85097a7535\",\"75b6891c-fae3-472b-b0b1-4ff69e034686\",\"70f4de0d-4cce-4940-83aa-9e70fddb060a\",\"543bc1e7-114f-4c65-9e8b-56f85f33a273\",\"18e2dfa5-fc22-4dbe-b9b7-ba53a2c5d578\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"columnId\":\"a5549ce1-c48a-4905-84ce-7874757c138b\"},{\"columnId\":\"8c328dc7-c0b5-48bd-8387-9b116f73778d\"},{\"columnId\":\"d93e66d1-9b61-47fa-b964-2cac3b71f821\"},{\"columnId\":\"a595dce7-17d9-4a3d-be4b-cc85097a7535\"},{\"columnId\":\"75b6891c-fae3-472b-b0b1-4ff69e034686\"},{\"columnId\":\"543bc1e7-114f-4c65-9e8b-56f85f33a273\"},{\"columnId\":\"70f4de0d-4cce-4940-83aa-9e70fddb060a\"},{\"columnId\":\"74737048-293a-4975-ab3b-5501a5d9d089\"},{\"columnId\":\"3539767d-4cef-4744-a376-51cc20ac0550\"},{\"columnId\":\"18e2dfa5-fc22-4dbe-b9b7-ba53a2c5d578\"}],\"layerId\":\"a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b\",\"sorting\":{\"columnId\":\"a595dce7-17d9-4a3d-be4b-cc85097a7535\",\"direction\":\"desc\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"43817430-93c1-11ea-9474-d5854a544239\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"43817430-93c1-11ea-9474-d5854a544239\",\"name\":\"indexpattern-datasource-layer-a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b\"}]},\"enhancements\":{}}},{\"version\":\"7.12.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":12,\"w\":24,\"h\":15,\"i\":\"b5ec3a69-3a1e-405b-ad45-5fa6778e13d9\"},\"panelIndex\":\"b5ec3a69-3a1e-405b-ad45-5fa6778e13d9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"packetbeat-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"systemd.unit: \\\"wireguard-logger.service\\\" and network.bytes > 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"journalbeat-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Source Bytes\",\"line_width\":1,\"metrics\":[{\"unit\":\"\",\"field\":\"source.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.user.full_name\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.bytes > 0\",\"language\":\"kuery\"}}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"max_bars\":30},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"source.bytes\"},{\"version\":\"7.12.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":12,\"w\":24,\"h\":15,\"i\":\"80860284-8106-4bd2-9d0e-247a5a94c5b4\"},\"panelIndex\":\"80860284-8106-4bd2-9d0e-247a5a94c5b4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"8954f780-3c73-4125-a58f-45409e2c1a34\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"43817430-93c1-11ea-9474-d5854a544239\\\",\\\"sourceGeoField\\\":\\\"source.geo.location\\\",\\\"destGeoField\\\":\\\"destination.geo.location\\\",\\\"id\\\":\\\"7f89a60f-9f18-4578-81fa-d7742c7044ac\\\",\\\"type\\\":\\\"ES_PEW_PEW\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"sum\\\",\\\"field\\\":\\\"network.bytes\\\"}]},\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"color\\\":\\\"Greys\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"origin\\\":\\\"source\\\",\\\"name\\\":\\\"sum_of_network.bytes\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\",\\\"useCustomColorRamp\\\":false}},\\\"lineWidth\\\":{\\\"type\\\":\\\"DYNAMIC\\\",\\\"options\\\":{\\\"minSize\\\":1,\\\"maxSize\\\":10,\\\"field\\\":{\\\"origin\\\":\\\"source\\\",\\\"name\\\":\\\"sum_of_network.bytes\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":true,\\\"sigma\\\":3}}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"id\\\":\\\"fa3ec35b-a076-4c59-bbdd-fa43f7b87a36\\\",\\\"label\\\":\\\"Connections\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.94,\\\"visible\\\":true,\\\"type\\\":\\\"VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"event.module:\\\\\\\"wireguard\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"}},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"43817430-93c1-11ea-9474-d5854a544239\\\",\\\"geoField\\\":\\\"source.geo.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"LIMIT\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1,\\\"id\\\":\\\"555c7b56-1cff-45e5-ae30-1d3d0b8eda79\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\"},\\\"id\\\":\\\"2d4f83fb-2432-454a-93fd-78a0913c49cc\\\",\\\"label\\\":\\\"Peer Locations\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#6092C0\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#4379aa\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"event.module:\\\\\\\"wireguard\\\\\\\" \\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":4.37,\\\"center\\\":{\\\"lon\\\":-84.25132,\\\"lat\\\":39.86479},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":39.86479,\"lon\":-84.25132,\"zoom\":4.37},\"mapBuffer\":{\"minLon\":-114.27696,\"minLat\":29.582649999999997,\"maxLon\":-54.225680000000004,\"maxLat\":49.776210000000006},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.12.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":14,\"i\":\"9fd5ace8-974f-48d3-81c7-e8c7a1c093ca\"},\"panelIndex\":\"9fd5ace8-974f-48d3-81c7-e8c7a1c093ca\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"packetbeat-*\",\"default_timefield\":\"@timestamp\",\"filter\":{\"query\":\"systemd.unit: \\\"wireguard-logger.service\\\" and network.bytes > 0\",\"language\":\"kuery\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"journalbeat-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Destination Bytes\",\"line_width\":1,\"metrics\":[{\"unit\":\"\",\"field\":\"destination.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"source.user.full_name\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.bytes > 0\",\"language\":\"kuery\"}}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"max_bars\":30},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"destination.bytes\"}]","timeRestore":false,"title":"Wireguard Peers","version":1},"coreMigrationVersion":"7.12.1","id":"76228200-a921-11eb-8fb4-0d4b334f360a","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"indexpattern-datasource-layer-a5cb2e5c-ea13-4485-85bd-6a3e28dd2f8b","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"43817430-93c1-11ea-9474-d5854a544239","name":"layer_2_source_index_pattern","type":"index-pattern"}],"sort":[1620156460484,3840],"type":"dashboard","updated_at":"2021-05-04T19:27:40.484Z","version":"WzExMDQ1MCwyXQ=="}
{"exportedCount":2,"missingRefCount":0,"missingReferences":[]}
@andrewkroh
Copy link
Author

andrewkroh commented May 3, 2021

Screen Shot 2021-05-04 at 3 40 05 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment