Last active
December 11, 2015 04:18
-
-
Save irctrakz/4543583 to your computer and use it in GitHub Desktop.
Splunk Index/Field explorer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<script src="http://d3js.org/d3.v3.min.js"></script> | |
<script src="http://code.jquery.com/jquery-1.9.0.min.js"></script></script> | |
<style type='text/css'> | |
svg {font: 12px sans-serif;} | |
.IndexBox {fill: #DDDDDD;stroke: #FFFFFF;} | |
.keyBox {fill: #DADADA;stroke: #FFFFFF;} | |
.FieldGroup {fill: #EDEDED;stroke: #FFFFFF;} | |
.chevronPrimary{fill: #73ff42;stroke: #FFFFFF;} | |
.chevronSecondary{fill: #cfcfff;stroke: #FFFFFF;} | |
.chevronPreview{fill: #efefff;stroke: #FFFFFF;} | |
.chevronText{fill: #FFFFFF;} | |
.notAvailable{fill: #F5F5F5;} | |
.activeField{fill: #232323;} | |
.activeFieldElement{fill: #73ff42;} | |
.activeFieldGroup{fill: #56569f;} | |
.selectedText{fill: white;} | |
</style> | |
<script type="text/javascript"> | |
var jsonData = [ | |
{"preview":false,"result":{"idx":"communications","field":"connected_peer_addr","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"connected_peer_desc","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"connected_peer_port","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_hour","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_mday","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_minute","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_month","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_second","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_wday","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_year","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"date_zone","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"host","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"index","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"level","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"linecount","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"message","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"peer","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"punct","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"source","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"sourcetype","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"splunk_server","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"src_name","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"timeendpos","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"timestartpos","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"ts","count":"722","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"bytes","count":"653","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"chunks","count":"653","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"io","count":"653","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"pending","count":"653","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"events","count":"143","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"operations","count":"143","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"canwrites","count":"69","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"selects","count":"69","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"timeouts","count":"69","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"count","count":"0","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"eventtype","count":"0","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"field","count":"0","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"ids_type","count":"0","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"product","count":"0","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"communications","field":"vendor","count":"0","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"app_layer","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"bytes_in","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"bytes_out","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"conn_state","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_hour","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_mday","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_minute","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_month","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_second","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_wday","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_year","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"date_zone","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"dest_ip","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"dest_port","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"duration","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"history","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"host","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"id_orig_h","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"id_orig_p","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"id_resp_h","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"id_resp_p","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"index","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"uid","count":"760648","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"eventtype","count":"45728","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"tag::src_ip","count":"45570","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"connections","field":"tag::dest_ip","count":"158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"AA","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"QR","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"RA","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"RD","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"TC","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"Z","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"answers","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_hour","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_mday","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_minute","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_month","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_second","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_wday","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_year","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"date_zone","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"dest_domain","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"dest_ip","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"dest_port","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"qtype","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"qtype_name","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"query","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"rcode","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"rcode_name","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"record_type","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"session_id","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"source","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"sourcetype","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"splunk_server","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"src_ip","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"src_port","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"timeendpos","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"timestartpos","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"trans_id","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"transport","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"ts","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"uid","count":"82142","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"eventtype","count":"12223","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"tag::src_ip","count":"12121","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns_info","field":"tag::dest_ip","count":"102","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"analyzer","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"date_hour","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"dest_ip","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"dest_port","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"failure_reason","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"host","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"id_orig_h","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"id_orig_p","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"id_resp_h","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"id_resp_p","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"index","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"linecount","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"proto","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"punct","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"session_id","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"source","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"sourcetype","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dpd_info","field":"splunk_server","count":"33363","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_hour","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_mday","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_minute","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_month","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_second","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_wday","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_year","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"date_zone","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"dest_ip","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"dest_port","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"domain","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"host","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"id_orig_h","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"id_orig_p","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"id_resp_h","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"id_resp_p","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"index","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"linecount","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"method","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"punct","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"session_id","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"source","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"sourcetype","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"splunk_server","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"src_ip","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"src_port","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"timeendpos","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"timestartpos","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"trans_depth","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"ts","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"uid","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"uri","count":"702280","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"referrer","count":"702132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"user_agent","count":"701818","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"request_body_len","count":"701590","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"response_body_len","count":"701590","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"status_code","count":"701590","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"filename","count":"701585","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"info_code","count":"701585","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"info_msg","count":"701585","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"status_msg","count":"701585","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"tags","count":"701585","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"password","count":"701580","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"proxied","count":"701580","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"username","count":"701580","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"mime_type","count":"701557","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"md5","count":"701556","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"extraction_file","count":"701548","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"post_data","count":"487197","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"Cmd","count":"22159","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"DeviceId","count":"22159","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"DeviceType","count":"22159","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"User","count":"22159","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"size","count":"1285","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"http","field":"crop","count":"708","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"C","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"CN","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"L","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"O","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"ST","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_hour","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_mday","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_minute","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_month","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_second","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_wday","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_year","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"date_zone","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"host","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"index","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"issuer_subject","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"linecount","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"port_num","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"punct","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"serial","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"source","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"sourcetype","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"splunk_server","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"subject","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"timeendpos","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"timestartpos","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"ts","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl_data","field":"OU","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_hour","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_mday","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_minute","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_month","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_second","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_wday","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_year","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"date_zone","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"host","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"index","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"linecount","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"splunk_server","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"timeendpos","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"timestartpos","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_information","field":"ts","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"app_layer","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"date_hour","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"date_mday","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"port_proto","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"punct","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"service","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"source","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"sourcetype","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"splunk_server","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"timeendpos","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"timestartpos","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"known_services","field":"ts","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"actions","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_hour","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_mday","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_minute","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_month","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_second","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_wday","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_year","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"date_zone","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"dest_ip","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"dest_port","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"dropped","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"dst","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"msg","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"n","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"name","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"note","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"p","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"peer_descr","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"policy_items","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"proto","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"punct","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"remote_location_city","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"remote_location_country_code","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"remote_location_latitude","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"remote_location_longitude","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"remote_location_region","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"session_id","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"source","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"sourcetype","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"splunk_server","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"src","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"src_ip","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"src_port","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"sub","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"suppress_for","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"timeendpos","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"timestartpos","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"transport","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"ts","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"uid","count":"20","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"C","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"CN","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"L","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"O","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"OU","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"ST","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"cms_redirect","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"ir","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"ms","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"mt","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"notice","field":"mv","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"date_hour","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"date_mday","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"date_minute","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"helo","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"host","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"id_orig_h","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"id_orig_p","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"id_resp_h","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"id_resp_p","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"index","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"linecount","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"mailfrom","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"punct","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"rcptto","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"recipient","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"session_id","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"source","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"sourcetype","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"splunk_server","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"src_ip","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"src_port","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"timeendpos","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"timestartpos","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"trans_depth","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"ts","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"uid","count":"910","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"date","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"first_received","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"from","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"in_reply_to","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"is_webmail","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"last_reply","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"user_agent","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"x_originating_ip","count":"906","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"eventtype","count":"40","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"tag::src_ip","count":"40","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"NOTIFY","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"smtp","field":"id","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"content_len","count":"836","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"date_hour","count":"836","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"date_mday","count":"836","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"date_minute","count":"836","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"colspan","count":"23","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"x","count":"21","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"xmlns","count":"18","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"color","count":"15","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"m","count":"15","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"o","count":"15","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"w","count":"15","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"c","count":"12","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"e","count":"9","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"mid","count":"9","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"subject","count":"9","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"xfe","count":"9","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"rel","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"CONTENT","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"HTTP_EQUIV","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"bcode","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"email","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"link","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"lloc","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"n_m","count":"6","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"em","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"eun","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"k","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"l","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"layrf","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"leftMargin","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"leftmargin","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"list_id","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"maximum_scale","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"minimum_scale","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"num","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"mail_details","field":"pgr","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date_hour","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date_mday","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date_minute","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date_month","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date_second","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date_wday","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"splunk_server","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"timeendpos","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"timestartpos","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"ts","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"unparsed_version","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"version_addl","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"version_major","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"version_minor","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"version_minor2","count":"23362","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"date","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"CVSTag","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"software","field":"SVNTag","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"client","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_hour","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_mday","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_minute","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_month","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_second","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_wday","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_year","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"date_zone","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"dest_ip","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"dest_port","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"direction","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"host","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"id_orig_h","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"id_orig_p","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"source","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"sourcetype","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"splunk_server","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"src_ip","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"src_port","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"status","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"timeendpos","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"timestartpos","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"ts","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssh","field":"uid","count":"132","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"cert_hash","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"cipher","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"date_hour","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"date_mday","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"date_minute","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"date_month","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"date_second","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"splunk_server","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"src_ip","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"src_port","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"subject","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"timeendpos","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"timestartpos","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"ts","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"uid","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"validation_status","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"version","count":"14680","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"CN","count":"2328","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"C","count":"2289","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"O","count":"2289","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"L","count":"1988","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"ST","count":"1988","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"OU","count":"1547","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"eventtype","count":"422","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"tag::src_ip","count":"422","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"serialNumber","count":"286","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"DC","count":"257","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"emailAddress","count":"183","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"postalCode","count":"69","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"street","count":"65","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"businessCategory","count":"55","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"ssl","field":"streetAddress","count":"4","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"addl","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_hour","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_mday","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_minute","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_month","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_second","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_wday","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_year","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"date_zone","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"dest_ip","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"dest_port","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"host","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"id_orig_h","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"id_orig_p","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"id_resp_h","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"id_resp_p","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"index","count":"890663","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"tag::src_ip","count":"29801","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"weird","field":"tag::dest_ip","count":"22","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"authorizationLevel","count":"402","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"callSecuredStatus","count":"402","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"callingPartyNumber","count":"402","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"cdrRecordType","count":"402","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"dateTimeConnect","count":"402","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"dateTimeDisconnect","count":"402","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"IncomingProtocolID","count":"394","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"OutgoingProtocolID","count":"394","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"calledPartyPatternUsage","count":"394","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"currentRoutingReason","count":"394","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"lastRedirectingRoutingReason","count":"394","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"origRoutingReason","count":"394","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"finalCalledPartyNumber","count":"344","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"lastRedirectDn","count":"326","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"originalCalledPartyNumber","count":"326","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"finalCalledPartyNumberPartition","count":"311","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"lastRedirectDnPartition","count":"311","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"callingPartyNumberPartition","count":"309","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"originalCalledPartyNumberPartition","count":"309","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"destDeviceName","count":"254","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"callmgr","field":"destIpv4v6Addr","count":"249","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"cmdline","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_hour","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_mday","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_minute","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_month","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_second","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_wday","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_year","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"date_zone","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"host","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"index","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"linecount","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"punct","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"source","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"sourcetype","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"splunk_server","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"start_time","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"timestartpos","count":"274","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"address","count":"5","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"port","count":"5","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"protocol","count":"5","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"host_monitor","field":"bytes","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"Action","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"EventMessage","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"Safe","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"host","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"index","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"linecount","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"punct","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"sev","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"source","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"sourcetype","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"splunk_server","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"src","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"timestamp","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"password_mgmt","field":"usrName","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_hour","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_mday","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_minute","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_month","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_second","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_wday","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_year","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"date_zone","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"host","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"index","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"linecount","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"punct","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"source","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"sourcetype","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"splunk_server","count":"23221","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"Offset","count":"1526","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"MinimumTTL","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"Refresh","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"Retry","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dirtybucket","field":"SerialNo","count":"8","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_hour","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_mday","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_minute","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_month","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_second","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_wday","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_year","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"date_zone","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"host","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"index","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"linecount","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"punct","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"source","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"sourcetype","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"splunk_server","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"timeendpos","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"dns","field":"timestartpos","count":"20624","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"date_hour","count":"23710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"date_mday","count":"23710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"date_minute","count":"23710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"date_month","count":"23710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"date_second","count":"23710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"sc_status","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"sc_substatus","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"sc_win32_status","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"src_ip","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"time","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"time_taken","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"user_agent","count":"6076","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"User","count":"4964","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"gBETRK","count":"4084","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"gBETRS","count":"4084","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"Timezone","count":"3987","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"MSOWebPartPage_AnonymousAccessCookie","count":"1334","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"WSS_KeepSessionAuthenticated","count":"1334","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"utma","count":"1307","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"ASPSESSIONIDSCASCDSA","count":"1281","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"id","count":"1089","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"REMOTE_ADDR","count":"1058","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"event","count":"1058","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"serial","count":"1058","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"utmc","count":"987","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"utmb","count":"937","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"Cmd","count":"759","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"ASPSESSIONIDACDTCBRD","count":"751","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"ASP_NET_SessionId","count":"751","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"DeviceId","count":"710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"DeviceType","count":"710","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"RFP","count":"389","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"SID","count":"386","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"clientCookie2","count":"172","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"ID","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"ERWindowName","count":"153","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"Command","count":"140","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"Issue_ID","count":"140","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"OpType","count":"134","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"ERClickInMap","count":"125","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"SessionKey","count":"125","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"FormName","count":"120","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"webserver","field":"prevEventId","count":"103","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"eventtype","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"host","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"index","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"linecount","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"punct","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"source","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"sourcetype","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"splunk_server","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"timestamp","count":"38378","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"mid","count":"26317","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"icid","count":"17084","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"dcid","count":"4521","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"mailto","count":"2772","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"mailfrom","count":"2413","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"subject","count":"997","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"InternalId","count":"652","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"data","count":"146","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"rcode","count":"146","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"jaime","count":"3","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"Class","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"EATL","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"Incomplete","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"spamfilter","field":"Wetland","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"bytes_received","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"bytes_sent","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"c_ip","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"cs_mime_type","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"cs_referrer","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"cs_username","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_hour","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_mday","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_minute","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_month","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_second","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_wday","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_year","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"date_zone","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"host","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"index","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"linecount","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"operation","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"proto","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"punct","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"r_host","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"r_ip","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"r_port","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"s_computername","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"source","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"sourcetype","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"splunk_server","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"time","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"time_taken","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"timeendpos","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"timestartpos","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"url","count":"246424","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"SessionType","count":"246353","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"SoftBlockAct","count":"246353","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"ThreatName","count":"246353","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"UrlCatReason","count":"246353","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"UrlCategory","count":"246353","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"UrlDestHost","count":"246353","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"client","count":"246112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"rate","count":"246112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"server","count":"246112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"charset","count":"25984","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"q","count":"11316","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"src","count":"7092","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"h","count":"4277","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"type","count":"3982","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"v","count":"2768","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"ref","count":"2475","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"w","count":"2114","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"output","count":"1781","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"d","count":"1236","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"rand","count":"1136","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"sz","count":"1136","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"n","count":"1099","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"ord","count":"1038","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"page","count":"973","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"signature","count":"912","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"style","count":"862","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"uid","count":"843","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"u","count":"817","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"query","count":"788","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"activity","count":"779","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"exists","count":"779","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"group","count":"779","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"line","count":"779","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"off","count":"779","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"top","count":"779","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"ajr","count":"699","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"DeviceId","count":"692","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxy","field":"DeviceType","count":"692","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"NAT_addr","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"NIS_app_proto","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"NIS_scan_result","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"NIS_signature","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"action","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"agent","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"app_proto","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"bytes_rec","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"bytes_rec_int","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"bytes_sent","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"bytes_sent_int","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"connID","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"conn_time","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"dst_network","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"fwc_app_path","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"garbage","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"host","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"index","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"internal_serv_info","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"linecount","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"log_src_ip","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"orig_client_ip","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"proto","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"punct","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"rule","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"sessionID","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"source","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"sourcetype","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"splunk_server","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"src_ip_port","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"src_network","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"status_code","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"timeendpos","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"timestartpos","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"ts","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"proxyfw","field":"username","count":"333158","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"host","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"index","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"linecount","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"punct","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"source","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"sourcetype","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"splunk_server","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"juniper","field":"timestamp","count":"577","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"host","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"index","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"linecount","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"punct","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"source","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"sourcetype","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"splunk_server","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"timestamp","count":"1685","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"dvc_ip","count":"1392","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"request","count":"1392","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"src_host","count":"1392","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"src_ip","count":"1392","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"ts","count":"1392","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"main","field":"src_mac","count":"715","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_hour","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_mday","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_minute","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_month","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_second","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_wday","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_year","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"date_zone","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"host","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"index","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"linecount","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"punct","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"source","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"sourcetype","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"splunk_server","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"timeendpos","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"timestartpos","count":"37525","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"client_agent","field":"last_revision","count":"212","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_hour","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_mday","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_minute","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_month","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_second","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_wday","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_year","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"date_zone","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"dest_nt_domain","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"eventtype","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"host","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"index","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"linecount","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"punct","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"source","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"sourcetype","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"splunk_server","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"timeendpos","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sep","field":"timestartpos","count":"1068","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Event_Log","count":"277632","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"date_hour","count":"277632","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"date_mday","count":"277632","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Trust_Type","count":"1414","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"New_State","count":"905","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"RM_Transaction_ID","count":"905","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Resource_Manager","count":"905","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Filtered_SIDs","count":"811","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"The_following_corrective_action_will_be_taken_in_0_milliseconds","count":"780","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Logon_account","count":"581","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"LAYER","count":"516","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"EVENT","count":"436","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Object_Server","count":"330","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"New_Process_Name","count":"281","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Token_Elevation_Type_a_very_long_test_string","count":"281","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Exit_Status","count":"267","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Object_Name","count":"258","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Object_Type","count":"258","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"Handle_ID","count":"255","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"event_log","field":"New_Security_Descriptor","count":"255","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"host","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"index","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"linecount","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"punct","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"source","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"sourcetype","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"splunk_server","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"sos","field":"timestamp","count":"432","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"host","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"index","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"linecount","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"punct","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"source","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"sourcetype","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"splunk_server","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"timestamp","count":"112","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"Last","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"Load","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"switch","field":"Name","count":"2","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"host","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"index","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"linecount","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"punct","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"source","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"sourcetype","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"splunk_server","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"timestamp","count":"160","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"COMMAND","count":"36","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"Token_Elevation_Type_a_very_long_test_string","count":"36","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"TTY","count":"36","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"USER","count":"36","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"uid","count":"36","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"relay","count":"18","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"class","count":"12","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"from","count":"12","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"msgid","count":"12","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"nrcpts","count":"12","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"size","count":"12","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"ctladdr","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"delay","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"dsn","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"mailer","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"pri","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"stat","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"to","count":"10","seen_time":"1358549881"}}, | |
{"preview":false,"result":{"idx":"unix","field":"xdelay","count":"10","seen_time":"1358549881"}}, | |
]; | |
var radius = 275; | |
var centerPosition = new Array(350,350); | |
var canvasHeight = 700; | |
var canvasWidth = "100%"; | |
var field_gap = 2; | |
var unit_size = 20; | |
var indexAngle = 85; | |
var rotationTime = 1000; | |
var outerRadius = 160; | |
var maxFieldLength = 19; | |
var activeIndex = 0; | |
var pendingElement,innerKeyIndex; | |
var selectedFields = new Array(); | |
var previewArray = new Array(); | |
var indexArray = new Array(); | |
for(var i=0;i<jsonData.length;i++){ | |
if(parseInt(jsonData[i]["result"]["count"]) > 0){indexArray[jsonData[i]["result"]["idx"]]++;} | |
} | |
// Data functions | |
function getAngles(indexID){ | |
var myAngles = new Array(); | |
myAngles["indexLength"] = Object.keys(indexArray).length; | |
myAngles["elementSpacing"] = 360/myAngles["indexLength"]; | |
myAngles["myStartAngle"] = ((myAngles["elementSpacing"] * indexID) * Math.PI / 180); | |
myAngles["myEndAngle"] = ((myAngles["elementSpacing"] * (indexID+1)) * Math.PI / 180); | |
myAngles["myCenterAngle"] = ((myAngles["elementSpacing"] * (indexID+1)) - (myAngles["elementSpacing"]/2)); | |
return myAngles; | |
} | |
function getFields(indexName){ | |
var fieldsArray = new Array(); | |
for(var n=0;n<jsonData.length;n++){ | |
if((jsonData[n]["result"]["idx"] == indexName) && ((parseInt(jsonData[n]["result"]["count"])) > 0)){ | |
fieldsArray.push(jsonData[n]["result"]["field"]); | |
} | |
} | |
return fieldsArray; | |
} | |
function truncateLong(fieldName){ | |
var fieldElements = fieldName.split(""); | |
if(fieldElements.length > maxFieldLength){ | |
var returnName = ""; | |
for (var i=0;i<maxFieldLength;i++){returnName += fieldElements[i];} | |
//return returnName+"..."; | |
return returnName; | |
}else{ | |
return fieldName; | |
} | |
} | |
// Movement functions | |
function rotateFields(fieldID, indexName){ | |
var fieldsArray = new Array(); | |
for(var i=0;i<jsonData.length;i++){ | |
if((jsonData[i]["result"]["idx"] == indexName) && ((parseInt(jsonData[i]["result"]["count"])) > 0)){ | |
fieldsArray.push(jsonData[i]["result"]["field"]); | |
} | |
} | |
var img_rotation = indexAngle; | |
for (var j=0;j<fieldsArray.length;j++){ | |
// Index distance from current position | |
var moveIndex = fieldsArray.length - (fieldsArray.length-(parseInt(fieldID))); | |
if (moveIndex){ | |
//Angular distance to rotate | |
img_rotation = (indexAngle - ((360/fieldsArray.length) * moveIndex)); | |
} | |
// Rotate | |
d3.select("#fieldContainer").transition().duration(rotationTime).attr("transform", "translate("+centerPosition[0]+","+centerPosition[1]+")rotate("+img_rotation+")"); | |
} | |
return; | |
} | |
function rotateIndex(indexID, indexLength, indexName){ | |
if (activeIndex != indexID){ | |
d3.select("#IndexBox_"+activeIndex).classed("isClicked", 0); | |
hideFields(activeIndex); | |
var img_rotation = indexAngle; | |
var moveIndex = indexLength - (indexLength-indexID); | |
if (moveIndex){img_rotation = (indexAngle - ((360/indexLength) * moveIndex));} | |
d3.select("#indexContainer").transition().duration(rotationTime).attr("transform", "translate("+centerPosition[0]+","+centerPosition[1]+")rotate("+img_rotation+")"); | |
d3.select("#IndexBox_"+indexID).classed("isClicked", 1); | |
var fieldCount = drawFieldGroup(indexID, indexName); | |
var transitionDuration = (rotationTime/2)/fieldCount; | |
d3.select("#keyElement_graphic_outer").transition().duration(transitionDuration).delay(transitionDuration+(rotationTime/2)).style("opacity", 1); | |
for(var fields=0;fields < fieldCount;fields++){ | |
var transitionDelay = (fields*transitionDuration)+(rotationTime/2); | |
d3.selectAll("#FieldBox_"+indexID+"_"+fields).transition().duration(transitionDuration).delay(transitionDelay).style("opacity", 1); | |
} | |
activeIndex = indexID; | |
} | |
return; | |
} | |
// Field Correlations | |
function checkIndices(activeChevron, indexName, indexLength){ | |
var chevronID = activeChevron[0]+"_"+activeChevron[1]; | |
if((d3.select("#FieldPathElement_"+chevronID).classed("chevronSecondary")) || (d3.select("#FieldPathElement_"+chevronID).classed("activeFieldElement"))){ | |
rotateFields(activeChevron[1], indexName); | |
return; | |
} | |
if(d3.select("#FieldPathElement_"+chevronID).classed("pendingSelection") && (selectedFields.length < 14)){ | |
for(var tmp=0;tmp<previewArray.length;tmp++){d3.selectAll("#chevronBox_"+previewArray[tmp]).remove();}previewArray=[]; | |
d3.select("#FieldPathElement_"+chevronID).classed("pendingSelection", 0).classed("activeFieldElement", 1); | |
selectedFields.push([d3.select("#FieldBox_"+chevronID).text(), chevronID]); | |
var indexCount =0; | |
for(var indexname in indexArray) { | |
var fieldsArray = getFields(indexname); | |
var hasSeen = 0; | |
for(var n=0;n <fieldsArray.length; n++){ | |
if((truncateLong(fieldsArray[n]) == d3.select("#FieldBox_"+chevronID).text()) && (hasSeen < 1)){ | |
var chevAngles = getAngles(indexCount); | |
drawChevrons(indexCount, chevAngles["myStartAngle"], chevAngles["myEndAngle"], selectedFields.length); | |
if(activeChevron[0] == indexCount){ | |
d3.select("#chevronElement_"+indexCount+"_"+selectedFields.length).classed("chevronPrimary", 1); | |
}else{ | |
d3.select("#chevronElement_"+indexCount+"_"+selectedFields.length).classed("chevronSecondary", 1); | |
d3.select("#IndexBox_"+indexCount).classed("notAvailable", 0); | |
} | |
hasSeen++; | |
} | |
} | |
if((hasSeen == 0) && (selectedFields.length < 2)){d3.select("#IndexBox_"+indexCount).classed("notAvailable", 1);} | |
indexCount++; | |
} | |
d3.select("#FieldBox_"+chevronID).classed("selectedText",0); | |
d3.select("#FieldPathElement_"+chevronID).classed("activeFieldGroup",0); | |
return; | |
}else{ | |
rotateFields(activeChevron[1], indexName); | |
d3.select("#FieldPathElement_"+pendingElement).classed("pendingSelection", 0); | |
d3.select("#FieldPathElement_"+chevronID).classed("pendingSelection", 1); | |
pendingElement = chevronID; | |
return; | |
} | |
} | |
function previewIndices(activeChevron){ | |
previewArray = []; | |
var chevronID = d3.select("#FieldBox_"+activeChevron[0]+"_"+activeChevron[1]).text(); | |
if(selectedFields.length < 14){ | |
var indexCount =0; | |
for(var indexname in indexArray) { | |
var fieldsArray = getFields(indexname); | |
var hasSeen = 0; | |
for(var n=0;n <fieldsArray.length; n++){ | |
if((truncateLong(fieldsArray[n]) == chevronID) && (hasSeen < 1)){ | |
if(!(activeChevron[0] == indexCount)){ | |
var chevAngles = getAngles(indexCount); | |
drawChevrons(indexCount,chevAngles["myStartAngle"], chevAngles["myEndAngle"], (selectedFields.length+1)); | |
d3.select("#chevronElement_"+indexCount+"_"+(selectedFields.length+1)).classed("chevronPreview", 1); | |
previewArray.push(indexCount+"_"+(selectedFields.length+1)); | |
} | |
hasSeen++; | |
} | |
} | |
indexCount++; | |
} | |
} | |
return; | |
} | |
// Drawing functions | |
function drawChevrons(indexID, startAngle, endAngle, position){ | |
arcChevron = d3.svg.arc().startAngle(startAngle).endAngle(endAngle).innerRadius(radius-(115+(position * 10))).outerRadius(radius-(125+(position * 10))); | |
d3.select("#IndexHeader_"+indexID).append("g").attr("id", "chevronBox_"+indexID+"_"+position).append("svg:path").attr("id", "chevronElement_"+indexID+"_"+position).attr('d', arcChevron); | |
return; | |
} | |
function drawIndexGroup(indexName, indexID){ | |
var indexGroup = d3.select("#indexContainer").append("g").attr("id", "IndexGroup_"+indexID); | |
var indexHeader = indexGroup.append("g").attr("id", "IndexHeader_"+indexID); | |
var indexAngles = getAngles(indexID); | |
var innerRadius = radius-124; | |
indexGroup.on("mouseover", function(){indexHighlight(indexID);}).on("click", function(){return rotateIndex(indexID, indexAngles["indexLength"], indexName);}).on("mouseout", function(){removeHighlight(indexID);}); | |
arcIndex = d3.svg.arc().startAngle(indexAngles["myStartAngle"]).endAngle(indexAngles["myEndAngle"]).innerRadius(innerRadius).outerRadius(radius); | |
indexHeader.append("svg:path").attr("id", "IndexBox_"+indexID).attr('d', arcIndex).classed("IndexBox", 1); | |
indexHeader.append("text").attr("x", 8).attr("dy", ".35em").attr("transform", "rotate("+(270+indexAngles["myCenterAngle"])+")translate("+(innerRadius)+",0)").text(truncateLong(indexName)); | |
if(indexID == 0){ | |
var fieldCount = drawFieldGroup(indexID, indexName); | |
for(var fields=0;fields < fieldCount;fields++){d3.selectAll("#FieldBox_"+indexID+"_"+fields).style("opacity", 1);} | |
d3.select("#keyElement_graphic_outer").style("opacity", 1); | |
d3.select("#IndexBox_"+indexID).classed("activeFieldGroup", 1).classed("isClicked", 1); | |
d3.select("#IndexHeader_"+indexID+" text").classed("selectedText", 1); | |
} | |
return "success"; | |
} | |
function drawFieldGroup(indexID, indexName){ | |
var fieldAngles = getAngles(indexID); | |
var fieldGroup = d3.select("#fieldContainer").append("g").attr("id", "FieldGroup_"+indexID); | |
var fieldsArray = getFields(indexName); | |
var fieldsAngle = 360 / fieldsArray.length; | |
var outerkeyIndex = d3.svg.arc().startAngle((indexAngle) * Math.PI / 180).endAngle(((indexAngle + fieldsAngle)) * Math.PI / 180 ).innerRadius(radius+outerRadius).outerRadius(radius+outerRadius+25); | |
d3.select("#keyElement").append("svg:path").attr("id", "keyElement_graphic_outer").attr('d', outerkeyIndex).attr("class", "keyBox").style("opacity", 0); | |
for(var i=0;i<fieldsArray.length;i++){ | |
var elementStart = ((fieldsAngle * i) * Math.PI / 180); | |
var elementStop = ((fieldsAngle * (i+1)) * Math.PI / 180); | |
arcField = d3.svg.arc().startAngle(elementStart).endAngle(elementStop).innerRadius(radius+2).outerRadius(radius+outerRadius); | |
var fieldBox = fieldGroup.append("g").attr("id", "FieldBox_"+indexID+"_"+i).style("opacity", 0); | |
fieldBox.append("svg:path").attr("id", "FieldPathElement_"+indexID+"_"+i).attr('d', arcField).classed("FieldGroup", 1); | |
fieldBox.append("text").attr("x", 8).attr("dy", ".35em").attr("transform", "rotate("+(270+((fieldsAngle * (i+1)) - fieldsAngle/2))+")translate("+(radius)+",0)").text(truncateLong(fieldsArray[i])); | |
for(var activeField in selectedFields){ | |
if((truncateLong(fieldsArray[i]) == selectedFields[activeField][0]) && (selectedFields[activeField][1] != indexID+"_"+i)){ | |
d3.select("#FieldBox_"+indexID+"_"+i).classed("chevronText", 1); | |
d3.select("#FieldPathElement_"+indexID+"_"+i).classed("chevronSecondary", 1); | |
} | |
if(selectedFields[activeField][1] == indexID+"_"+i){fieldBox.classed("FieldGroup", 0).classed("activeField", 1);d3.select("#FieldPathElement_"+indexID+"_"+i).classed("activeFieldElement", 1);} | |
} | |
pendingElement = indexID+"_0"; | |
d3.select("#FieldPathElement_"+pendingElement).classed("pendingSelection", 1); | |
} | |
if(!(d3.select("#IndexBox_"+indexID).classed("notAvailable"))){ | |
d3.selectAll("#FieldGroup_"+indexID+" > g").on("mouseover", function(d, i){return fieldHighlight([indexID,i]);}) | |
.on("mouseout", function(d, i){return removeClass([indexID,i]);}) | |
.on("click", function(d, i){return checkIndices([indexID,i], indexName, fieldAngles["indexLength"]);}); | |
}else{ | |
d3.selectAll("#FieldGroup_"+indexID+" > g").on("click", function(d, i){return rotateFields(i, indexName);}); | |
} | |
return fieldsArray.length; | |
} | |
function hideFields(indexID){ | |
if(!(d3.select("#IndexBox_"+indexID).classed("isClicked"))){ | |
var fieldCount = $("[id^='FieldBox_"+indexID+"']").length; | |
var transitionDuration = (rotationTime/2)/fieldCount; | |
d3.select("#keyElement_graphic_outer").transition().duration(transitionDuration).style("opacity", 0).remove(); | |
d3.select("#keyElement_graphic_outer").remove(); | |
d3.select("#fieldContainer").transition().duration(rotationTime*1.25).attr("transform", "translate("+centerPosition[0]+","+centerPosition[1]+")rotate("+indexAngle+")"); | |
for(var fields=0;fields < fieldCount;fields++){ | |
d3.selectAll("#FieldBox_"+indexID+"_"+fields).transition().duration(transitionDuration).delay(fields*transitionDuration).style("opacity", 0).remove(); | |
} | |
d3.selectAll("#FieldGroup_"+indexID).classed("Selected", 0).transition().delay(fieldCount*transitionDuration).remove(); | |
d3.select("#IndexBox_"+indexID).classed("activeFieldGroup", 0); | |
d3.select("#IndexHeader_"+indexID+" text").classed("selectedText", 0); | |
} | |
return; | |
} | |
// Visual style functions | |
function fieldHighlight(fieldID){ | |
var fieldElement = fieldID[0]+"_"+fieldID[1]; | |
// Add in chevron check here | |
previewIndices(fieldID); | |
if(!((d3.select("#FieldPathElement_"+fieldElement).classed("chevronSecondary")) || (d3.select("#FieldPathElement_"+fieldElement).classed("activeFieldElement")))){ | |
d3.select("#FieldPathElement_"+fieldElement).classed("FieldGroup", 0).classed("activeFieldGroup", 1); | |
d3.select("#FieldBox_"+fieldElement).classed("selectedText", 1); | |
} | |
return; | |
} | |
function removeClass(fieldID){ | |
for(var tmp=0;tmp<previewArray.length;tmp++){d3.selectAll("#chevronBox_"+previewArray[tmp]).remove();} | |
var fieldElement = fieldID[0]+"_"+fieldID[1]; | |
d3.select("#FieldPathElement_"+fieldElement).classed("FieldGroup", 1).classed("activeFieldGroup", 0); | |
d3.select("#FieldBox_"+fieldElement).classed("selectedText", 0); | |
return; | |
} | |
function indexHighlight(indexID){ | |
if((activeIndex != indexID) && !(d3.select("#IndexBox_"+indexID).classed("notAvailable"))){ | |
d3.select("#IndexBox_"+indexID).classed("activeFieldGroup", 1); | |
if(!(d3.select("#IndexBox_"+indexID).classed("notAvailable"))){d3.select("#IndexHeader_"+indexID+" text").classed("selectedText", 1);} | |
} | |
return; | |
} | |
function removeHighlight(indexID){ | |
if(activeIndex != indexID){ | |
d3.select("#IndexBox_"+indexID).classed("activeFieldGroup", 0); | |
if(!(d3.select("#IndexBox_"+indexID).classed("notAvailable"))){d3.select("#IndexHeader_"+indexID+" text").classed("selectedText", 0);} | |
} | |
return; | |
} | |
jQuery(document).ready(function($) { | |
var splunkLinks = d3.select("#splunk").append("svg:svg").attr("width", canvasWidth).attr("height", canvasHeight); | |
var keyGroup = splunkLinks.append("g").attr("id", "keyElement").attr("transform", "translate("+centerPosition[0]+","+centerPosition[1]+")"); | |
var innerkeyIndex = d3.svg.arc().startAngle((indexAngle) * Math.PI / 180).endAngle(((indexAngle + (360/Object.keys(indexArray).length))) * Math.PI / 180 ).innerRadius(radius-250).outerRadius(radius); | |
keyGroup.append("svg:path").attr("id", "keyElement_graphic_inner").attr('d', innerkeyIndex).attr("class", "keyBox"); | |
// Create index and fields | |
splunkLinks.append("g").attr("id", "indexContainer").attr("transform", "translate("+centerPosition[0]+","+centerPosition[1]+")rotate("+indexAngle+")"); | |
splunkLinks.append("g").attr("id", "fieldContainer").attr("transform", "translate("+centerPosition[0]+","+centerPosition[1]+")rotate("+indexAngle+")"); | |
var indexPosition = 0; | |
for(var index in indexArray ){ | |
drawIndexGroup(index, indexPosition); | |
indexPosition++; | |
} | |
}); | |
</script> | |
</head> | |
<body> | |
<div class='splunk-search' id='splunk'> | |
</div> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To play with this in the browser: http://bl.ocks.org/irctrakz/raw/4543583/