Created
October 9, 2013 16:14
-
-
Save dav3860/6903830 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "Windows Event Logs", | |
| "services": { | |
| "query": { | |
| "idQueue": [ | |
| 2, | |
| 3, | |
| 4, | |
| 9, | |
| 10, | |
| 11, | |
| 12, | |
| 13, | |
| 14 | |
| ], | |
| "list": { | |
| "0": { | |
| "query": "", | |
| "alias": "", | |
| "color": "#7EB26D", | |
| "id": 0, | |
| "pin": false, | |
| "type": "lucene" | |
| }, | |
| "1": { | |
| "alias": 4634, | |
| "query": "EventID:\"4634\" AND (NOT host:server1)", | |
| "id": 1, | |
| "color": "#EAB839", | |
| "pin": false, | |
| "type": "lucene" | |
| }, | |
| "5": { | |
| "alias": 4776, | |
| "query": "EventID:\"4776\" AND (NOT host:server1)", | |
| "id": 5, | |
| "color": "#1F78C1", | |
| "pin": false, | |
| "type": "lucene" | |
| }, | |
| "6": { | |
| "alias": 4625, | |
| "query": "EventID:\"4625\" AND (NOT host:server1)", | |
| "id": 6, | |
| "color": "#BA43A9", | |
| "pin": false, | |
| "type": "lucene" | |
| }, | |
| "7": { | |
| "alias": 4624, | |
| "query": "EventID:\"4624\" AND (NOT host:server1)", | |
| "id": 7, | |
| "color": "#705DA0", | |
| "pin": false, | |
| "type": "lucene" | |
| }, | |
| "8": { | |
| "alias": 4648, | |
| "query": "EventID:\"4648\" AND (NOT host:server1)", | |
| "id": 8, | |
| "color": "#508642", | |
| "pin": false, | |
| "type": "lucene" | |
| } | |
| }, | |
| "ids": [ | |
| 0, | |
| 1, | |
| 5, | |
| 6, | |
| 7, | |
| 8 | |
| ] | |
| }, | |
| "filter": { | |
| "idQueue": [ | |
| 2 | |
| ], | |
| "list": { | |
| "0": { | |
| "from": "2013-10-09T15:51:53.802Z", | |
| "to": "2013-10-09T16:06:53.802Z", | |
| "field": "@timestamp", | |
| "type": "time", | |
| "mandate": "must", | |
| "active": true, | |
| "alias": "", | |
| "id": 0 | |
| }, | |
| "1": { | |
| "type": "field", | |
| "field": "type", | |
| "query": "\"eventlog\"", | |
| "mandate": "must", | |
| "active": true, | |
| "alias": "", | |
| "id": 1 | |
| } | |
| }, | |
| "ids": [ | |
| 1, | |
| 0 | |
| ] | |
| } | |
| }, | |
| "rows": [ | |
| { | |
| "title": "Options", | |
| "height": "50px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "title": "Set time span", | |
| "error": "", | |
| "span": 4, | |
| "editable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "timepicker", | |
| "mode": "relative", | |
| "time_options": [ | |
| "5m", | |
| "15m", | |
| "1h", | |
| "6h", | |
| "12h", | |
| "24h", | |
| "2d", | |
| "7d", | |
| "30d" | |
| ], | |
| "timespan": "15m", | |
| "timefield": "@timestamp", | |
| "timeformat": "", | |
| "refresh": { | |
| "enable": false, | |
| "interval": 30, | |
| "min": 3 | |
| }, | |
| "filter_id": 0, | |
| "status": "Stable" | |
| }, | |
| { | |
| "error": false, | |
| "span": 8, | |
| "editable": true, | |
| "type": "derivequeries", | |
| "loadingEditor": false, | |
| "loading": false, | |
| "label": "Search", | |
| "query": "NOT host:server1", | |
| "ids": [ | |
| 1, | |
| 5, | |
| 6, | |
| 7, | |
| 8 | |
| ], | |
| "field": "EventID", | |
| "fields": [ | |
| "dynamic_templates.0.dyn_template99.mapping", | |
| "dynamic_templates.0.dyn_template99", | |
| "@timestamp", | |
| "@version", | |
| "action", | |
| "ciscotag", | |
| "dst_ip", | |
| "dst_name", | |
| "dst_port", | |
| "group", | |
| "host", | |
| "message", | |
| "program", | |
| "src_ip", | |
| "syslog_facility", | |
| "syslog_severity", | |
| "type", | |
| "user", | |
| "dst_xlated_ip", | |
| "dst_xlated_port", | |
| "protocol", | |
| "src_port", | |
| "src_xlated_ip", | |
| "src_xlated_port", | |
| "CookieI", | |
| "CookieR", | |
| "DCE-RPC Interface UUID", | |
| "DCE-RPC Interface UUID-1", | |
| "DCE-RPC Interface UUID-2", | |
| "DCE-RPC Interface UUID-3", | |
| "ICMP", | |
| "ICMP Code", | |
| "ICMP Type", | |
| "IKE IDs:", | |
| "IKE:", | |
| "NAT_rulenum", | |
| "OM:", | |
| "TCP packet out of state", | |
| "alert", | |
| "assigned_IP:", | |
| "auth_method", | |
| "dst_xlate_ip", | |
| "dst_xlate_port", | |
| "dstkeyid", | |
| "during_sec", | |
| "encryption fail reason:", | |
| "encryption failure:", | |
| "fragments_dropped", | |
| "i/f_name", | |
| "ip_id", | |
| "ip_len", | |
| "ip_offset", | |
| "log_sys_message", | |
| "message_info", | |
| "msgid", | |
| "om_method:", | |
| "peer", | |
| "policy_id", | |
| "product", | |
| "reason", | |
| "reject_category", | |
| "src_xlate_ip", | |
| "src_xlate_port", | |
| "srckeyid", | |
| "start_time", | |
| "sys_msgs", | |
| "tcp_flags", | |
| "vpn_user", | |
| "agent", | |
| "build", | |
| "bytes", | |
| "device", | |
| "httpversion", | |
| "major", | |
| "minor", | |
| "name", | |
| "os", | |
| "patch", | |
| "referrer", | |
| "request", | |
| "response", | |
| "verb", | |
| "website", | |
| "AccountDomain", | |
| "AccountName", | |
| "AccountType", | |
| "ActivityID", | |
| "AuthenticationPackageName", | |
| "Category", | |
| "CategoryNumber", | |
| "Channel", | |
| "ClientAddress", | |
| "ClientName", | |
| "DCName", | |
| "DeviceName", | |
| "DeviceNameLength", | |
| "DeviceTime", | |
| "DeviceVersionMajor", | |
| "DeviceVersionMinor", | |
| "Domain", | |
| "EventID", | |
| "EventTime", | |
| "EventType", | |
| "FailureReason", | |
| "FinalStatus", | |
| "IpAddress", | |
| "IpPort", | |
| "KeyLength", | |
| "LmPackageName", | |
| "LogonGuid", | |
| "LogonID", | |
| "LogonProcessName", | |
| "LogonType", | |
| "NumberOfGroupPolicyObjects", | |
| "PackageName", | |
| "PreAuthType", | |
| "ProcessID", | |
| "ProcessName", | |
| "ProcessingMode", | |
| "ProcessingTimeInMilliseconds", | |
| "ProviderGuid", | |
| "ServiceName", | |
| "ServiceSid", | |
| "SessionName", | |
| "Severity", | |
| "SourceName", | |
| "Status", | |
| "SubStatus", | |
| "SubjectDomainName", | |
| "SubjectLogonId", | |
| "SubjectUserName", | |
| "SubjectUserSid", | |
| "SupportInfo1", | |
| "SupportInfo2", | |
| "TSId", | |
| "TargetDomainName", | |
| "TargetInfo", | |
| "TargetLogonGuid", | |
| "TargetServerName", | |
| "TargetSid", | |
| "TargetUserName", | |
| "TargetUserSid", | |
| "TicketEncryptionType", | |
| "TicketOptions", | |
| "TransmittedServices", | |
| "UserID", | |
| "UserSid", | |
| "Workstation", | |
| "WorkstationName", | |
| "param1", | |
| "param2", | |
| "param3", | |
| "param4", | |
| "Internal_CA:", | |
| "NAT_addtnl_rulenum", | |
| "__policy_id_tag", | |
| "dn:", | |
| "elapsed", | |
| "has_accounting", | |
| "i/f_dir", | |
| "loc", | |
| "methods:", | |
| "path", | |
| "scheme:", | |
| "uuid", | |
| "Account", | |
| "AccountToReset", | |
| "AvailableEtypes", | |
| "Detail", | |
| "ID", | |
| "ImagePath", | |
| "RequestedEtypes", | |
| "ServiceType", | |
| "StartType", | |
| "Target", | |
| "tloc", | |
| "Address", | |
| "AddressLength", | |
| "ErrorCode", | |
| "ErrorDescription", | |
| "LookupType", | |
| "QueryName", | |
| "TimeSource", | |
| "param5", | |
| "Interface", | |
| "NewTime", | |
| "OldTime", | |
| "ProtocolType", | |
| "param10", | |
| "param11", | |
| "param12", | |
| "param6", | |
| "param7", | |
| "param8", | |
| "param9", | |
| "short_user", | |
| "ApplicationName", | |
| "ErrorStatus", | |
| "InterfaceId", | |
| "Method", | |
| "Type", | |
| "is_admin", | |
| "tags", | |
| "username", | |
| "password", | |
| "salt", | |
| "Group", | |
| "IdleStateCount", | |
| "Number", | |
| "PerfStateCount", | |
| "ThrottleStateCount", | |
| "dashboard", | |
| "title", | |
| "BootMode", | |
| "BuildVersion", | |
| "DwordVal", | |
| "MajorVersion", | |
| "MinorVersion", | |
| "QfeVersion", | |
| "ServiceVersion", | |
| "ShutdownActionType", | |
| "ShutdownEventCode", | |
| "ShutdownReason", | |
| "StartTime", | |
| "StopTime", | |
| "ListenerAdapterProtocol" | |
| ], | |
| "spyable": true, | |
| "rest": false, | |
| "size": 5, | |
| "mode": "AND", | |
| "exclude": [], | |
| "history": [ | |
| "NOT host:server1", | |
| "host:server1", | |
| "*", | |
| "" | |
| ], | |
| "remember": 10, | |
| "title": "Recherche" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Filters", | |
| "height": "50px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "title": "dashboard filters", | |
| "error": false, | |
| "span": 12, | |
| "editable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "filtering" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Graph", | |
| "height": "200px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "span": 8, | |
| "editable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "histogram", | |
| "mode": "count", | |
| "time_field": "@timestamp", | |
| "value_field": null, | |
| "auto_int": true, | |
| "resolution": 100, | |
| "interval": "10s", | |
| "fill": 1, | |
| "linewidth": 2, | |
| "timezone": "browser", | |
| "spyable": true, | |
| "zoomlinks": true, | |
| "bars": false, | |
| "stack": false, | |
| "points": false, | |
| "lines": true, | |
| "legend": true, | |
| "x-axis": true, | |
| "y-axis": true, | |
| "percentage": false, | |
| "interactive": true, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0, | |
| 1, | |
| 5, | |
| 6, | |
| 7, | |
| 8 | |
| ] | |
| }, | |
| "title": "Events over time", | |
| "intervals": [ | |
| "auto", | |
| "1s", | |
| "1m", | |
| "5m", | |
| "10m", | |
| "30m", | |
| "1h", | |
| "3h", | |
| "12h", | |
| "1d", | |
| "1w", | |
| "1M", | |
| "1y" | |
| ], | |
| "options": true, | |
| "tooltip": { | |
| "value_type": "cumulative", | |
| "query_as_alias": false | |
| } | |
| }, | |
| { | |
| "error": false, | |
| "span": 2, | |
| "editable": true, | |
| "type": "terms", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0, | |
| 1, | |
| 5, | |
| 6, | |
| 7, | |
| 8 | |
| ] | |
| }, | |
| "field": "host", | |
| "exclude": [], | |
| "missing": false, | |
| "other": true, | |
| "size": 5, | |
| "order": "count", | |
| "style": { | |
| "font-size": "10pt" | |
| }, | |
| "donut": true, | |
| "tilt": false, | |
| "labels": false, | |
| "arrangement": "horizontal", | |
| "chart": "pie", | |
| "counter_pos": "above", | |
| "spyable": true, | |
| "title": "Top hosts" | |
| }, | |
| { | |
| "span": 2, | |
| "editable": true, | |
| "type": "trends", | |
| "loadingEditor": false, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0, | |
| 1, | |
| 5, | |
| 6, | |
| 7, | |
| 8 | |
| ] | |
| }, | |
| "style": { | |
| "font-size": "18pt" | |
| }, | |
| "ago": "1d", | |
| "arrangement": "vertical", | |
| "spyable": true, | |
| "title": "Tendances" | |
| } | |
| ] | |
| }, | |
| { | |
| "title": "Events", | |
| "height": "350px", | |
| "editable": true, | |
| "collapse": false, | |
| "collapsable": true, | |
| "panels": [ | |
| { | |
| "title": "", | |
| "error": false, | |
| "span": 12, | |
| "editable": true, | |
| "group": [ | |
| "default" | |
| ], | |
| "type": "table", | |
| "size": 100, | |
| "pages": 5, | |
| "offset": 0, | |
| "sort": [ | |
| "@timestamp", | |
| "desc" | |
| ], | |
| "style": { | |
| "font-size": "9pt" | |
| }, | |
| "overflow": "min-height", | |
| "fields": [ | |
| "@timestamp", | |
| "host", | |
| "EventID", | |
| "Channel", | |
| "Category", | |
| "SourceName", | |
| "message" | |
| ], | |
| "highlight": [], | |
| "sortable": true, | |
| "header": true, | |
| "paging": true, | |
| "spyable": true, | |
| "queries": { | |
| "mode": "all", | |
| "ids": [ | |
| 0, | |
| 1, | |
| 5, | |
| 6, | |
| 7, | |
| 8 | |
| ] | |
| }, | |
| "field_list": false, | |
| "status": "Stable", | |
| "trimFactor": 300, | |
| "normTimes": true | |
| } | |
| ] | |
| } | |
| ], | |
| "editable": true, | |
| "failover": false, | |
| "index": { | |
| "interval": "day", | |
| "pattern": "[logstash-]YYYY.MM.DD", | |
| "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED" | |
| }, | |
| "style": "dark", | |
| "panel_hints": true, | |
| "loader": { | |
| "save_gist": false, | |
| "save_elasticsearch": true, | |
| "save_local": true, | |
| "save_default": true, | |
| "save_temp": true, | |
| "save_temp_ttl_enable": true, | |
| "save_temp_ttl": "30d", | |
| "load_gist": true, | |
| "load_elasticsearch": true, | |
| "load_elasticsearch_size": 20, | |
| "load_local": true, | |
| "hide": false | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment